How to modify an executable without corrupting it?
-
29-06-2021 - |
문제
Is there a specific null char or a sequence of bytes which would not corrupt the executable if added in FRONT of the file? I tried adding NUL (00 hex) but it corrupts the executable every time. Is there some bytecode for NOP (no operation) or something similar?
Long story short, I want to mess up a "hack" that modifies a value in memory at &process+fixed offset. Pushing the memory stack up would (or so I think) prevent it from working.
해결책
No, the PE file format that Windows executables use has a very specific header. See http://en.wikipedia.org/wiki/Portable_Executable for more details.
You can try using ASLR to make your code more resistant to in-memory patching.
다른 팁
You'd have to parse it completely into it's different sections and segment, modify the one you are looking for, but you won't be able to INSERT code before any code segment: you'd better had a segment that will be executed first, then will jump to the old start segment.
At the end you will have to recreate a new complete executable file.