Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

[SOLVED] Changing the byte in an Executable file in Delphi


This topic has been archived. This means that you cannot reply to this topic.
8 replies to this topic

#1 leecan

leecan

    CC Newcomer

  • Member
  • PipPip
  • 16 posts

Posted 13 November 2012 - 07:29 PM

Hi,

I am working on a program who will find an address in a executable file, then read the byte and replace it.

For example,
File name is Test.exe (size 10.6 kb), I want to change the byte FA located at 5000 to 05.

I search on the net about SetFilePointer, and i try to do this:

var
h,	 : HFILE;
buf	 : array[0..4095] of Byte;
Read, p : DWORD;
m, nac : DWORD;
begin
m := 1;
nac := 5000;
h := CreateFileA('C:\TEST\test.exe', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);

if h <> INVALID_HANDLE_VALUE then
begin
p := SetFilePointer(h, nac, @m, FILE_BEGIN);
if p <> 0 then
	 ReadFile(h, Buf, SizeOf(Buf), Read, NIL);
end;
edit1.Text := InTtoStr(m);
edit2.Text := InTtoStr(nac);
edit3.Text := InTtoStr(p);


Can anyone advise please how to re-arrange the code above?

Regards

#2 Luthfi

Luthfi

    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts

Posted 14 November 2012 - 03:43 AM

Hi leecan, welcome to CodeCall!

You can use TFileStream to do it, and you would not need low level windows API. The code would be something like this:

var
  F: TStream;
  B: array[0..**]; // this is the buffer that hold the new bytes content
begin
  F := TFileStream.Create('xxxxxx.exe', fmOpenWrite or fmShareExclusive);
  try
    F.Position := 5000; // go to the byte location you want to change
    F.WriteBuffer(B, SizeOf(<img src='http://img.codecall.net/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />);
  finally
    F.Free;
  end;
end;


#3 leecan

leecan

    CC Newcomer

  • Member
  • PipPip
  • 16 posts

Posted 14 November 2012 - 08:16 AM

Thank you very much Lutfi for 2 things:
1- For the welcome
2- For the code which you provide, in your code you mentioned exactly what i want, i tested and it work like i want, but the problem that after running the code, the program doesnt run,

any advice?

procedure TForm1.FormCreate(Sender: TObject);
var
  F: TStream;
  B: array[0..20] of Byte; // this is the buffer that hold the new bytes content
begin
  F := TFileStream.Create('C:\TEST\TEST.exe', fmOpenWrite or fmShareExclusive);
  try
	    F.Position := 5000; // go to the byte location you want to change
	    F.WriteBuffer(B, SizeOf(<img src='http://img.codecall.net/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />);
  finally
	    F.Free;
  end;
edit1.Text := DecToHex(B[0]);
edit2.Text := DecToHex(B[1]);
end;

end.


#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 14 November 2012 - 10:42 AM

When you arbitrarily modify an executable, there is a very high chance it will no longer be a valid executable. I can't help but wonder why you're trying to do this.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#5 leecan

leecan

    CC Newcomer

  • Member
  • PipPip
  • 16 posts

Posted 14 November 2012 - 11:02 AM

When you arbitrarily modify an executable, there is a very high chance it will no longer be a valid executable. I can't help but wonder why you're trying to do this.

I didnt modified any byte yet.
Just i use the code given by the nice man Loutfi, and the code works very fine, i compare the bytes at the required location with the Hex Workshop and they are the same.
I would like to use it in reverse engineering

#6 Luthfi

Luthfi

    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts

Posted 15 November 2012 - 04:57 AM

Thank you very much Lutfi for 2 things:
1- For the welcome
2- For the code which you provide, in your code you mentioned exactly what i want, i tested and it work like i want, but the problem that after running the code, the program doesnt run,

any advice?

procedure TForm1.FormCreate(Sender: TObject);
var
  F: TStream;
  B: array[0..20] of Byte; // this is the buffer that hold the new bytes content
begin
  F := TFileStream.Create('C:\TEST\TEST.exe', fmOpenWrite or fmShareExclusive);
  try
        F.Position := 5000; // go to the byte location you want to change
        F.WriteBuffer(B, SizeOf(<img src='http://img.codecall.net/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />);
  finally
        F.Free;
  end;
edit1.Text := DecToHex(B[0]);
edit2.Text := DecToHex(B[1]);
end;

end.


WingedPanther actually had given you the reason why the exe now does not run. Like he already mentioned, the codes you were using will arbitrarily change 21 bytes of 'C:\TEST\TEST.exe' starting from bytes at 5000 (or perhaps at 4999). Because you did not initialize the buffer (B) properly before calling WriteBuffer method. You need to initialize B to have proper content, i.e. you know the content will not break the exe.

I didnt modified any byte yet.


The code should modify the content. If it really not, you should look somewhere else for the cause. Maybe antivirus interception, SandBoxie-like environment, or perhaps permission related problem?

#7 leecan

leecan

    CC Newcomer

  • Member
  • PipPip
  • 16 posts

Posted 16 November 2012 - 10:20 AM

Thank you guys for your support,
I know the basic of Delphi, that is why i dint figure out immediately the code given.
now it works as i want:
var
  F: TStream;
  B: array[0..20] of Byte; // this is the buffer that hold the new bytes content
begin
  F := TFileStream.Create('C:\TEST\TEST.exe', fmOpenRead or fmShareExclusive);
  try
			    F.Position := 5000; // go to the byte location you want to change
			    F.ReadBuffer(B, SizeOf(<img src='http://img.codecall.net/public/style_emoticons/<#EMO_DIR#>/cool.png' class='bbc_emoticon' alt='B)' />);
  finally
			    F.Free;
  end;

Thanks again

#8 Luthfi

Luthfi

    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts

Posted 24 November 2012 - 07:58 AM

That's great! Glad if we could be of any help.

#9 Orjan

Orjan

    CC Mentor

  • Moderator
  • 2918 posts

Posted 24 November 2012 - 10:15 AM

This topic has been marked as SOLVED. If you have a similar question or topic, you can go back to the subforum and start a new topic to continue discussions.

I'm a System developer at XLENT Consultant Group mainly working with SugarCRM.
Please DO NOT send mail or PM to me with programming questions, post them in the appropriate forum instead, where I and others can answer you.





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download