Page 1 of 5 12345 LastLast
Results 1 to 15 of 64

Thread: Getting address data from exe files

Hybrid View

  1. #1
    Intruder
    Guest

    Post Getting address data from exe files

    Hi everyone!

    Can someone tell me a quick way to search for data address in exe files?
    Is the address that look something like these ==> &H0046A, in debbugers
    Sorry, but am not sure if am using the right words for this question

    I made a project in visual basic. The Project.exe have only one Command1Button

    Now am trying to find the data address that hold the string with Command1Button

    I been using a tool called BinText, is a good tool, but not good enough for this

    My idea is to be able to locate the right address, then be able to rename the Button caption text.

    I will apreciate if anyone give me a hit with this question

    Note: I don't want to use Wdasm for this example.

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    If you open your exe file with an hex editor, my favorite is HexWorkshop, and search for the caption text, you'll find it.

  3. #3
    Intruder
    Guest

    Post

    I do have Hexworkshop too, I been using it for a while, but some how
    i don't feel familiar with it, cus i can't get what i need with hexworkshop

    look, this is what i get with it using hexworkshop
    => 00001228 436C 6963 6B20 6D65 .................... Click me....8._.g...p

    The text caption on the Command1Buttom is 'Click me'

    But this is not exactly what i need to know...

    For example ==> &H0047EB, <== i need something like thes

    what i need, is the exact address where that function is locate

    I been doing this without the address, the way i been doing it without the
    addres, is by a giving thex name, for example:
    length

    EXE String = Replace EXE String, "Click me", "New text here")
    ^
    In here you have to make sure is the same length

    Open App.Path & "Project.exe" For Output As #1
    Print #1, EXE String
    Close #1

    But i don't want to keek doing it this way

    Now am planing to do it by a given address

    for example:

    Put #1, &H0047EB, "New value here"

    and so on.

    Thnak you for you help.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Intruder
    Guest
    Look this is an example using BinText

    File pos Mem pos ID Text
    ======== ======= == ====

    0000004D 0040004D 0 !This program cannot be run in DOS mode.
    000001B0 004001B0 0 .text
    000001D8 004001D8 0 .data
    00000200 00400200 0 .rsrc
    00000238 00400238 0 MSVBVM60.DLL
    00001005 00401005 0 [QsaTQs
    0000101E 0040101E 0 QssADs
    00001032 00401032 0 QsmYOs
    00001039 00401039 0 KDs0XQsaUQs
    00001055 00401055 0 UQsPOQs
    00001164 00401164 0 Project1
    000011F9 004011F9 0 Form1
    0000121B 0040121B 0 Command1
    00001228 00401228 0 Click me
    00001308 00401308 0 Project1
    000013B8 004013B8 0 Form1

    But the Address in the direction of 'Click me' it looks like is not the one
    cus i already try to work with that giving address, but then at the end
    the new value text caption end up in a diferent position.

    I would like to have the right words to explain what exactly is it that am talking about.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    hi you,

    maybe

    put #1, &H1228, "Click U"

    could do it?

    regards, 0xf001

    ps: i don't know what VB put does with files, and strings, etc if that would cause a newline inserted etc ..., but the position you are looking for is 0x1228

  6. #6
    Read the PE file format docs, then explain why 401228 is the correct address for that string.

  7. #7
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    I'm not really sure I understand exactly what you are trying to do, but of course you could open your VB source files change the caption and recompile - but if that's not an option then there are a couple of other options, WinHex has a search and replace text option, of course you'd still have to insert spaces to make the string length match, or you could use VBReformer 3.7 - if you can find it and simply change the button caption - even if the string is longer it will adjust everything so that your .exe still works, or assuming this dialog box is a resource there are a number of resource editors out there - IE ResHacker.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  8. #8
    Intruder
    Guest

    Post

    Ok guys let me explain a bit more about this little project.

    First, I don't want to use tools like 'Resource Hacker or PE Builder.
    If that was the case, I never post anything in this forum cus that’s not the idea.

    Renaming the buttom caption text is not to have fun with,
    Is just a little test for one of my next projects that’s all.

    0xf001, if you read carefully my post, you’ll see that I mention
    something about this address => &H1228, That address is not a valid one
    some how that address appear in the direction of the String text .."Click me"
    But is not the right address, cus I already try to work on it, but is not the one
    Trust me.

    If anyone of you want to try this, go ahead... Download BinText, Then open VB and start
    a project, just add one commamdbuttom to the form, then compile the project, and there
    you are. Now that you have the Project.exe in you desktop, open BinText and check it out

    What i see here, the same you will see there, then try to get that address and see if you can work with it.

    And about you sigint33...
    My propose is not just to rename the buttom caption,
    I made this project.exe just to work on that String text, nothing else.

    All i need to know is how to make quick search on any file for any address like...
    Buttons, TexBoxes, RichTextBoxes, ComboBoxes, ListBoxes, CheckBoxes, OptionButtom etc.


    I find this in Google

    Dim FNum As Integer
    Dim FBuf As String

    FNum = FreeFile()
    Open FileName For Binary Access Read As #FNum
    FBuf = Space$(LOF(FNum))
    Get #FNum, , FBuf
    Close #FNum

    This will search for any string text inside the .exe, and then it will replace that text
    with the one you add. of course it has to be the same length, if not, it won't work.

    But what happen when you try to replace something not using the string text
    on this case we will try to do it by the hexadecimal address in the executable
    this will required the exact address of the location of that data, if not, it will
    recreate the address in some other address in the exe, and you won't see the difference.
    Last edited by Intruder; April 23rd, 2006 at 04:34.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Intruder
    Guest
    WinHex look like a good tool
    But what I would like to know is
    How the heck I search for those address that look like these &H0046A,

    I was searching on Google and I find this other piece of information.

    Dim sp As Integer
    sp = FreeFile
    Open "msnmsgr.exe" For Binary As #sp
    Put #sp, &H5624F5, "n"

    It appear to me that the one who made this scrypt knew where the address was
    And he is trying to replace it with => “n”
    What ever is there is going to be replace with “n” or kill.

    The important thing in here, is that he knows where to point

    And thats right I need learn how to make search on any file for hexadecimal address.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    Intruder
    Guest

    Post

    There may be a way to comvert from 0x000456728 to something like these &H0046A,
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Your problem is,

    VIRTUAL address and PHYSICAL address are different!

    Take my advice and actually read the PE file format reference!

  12. #12
    nah,

    for working with put, the file offset is perfectly fine.

    i dunno your string tool, but the most simple will show you a file offset.

    regards,

    0xf001

    ps: my advice would be to write a few more programs, deal with hex and dec etc, maybe read a pe spec, but it could overflow you now. to get the job done, it should be really easy to replace that string.
    if in doubt, look the offset up in a hex editor
    next question: is this unicode?

    pps: hehe another idea or advise for the longer term is: maybe try to learn another language, like delphi or C. as all this is a personal opinion, i base it on my idea that VB is not very good for learning a language, as it does all so .....
    "in its own way" to say that nicely. in fact you don't get the basics how programs work, what really is a string etc ...
    my advice: C , it could clear up a lot of confusion

  13. #13
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Boy I'm really getting confused here! It seems that Intruder is confusing programming concepts with physical file info - I think the problem is that his &H000046 is a rersource and the actual push is located at somewhere else. But it does come to mind that a text tool has been published on this forum that might do exactly what he's trying to do - and what really confuses me is that what he wants to do is amazingly simple and he is really over complicating it IE; he wants a tool that does "x" but he doesn't want to use a tool?

    SiGiNT

    AND

    Dim sp As Integer
    sp = FreeFile
    Open "msnmsgr.exe" For Binary As #sp
    Put #sp, &H5624F5, "n"

    Is not a script I'm familiar with - looks like BASIC to me - and "n" would equal the numeric equivalent to a character, I dont think a string would work.
    Last edited by SiGiNT; April 23rd, 2006 at 17:51.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  14. #14
    Intruder
    Guest
    First to all of you...
    Am not trying to be confused in any way...
    If any of you think that my question is so confusing
    I believe no one of you have any clue of what my question is.

    Now is me the one that should be giving advices in here...
    Next time when no one of you knows the right answers to a question...
    Try to keep you mouth shut, maybe like that you'll be smarter.

    And for the one who advised me to learn some other language than VB
    Let me tell you that VB is not just for kids or for beginners, VB is
    a language that once you know what you doing, you know what you talking
    but if you never get into it, or you never come across, you'll never know what you opinion is.

    I came here asking for help, tips, or what ever answer, but I see that when
    No one have any idea of what the other person is talking about, then everybody
    start commenting bad about the one who is asking a question that no one know the answer.

    And for the last idiot who said that SCRIPT is not bla bla bla bla bla...
    For you information Script something that already has been written,
    So don't try to be smart in here, because you know shit of what you are saying
    If you don't have any freaking idea of what my words are, keep you fingers
    away from that keyboard.

    If my question is so simple for a dumb easier language like VB
    Why is it then that no one of this scrip kitties know shit about?

    Have a nice day everyone.

    This question is CLOSE

    I thought this forum was serious, But I was wrong.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #15
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by Intruder
    First to all of you...
    Am not trying to be confused in any way...
    If any of you think that my question is so confusing
    I believe no one of you have any clue of what my question is.

    Now is me the one that should be giving advices in here...
    Next time when no one of you knows the right answers to a question...
    Try to keep you mouth shut, maybe like that you'll be smarter.

    And for the one who advised me to learn some other language than VB
    Let me tell you that VB is not just for kids or for beginners, VB is
    a language that once you know what you doing, you know what you talking
    but if you never get into it, or you never come across, you'll never know what you opinion is.

    I came here asking for help, tips, or what ever answer, but I see that when
    No one have any idea of what the other person is talking about, then everybody
    start commenting bad about the one who is asking a question that no one know the answer.

    And for the last idiot who said that SCRIPT is not bla bla bla bla bla...
    For you information Script something that already has been written,
    So don't try to be smart in here, because you know shit of what you are saying
    If you don't have any freaking idea of what my words are, keep you fingers
    away from that keyboard.

    If my question is so simple for a dumb easier language like VB
    Why is it then that no one of this scrip kitties know shit about?

    Have a nice day everyone.

    This question is CLOSE

    I thought this forum was serious, But I was wrong.

    I think the responsibility of making the questions clear and understandable is yours. . .

    people went out of their ways to try to decipher what the fuck you were talking about, but it was pointless: garbage in, garbage out

    If you cannot compose a half decent question, stating exactly what you need and do not know, then do not expect a useful answer. . .
    We sometimes make extraordinary efforts to understand non native speakers, who indeed need help, or bonafide knowledge seekers that happen to be dyslexic, a quite prevalent malady among programmers.
    But in your case, the problem is fundamental Assholeness. . . No amount of good will would overcome that


    This board is not serious at all. . .
    quite the contrary,
    It requires a lot of intelligence from the reader to understand the answers, the tips, and the jokes. . .

    just to say it politely,

    FUCK OFF
    Last edited by naides; April 23rd, 2006 at 21:38.

Similar Threads

  1. Replies: 2
    Last Post: March 5th, 2008, 10:58
  2. SafeKey's *.FST data files format
    By forestkon in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: April 14th, 2006, 00:52
  3. cracking data files of an unspecified software
    By kramer in forum The Newbie Forum
    Replies: 8
    Last Post: August 26th, 2005, 01:45
  4. Game data files cracking
    By highfly in forum The Newbie Forum
    Replies: 3
    Last Post: February 6th, 2004, 20:17
  5. compressed data in files?
    By Aquatic in forum The Newbie Forum
    Replies: 10
    Last Post: February 26th, 2003, 17:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •