Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 64

Thread: Getting address data from exe files

  1. #16
    You seem to display the typical mentality of a VB "programmer".
    Quote Originally Posted by 0xf001
    pps: hehe another idea or advise for the longer term is: maybe try to learn another language, like delphi or C. as all this is a personal opinion, i base it on my idea that VB is not very good for learning a language, as it does all so .....
    "in its own way" to say that nicely. in fact you don't get the basics how programs work, what really is a string etc ...
    my advice: C , it could clear up a lot of confusion
    Agreed. VB also does strange things to its user, it seems

  2. #17
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by Intruder
    First to all of you...
    Am not trying to be confused in any way...
    If any of you think that my question is so confusing
    I believe no one of you have any clue of what my question is.

    Now is me the one that should be giving advices in here...
    Next time when no one of you knows the right answers to a question...
    Try to keep you mouth shut, maybe like that you'll be smarter.

    And for the one who advised me to learn some other language than VB
    Let me tell you that VB is not just for kids or for beginners, VB is
    a language that once you know what you doing, you know what you talking
    but if you never get into it, or you never come across, you'll never know what you opinion is.

    I came here asking for help, tips, or what ever answer, but I see that when
    No one have any idea of what the other person is talking about, then everybody
    start commenting bad about the one who is asking a question that no one know the answer.

    And for the last idiot who said that SCRIPT is not bla bla bla bla bla...
    For you information Script something that already has been written,
    So don't try to be smart in here, because you know shit of what you are saying
    If you don't have any freaking idea of what my words are, keep you fingers
    away from that keyboard.

    If my question is so simple for a dumb easier language like VB
    Why is it then that no one of this scrip kitties know shit about?

    Have a nice day everyone.

    This question is CLOSE

    I thought this forum was serious, But I was wrong.

    I think the responsibility of making the questions clear and understandable is yours. . .

    people went out of their ways to try to decipher what the fuck you were talking about, but it was pointless: garbage in, garbage out

    If you cannot compose a half decent question, stating exactly what you need and do not know, then do not expect a useful answer. . .
    We sometimes make extraordinary efforts to understand non native speakers, who indeed need help, or bonafide knowledge seekers that happen to be dyslexic, a quite prevalent malady among programmers.
    But in your case, the problem is fundamental Assholeness. . . No amount of good will would overcome that


    This board is not serious at all. . .
    quite the contrary,
    It requires a lot of intelligence from the reader to understand the answers, the tips, and the jokes. . .

    just to say it politely,

    FUCK OFF
    Last edited by naides; April 23rd, 2006 at 21:38.

  3. #18
    Intruder, you've asked a lot of questions, many of which are quite different to the others. I'll try to answer all of them. Maybe what you're looking for will be in here somewhere.

    ---

    If you want to find the location of the function that pertains to an event associated with a form object, the easiest way is to use a VB decompiler. I'd recommend 'VB Decompiler Lite'.

    ---

    If you want to search for some contiguous block of data within a file, then you should use a straightforward linear search: Open the file for binary access, load the whole thing in to a Byte array (not a String) and use two loops to find the location:

    Code:
    Dim FData() As Byte ' File Data
    Dim SData() As Byte ' Data you're searching for
    Dim FPtr As Long
    Dim SPtr As Long
    Dim Location As Long
    
    ReDim SData(...)
    SData(0) = ... ' Fill the SData array
    Open "..." For Binary As #1
    ReDim FData(LOF(1))
    Get #1, , FData
    Close #1
    
    Location = -1
    Do While FPtr < LOF(1)
      If FData(FPtr) = SData(0) Then
        Location = FPtr
        For SPtr = 0 to UBound(SData)
          If SData(SPtr) <> FData(FPtr) Then Exit Do
          FPtr = FPtr + 1
        Loop
        If SPtr > UBound(SData) Then
          'Found
          Exit Do
        Else
          'Not found
          FPtr = Location + 1
          Location = -1
        End If
      Else
        FPtr = FPtr + 1
      End If
    Loop
    Now Location will contain -1 if it wasn't found, or the offset of the data if it was. If you need this in the hex format you seem so keen on, you can create a string of it using
    Code:
    HString = "&H" & Hex(Location)
    ---

    If you need to find the file offset for the caption/text of a form object created at design-time, then you can use the above method to do it programmatically (making sure that you check for multiple instances). Or if you just need to modify using a tool (and don't need to write code to do it for you), you can use any old hex editor. Search for the caption you want (in ASCII) and it'll usually (but not always) be the first hit. The offset of this string can be used with a Put statement if you like.
    You seem pretty sure that this method doesn't work (and no, I won't 'trust you') but it does. I followed your instructions and set up a form with a command-button; searched for the caption in HexWorkshop and replaced it by another string of the same length. Next time I fired up the exe, the command button said something different.

    Perhaps you're having trouble with this because the button caption is being changed at runtime. If this is the case, you should try to find out where the string containing the new caption is located. This time, if it's a standard VB string, it should lie in the .rsrc section in UNICODE format. Again, make sure you search for all instances before committing yourself to any changes.

    ---

    VB Forms are stored in structural format in the exe resource section. The form-generating quasi-code is parsed at startup. All design-time properties are stored in here and it's pretty clear when you're looking at a block if it.

    ---

    If you want to replace a string with a shorter string, pad it with spaces up to (but not including the terminating null). If you want to replace it with a larger string, you'll either have to do something clever, or rebuild the whole .rsrc section. If you're so dead against using ResHacker to do this for you, then you have, to look forward to, a lot of fun whiling away the hours learning about the messy world of the PE .rsrc format.

    ---

    If you're looking for where the various properties of form objects are held (on disk), within the exe file without knowing what they might contain, then you'll again need to read up on VB's resource format and the ActiveX involved in it all. For example, suppose you want to find out where a command button's text is, knowing only that it is a command-button and not what its caption is. You'll need to load the file into memory, parse the PE header, locate the .rsrc section and navigate through three layers of tree structure until you find the form-building information. From here you have a fair bit more tree-climbing to do. It's all documented on the web.

    ---

    There certainly is a way to convert from 'from 0x000456728 to something like these &H0046A', providing that the data at 456728 is part of the PE image (and not dynamically created). Again, you'll need a little knowledge of the PE format, and how physical offsets translate to virtual offsets. If you fully understand how it works that way, it's just as easy to go backwards. This has been discussed a gazillion times on this forum and all over the web, so use a search engine on any/all of 'file virtual disk offset memory VirtualAddress PointerToRawData'.

    ---

    If your question isn't answered yet, you really need to spend more time thinking what it is you want & how to ask for it, and less time typing and yelling at our members.

    You may have been programming VB for two years, but most of the members here have been programming fluently in several languages ten times longer. And more importantly, everybody was (quite patiently) trying to help you out when you decided to throw it back in their faces. The combined knowledge of this forum is vastly greater than anything you'll ever experience on your own and the language barrier is just as frustrating for us as it is for you.
    So pipe down and put the attitude away or people will stop being so nice.

    Admiral
    Last edited by Admiral; April 24th, 2006 at 21:46.

  4. #19
    Ummmmmmmmmm........

    You made the program and you dont understand the structure ?

    Did I just hear the bus pull up outside ?

    TA TA

    OBC

  5. #20
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Well,

    His name was Intruder certainly made my day!.

    SiGiNT
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  6. #21
    Admiral, I think there's a bug in your code. Haven't read through it in detail so I might be wrong, but:
    Code:
        Location = FPtr
        For SPtr = 0 to UBound(SData)
          If SData(SPtr) <> FData(FPtr) Then Exit Do
          FPtr = FPtr + 1
        Loop
    Shouldn't FPtr here be replaced with Location? Otherwise if this was a false match on the first byte (ie: N bytes of SearchData matched, but not the entire SearchData string), when the loop exits to look for the next match, FPtr will have been incremented by N matching bytes, so if there's a repeating pattern of the first N bytes of SearchData in the file the comparison will fail.

    Hrm, I explained that badly and I might be wrong. Hopefully you see what I'm thinking..

    Did I just hear the bus pull up outside ?
    I'm so glad I recently learned what "the short bus" was
    Still here...

  7. #22
    Indeed, there was a bug (and in some sense, it wasn't the only one). FPtr should have been FPtr, but it needed resetting afterwards. I honestly didn't expect anybody (including Intruder) to look at my code in detail, but I think it's fixed now. I guess that goes to show that you shouldn't post code without testing it.

    It looks like Intruder's career here is over, but I'm hopeful that he may have been able to learn something, even if he shows no gratitude.

    Regards
    Admiral

  8. #23
    Intruder
    Guest
    Thanks for you post Admiral,

    And for naides...
    Just go check if you mom need some water
    Stupid retarded, I bet that is you where in front of me, you don't say anything.

    Admiral...
    I'll take at look to you example later.
    and don't say I didnít appreciate cus I do

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #24
    Intruder
    Guest
    Ummmmmmmmmm........

    You made the program and you dont understand the structure ?

    Did I just hear the bus pull up outside ?

    TA TA

    OBC

    Hey Woodmann...
    So you are the administrator of this forum eh?
    So why don't you erase my account mother fucker

    This is the first time a see the administrator of a forum getting into something that’s not his business.

    Whats you problem man !!!

    What a stupid name... => Woodmann
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #25
    gryzon
    Guest

    Hey

    You should edit your post and appologize Woodmann now (but I don't think this could
    be possible after your stupid behaviour)!
    Are you dumb?
    Last edited by gryzon; April 27th, 2006 at 17:57.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #26
    *So why don't you erase my account mother fucker

    Coz he wants to show everyone that you are being retarded in the forum!!!!!!!!!!!!!!!!!
    esther


    Reverse the code,Reverse Your Minds First

  12. #27
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,113
    Blog Entries
    5
    Lol, funny man. We all got stupid names. Nah, we don't want to erase your account, else how would you catch the bus?...


    http://www.woodmann.com/forum/attachment.php?attachmentid=923&stc=1&d=1078893325

  13. #28
    Intruder, perhaps you should copy-paste the information that has been given to you in this thread 'cause I imagine you won't be able to read it for too much longer.

    Taunting administrators is never a good idea so it seems you have outstayed your welcome. I tried to give you a second chance but it looks like you have too much pride.

    May the overlords have mercy on your account
    Admiral

  14. #29
    Howdy,

    This shall remain for everyone to see.

    The Admiral has given you his wisdoms. You have made the choice not to listen to what he has said.

    You are a fool, when The Admiral speaketh, thou shall listen.
    I dont know a whole lot of stuff but, I can see when someone is being a shit stain.
    Oh wait, maybe I can type in broken English so you understand.
    YOU = Shit stain.

    Now with that being said, I dont fuck my mother, it is not allowed where I live.

    I can trade foul mouthed insults with you all day long.

    Why dont you take the advice The Admiral has given you and come back with some things you have learned.

    TA TA
    OBC

  15. #30
    What is apparent is that if Intruder actually has a brain, one could stick it in a gnat's ass and it would rattle around like a pea in a boxcar.

    Even his lame attempts at insults demonstrate his lack of both class and skill. I suspect the other lamers would not even allow him on the Bus.

    Oh and Intruder is an AOL user, so broken English probably is not required.

    Regards,
    JMI

Similar Threads

  1. Replies: 2
    Last Post: March 5th, 2008, 10:58
  2. SafeKey's *.FST data files format
    By forestkon in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: April 14th, 2006, 00:52
  3. cracking data files of an unspecified software
    By kramer in forum The Newbie Forum
    Replies: 8
    Last Post: August 26th, 2005, 01:45
  4. Game data files cracking
    By highfly in forum The Newbie Forum
    Replies: 3
    Last Post: February 6th, 2004, 20:17
  5. compressed data in files?
    By Aquatic in forum The Newbie Forum
    Replies: 10
    Last Post: February 26th, 2003, 17:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •