Using Hex Editor On Precompiled Exes
Although decompilation and editing of pre compiled programs is not strictly allowed there are certain reasons why you might want to do this.
I am sticking this together with a little handy program called fred (hex editor)
I will tutor by illustration here.
1. Why I had to Hexedit.
I downloaded a little password applet from www.javapowered.com that I was going to use on my webpage. It had a spelling mistake and instead of "O.K" it had "Okay" on the button.
2. What I did next
I decided to edit the little applet using FRED A Free hex/raw disk reader.
I copied the applet etc into a directory just off the root (Note: 8chars recomended for directory name as Fred is rather old now and hasn't quite got the hang of long file names or spaces
I ran the program and used it to open the applet.
I pressed alt+e to switch to editing mode.
I then looked through the text to find OKAY and replaced it with O.K
Note : It is important not to overwrite any characters which are not text and I find that keeping the length of the string the same is beneficial.
I then saved the file back to the disk.
Exit fred.
3. Testing
I have tried the applet numerous times and it seems to be intact and working fine with its new caption.
For those of you who are intrested its on my site at http://itdepartment.0catch.com
Note : This is a free host site so popups are likely.
It IS how they hack programs
I do it al the time, FOR GOOD reason. Case point
Here is an example of a bad hack, although not super bad. Let's say you are playing a game and you have 1000 gold and that new sword is 5000? You can search the executable for a hexadecimal value of 1000, back a back up or the original and then change that storage location to a hexadecimal value of 5000. Restart your game and you now have 5000 gold. Sure this is a simple example but given that knowledge you can start to break down imbedded passwords and controls. Again this is a very simple example, most likely that 1000 valued is stored in various other files but you get the point.
Real world scenario: enter the mass deployment of an antiviral software client. After it was rolled out I discovered I made a mistake and selected a check box that would not have scanned client machines as thorough as I originally intended. I ran a hex dump of the exe with the bad check box and then changed the box and ran it again. I noted where the changes were stored in the code, modified it and pushed the modified file out the clients. Like magic they all had the change in place the next day.
Have fun it's a great tool! Thanks for the suggestion on a hex editor, I have already tried it.