|
|
|
|
#1
10-24-2016, 00:41
|
|||
|
|||
|
You can set a read/write hardware breakpoint to obtain the location that reads/writes the string.
Another possibility is a pure static approach: searching for xrefs in the code. Doing that, you will see that 0x7B31B6 loads the data location into eax and then calls 0x40A748. 
|
| The Following User Says Thank You to t3xc0d3 For This Useful Post: | ||
byvs (10-24-2016) | ||
|
#3
10-24-2016, 04:59
|
|||
|
|||
|
assuming the program is otherwise unprotected and will not try to prevent or detect it, write a loader which injects a dll into the target process's memory and patches bytes in the appropriate place to call a function in your dll that changes the string however you wish. there are lots of tutorials on code injection, here are some good ones:
Three Ways to Inject Your Code into Another Process A More Complete DLL Injection Solution Using CreateRemoteThread Code Injection - A Generic Approach for 32bit and 64bit Versions InjLib - A library that implements remote code injection for all Windows versions
|
| The Following User Says Thank You to bongos_man For This Useful Post: | ||
byvs (10-24-2016) | ||
|
#4
10-24-2016, 05:37
|
||||
|
||||
|
Quote:
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Identify an unknown 64 bit Packer | Kurapica | General Discussion | 1 | 07-06-2021 01:05 |
| Help identify crypto | The Old Pirate | General Discussion | 5 | 12-27-2014 04:15 |
| Trying to identify crypto algorithm | SiNTAX | General Discussion | 4 | 06-17-2010 03:23 |
Hybrid Mode
