Debug Exe Files How to debug an exe file.

[Erdemir 0]

Think that we have written a program, and some codes are wrong. We can go back to compiler and change the code, and compile again.

But I will show you how to correct our mistakes without using the compiler.

 

Let's start:

I have written a program in Delphi. Let's see my mistake.

 

I have created a form like this.

 

After this I wrote the codes in the Compare Button click as below.

1.   procedure TForm1.ComparebuttonClick(Sender: TObject);2.   var3.	 a,b:integer;4.   begin5.	 a := StrToInt(EditA.Text);6.	 b := StrToInt(EditB.Text);7.8.	  if a<b then  // Look at here carefully. We have made a mistake. We should have written a>b9.	   ShowMessage('A is greater than B')10.	 else11.	   ShowMessage('A is not greater than B');12.   end;

As you can see, I wrote wrong at line 8.

Let's run the program.

Enter 13 in the first editbox

Enter 7 in the second editbox, and click Compare

13 is greater than 7, but the message saying A is not greater than B because of our mistake at line 8.

Now let's correct our mistake by Debugging. You need a debugger, All debuggers can do our work. I will use Olly Debugger here.

Open the Olly Debugger and open our exe by clicking File -> Open. And go to the related directory and open our project file, Project1.exe.

We opened our exe with Olly Debugger. Now you can see there are lots of ASM codes.

Right click on any ASM codes in the windows which has the tabs Address, Hex dump, Disassembly, Comments.

Select Search For -> All Referenced Text Strings , like in the picture below.

A new window will come which's caption is Text strings referenced in Project:CODE.

In this window press Home key to go to the top. Right Click and select Search for Text, like in the picture below.

A new messagebox will come which's caption is Enter text to search for.

Remember that in our exe when we press Compare the message is coming and saying A is not greater than B. So let's search the word greater than.

Write greater than and press OK like this picture below.

The text will be found, like this picture below.

Double click the selected line. This will get you back to the ASM codes. As this picture below.

In Delphi, C++, PHP,... we are using if statement, but in Assembly the if statement is different and there are lots of codes about if statements. For example:

if (a<=b ) can be written as JLE.

JLE means Jump if Less or Equal. JG :Jumg if greater. JNZ :Jump if not zero. .... etc.

As you can see in the picture above there is a JLE one line upside. Double click on the JLE line and there will come a new message box, like this picture below.

In textbox replace JLE to JG . The last text is JG SHORT 0045384F

Press Assemble button. JLE will be replaced to JG in the Assembly codes section. Now you can close the message box.

Now right click on any ASM codes and select Copy to executable -> All Modifications, like this picture below.

A message box is asking us "Copy selection to executable file?". Click Copy All.

A new window will come which is showing the difference we made. Looks like this picture below.

Right click on the selected line and select Save File.

A Save As dialog box will appear. Save your file as new.exe

Now you can close Olly Debugger.

Congratulations. You have debugged your exe file. Now let's check it if it is working properly.

Run new.exe , And type 13 and 7 again. Press Compare.

The message box is saying A is greater than B which means 13 is greater than 7.

As you can see our program is working properly.

 

We have corrected our mistake in code without using compiler. We debugged.

 

By the way do not try to debug any copyrighted application.

Edited June 14, 2008 by Erdemir (see edit history)

[hitmanblood 0]

huh nice tutorial out there and as it is the first one of yours that is great. You showed some skills there. However you might want to add some assembler tutorials also.But I wanted to add one more thing assembler code also must be compiled before it can be executed. So in a sens you are using compiler. The other thing is this or very similar procedure is used when trying to crack programs in fact. But nonetheless this is some very useful tutorial. Gold star from me

[seba1killer 0]

Very interesting, i didnt know that delphi creates real windows code(i thought that it compiles vb way).
Ollydbg is one of the best tools for debugging any kind of programs. You can download it from http://www.ollydbg.de/ .

Regards.

[Erdemir 0]

But I wanted to add one more thing assembler code also must be compiled before it can be executed. So in a sens you are using compiler.

Assembler codes must be compiled, yes it is true. But I am not writing here an assembly program from start. Here I am only changing some characters like JLE to JG, the debugger is replacing a few bytes in the exe in a hexadecimal format, so there is no need to compile this. Olly Debugger is making this easy by showing you as Assembly code. In fact in another debuggers we are not writing directly JG, we are writing its hexadecimal equivalent.

 

The other thing is this or very similar procedure is used when trying to crack programs in fact.

I wanted to say that we mustn't debug any copyrighted applications here, so no cracking

By the way do not try to debug any copyrighted application.

By the way, thanks for the gold star.

 

Very interesting, i didnt know that delphi creates real windows code(i thought that it compiles vb way).

Ollydbg is one of the best tools for debugging any kind of programs. You can download it from http://www.ollydbg.de/ .

Of course Delphi can create exe applications and also dll,cpl,scr, ... etc.

By the way, thanks for the Ollydbg download source.

Edited June 15, 2008 by Erdemir (see edit history)

[Erdemir 0]

However you might want to add some assembler tutorials also.

Today, I wanted to add an assembler tutorial, but searched the forum and there is already an assembler tutorial at http://forums.xisto.com/index.php?sho9;assembly&;
and
http://forums.xisto.com/index.php?sho9;assembly&;

. So due to Tutorial rules I didn't add another tutorial.
Edited August 20, 2008 by Erdemir (see edit history)