Results 1 to 4 of 4

Thread: Changing text constants

  1. #1

    Question Changing text constants

    I have a binary that refers to a text string, for example:

    MOV DWORD PTR SS:[ESP], 0x1000000 ; ASCII "Bla"
    CALL MY_PRINTF ; Prints whatever was written to ESP before this instruction

    MY_PRINTF might print the string whose pointer gets written to the top of stack (this is just a made up example)

    I want to change this so that it prints a much longer string (say, "Hello World"). The problem is that the bytes of "Bla" are located in relocatable segment of the executable and are immediately followed by another constant string that I don't want to trample over.

    Basically I want to add a custom (perhaps long) text string to the constant section of the binary and add the address of that to the instruction before printf. The address should be such that when the loader patches the exe after relocating the text section, it should grab the correct value.

    Can anyone help me with this? I haven't been able to find an online resource/tutorial that describes adding a new text (I know how to change instructions or add NOPs, etc., but don't know how to add relocatable strings to the binary).

    Thanks in advance,
    Last edited by madiyaan; December 17th, 2009 at 19:07. Reason: made the post more clear.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, if there's room in that section, just add, or change a string that you DON'T need, and adjust the value that gets pushed onto the stack before PRINTF is called. If there is no room to do it, it's POSSIBLE, but much more involved.

  3. #3
    OK. I actually got it working by adding to the end of the section and changing the pointer that is pushed. I guess Olly automatically makes it such that the code is relocatable (what I am saying is that the value I modify for the push parameter might have to be different if that section is loaded in a different area of memory, and I was asking for advice on how to make it such that it survives the loader fix-up. Currently it seems like it is working for my executable without the fix-up).

    Another question I have is the following: what if I need to add CODE to a place in Olly but I have no space. For example, between the PUSH and the CALL, what if I wanted to add 10-20 more instructions. Is that possible? Can you point me to a tutorial that does that?

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Yes, my favorite way to do that, is to find a "code cave" (a search will do wonders for you with that search item), and in the mainline code, jump to the code cave, do what you need to do, and then jump back. (Don't forget to include the instructions that you wrote over with the jump!).

Similar Threads

  1. Asprotected app, I have the key constants and a working key.
    By komplex in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: January 21st, 2014, 13:24
  2. Finding elusive constants
    By 5aLIVE in forum The Newbie Forum
    Replies: 7
    Last Post: January 25th, 2009, 08:55
  3. Append text to an edit control text buffer?
    By homersux in forum The Newbie Forum
    Replies: 3
    Last Post: August 6th, 2004, 19:58
  4. Windows message constants
    By Hero in forum The Newbie Forum
    Replies: 3
    Last Post: July 26th, 2004, 06:53
  5. Quick Win programming constants interpretation ?
    By Czerno in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: December 2nd, 2001, 18:46


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts