I need a way to edit the resources (A String Table, to be exact) of a compiled executable and I need to do it in C++.
Can anybody offer any guidance/sample code on how I can go about doing this?
Start with LoadLibrary() that and load an executable(the one you want to edit)
Then FindResource() and UpdateResource() as necessary.
Read all about it here:
PE format Resource Functions
If you're on Linux or OS X there's always the "strings" command that will print out all of the static strings in the executable. Combine that with something like "objdump" and some knowledge with a hex editor you may be able to cobble something together.
I don't know if that is even possible, once you have a compiled executable & it's just machine code, there isn't really a specific way to understand how to interpret it (and therefore find/edit the resources you're looking for)...i.e. once you have just the executable, you can't for sure know whether a word is an instruction in assembly or just a word representing a number, label, etc in assembly...
As far as I know.
You can have a look at the good old reference and source code of PeDump of Matt Pietrek. He does handle (read-only) the resources of PE files in C++. Maybe it will inspires you to solve your problem...
Related
This is probably a strange question. My project involves a few other people that need to work on the code too. I'm not sure how careful they would be with it and I don't want it to leak. For this reason I split it into 2 parts, one is in the form of a library, the rest just plain source code. There is one other guy that needs everything so he also has the source to the library. I don't want this guy to make any changes to the library. I put in a version number that gets printed when everything is running but I have no way of knowing (from looking at logs) if the library was authentic (from me only).
I was hoping there is some way I can use a public-private-key signature or something like this but against what? I probably can't just calculate an MD5 hash either because the linker probably puts the library function in different places all the time.
I realize it's probably not feasible to sign and verify source code but I would be curious to hear if anybody has any ideas.
You can use one of the VCS (version control systems) listed here.
By my experience you can use Github, it is easy to work with.
I know that you cannot have a C++ dll and expect to have it as a source code, am I right? But at the same time, when I revert a C++ dll to raw data, using DUMPBIN, then there are some stuff which can be done to interpret it, right? For example, we know basic mappings for most popular operators and all.
Is there a tool that can roughly interpret that raw machine data to something that looks more to a code or instruction? The issue is that I do not have enough time to write it myself to scratch! so I am looking for a tool or something to do it.
You need a disassembler, which is a tool that takes a binary object (like a compiled file, a library, or even an executable) and tries to reinterpret its content as assembly.
With a tool like that you can usually retrieve the names of the internal symbols (unless of course the binary image is stripped, but this is not the case for dynamically liked libraries).
Also for C++ this is a bit difficult because of name mangling.
Try to give a glance to Objdump.
YOu can disassemble the code sections of the DUMPBIN /DISASS - but if you want "code" like C++, then you need a decompiler. However, they are far from great, and often make quite unreadable code - yes, it's something that you can feed into a compiler, but it's hardly what I'd call "human readable".
In my biased opinion, the best disassembler out there is IDA (Interactive Disassembler). It is somewhat expensive since it's targeted towards professional use, but there's a freeware (older) version you can try:
http://www.hex-rays.com/products/ida/support/download_freeware.shtml
The Hex-Rays Decompiler (an add-on for IDA) can produce C pseudocode from the disassembly, which can in many cases be recompiled again.
I want to print the code of a function in a DLL.
I loaded the dll, I have the name of the desired function, what's next?
Thank you!
Realistically, next is getting the code. What you have in the DLL is object code -- binary code in the form ready for the processor to execute, not ready to be printed.
You can disassemble what's in the DLL. If you're comfortable working with assembly language, that may be useful, but it's definitely not the original source code (nor probably anything very close to it either). If you want to disassemble it, loading it in your program isn't (usually) a very good starting point. Try opening a VS command line and using dumpbin /disasm yourfile.dll. Be prepared for a lot of output unless the DLL in question is really tiny.
Your only option to retrieve hints about the actual implemented functionality of said function inside the DLL is to reverse engineer whatever the binary representation of assembly happens to be. What this means is that you pretty much have to use a disassembler(IDA Pro, or debugger, e.g. OllyDbg) to translate the opcodes to actual assembly mnemonics and then just work your way through it and try to understand the details of how it functions.
Note, that since it is compiled from C/C++ there is lots and lots of data lost in the process due to optimization and the nature of the process; the resulting assembly can(and probably will) seem cryptic and senseless, but it still does it's job the exact same way as the programmer programmed it in higher level language. It won't be easy. It will take time. You will need luck and nerves. But it IS doable. :)
Nothing. A DLL is compiled binary code; you can't get the source just by downloading it and knowing the name of the function.
If this was a .NET assembly, you might be able to get the source using reflection. However, you mentioned C++, so this is doubtful.
Check out this http://www.cprogramming.com/challenges/solutions/self_print.html and this Program that prints its own code? and this http://en.wikipedia.org/wiki/Quine_%28computing%29
I am not sure if it will do what you want, but i guess it may help you.
learned english as a second lang, sorry for the mistakes & awkwardness
I have given a peculiar project to work on. The company has lost the source code for the app, and I have to make changes to it. Now, reverse engineering the whole thing is impossible for one man, its just too huge, however patching individual functions would be feasible, since the changes are not that monumental.
So, one possible solution would be compiling C code and somehow -after rewriting addresses- patching it into the actual binary, ideally, replacing the code the CALL instruction jumps to, or inserting a JMP to my code.
Is there any way to accomplish this using MingW32? If it is, can you provide a simple example? I'm also interested in books which could help me accomplishing the task.
Thanks for your help
I use OllyDBG for this kind of things. It allows you to see the disassembly and debug it, you can place breakpoints etc, and you can also edit the binary. So, you could edit the PE header of that program adding a code section with your (compiled) code inside, then call it from the original program.
I can't give you any advice since I've never tried, although I thought about it many times. You know, lazyness.. :)
I would disassemble the program with a high-quality disassembler that produces something that can be assembled back into a runnable app, and then replace the parts you need to modify with C code.
Something like this will let you reverse the machine code into source. It won't be pretty but it does work.
http://www.hex-rays.com/idapro/
There are also tools for runtime patching http://www.dyninst.org/ for instance. They really aren't made for patching but they can do the trick.
And of course the last choice is to just use an assembler and write machine code :)
I want to create a file that only resides in memory... In looking through some documentation I saw a recommendation to use a shell extension as a virtual file. Im not sure that is a workable solution but I would like to know
Is it a good approach (or should I be using a ramdisk instead)
Where is a good place to start to read up on it
Note: This is on the Windows platform
As I understand, you want your program to create a "file", which resides only in memory and that you can pass on to another external program (say, Microsoft Word).
AFAIK this is not possible, short of a ramdrive. I'd suggest using a temporary folder. You will however have to come up with a strategy for deleting the file when it's not needed anymore.
Added: On second though, you might want to check out Reparse points. I'm not familiar with them myself, and they will only work for NTFS formatted disks, but perhaps they can provide you with what you want. It will be a lot of coding though.
You don't say on which plateform you are but I'm guessing Windows. Is mmap() available? If not, I think BerkeleyDB has been ported to Windows so you should be able to use that. Win32 API may have something akin to mmap() but I don't know it.
If you want a file that resides only in memory, use a named pipe or something, though I question your scenario - can you go up a level and describe what you want to do?