Reputation: 2943
How to modify an executable without corrupting it?
Is there a specific null char or a sequence of bytes which would not corrupt the executable if added in FRONT of the file? I tried adding NUL (00 hex) but it corrupts the executable every time. Is there some bytecode for NOP (no operation) or something similar?
Long story short, I want to mess up a "hack" that modifies a value in memory at &process+fixed offset. Pushing the memory stack up would (or so I think) prevent it from working.
Upvotes: 0
Views: 1896
Answers (3)
Reputation: 826
Maybe you can use a decompiler to convert it to a higher language then insert some arbitrary function or data and recompile it. You might need to disable some optimization flags in the compiler so the arbitrary function wont excluded in the resulting binary.
Upvotes: 0
Reputation: 719
You'd have to parse it completely into it's different sections and segment, modify the one you are looking for, but you won't be able to INSERT code before any code segment: you'd better had a segment that will be executed first, then will jump to the old start segment.
At the end you will have to recreate a new complete executable file.
Upvotes: 1
Reputation: 37122
No, the PE file format that Windows executables use has a very specific header. See http://en.wikipedia.org/wiki/Portable_Executable for more details.
You can try using ASLR to make your code more resistant to in-memory patching.
Upvotes: 2
Related Questions
- Is possible edit a executable?
- How to hex edit an exe file safely?
- Edit an executable with bash without recompiling it?
- Overwriting bytes of an exe in hex
- assembly - how to edit an executable
- Patch an executable file
- How to inject/update Version and other details in a binary (.net or unmanaged)?
- Change the content of the current executable. Is it possible?
- How to modify exe file's entry point?
- Modify/Replace Exe On the Fly