hi guyz, i was just testing something with exes. I compiled the example HELLO project that comes with fasm as it was the most simplest one. Now in order to add a few letters to the message box through hex(using a hex editor like ultraedit), i have to use the empty 00's present. but whenever i add a byte, my exe generates an error cause the entry point of the import changes,

changes to

so i am trying to find in which part of the exe is the address stored that points to this. i want to change it to point to 54 rather than that 00 which it points after adding the byte.ne idea?
[Compile the example proj HELLO that comes with fasm n open it with an hex editor for more info]

FASM can use separate sections as well. See for directive "section" in the manual.

yea i do realise that, but now i just want an answer to my previous question..

ok, lemme ask it a simple way, is it possible to change the location of
(idata) after the exe has compiled?

Simple answer is NO, but if you really want to do that, you'd have to manually change all references to them and about Messages - they tend to be UNICODE and you have to give it 2-byte pairs so inserting/deleting one byte almost always causes crash.
Another thing is that you cannot INSERT strings when file is already assembled, but you must OVERWRITE so all other bytes remain at the same locations.

i know its possible. i can add bytes but i couldn't find out the reference to the calls. i know i have to change them but which part shld i change(add 2 to the address). cause the address are not relative to file size....

Raul,


doing it by hand is not easy, and may be imposible. It depends on each program code (not always). Each program is a different world. You must know PE format very good. You must know hex code very good (or use a good disassembler program). It is easier to add another section, than to modify an existing one. This is an example of code with a text message that can not be expanded in an easy way in same section.



Just an idea: modify the code of HELLO fasm example, replacing the old text with a new one, and then compile it (with a new file name). Then you can open both files with an hex editor and compare them.

Regards.

Kecol.-

i created two different variations of hello program(a bit simpler so that the file size would be 1 kb). the differences i found were quite simple, they were just the number of bytes after which .idata's MessageBoxA functions occur etc... thanks for the help. though ur idea to add a new section isnt bad atall, it would be better to place a jmp function in the main code and append the code to be added in the end and jmp to it. so i wont face any address problems.