Jump to content
xisto Community
Erdemir

Debug Exe Files How to debug an exe file.

Recommended Posts

Think that we have written a program, and some codes are wrong. We can go back to compiler and change the code, and compile again.

But I will show you how to correct our mistakes without using the compiler.

 

Let's start:

I have written a program in Delphi. Let's see my mistake.

 

I have created a form like this.

post-62045-1213448398_thumb.jpgPosted Image

 

After this I wrote the codes in the Compare Button click as below.

1.   procedure TForm1.ComparebuttonClick(Sender: TObject);2.   var3.	 a,b:integer;4.   begin5.	 a := StrToInt(EditA.Text);6.	 b := StrToInt(EditB.Text);7.8.	  if a<b then  // Look at here carefully. We have made a mistake. We should have written a>b9.	   ShowMessage('A is greater than B')10.	 else11.	   ShowMessage('A is not greater than B');12.   end;
As you can see, I wrote wrong at line 8.

Let's run the program.

post-62045-1213448686_thumb.jpgPosted Image

Enter 13 in the first editbox

Enter 7 in the second editbox, and click Compare

13 is greater than 7, but the message saying A is not greater than B because of our mistake at line 8.

Now let's correct our mistake by Debugging. You need a debugger, All debuggers can do our work. I will use Olly Debugger here.

Open the Olly Debugger and open our exe by clicking File -> Open. And go to the related directory and open our project file, Project1.exe.

We opened our exe with Olly Debugger. Now you can see there are lots of ASM codes.

Right click on any ASM codes in the windows which has the tabs Address, Hex dump, Disassembly, Comments.

Select Search For -> All Referenced Text Strings , like in the picture below.

post-62045-1213449227_thumb.jpgPosted Image

A new window will come which's caption is Text strings referenced in Project:CODE.

In this window press Home key to go to the top. Right Click and select Search for Text, like in the picture below.

post-62045-1213449378_thumb.jpgPosted Image

A new messagebox will come which's caption is Enter text to search for.

Remember that in our exe when we press Compare the message is coming and saying A is not greater than B. So let's search the word greater than.

Write greater than and press OK like this picture below.

post-62045-1213449617_thumb.jpgPosted Image

The text will be found, like this picture below.

post-62045-1213449640_thumb.jpgPosted Image

Double click the selected line. This will get you back to the ASM codes. As this picture below.

post-62045-1213449783_thumb.jpgPosted Image

In Delphi, C++, PHP,... we are using if statement, but in Assembly the if statement is different and there are lots of codes about if statements. For example:

if (a<=b ) can be written as JLE.

JLE means Jump if Less or Equal. JG :Jumg if greater. JNZ :Jump if not zero. .... etc.

As you can see in the picture above there is a JLE one line upside. Double click on the JLE line and there will come a new message box, like this picture below.

post-62045-1213450097_thumb.jpgPosted Image

In textbox replace JLE to JG . The last text is JG SHORT 0045384F

Press Assemble button. JLE will be replaced to JG in the Assembly codes section. Now you can close the message box.

Now right click on any ASM codes and select Copy to executable -> All Modifications, like this picture below.

post-62045-1213450406_thumb.jpgPosted Image

A message box is asking us "Copy selection to executable file?". Click Copy All.

A new window will come which is showing the difference we made. Looks like this picture below.

post-62045-1213450492_thumb.jpgPosted Image

Right click on the selected line and select Save File.

A Save As dialog box will appear. Save your file as new.exe

Now you can close Olly Debugger.

Congratulations. You have debugged your exe file. Now let's check it if it is working properly.

Run new.exe , And type 13 and 7 again. Press Compare.

post-62045-1213450902_thumb.jpgPosted Image

The message box is saying A is greater than B which means 13 is greater than 7.

As you can see our program is working properly.

 

We have corrected our mistake in code without using compiler. We debugged.

 

By the way do not try to debug any copyrighted application. :D

Edited by Erdemir (see edit history)

Share this post


Link to post
Share on other sites

huh nice tutorial out there and as it is the first one of yours that is great. You showed some skills there. However you might want to add some assembler tutorials also.But I wanted to add one more thing assembler code also must be compiled before it can be executed. So in a sens you are using compiler. The other thing is this or very similar procedure is used when trying to crack programs in fact. But nonetheless this is some very useful tutorial. Gold star from me :D

Share this post


Link to post
Share on other sites

But I wanted to add one more thing assembler code also must be compiled before it can be executed. So in a sens you are using compiler.

Assembler codes must be compiled, yes it is true. But I am not writing here an assembly program from start. Here I am only changing some characters like JLE to JG, the debugger is replacing a few bytes in the exe in a hexadecimal format, so there is no need to compile this. Olly Debugger is making this easy by showing you as Assembly code. In fact in another debuggers we are not writing directly JG, we are writing its hexadecimal equivalent.

 

The other thing is this or very similar procedure is used when trying to crack programs in fact.

I wanted to say that we mustn't debug any copyrighted applications here, so no cracking :(

By the way do not try to debug any copyrighted application. :D

By the way, thanks for the gold star.

 

Very interesting, i didnt know that delphi creates real windows code(i thought that it compiles vb way).

Ollydbg is one of the best tools for debugging any kind of programs. You can download it from http://www.ollydbg.de/ .

Of course Delphi can create exe applications and also dll,cpl,scr, ... etc.

By the way, thanks for the Ollydbg download source.

Edited by Erdemir (see edit history)

Share this post


Link to post
Share on other sites

However you might want to add some assembler tutorials also.

Today, I wanted to add an assembler tutorial, but searched the forum and there is already an assembler tutorial at http://forums.xisto.com/index.php?sho9;assembly&;
and
http://forums.xisto.com/index.php?sho9;assembly&;

. So due to Tutorial rules I didn't add another tutorial.
Edited by Erdemir (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.