Xref: utzoo comp.sys.ibm.pc:33679 comp.lang.fortran:2385 Path: utzoo!attcan!uunet!ginosko!rex!ames!pasteur!ucbvax!hplabs!hp-sdd!megatek!eta!hollen From: hollen@eta.megatek.uucp (Dion Hollenbeck) Newsgroups: comp.sys.ibm.pc,comp.lang.fortran Subject: Re: modifying executables Message-ID: <708@megatek.UUCP> Date: 24 Aug 89 20:01:40 GMT References: <1984@leah.Albany.Edu> Sender: news@megatek.UUCP Lines: 45 From article <1984@leah.Albany.Edu>, by ppd491@leah.Albany.Edu (Peter P. Donohue @ nowheresville): > > Where my brother works, they have some software that has an error in > it that they would like to fix (nor do I know what fortran compiler they > used). The program was written in Fortran but they don't have the > source code. Is there a way to modify the executable? Use debug. First, rename the program from program.exe to program.bin; debug will not allow you to write the file back if it was an exe. Use "debug program.bin" to load the program and debug into memory. Use the search command to search the data and code segments for the value you want to change. In the data segment, you can be fairly sure that any search hits will be the number you want, but be sure to first use the dump command to look at surrounding stuff to be even surer. If you find any instances of the value showing up in the code segment, there is a small possiblity that it is an immediate value arguement to an opcode. To verify this, you must start a ways back from the suspected address and disassemble on successive incrementing byte boundaries until you get a disassembly which makes sense. Unless you are a seasoned assembly programmer to begin with, this will be a virtually hopeless task. You need to be able to look at snatches of disassembled code with no context whatsoever adn determine it they are valid (does anybody really write code this way). If the whole application was written in FORTRAN and you can somehow find the beginning of a subroutine and disassemble from there, you have a better chance of actually disassembling correct code. If you have finally found a byte to patch, use the enter command to change the byte. When all your patches have been made, use the write command, exit the debugger, and rename the file to exe and try to run it. GOOD LUCK and have your hard disk backed up before you do this!!!!! About the only time I have been able to patch executables blind was when I was looking to change the I/O address of a COM port or some such device so that I could search for the byte string representing IN AL, 03F8H or some such. I knew for sure that the port which I was trying to patch was at 3F8H and that an IN or OUT instruction would be used to access it. What you are trying to do is not easy, but sometimes you can get incredibly lucky and merely need to patch one value in the data segment and everything works. Dion Hollenbeck (619) 455-5590 x2814 Megatek Corporation, 9645 Scranton Road, San Diego, CA 92121 uunet!megatek!hollen or hollen@megatek.uucp