Question
I have an exe file that I had written a while back and cannot find the source code for it (it was written in C++).
It calls the MessageBoxA function in user32.dll and passes necessary parameters to it. I want to modify the flags parameter to include the MB_ICONERROR (0x10) flag.
How do I go about finding which bytes in the exe file need to be modified to accomplish this?
Solution
You need a disassembler like ICE or IDA. https://www.hex-rays.com/products/ida/support/download.shtml. Load the executable. Find the Win32 API call on Names Window, to find it, just type the function name. Then double click CODE XREF to go to referenced caller.
Then you get what you want:
Just select the line and click on Hex-View to get the address.
https://stackoverflow.com/questions/18987718
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian