Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Changing image in an executable

Posted on 2003-11-02
Medium Priority
Last Modified: 2010-04-14

i'm trying to change a JPEG image that is in a compiled program. The program was compiled using Delphi . I don't know which exact version.

I've tried to make my own application, and change the picture in it using Resource Hacker. I have succeeded in doing so, by making another application with a picture, and coping the binary data from one to another.

I didn't succeed with this application. Perhaps I should use the same version of the compiler that was used to compile the original program? Or is there a tool to simplify all of this?

I have chosen the maximum of the points I can give for an answer.

Thank you,
Jaka "|SNap|" Jančar,
Question by:SNap
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 44

Expert Comment

ID: 9667028
I have used this by itself to change an immage in a exe or dll file

You need to use a tool like this in conjunction with a tool for developing the images.

Resource Hacker

Expert Comment

ID: 9669891
As far as I know, jpeg pictures cannot be stored inside the exe/dll. BMP pictures, icons, dialog boxes, string lists, shortcuts can.
Anyway I've always done similar things with MS Visual studio 5/6.
Open file -> select the exe -> select the "open as" - resource and open.

Make sure you store the backup of that exe

Author Comment

ID: 9670737
CrazyOne: I have written in my question, that i have used Resource Hacker, and it didn't work. Probably because delphi "encodes" the images in a different way on different versions.

dschwartzer: They _CAN_ be.
Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

LVL 13

Expert Comment

ID: 9671359
You probably ran into a software where as the developer wanted to ensure that their image is protected from being overlaid by another image.  They do this by hashing the image or crc the image and then stored the value in the data section (mangled if needed).  Then at launch time, the software would hash or crc the image and compare the value, if it's different then they exited the program.

You did everything correctly in terms of using Resource Hacker to replace the object.  This embedding is standard for Windows resource for storing (Windows expect to locate the resource at specific places) and is independent of delphi.

To hack it you should try a good debugger and trace the code object - find the hash alogrithm, the hash value, and the storage location of the hash value; and Then hash your image through the same alogrithm (you can embed your image and let the program hash it - and get the hash value) then change the hash value stored in the program.  

Cracking software or ill-use is illegal.


Author Comment

ID: 9672864
I could change some other picture in the program, so I also found this two options:
1) I can change BMPs but not JPEGs because of different size/encoding/whatever
2) a checksum, like you said

So i'll try to change the image with some other versions of Delphi, if that might be a problem.

The odd thing is that when I launch a program with the changed JPEG image, it doesn't crash or anything, but just closes instantly. That's a pretty good indication of a CRC.

Anyway, if it's a checksum I would definitely need more precise instructions how to achieve that.

Unfortunately, I can't post the program somewhere online, but I ensure you that what i'm doing isn't illegal.
LVL 13

Expert Comment

ID: 9674195
If the program shuts down instead of crashes, it's an indication that the author is checking to make sure that it had NOT been modified by someone - perhaps to attach a trojan on the software.  You are right about swapping the BMP/JPG - it's because of different format and different rendering of the image.  The function that was called - handle only specific format.  So, you will have to stick the specific file type.

You will need to put it through debug and spend time (may be a lot of time) on getting to the hash signature's location in order to change it.  I am sure that if the author went through the process of securing his/her work from being cracked and a trojan/virus/worm inserted into the program.  It will be difficult but not impossible to get to it.

Since it's code dependent - I am sure that no one here would have the time to trace the code in order to tell you how to insert and patch the hash signature.

The question is, is it worth the time to do what you want to do?   Send the author a message to see what he/she did and if it's possible for you to obtain the direction on inserting your own graphic and hash signature.


Author Comment

ID: 9680093
I unfortunately can't contact the author.

Any advice on how to start debugging?
LVL 13

Accepted Solution

Gnart earned 2000 total points
ID: 9690332
Yeah, get a debugger such as softIce and load the program in to debug.  Use the tools that came with your debugger to analyze the code to see what it's doing and what functions it is calling.  It would be easier if you have the source code.  Without the source code, it requires a lot of knowledge in order debugg and understand what it is doing.

Once you have it loaded, set up the address location of the image as the stop point.  What you want for it to do is to stop executing when the image is reference...... from there you will trace the instruction execution - one instruction at a time and see what it is doing.......examine and look for hash calculation of any sort.... and modify the instruction logic to force the program to continue execution instead of exiting or quitting.  Hope you have time....

debug in windows won't do this job but I will use it to give you a quick example.  I presume that you are running windows 2000.  

Start, run, type in cmd and press enter.
change directory to c:\winnt\system32.  use dir to see if cmd.exe is there.
type debug cmd.exe and press enter... you are now in debugging mode to debug the program cmd.exe
type ? and press enter - debug will list the commands
type r and press enter - to display the registers
type t and press enter - to execute one instruction at a time

As you can see it takes a lot of time - and a good understanding of assembly to go through the logic.  A good debugger would be much quicker than using debug.  But you get the idea.

type q and press enter - to quit debugging

Sorry, but the lesson on debug - cracking a program would be beyond the scope of thread conversation as it is very complex and will take lots of time.... I hope I get you started on your way cracking this program, which is what you are doing....


LVL 13

Expert Comment

ID: 9859129
May be the author is still debugging the code to get to the hash signature...<G>  It's the only way to crack a program.....


Author Comment

ID: 9859487
Actually, i have accomplished what i wanted with a much simpler trick. But Gnart obviously put a lot of effort into explaining debugging to me, so he deserves the points.

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Explore the ways to Unlock VBA Project Password Excel 2010 & 2013 documents. Go through the article and perform the steps carefully to remove VBA Excel .xls file.
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question