11 replies to this topic

[kylelendo]

What happens if a value from hex editor is deleted but not modified ...
Friendz plz help

[Alexander]

You've no context, it can range from modification of a single letter to rendering the binary file corrupt.

If you are speaking about an executable, they often will not run if bytes are offset.

[kylelendo]

Ya alexander you are right
I used an hex editor and deleted the contents.... the executable file would't run..But when i tried this same with an mp3 file.The file would still play
and what about other dll files ,apk files etc??? what would happen to them if the hex content is deleted??
You know I am asking these questions because we are developing a project based on hex editing.So we are testing for these different files.Since i am not sure are we going in the right direction???
thanks

[Alexander]

Your issue is that executable formats often expect code to be in certain offsets, and should deny the executable run permission if the entire structure is shifted due to insertion or deletion. Replacing is your only option, if you do know what instructions or contents (i.e. text) you are replacing.

MP3 on the other hand, is composed of sequential headers and frames, corrupting a portion of one will not corrupt the whole file - due to the fact sound data binary positions are not predetermined or expected to be exact. You can compare that to a text file, deleting one character will not corrupt the rest, and will still be (readable, playable, etcetera)

[kylelendo]

Thanks You are very helpful
Ya now i got it when i change the mp3 file bytes the file still plays But i noticed that the values get altered
For ex if the time of a song is 3:40 mns it changes to some other value ...But the file plays well
So my point is the after headers comes the data section which contains data of any format
so what if one byte of data is changed will the file play then...???
Thanks

[WingedPanther]

Think of it this way:

If you pick up a copy of Moby ****, or any other book, and delete one or two letters, will that change the meaning of the story? No.

Pick up a recipe for a cake and delete one characters, so that 10 cups of flour becomes 1 cup of flour. Will the recipe still work?

A program and a data file are completely different things. You just cannot compare what happens when you modify an mp3 file (data) with what happens when you modify an exe (program). The changes you are making are completely different.

[kylelendo]

Ya so in case of virus attack....to which part of the program does the virus attach(exe mp3 etc)

[WingedPanther]

It depends on the virus, but generally it will insert some code in the exe. For an mp3, it will generally try to create a buffer overrun to write into the player's application code.

All of which raises the question: why are you worried about how viruses work?

[kylelendo]

so in case of virus that attaches itself to the code does it also have a fixed offset...???
And how dose the virus attach itself to the program?? do u hv any reference material or hyperlink
plz dont give me link that shows definition of virus...!!

[WingedPanther]

Why are you worried about how viruses work? We are not a hacking forum.

[iLike]

@WingedPanther it is often said that knowing your enemy is the first step to defeating your enemy. And while I wouldn't call making a virus hacking, I do agree that making a virus does not belong to this board. However, making something attach to an exe is perfectly legal, and very interesting if I may say so, theory.

To make an executable attach to a process, one could use a technique called 'Code Injection'. It's not really injecting an .exe, but more like executing some code within the targeted process.
The technique is similar to DLL Injection (google will help you with that one ;) )

~iLike

[Alexander]

iLike said:

...To make an executable attach to a process, one could use a technique called 'Code Injection'. It's not really injecting an .exe, but more like executing some code within the targeted process.
The technique is similar to DLL Injection (google will help you with that one ;) )

~iLike

This would not have anything to do with what he is looking for, in some cases a computer virus may self replicate within executables and thus change its contents (what he is enquiring about)