String Change

Help on how to use HxD.
Post Reply
Posts: 1
Joined: 10 Jul 2014 08:31

String Change

Post by Darkcon »

Okay here's the deal! First to say that im kinda noob in hex editing. I am trying to edit a string which equals to an ip. When i open the .exe file and search for the string it can't find it. I make a little research and noticed that this exe might be extra encrypted, coz the string still exist in the hex code, but every 2 digits of the string are in different locations and i have to change them like (1. search for "6 - change, then search for 9. and change) and so 2 by 2 which is kinda impossible coz there are lot's of "6 and 9. strings in the exe file, so what should i do now ? Help, please!
Site Admin
Posts: 1366
Joined: 12 Mar 2005 14:15

Re: String Change

Post by Maël »

It could maybe help if there was regular expression search. This way you could specify random gaps between known parts of the string you search.
This will be added in future.

However it's also possible that you just find random partial matches, that are not really part of the ip you are looking for.

Maybe also the encoding of the IP is done in an non-obvious way. If you can change the IP somehow to create a new exe file, you could use diffing between the old and new exe file to narrow down the potential locations where the IP is stored (because those places holding the IP would be the only places that change).

If the file is compressed or encrypted however, you likely would have changes in many places. So this method would not work there without decrypting or decompressing first.

In short, this is not exactly easy to solve. Maybe you can get some tips about the specific file in forums that give cracking challenges, like "crack the code" or "crack me", which provide example programs that were created specially for that purpose and are therefore legal to crack. Often security researchers or enthusiasts know about such things. The field of reverse engineering might also prove as valuable to you.

Good luck.
Post Reply