Hex Editor & VB6
in [Visual Basic]
|
Prev: Resolved: Re: Slider math
Next: use sendmessage to find folders and files in the folders in vb6
From: Jerry West on 19 Feb 2010 21:48 Mike, can I send you the EXE in question? --I can prove I own it-- and have you locate the string in question and mod it. I still cannot find it --even after using the Cygnus hex editor-- to locate the string and mod it. I don't know what I'm doing wrong but at this point I'd pay someone to do it. JW "Mike Williams" <Mike(a)WhiskyAndCoke.com> wrote in message news:OYtncpbsKHA.3536(a)TK2MSFTNGP06.phx.gbl... > "Mike Williams" <Mike(a)WhiskyAndCoke.com> wrote in message > news:OfI29ZbsKHA.4752(a)TK2MSFTNGP04.phx.gbl... > > . . . oops. Pressed the button too quickly there. Here is the code I > mentioned. It searches for and replaces the specific examples you > mentioned, and it hard codes the values 22 and 16 that I mentioned in my > previous response rather than calculating them, so you'll need to change > the strings to the actual string(s) you are looking for and change the 22 > and 16 accordingly, but it should be easy for you to see what you need to > do. Also, as it stands it looks for only the first occurrence of the > string, so if there is more than one "whole string" of @foobar.com then it > will replace only the first of them. Narturally, if the code contained in > the compiled exe is not what you posted (perhaps the @foobar.com is made > up of substrings or loaded or calculated in some way) then it won't find > it. Anyway, for what it's worth, here's the example to get you started, > although perhaps in view of the fact that some people here think your > request is not exactly "Kosher" perhaps I'd better n ot post it . . . too > late now . . . I've clicked the button . . . but perhaps you might like to > tell us what you want this for, just to put our minds at ease. > > Mike > > Private Sub Command1_Click() > Dim b1() As Byte, b2() As Byte, p As Long > Open "c:\temp\native.exe" For Binary As 1 > ReDim b1(1 To LOF(1)) > Get #1, 1, b1() > b2() = Chr(22) & Chr(0) & "@foobar.com" > p = InStrB(b1(), b2()) > If p > 0 Then > b2() = Chr(16) & Chr(0) & "@foo.com" & Space$(3) > Put #1, p, b2() > MsgBox "Replacement made at position " & p > End If > Close 1 > End Sub > > > > >
From: Larry Serflaten on 19 Feb 2010 22:50 "Jerry West" <jw(a)comcast.net> wrote > Mike, can I send you the EXE in question? --I can prove I own it-- and have > you locate the string in question and mod it. I still cannot find it --even > after using the Cygnus hex editor-- to locate the string and mod it. I don't > know what I'm doing wrong but at this point I'd pay someone to do it. How about you post it to the web somewhere, zipped with a password, and then post the link and give out the password. Those that have time could go looking. The (optional) password would help keep anyone stumbling upon the file and not from this group, from getting to the program. LFS
From: Jerry West on 20 Feb 2010 04:48 Because that would never fly in the face of those individuals that will place it back on their server. Nor does it sit well for my own sense of security. I'm happy to release it to those individuals whom I've seen in this group for years. And pay for what most seem to think is a simple mod. Further, it would be great to post the results of why I could not locate the string in quest JW "Larry Serflaten" <serflaten(a)usinternet.com> wrote in message news:%23ensf%23dsKHA.4492(a)TK2MSFTNGP05.phx.gbl... > > "Jerry West" <jw(a)comcast.net> wrote >> Mike, can I send you the EXE in question? --I can prove I own it-- and >> have >> you locate the string in question and mod it. I still cannot find >> it --even >> after using the Cygnus hex editor-- to locate the string and mod it. I >> don't >> know what I'm doing wrong but at this point I'd pay someone to do it. > > How about you post it to the web somewhere, zipped with a password, > and then post the link and give out the password. Those that have time > could go looking. The (optional) password would help keep anyone > stumbling upon the file and not from this group, from getting to the > program. > > LFS > > >
From: Mike Williams on 20 Feb 2010 04:56 "Jerry West" <jw(a)comcast.net> wrote in message news:OoednRT72a3D0OLWnZ2dnUVZ_sSdnZ2d(a)giganews.com... > Mike, can I send you the EXE in question? --I can prove > I own it-- and have you locate the string in question and > mod it. I still cannot find it --even after using the Cygnus > hex editor-- to locate the string and mod it. Personally I wouldn't mind you doing that, but I think you would be far better off doing what Larry has suggested and posting a password protected zip file on the web and allowing anyone on the group to download it so that anyone here who has the time can give it a go. If you really do want to send me your file then you're welcome to send it to spamfritter99(a)yahoo.com (it's an address I've just created a few minutes ago but it will work okay). I don't know how much time (if any) I will have over the weekend to look at it though, and you really would have a far better chance of a result if you followed Larry's suggestion of posting it on the web. As far as your code itself is concerned, you say that you have lost the source code (from which I implied that it is possibly quite some time since you produced it) and yet at the same time you posted a specific few lines of code from it as though they were permanently in your head, the lines: Select Case True Case is = InStr(1, sTmp$, "@foobar.com", vbTextCompare) Are you absolutely sure that the string "@foober.com" is contained in the source code you compiled from in exactly that fashion (as a specific "whole string" within a Case statement or something similar? I've just inserted a suitably initialised sTmp$ variable and the above two lines deep in the source code of one of my own fairly large projects and compiled it to a native code exe and the code I posted yesterday finds it okay within the exe and replaces it successfully with a completely different shorter string, and the modified exe works exactly as you would want it to work on that shorter string. If you cannot find the string in your own compiled exe then are you sure that the above lines of code were actually contained within the source code when you compiled it, and that you performed a standard native code or pcode compile and have not used anything and the source code does not contain anything that might deliberately make the string difficult to find? I'm sure if it's there that somebody with sufficient time on their hands will eventually find it, no matter how "hidden" it might be, but if the source code was as you describe when it was compiled then (at least from my own simple test results so far) I can't see why you cannot find it, although of course this "delving into exe files" is somehting I've not had the need to do before and so I'm only just picking my way around it at the moment, so there may be somehting i've not taken into account. Mike
From: Mike Williams on 20 Feb 2010 05:29
"Mike Williams" <Mike(a)WhiskyAndCoke.com> wrote in message news:%2384i2LhsKHA.6004(a)TK2MSFTNGP04.phx.gbl... Oops! In my previous response I said, "You say that you have lost the source code, from which I implied that it is possibly quite some time . . . etc". I of course meant to say "inferred", not "implied". That's not really relevant to the discussion at hand of course, but I don't want any of the dotnet evangelists here thinking I'm stupid and pouncing on me for it [again!] ;-) Mike |