Jump to content

Check out our Community Blogs

Register and join over 40,000 other developers!

Recent Status Updates

View All Updates

- - - - -

Modify Resource Content of an Executable

modify executable alter resource windows api

  • Please log in to reply
No replies to this topic

#1 Luthfi


    CC Leader

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1320 posts
  • Programming Language:PHP, Delphi/Object Pascal, Pascal, Transact-SQL
  • Learning:C, Java, PHP

Posted 05 December 2012 - 07:49 AM


This tutorial (Embed Array of Bytes Through Windows Resource) shows you how to embed array of bytes into resource section of a Delphi executable. Note that I thought this approach of storing array of bytes is interesting because this way you have the possibility to alter the values of bytes later directly to the executable without actually recompiling it. And this writing will show you how to do that.

Windows API for Updating Resource

Windows provides the following API functions to deal with updating resource of executables. Hyperlinks will take you to official msdn page of respected function.

Basically, by using these 3 functions you can add, delete, or modify resource of executables. The basic steps would be:

  • Obtain handle to the executable which resource you want to alter by calling BeginUpdateResource, passing the executable's file name.
  • Prepare buffer of the new resource. If you want to delete a resource, you can skip this step.
  • Call UpdateResource, passing the resource name or id, pointer to buffer containing the new resource content, and the buffer's size. When deleting resource(s), just pass nil for the buffer, and 0 for buffer's size.
  • Repeat the previous step for any additional resource you need to alter.
  • Call EndUpdateResource to finalize the process, i.e. to actually write the changes.

Sample Implementation

And here is sample of one implementation of the above steps. Note that in the sample we only deal with resource of type RCDATA and the resource is specified using names, not IDs.

  TBytes = array of byte;

  This procedure alters resource of the given executable file.
    - AExeFile   : specifies file name of the executable which resource to be
    - AResName   : specifies the resource name
    - AResContent: buffer containing the new resource content. When this buffer
                   is nil (zero length), the respected resource will be deleted.
procedure AlterResource(AExeFile, AResName: string; const AResContent: TBytes);
  vResHandle: THandle;
  // get the full path of the file, should it was not supplied with one.
  AExeFile := ExpandFileName(AExeFile);

  // "Open" the executable for resource modification
  vResHandle := BeginUpdateResource(PChar(AExeFile), False);
  if vResHandle=0 then
    raise Exception.Create('Can not update resource of '
                           + AExeFile + #13#10
                           + 'System giving error message: '
                           + SysErrorMessage(GetLastError));
    // register the alteration
    if not UpdateResource(vResHandle
                          , RT_RCDATA
                          , PChar(UpperCase(AResName))
                          , LANG_NEUTRAL
                          , AResContent   // pointer (remember that dynamic arrays basically are pointers
                          , Length(AResContent))
      raise Exception.Create('Can not update resource '
                             + AResName
                             + ' of '
                             + AExeFile + #13#10
                             + 'System giving error message: '
                             + SysErrorMessage(GetLastError));
    // finalize the alteration, this is where the modification really written
    // to the respected executable
    EndUpdateResource(vResHandle, False);

I believe comments in the codes pretty much explaining the flow. So let's move on to demo project.

Demo Project

Here is the demo project Attached File  Demo.zip   417.02KB   907 downloads. Feel free to use the codes inside for any kind of use. Note that Project1.exe was included just for sample of executable which resource we want to alter. It was coming from tutorial (Embed Array of Bytes Through Windows Resource) tutorial. The real demo project was ChangeResource.exe.

  • Upon running ChangeResource.exe you will get something like shown below.
  • Initially we want to inspect the current content of MyArray resource of Project1.exe. So click on Get current content button, and if you have not altered Project1.exe you will get like shown below.

  • Now let's alter the content of MyArray resource. Type in "11 11 11 11" in the New content edit box, and click Update Content button.

  • Finally we want to see whether the resource really got modified. So click Get current content button again to read the current content of the resource. And you will get something like this.


    This proved that we have successfully alter the content of MyArray resource of Project1.exe.

  • 0

Also tagged with one or more of these keywords: modify executable, alter resource, windows api

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download