Re: Need Binary code edit tool

From: Edwin Walker (enwalker_at_ameritech.net)
Date: 06/09/04

• Next message: Marc Alverez: "gmPrintSuite"
• Previous message: JN: "Compare Memory Managers"
• In reply to: Mathias Rauen: "Re: Need Binary code edit tool"
• Next in thread: Mathias Rauen: "Re: Need Binary code edit tool"
• Reply: Mathias Rauen: "Re: Need Binary code edit tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Wed, 9 Jun 2004 11:26:51 -0500

Hello Mathias,

    Just curious, when windows loads your program, isnt a checksum done? If
so, then would changing bytes like this fail?

    Edwin

(Mathias Rauen)" <borland@nospam-madshi.net> wrote in message
news:MPG.1b30eb3366149a29989919@newsgroups.borland.com...
> It should be easy to do if the dll uses the MessageBox API. It gets more
> complicated if the dll uses something else because then it's hard to
> find the location in the code.
>
> If it uses MessageBox, do this:
>
> (1) Use a disassembler like IDAPro to find all locations where
> MessageBox is called. Leave the IDAPro window open.
> (2) Use PEBrowse Professional (freeware) to find out about the offset
> between the virtual code segment and the raw file data.
> (3) Locate the locations you found in (1) in the dll file by using a hex
> editor (e.g. the freeware "frhed"). Compare the bytes with the
> disassembler output to make sure that you really have found the correct
> code location.
> (4) Overwrite the code with $90 bytes (NOP). But you not only need to
> overwrite the CALL instruction, but also the 4 PUSH instructions. It
> would be quite recommended if you tried to understand the disassembler
> output so that you really NOP the right bytes... :-)
>
> Once I've already done something similar and it worked just fine.
>
> --
> www.madshi.net
> high quality low level Delphi components
> extended exception handling
> API hooking, DLL injection

---

• Next message: Marc Alverez: "gmPrintSuite"
• Previous message: JN: "Compare Memory Managers"
• In reply to: Mathias Rauen: "Re: Need Binary code edit tool"
• Next in thread: Mathias Rauen: "Re: Need Binary code edit tool"
• Reply: Mathias Rauen: "Re: Need Binary code edit tool"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Need Binary code edit tool ... > It should be easy to do if the dll uses the MessageBox API. ... > disassembler output to make sure that you really have found the correct ... but also the 4 PUSH instructions. ... (borland.public.delphi.thirdpartytools.general) Re: Need Binary code edit tool ... It should be easy to do if the dll uses the MessageBox API. ... disassembler output to make sure that you really have found the correct ... (borland.public.delphi.thirdpartytools.general) Re: Need Binary code edit tool ... > It should be easy to do if the dll uses the MessageBox API. ... > disassembler output to make sure that you really have found the correct ... Right-mouse button click and select References ... (borland.public.delphi.thirdpartytools.general) Re: Dll problems after suspend ... EXE becomes invalid, so after wake when it tries to page it pukes. ... But when I switch the device on and off while the MessageBox ... takes place during resume that could influence Dll positions/registers? ... (microsoft.public.windowsce.app.development) Re: Problem Importing DLL function ... you would not have anything retained "in memory". ... Is the DLL being built into ... the same directory as your .exe file? ... When calling OnFtpShow, I get a MessageBox ... (microsoft.public.vc.mfc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)