How to change a filename in memory?

giv · #1 05-25-2011, 14:40

In the Documentation of VH2011 on this link in described at chapter 4 paragraph 4 a hook method described as:

Quote:

4. Form

Normally, the form file included in the EXE file is read-only, it can not be
changed.

Use OllyDbg or WinHex to scan memory, then change the form file name in memory. For example, we can change the form file name in memory (file name description) from VHTEST.SC* to XXTEST.SC*, and create a new form file VHTEST.SCX.

Reference code:
PROCEDURE Init
vh()
ENDPROC

In terms of OllyDBG and Winhex i'm a novice.
Please, someone could enlight me how to do such a opperation as change the name of a file in memory of a running program in such way that running program to call the dummy filename instead of the correct filename.
A tutorial will pe highly apreciated.
Thanks!

goku · #2 05-25-2011, 15:25

Giv I think that this step is more convenient
5. Memory

Use OllyDbg or WinHex directly modify the memory of VFP p-code.

VFP p-code can be change to:

0x01 0x76 0x68 0x28 0x29 0x0A
---- ------------------- ----
CMD vh() end

VFP p-code reference:

0x01 0x44 0x4F 0x3F 0x0A
---- -------------- ----
CMD DO? end

0x01 0x2A 0x?? 0x?? 0x0A
---- -------------- ----
CMD *?? end

0x39 0xD5 0xFE
---- ---------
READ EVENTS

giv · #3 05-25-2011, 17:53

K Goku,
Make a live tutorial for us to understand (pdf with pictures or live with flash movie) to understand your words. I'm not so familliar with these notions as you are. That's the reason for this request.

congviet · #4 05-30-2011, 22:46

Hi Giv,
In VH2010, VH2011 has two examples about modify file name in memory.
I have two folders extracted from VH2010 as illustrative examples. You unzip and run the file for reference readme.htm
memory.zip

vilciucostel · #5 07-05-2018, 20:13

Quote:

Originally Posted by congviet

Hi Giv,
In VH2010, VH2011 has two examples about modify file name in memory.
I have two folders extracted from VH2010 as illustrative examples. You unzip and run the file for reference readme.htm
Attachment 5840

Please upload file to mega or dropbox because don't have permission to access this page.

Thanks.

bolo2002 · #6 07-05-2018, 22:39

Quote:

Originally Posted by vilciucostel

Please upload file to mega or dropbox because don't have permission to access this page.

Thanks.

did you see the year of post?

LaDidi · #7 07-06-2018, 18:37

@giv:
Why you don't use WinHex ?

niculaita · #8 07-06-2018, 22:30

https://www69.zippyshare.com/v/AluAmqZi/file.html

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Advanced IdaPython to change details UI cannot change	chants	General Discussion	1	07-31-2019 15:46
how can i change my username	DMichael	General Discussion	7	04-11-2015 18:50
change in VB EXE file.	ivanov	General Discussion	17	12-28-2004 17:58

The Following User Gave Reputation+1 to congviet For This Useful Post:
giv (05-31-2011)

The Following User Says Thank You to bolo2002 For This Useful Post:
tonyweb (07-08-2018)