Sign in to follow this  
Followers 0
goldenix

hex edit script.exe manually Q

19 posts in this topic

#1 ·  Posted (edited)

hire is my code:

Run('test.exe')

I open test.exe in any hex editor & search for 74 65 73 74 or simply word test & I cant find anything. Why ? I want to find this value, any idea how can I find it?

Edited by goldenix

My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites



Scripts are not saved as plain text when they are compiled so what you are trying is (near) impossible.

The easier (and highly recommended ways) would be to store the value in a ini-file and use IniRead() OR save it as a resource

Share this post


Link to post
Share on other sites

goldenix

Letters not stored in a binary file as a string:

$sFile = @ScriptDir & "\Test.txt"

$hFile = FileOpen($sFile, 2)
FileWrite($hFile, "Hello world!")
FileClose($hFile)

$hFile = FileOpen($sFile, 16) ;Opens file in binary mode
$sRead = FileRead($hFile)

MsgBox(0, "Binary (Hex representation)", $sRead)

$iBinF = StringToBinary("Hello")
$iBinR = StringToBinary("Hi")

$sRead = StringReplace($sRead, $iBinF, $iBinR)

MsgBox(0, "Result", "Hex: " & $sRead & @LF & _
       "String (ANSI): " & BinaryToString($sRead))

FileClose($hFile)

:)

Share this post


Link to post
Share on other sites

goldenix

Letters not stored in a binary file as a string:

you do hire the same thing I did, but it does not work with exe files. See First picture is txt file & next is exe. & if I search the exe file for $iBinF I cant find anything.

Posted Image

Posted Image

How are the filenames/letters stored in the file then? there must be a way to idenftify/find the Hello world! in an exe file & replace it with Bye world!


My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

you do hire the same thing I did, but it does not work with exe files. See First picture is txt file & next is exe. & if I search the exe file for $iBinF I cant find anything.

Posted Image

Posted Image

How are the filenames/letters stored in the file then? there must be a way to idenftify/find the Hello world! in an exe file & replace it with Bye world!

Right firstly, That hello world script in the top picture, Even if au3 scripts were appended to the interpreter in plain text :) ,

It still wouldn't show up in the exe because it is commented out, ie ignored by the au3 tokenizer/compiler.

Secondly: Try either scrolling down to the end of your exe, or compile a script to a3x and then look at it in hex to understand

why it is you cannot simply change Hello world! to Bye world!  :)

Edited by Mobius

Share this post


Link to post
Share on other sites

Why ? I want to find this value, any idea how can I find it?

Simple: You just can't.

Now why would you want to change a static program?

Variables should be stored in a file like an INI format or in the registry.

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Right firstly, That hello world script in the top picture, Even if au3 scripts were appended to the interpreter in plain text :) ,

It still wouldn't show up in the exe because it is commented out, ie ignored by the au3 tokenizer/compiler.

Secondly: Try either scrolling down to the end of your exe, or compile a script to a3x and then look at it in hex to understand

why it is you cannot simply change Hello world! to Bye world! :)

ok I compiled autoit script, into: test.a3x & opened it in hex editor: this is what I see & this does not explain in any way why cant i change the test.exe into test2.exe

Run('test.exe')

Posted Image

Simple: You just can't.

Now why would you want to change a static program?

Im trying to understand how it works, but this makes no sense at all. Look, this is my logic:

A file is a string of data like : ...54657374... & this is how computer sees it: ...01010100011001010111001101110100... so if I find this string inside the file & replace it with bye world binary code I can let computer open bye world.exe instead.

Now how can i find the binary string I need is the question. the computer opens the exe & finds out that it must run test.exe. This means that windows can read the file string ...54657374... & understands that it should launch my text.exe

Why does windows know what it must do?

basically windows decrypts text.exe from exe, & if windows can do it this means anyone can do it, because windows cant recognize someones unique encrypted file, the data must be fed in to the windows in a specific format.

Therefore it can not be impossible. unless someone can explain why it is not possible?

Edited by goldenix

My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

@Jos,

I thought we all did. :)

@goldenix,

Is it me or is your reply contrary to what you originally posted. :)

We know what it is you are asking, thing is do you? o:)

Ed: Ah I see modified first post...

Edited by Mobius

Share this post


Link to post
Share on other sites

ok I compiled autoit script, into: test.a3x & opened it in hex editor: this is what I see & this does not explain in any way why cant i change the test.exe into test2.exe

Run('test.exe')

Posted Image

Im trying to understand how it works, but this makes no sense at all.

...

Therefore it can not be impossible. unless someone can explain why it is not possible?

Before final exe is 'built', your script is converted to a3x script and then at appropriate time added to final exe to be interpreted when running it.

Real question is, what is a3x? That is compressed encrypted script of yours (LZW or variation on theme).

That's why you cannot find "74 65 73 74".

I'm not sure why would this be some sort of a secret. :)


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Before final exe is 'built', your script is converted to a3x script and then at appropriate time added to final exe to be interpreted when running it.

Real question is, what is a3x? That is compressed encrypted script of yours (LZW or variation on theme).

That's why you cannot find "74 65 73 74".

I'm not sure why would this be some sort of a secret. :)

so in order to find "Hello world" I need to compress it with universal lossless data compression algorithm, then convert the output into hex & search opened exe in binary mode for the output I got?

or convert "Hello world" into 74 65 73 74 then convert it into LZW , then convert output into hex & search opened *.exe in binary mode?

so: 74 65 73 74 = 01110100011001010111001101110100 = 74 65 73 74

But this gives me nothing. Did I misunderstand something?


My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

so in order to find "Hello world" I need to compress it with universal lossless data compression algorithm, then convert the output into hex & search opened exe in binary mode for the output I got?

or convert "Hello world" into 74 65 73 74 then convert it into LZW , then convert output into hex & search opened *.exe in binary mode?

so: 74 65 73 74 = 01110100011001010111001101110100 = 74 65 73 74

But this gives me nothing. Did I misunderstand something?

I'm sure that if you think of it more deeply you will understand why some things are and some other not.

And what you need to make are out of not.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

hire is a situation: You ask if you can have a chat with allan, but you are told, it is impossible. so you ask why? & you are told he cant understand your language. so you ask what kind of language can he understand? silence....

ok this is what I did:

I created 2 *.a3x files that I compiled with 2 different strings inside, then I opened both files in hex editor & analyzed both data strings

$1 = '1BCEC07D5FB8DA60014824155332145413036'
$2 = '1BCEC07D5FB8DA60014824155332145413036'

I found that in some spots the data is different, so I tried to replace the the different data in file 1 with data from file 2. Theoretically the same thing can be done with exe file also right? but guess what nothing happened after I made the replacements. This is why im confused & saying is not logical. :)

Edited by goldenix

My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Now ... for the last time:

Read my first reply in this thread and give some answers as to why you want to screw around with the program itself in stead of using an INI file.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Now ... for the last time:

Read my first reply in this thread and give some answers as to why you want to screw around with the program itself in stead of using an INI file.

Jos

Looks like you misunderstood. :o or I did not explain good enough? Im not writing a prog. Im trying to modify already existing & compiled one. :)

1) I have a program written with autoit. Its not made by me. & I cant decompile it, its pass protected. There are some numpad hotkeys I want to change to F1,F2 etc.. & no I cant make a copy of this program, Because I dont fully understand how it works, there is some sord of a trick is used. And I tried, but it wont return the same result. It simply wont work. & no I cant make a code & set orhet hotkeys & let script press nupad hotkeys for me, they are being used by something else & i cant deactivate it.

2) If I know how to change hotkeys in the prog above I can also do this: I have a game, but I dont have a launcher. Yet I do have a launcher for another server. I know that the launchers are identical, they just connect to different IP. So I thought ill just hex the launcher & make it to connect to different IP & port.

Edited by goldenix

My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

Looks like you misunderstood. :o or I did not explain good enough? Im not writing a prog. Im trying to modify already existing & compiled one. :)

1) I have a program written with autoit. Its not made by me. & I cant decompile it, its pass protected. There are some numpad hotkeys I want to change to F1,F2 etc.. & no I cant make a copy of this program, Because I dont fully understand how it works, there is some sord of a trick is used. And I tried, but it wont return the same result. It simply wont work. & no I cant make a code & set orhet hotkeys & let script press nupad hotkeys for me, they are being used by something else & i cant deactivate it.

2) If I know how to change hotkeys in the prog above I can also do this: I have a game, but I dont have a launcher. Yet I do have a launcher for another server. I know that the launchers are identical, they just connect to different IP. So I thought ill just hex the launcher & make it to connect to different IP & port.

I perfectly understood you and all remarks are made about not messing with the compiled script but using an INI or something.

Now what is the problem using an INI file?


Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I perfectly understood you and all remarks are made about not messing with the compiled script but using an INI or something.

Now what is the problem using an INI file?

No idea. I never said anything about an ini file.

AdmiralAlkex ( see second post from above ) was talking about storing vars in the ini files in( the second part of his post = Off Topic ), I dont know why he mentioned that. Maybe he was too tired or something when he posted his reply.


My Projects:[list][*]Guide - ytube step by step tut for reading memory with autoitscript + samples[*]WinHide - tool to show hide windows, Skinned With GDI+[*]Virtualdub batch job list maker - Batch Process all files with same settings[*]Exp calc - Exp calculator for online games[*]Automated Microsoft SQL Server 2000 installer[*]Image sorter helper for IrfanView - 1 click opens img & move ur mouse to close opened img[/list]

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

No idea. I never said anything about an ini file.

We really seem to have a language problem here ..don't we?

Have you even tried to read what I have written of are you just being impatient?

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

No idea. I never said anything about an ini file.

AdmiralAlkex ( see second post from above ) was talking about storing vars in the ini files in( the second part of his post = Off Topic ), I dont know why he mentioned that. Maybe he was too tired or something when he posted his reply.

I was not off topic, you asked how to change some text and I explained that it wasn't possible and why, and then I gave you two alternatives. Jos later said the same thing except with the registry instead of resources.

Now if you had told more exactly what you were trying to do (mess with others script) I would ofc not have suggested using ini or resource, but as it was then I was ON TOPIC.

Now to the problem itself, you need to reread everything by me, Jos, Mobius and try to understand what we are saying. Simply hex-editing the script will not work, you can simply forget that idea. The only way you are gonna change the value in someone elses AutoIt-script is by decompiling it and you should know that we don't like that kind of things here.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0