Find and replace byte in exe files (find byte on the basis of it's offset)

**ßädbö¥** · Sep 28th, 2003, 10:34 PM

Hi.. gurus..

I've some work 4 u...

i'm trying to find a hex value in a exe file... i have the offset value of that byte.. i want to find that hex value by using the offset value for that byte..
how can i do taht ?????

need urgent help...

Thnx...

**jemidiah** · Sep 28th, 2003, 11:50 PM

Well, if I remember random access, you could use that with the put statement (if I remember that correctly). Seeing as your editing hex values in an executable, I think you'll be able to use it

**DiGiTaIErRoR** · Sep 28th, 2003, 11:53 PM

Random or Binary should work fine.

**ßädbö¥** · Sep 29th, 2003, 04:13 AM

OK....??

but how can i find that character using it's offset value

I just ve the offset value of the character i want to replace.

Suppose i want to find the (hex Value) 74 26 from whatever.exe and i only know it's offset (:40AB7B). then how can i find 74 26 by using it's Offset :40AB7A from the exe file....

**jemidiah** · Sep 29th, 2003, 04:51 PM

Like we (kinda) said, look up Binary or Random [file] access in MSDN or here on the forums.

**DiGiTaIErRoR** · Sep 29th, 2003, 06:29 PM

Well, it's rather simple.

For this I'd use Binary.

VB Code:

Dim bChr(1) as Byte
Open file for Binary as #1
Get #1,val("&H40AB7B"), bChr
If bChr(0) = val("&H74") and bchr(1) = val("&H26") then
bChr(0) = val("&hFF")
bChr(1) = val("&hFF")
Put #1, val("H40AB7B"), bChr
end if
Close #1

**ßädbö¥** · Oct 2nd, 2003, 10:42 PM

Thanx DiGiTaIErRoR

But this code dosen't work....!! i tried it on my file. when i search on that (offset) address through Vb it shows diffrent byte but if i open that file in hex editor then the value 74 26 is on that address.... if u 've another way then plz suggest me... if u've any ASM code then also it will helpful to me....

thanx

**jemidiah** · Oct 2nd, 2003, 10:56 PM

It worked fine for me... (I should say, after I added 1 to the offset it worked fine for me)

**ßädbö¥** · Oct 3rd, 2003, 12:30 AM

Jemidiah can u send me your code ?

**jemidiah** · Oct 3rd, 2003, 12:34 AM

All I did was copy DiGiTaIErRoR's code and replace 'file' with some text file I had sitting around, and incremented the offset by one (Val(whatever the hex offset was) + 1)

**DiGiTaIErRoR** · Oct 3rd, 2003, 12:55 AM

My code works, you just have the wrong offset.

Try:

Get #1,val("&H40AB7C"), bChr

Also change the Put!

**ßädbö¥** · Oct 3rd, 2003, 02:03 AM

I tried it. It works fine for starting bytes like offset address 0, 10, 260 etc. but not for entire file....

I used this Code....

Private Sub Command1_Click()
Dim bChr(1) As Byte
Open "C:\target.exe" For Binary As #1
Get #1, Val("&H4037A0") + 1, bChr ' In file it's 28 (hex value)

MsgBox Hex(bChr(0))

If bChr(0) = Val("&H28") And bChr(1) = Val("&H00") Then
MsgBox "I GOT IT!!"
End If
Close #1

End Sub

I m attaching my file... u just check that file....

and plz send me working code ASAP

thanx

**jemidiah** · Oct 3rd, 2003, 07:17 PM

That target.exe file is wayyy too small for your offset.

**dzzie** · Oct 4th, 2003, 09:41 AM

you got your offsets from debugger, you have to subtract base load address to get actual offset in file

**ßädbö¥** · Oct 6th, 2003, 05:18 AM

Ok..... and how can i do that ???. I got that offset from hexeditor and debugger. both shows same offset for that byte. and one more thing ... What is the base load address and how can i substract base load address ? plz explain with example if possible....

Thanx

**ßädbö¥** · Oct 8th, 2003, 10:50 PM

I m waiting ....

Thread: Find and replace byte in exe files (find byte on the basis of it's offset)

Thread Tools

Display

Find and replace byte in exe files (find byte on the basis of it's offset)

Posting Permissions