0

Today I am trying to remove some bytes from an EXE file.

Inside the EXE I found a path to a file that the EXE needs to load. I want to change the path, and to do that I have to remove some ../../ characters. When I do that and save the file, it looses its icon and a 'win32 unknow format error' is displayed when I try to execute it.

If I don't remove those bytes but replace them by 0, the icon is not lost, and the file looks right. Yet, the path is incorrect.

So, it looks like when I remove bytes, position of other information inside the file is lost, including resources (the icon). After removeing those bytes, I need to add other 6 bytes, to keep the same size and position of other data. Where should I do that? If I add those bytes at the end of the file, it doesn't work. Could you give me some clues? Thanks!

ali
  • 10,927
  • 20
  • 89
  • 138

1 Answers1

3

After removing the ../../ from the start of the string, stick six 0 bytes at the end of the string (I'm assuming you can identify the end manually). That way the offset of everything in the file remains the same. By removing the 6 bytes entirely, the offset of things after the string would change. By replacing the 6 bytes with 0s, the offset of the string would change (it would now really be at wherever it was + 6).

dave
  • 12,634
  • 3
  • 20
  • 12
  • Thanks! The main idea is to change the reference to a file from 2 directories backward to the actual directory. Inserting six 0, wouldn't that add 6 more bytes to the file? – ali Jun 11 '12 at 22:21
  • @ali I meant after removing the ../../ from the beginning – dave Jun 11 '12 at 22:30
  • O.K. I understand. Some debugging tools for the EXE, so I can see other possible errors? Thanks! – ali Jun 11 '12 at 22:31
  • @ali `dumpbin` (which is included with Visual Studio Express) is a simple but useful tool for poking around inside DLLs/EXEs. It will probably identify some errors – dave Jun 11 '12 at 22:40