Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   How to change a filename in memory? (https://forum.exetools.com/showthread.php?t=13520)

giv 05-25-2011 14:40
How to change a filename in memory?
 
In the Documentation of VH2011 on this link in described at chapter 4 paragraph 4 a hook method described as:
Quote:
4. Form

Normally, the form file included in the EXE file is read-only, it can not be
changed.

Use OllyDbg or WinHex to scan memory, then change the form file name in memory. For example, we can change the form file name in memory (file name description) from VHTEST.SC* to XXTEST.SC*, and create a new form file VHTEST.SCX.

Reference code:
PROCEDURE Init
vh()
ENDPROC
In terms of OllyDBG and Winhex i'm a novice.
Please, someone could enlight me how to do such a opperation as change the name of a file in memory of a running program in such way that running program to call the dummy filename instead of the correct filename.
A tutorial will pe highly apreciated.
Thanks!

goku 05-25-2011 15:25
Giv I think that this step is more convenient
5. Memory

Use OllyDbg or WinHex directly modify the memory of VFP p-code.

VFP p-code can be change to:

0x01 0x76 0x68 0x28 0x29 0x0A
---- ------------------- ----
CMD vh() end

VFP p-code reference:

0x01 0x44 0x4F 0x3F 0x0A
---- -------------- ----
CMD DO? end

0x01 0x2A 0x?? 0x?? 0x0A
---- -------------- ----
CMD *?? end

0x39 0xD5 0xFE
---- ---------
READ EVENTS

giv 05-25-2011 17:53
K Goku,
Make a live tutorial for us to understand (pdf with pictures or live with flash movie) to understand your words. I'm not so familliar with these notions as you are. That's the reason for this request.

congviet 05-30-2011 22:46
1 Attachment(s)
Hi Giv,
In VH2010, VH2011 has two examples about modify file name in memory.
I have two folders extracted from VH2010 as illustrative examples. You unzip and run the file for reference readme.htm
Attachment 5840

vilciucostel 07-05-2018 20:13
Quote:
Originally Posted by congviet (Post 73222)
Hi Giv,
In VH2010, VH2011 has two examples about modify file name in memory.
I have two folders extracted from VH2010 as illustrative examples. You unzip and run the file for reference readme.htm
Attachment 5840
Please upload file to mega or dropbox because don't have permission to access this page.

Thanks.

bolo2002 07-05-2018 22:39
Quote:
Originally Posted by vilciucostel (Post 113893)
Please upload file to mega or dropbox because don't have permission to access this page.

Thanks.
:D:D

did you see the year of post?

LaDidi 07-06-2018 18:37
@giv:
Why you don't use WinHex ?

niculaita 07-06-2018 22:30
https://www69.zippyshare.com/v/AluAmqZi/file.html


All times are GMT +8. The time now is 17:11.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX