Using Hex Editor On Precompiled Exes
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Using Hex Editor On Precompiled Exes

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499

    Using Hex Editor On Precompiled Exes

    Although decompilation and editing of pre compiled programs is not strictly allowed there are certain reasons why you might want to do this.

    I am sticking this together with a little handy program called fred (hex editor)


    I will tutor by illustration here.

    1. Why I had to Hexedit.

    I downloaded a little password applet from www.javapowered.com that I was going to use on my webpage. It had a spelling mistake and instead of "O.K" it had "Okay" on the button.


    2. What I did next

    I decided to edit the little applet using FRED A Free hex/raw disk reader.

    I copied the applet etc into a directory just off the root (Note: 8chars recomended for directory name as Fred is rather old now and hasn't quite got the hang of long file names or spaces

    I ran the program and used it to open the applet.

    I pressed alt+e to switch to editing mode.

    I then looked through the text to find OKAY and replaced it with O.K

    Note : It is important not to overwrite any characters which are not text and I find that keeping the length of the string the same is beneficial.

    I then saved the file back to the disk.

    Exit fred.


    3. Testing

    I have tried the applet numerous times and it seems to be intact and working fine with its new caption.

    For those of you who are intrested its on my site at http://itdepartment.0catch.com

    Note : This is a free host site so popups are likely.

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    You have to love hex editors... they are great for "tweaking"...

    I use it all the time....

    I have not used the Fred hex editor... but will give it a go.

    XVI32 is the one I use in m$. Free and I've had no problems with it.

    I couldn't agree with you more about changing the string length... I'll often get "invalid win32 application" if you change too much stuff around... especially shorten the string. I just put spaces there...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    personaly, i like HackMan... Comes with a whole suite of cool editing tools...
    http://www.technologismiki.com/hackman/
    yeah, I\'m gonna need that by friday...

  4. #4
    Member
    Join Date
    May 2003
    Posts
    31
    is this how ppl find serials etc for trial programs to crack them?

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    1,499

    No Extreme

    This isn't how people Crack programs although technically if there was an accepted string writen somewhere in the source you probably could.

    Not that I'm recomending this or suggesting you try it.

    Infact along with most of the nice people here I think that people who crack and use malicious code are just *&^%&&%%^ up in the head.

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hex Editors... hah.. sweet

    I remember hex editing the version reply out of mirc.... That was ages ago before it was popular to do... people would be like hey you must be running BitchX and I'd be like nope... I'm in Windows running mIRC..... and the'd be like "Wow"... It even had that cool line "Editing out the version reply"

    I'd have to agree that Hex Editors are incredibly useful.... I do however think this tutorial was lacking..... but it was a decent start.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    It IS how they hack programs

    I do it al the time, FOR GOOD reason. Case point

    Here is an example of a bad hack, although not super bad. Let's say you are playing a game and you have 1000 gold and that new sword is 5000? You can search the executable for a hexadecimal value of 1000, back a back up or the original and then change that storage location to a hexadecimal value of 5000. Restart your game and you now have 5000 gold. Sure this is a simple example but given that knowledge you can start to break down imbedded passwords and controls. Again this is a very simple example, most likely that 1000 valued is stored in various other files but you get the point.

    Real world scenario: enter the mass deployment of an antiviral software client. After it was rolled out I discovered I made a mistake and selected a check box that would not have scanned client machines as thorough as I originally intended. I ran a hex dump of the exe with the bad check box and then changed the box and ran it again. I noted where the changes were stored in the code, modified it and pushed the modified file out the clients. Like magic they all had the change in place the next day.

    Have fun it's a great tool! Thanks for the suggestion on a hex editor, I have already tried it.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Seeing as the thing you were editing is a Java applet, its source code can probably be decompiled into a form which can be (with a few modifications perhaps) recompiled.

    Therefore, you can do that instead, which allows you to make completely arbritary modifications.

    Normal Java compilers with the default options even leave the names of local variables in the binary (for debug purposes). You *almost* get the original source code out in some cases (minus comments of course)

    Having said that, it is possible to put Java classes through an optimiser / obfuscator / anti-decompiler program, which makes them difficult to decompile - you can still decompile them to some extent, but the resulting code won't be legible, or compileable easily.

    Here is an example of a bad hack, although not super bad. Let's say you are playing a game and you have 1000 gold and that new sword is 5000? You can search the executable for a hexadecimal value of 1000, back a back up or the original and then change that storage location to a hexadecimal value of 5000.
    Hardly very likely.

    As far as I know, the vast majority of games have error checking on their save game files (and probably on their own binaries), and will refuse to load / run the save game if a modification is detected.

    The first game I know of to do this is Elite on the BBC Micro in about 1982 ... they had a competition to be the first person to complete the game. Working savegame editors were not released until years later.

    Modern games probably have several independent routines for checking the validity of savegames and binaries.

    The problem they have these days however, is that hackers use in-memory modification to change the contents of the game's memory while it's loaded - it is very difficult for the game to detect this.

  9. #9
    Junior Member
    Join Date
    May 2005
    Posts
    4
    I'm a new guy, an i think you can.
    hex it
    or
    ice it

  10. #10
    Senior Member
    Join Date
    Feb 2004
    Posts
    270
    hex editing most likely one of the skills most overlooked.

    i remember the day's of building custom diablo 1 and in a lesser way diablo 2 items from scratch with only long lists of attributes.(now they all use save game editors, whimps)

    Actually my one attempt to mod diablo 1 was in a hex editor because i knew to little asm to do it.(the changes were not that severe)

    personal favourite hexworkshop shelved out money for that great editor, never use it anymore but still.
    Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •