hi,
how can I catch all strings from a native windows .exe file and replace them later with others using c# ?
Background: I want to create a c# tool to extract and replace strings from a simple .exe file.
Is this possible somehow?
+1
A:
If you just want to do it for fun then I would suggest you using Resource Hacker, this is very robust program.
If this is project requirement then I'll also watch this space for answers :)
TheVillageIdiot
2009-05-29 13:59:43
thank you. it is not just for but, but for a project. So i'll wait for further answers.
Uwe
2009-05-29 14:11:00
A:
Keep in mind that this is generally not possible. There are many ways to store strings in a native C++ program. Resource strings are the easy case, as aman.tur correctly mentioned.
Strings in the data segment, on the other hand, are typically indexed directly. In that case, if you change their start offset (because the length of a preceding string changes), you'd need to find all ways to express that offset, which is nigh impossible. Furthermore, when strings in the datasegment become longer, you might run over fixed buffers. And if the total string collection grows, data after them might move too.
It's also quite possible that small strings (e.g. up to 4 characters including \0) are strored in the code segment. Changing those could be an even bigger challenge, as you are even less likely to be able to modify the string length.
Please note that by design this will invalidate all digital signatures.
MSalters
2009-05-29 14:11:41
ok. I missed that in my question. The strings are all stroed/based on the resoruces. So this should ease up things.
Uwe
2009-05-29 14:29:08
+3
A:
What you need to start is a PE/COFF parser. If your strings are stored in a resource section in the PE, then it's pretty easy. For instance, you can load an exe into Visual Studio as a resource file and use its resource editor to change icons and strings and such in the exe. If on the other hand the strings are stored in a data section or are immediate in the machine code you have a much more complex problem. Overwriting the strings as is, leaving them the same length will probably work, but making them longer starts moving things around, messing up relocations and offsets. Rewriting the exe is really not the way to achieve what you want.
Moved up from my comment: PE/COFF is the exe format of windows programs. If you just want to edit the resources, you shouldn't need a parser. You might start by using LoadLibraryEx() with flags LOAD_LIBRARY_AS_IMAGE_RESOURCE|LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE to load the exe to just use the resource and so that it's writable. Then start looking at LoadString(). These are all native API calls. I don't really know how you do it in C#.
Rob K
2009-05-29 14:13:21
as I commented to msalters, just resources are needed. The problem is, I dont watnt to do this "by hand" but in my own c# app to automate some things. So whats the start at the pe parser?
Uwe
2009-05-29 14:30:36
PE/COFF is the exe format of windows programs. If you just want to edit the resources, I don't think you'll need a parser. You might start by using LoadLibraryEx() with flags LOAD_LIBRARY_AS_IMAGE_RESOURCE|LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE to load the exe to just use the resource and so that it's writable. Then start looking at LoadString(). These are all native API calls. I don't really know how you do it in C#.
Rob K
2009-05-29 14:54:58