Jump to content
Please Use CODE Tags

OllyDbg question.

KieuVanQuan
By KieuVanQuan
in Programming
 Share
Posted

Is it possible to edit certain values of an exe file in OllyDbg? (The exe is unpacked already so no protection) For example change a value from 5 to 6 or change a file path or dll call...? Or can I only jump certain processes?

CPU i5-4460 @ 3.2 ghzMotherboard Gigabyte GA-Z97X Gaming 7RAM 32gb Corsair Vengance 1600mhzGPU GTX-750 TICase Carbide 400R | SSD Plextor M8Pe(Y) 256gb NVME | SSHD Barracuda 1TB PSU CX430Display LG 29UM55-P Ultrawide | Keyboard Trust 3-way LEDMouse Razer Death Adder V2 Left Handed | Speakers Genius SW-HF 5.1 6000Headset Beyerdynamic DT770 PRO | Sound Card Xonar Essence STXIIOS Windows 8.1 x64 Professional, build 9600 | Theme(s) Windows 7, Vista & Aero from DeviantArt

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/
Share on other sites
Link to post
Share on other sites
Posted
  • Author
19 minutes ago, jubjub said:

Do you just want a hex editor or...?

 

For example if I want to change a string from "C:/Something.exe" to "C:/SomethingElse.exe" inside an executable I'd just open it in a hex editor and find and replace.

 

I want to change integers too.

CPU i5-4460 @ 3.2 ghzMotherboard Gigabyte GA-Z97X Gaming 7RAM 32gb Corsair Vengance 1600mhzGPU GTX-750 TICase Carbide 400R | SSD Plextor M8Pe(Y) 256gb NVME | SSHD Barracuda 1TB PSU CX430Display LG 29UM55-P Ultrawide | Keyboard Trust 3-way LEDMouse Razer Death Adder V2 Left Handed | Speakers Genius SW-HF 5.1 6000Headset Beyerdynamic DT770 PRO | Sound Card Xonar Essence STXIIOS Windows 8.1 x64 Professional, build 9600 | Theme(s) Windows 7, Vista & Aero from DeviantArt

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/#findComment-10547655
Share on other sites
Link to post
Share on other sites
Posted
  • Author

I tried hex editing but I cannot find that specific hex address in hex editor.

CPU i5-4460 @ 3.2 ghzMotherboard Gigabyte GA-Z97X Gaming 7RAM 32gb Corsair Vengance 1600mhzGPU GTX-750 TICase Carbide 400R | SSD Plextor M8Pe(Y) 256gb NVME | SSHD Barracuda 1TB PSU CX430Display LG 29UM55-P Ultrawide | Keyboard Trust 3-way LEDMouse Razer Death Adder V2 Left Handed | Speakers Genius SW-HF 5.1 6000Headset Beyerdynamic DT770 PRO | Sound Card Xonar Essence STXIIOS Windows 8.1 x64 Professional, build 9600 | Theme(s) Windows 7, Vista & Aero from DeviantArt

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/#findComment-10547733
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, KieuVanQuan said:

I tried hex editing but I cannot find that specific hex address in hex editor.

What hex editor are you using? It should be as easy as selecting the type of thing you're searching for and the value of that then searching for it.

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/#findComment-10549078
Share on other sites
Link to post
Share on other sites
Posted

My hacking days are well behind me so i haven't used ollydbg in years so I cant tell you how to do it specifically but you should be able to replace a function with commands to overwrite the data you want changed but you should be able to edit the data directly if memory serves me right.

9 hours ago, jubjub said:

Do you just want a hex editor or...?

 

For example if I want to change a string from "C:/Something.exe" to "C:/SomethingElse.exe" inside an executable I'd just open it in a hex editor and find and replace.

He is using the best hex editor out there. OllyDBG. 

CPU: Intel i7 - 5820k @ 4.5GHz, Cooler: Corsair H80i, Motherboard: MSI X99S Gaming 7, RAM: Corsair Vengeance LPX 32GB DDR4 2666MHz CL16,

GPU: ASUS GTX 980 Strix, Case: Corsair 900D, PSU: Corsair AX860i 860W, Keyboard: Logitech G19, Mouse: Corsair M95, Storage: Intel 730 Series 480GB SSD, WD 1.5TB Black

Display: BenQ XL2730Z 2560x1440 144Hz

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/#findComment-10549546
Share on other sites
Link to post
Share on other sites
Posted
14 minutes ago, trag1c said:

My hacking days are well behind me so i haven't used ollydbg in years so I cant tell you how to do it specifically but you should be able to replace a function with commands to overwrite the data you want changed but you should be able to edit the data directly if memory serves me right.

He is using the best hex editor out there. OllyDBG. 

OllyDbg is a little overkill for just changing some static values. I can't precisely remember how to do it in OllyDbg because I mostly use x64dbg and IDA due to lack of 64bit support in OllyDbg. But if my memory serves me right you just go into the memory dump window and right click the address you want to write a value to and select modify. 

 

But if you are just changing static values in something a simple hex editor is far easier.

Link to comment
https://linustechtips.com/topic/845602-ollydbg-question/#findComment-10549586
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×