Creating an executable from hexcode ( c++ )
-
Hey, lets say i take the hexcode from notepad.exe or whatever, how would i be able to create an executable using the hexcode? Lets say i write the hexcode into a file, is there any function that would make the file "working" ? Putting the hexcode into an executable obviously doesnt work. Kinda hard to explain myself, my english isnt that good so please excuse me. Greetings me :)
ALLERSLIT wrote:
lets say i take the hexcode from notepad.exe
What do you define as "hexcode?" Notepad.exe is already an executable.
-
ALLERSLIT wrote:
lets say i take the hexcode from notepad.exe
What do you define as "hexcode?" Notepad.exe is already an executable.
-
I mean the hexcode you see if you open notepad.exe in a hexviewer such as hex workshop etc.
OK, but exactly what do you want to do? The code you see is already in the form of an executable. What you see in hexviewer is a text representation of the binary code in notepad.exe, not the actual code.
-
OK, but exactly what do you want to do? The code you see is already in the form of an executable. What you see in hexviewer is a text representation of the binary code in notepad.exe, not the actual code.
I know its not the actual code. I am looking for a way to write the representation of the binary code to a file so the file will work. If i write the code i see in a hexviewer to a asdf.txt and rename it to asdf.exe for example, it wont work. What do i need to do so it will work? Sorry kinda hard to explain for me..
-
I know its not the actual code. I am looking for a way to write the representation of the binary code to a file so the file will work. If i write the code i see in a hexviewer to a asdf.txt and rename it to asdf.exe for example, it wont work. What do i need to do so it will work? Sorry kinda hard to explain for me..
Well, what hexviewer does is like the following: It will take each byte of the file (notepad.exe) and convert it to the text representation, i.e.: 255 will become FF hex 37 will become 25 hex So what you would have to do is convert the text back into binary. You would have to take the FF and turn it back into a single byte with value 255. And do that for every byte in the file.
-
I know its not the actual code. I am looking for a way to write the representation of the binary code to a file so the file will work. If i write the code i see in a hexviewer to a asdf.txt and rename it to asdf.exe for example, it wont work. What do i need to do so it will work? Sorry kinda hard to explain for me..
ALLERSLIT wrote:
What do i need to do so it will work?
copy notepad.exe asdf.exe"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Man who follows car will be exhausted." - Confucius
-
I know its not the actual code. I am looking for a way to write the representation of the binary code to a file so the file will work. If i write the code i see in a hexviewer to a asdf.txt and rename it to asdf.exe for example, it wont work. What do i need to do so it will work? Sorry kinda hard to explain for me..
I assume it's not working because the text file contains a textual representation of the file's data, not the raw data itself. You'd have to parse the text file and write out the corresponding raw data.
Steve
-
Hey, lets say i take the hexcode from notepad.exe or whatever, how would i be able to create an executable using the hexcode? Lets say i write the hexcode into a file, is there any function that would make the file "working" ? Putting the hexcode into an executable obviously doesnt work. Kinda hard to explain myself, my english isnt that good so please excuse me. Greetings me :)
As other people have said you need something to convert the textual representation of the code back into binary again. It's a fairly pointless excercise though as it'll be the same as the original. IF you want to do this so you can change the executable then there's going to be a few things that stand in your way: - checksums and signatures need to be recalculated. The checksum's easy enough, the signature is going to be a bind - You'll have to modify the executable header to take into account any change in section offsets It's a lot hard modifying a windows executable than it was an old DOS one. This is one of the reasons why viruses are so much less prevalent under Windows and malware authors have turned their attention to Worms and Trojans. Cheers, Ash
-
ALLERSLIT wrote:
lets say i take the hexcode from notepad.exe
What do you define as "hexcode?" Notepad.exe is already an executable.
The best way (only sensible way) is to write code in C or C++ and then use a compiler and linker to generate the "hex code", that is after all, how notepad.exe is created. Nobody writes binary/hex machine code these days, it's just unheard of. Besides, the "hex code" you see in notepad is a highly organized file, it is defined by the Microsoft COFF/PE format. You can download and see this here: http://www.microsoft.com/whdc/system/platform/firmware/pecoff.mspx[^] The structire is complex, fiddly and requires a great deal of metadata - usually managed by the compiler - in order to work. Unless each section is correctly formed, and correctly linked to other sections and its lengths etc correct, it will just crash when you try and run it. What is your motive for this question? Harry.
-
As other people have said you need something to convert the textual representation of the code back into binary again. It's a fairly pointless excercise though as it'll be the same as the original. IF you want to do this so you can change the executable then there's going to be a few things that stand in your way: - checksums and signatures need to be recalculated. The checksum's easy enough, the signature is going to be a bind - You'll have to modify the executable header to take into account any change in section offsets It's a lot hard modifying a windows executable than it was an old DOS one. This is one of the reasons why viruses are so much less prevalent under Windows and malware authors have turned their attention to Worms and Trojans. Cheers, Ash
In my experience the checksum in most files is 0 and not used.
Steve
