#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    0

    Changing the byte in an Executable file in Delphi


    Hi,

    I am working on a program who will find an address in a executable file, then read the byte and replace it.

    For example,
    File name is Test.exe (size 10.6 kb), I want to change the byte FA located at 5000 to 05.

    I search on the net about SetFilePointer, and i try to do this:

    Code:
    var
      h,      : HFILE;
      buf     : array[0..4095] of Byte;
      Read, p : DWORD;
      m, nac  : DWORD;
    
    begin
    
      m := 1;
      nac := 5000;
      h := CreateFileA('C:\TEST\test.exe', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
      
    if h <> INVALID_HANDLE_VALUE then
      begin
        p := SetFilePointer(h, nac, @m, FILE_BEGIN);
        if p <> 0 then
          ReadFile(h, Buf, SizeOf(Buf), Read, NIL);
      end;
    
     edit1.Text := InTtoStr(m);
     edit2.Text := InTtoStr(nac);
     edit3.Text := InTtoStr(p);
    Can anyone advice please how can I rearrange the above code?

    Regards
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    Augsburg Germany
    Posts
    12
    Rep Power
    0
    Code:
    var
      h      : HFILE;
      buf     : array[0..4095] of Byte;
      Read, p : DWORD;
      m, nac  : DWORD;
      Dest:Cardinal;
    begin
      dest := 5000;
      m := dest shr 32;
      nac := dest and $FFFF;
      h := CreateFileA('C:\temp\test.exe', GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
    
    if h <> INVALID_HANDLE_VALUE then
      begin
        p := SetFilePointer(h, nac, @m, FILE_BEGIN);
        if p <> 0 then
          ReadFile(h, Buf[0], 1, Read, NIL);
      end;
    
     edit1.Text := InTtoStr(m);
     edit2.Text := InTtoStr(nac);
     edit3.Text := InTtoStr(Buf[0]);
    end;

    Comments on this post

    • Lee_can agrees : it helps me ...
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    0
    Thank you very much man,

    it works fine
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    0
    it seems that it works only for some bytes
    I have compared the values with Hex Workshop for address offset, they are not the same.
    In order to be sure if I understood the code:
    The Value at offset 5000 is EB (by Hex Workshop) is the same InTtoStr(Buf[0]); ???

    Thanks and Regards
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    Augsburg Germany
    Posts
    12
    Rep Power
    0
    Should work, but I'm more familiar with ....
    Code:
    Const
     Position=5000;
    var
     fs:TFileStream;
     b:Array[0..4096]  of byte;
    begin
         fs := TFileStream.Create('C:\temp\AFile.exe',fmOpenReadWrite);
         try
         ZeroMemory(@b[0],SizeOf(b));
         fs.Seek(Position,soFromBeginning);
         fs.Read(b[0],1);
         Showmessage(IntToHex(b[0],2));
         fs.Seek(Position,soFromBeginning);
         b[0] := ORD('X');
         fs.Write(b[0],1);
         finally
           fs.Free;
         end;
    
    end;

    Comments on this post

    • Lee_can agrees
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    4
    Rep Power
    0
    bummi,

    Big thanks for you man, now it is working very fine.

    Best Regards
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Location
    Augsburg Germany
    Posts
    12
    Rep Power
    0
    gladly :-)
    Originally Posted by Lee_can
    bummi,

    Big thanks for you man, now it is working very fine.

    Best Regards

IMN logo majestic logo threadwatch logo seochat tools logo