| |||||||
| Free Registration | Blogs | Downloads | D3Live! | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read | TS2 |
 |
HowTo: HexEdit like a proffessional!
This is a discussion on HowTo: HexEdit like a proffessional! within the Internet Guides forum part of the Software/Hardware category; Start Notes I, Bendik take no responsibility for whatsoever you can do with the knowlegde your about to learn Definitions ...
Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 35000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community! |
| | LinkBack | Thread Tools | Display Modes |
|
#1
06-29-2008, 10:39 PM
| ||||
| ||||
| HowTo: HexEdit like a proffessional! Start Notes I, Bendik take no responsibility for whatsoever you can do with the knowlegde your about to learn Definitions UD: Undetected AV: Anti-Virus FW: FireWall Preparation To begin, HexEditing is a difficult and partially effective method used to make "trojans" UD. In some cases this method will not work because the AV has tagged a vital part of the code. There are a few necessities you will need: Hex Workshop or another HexProgram (Hex Workshop is used in this tutorial) : Download Hex Workshop : Download Here! - Your server is needed, (The trojan which we are about to HexEdit) - A little time and some patience is also required! __________________________________ Alright let's start this! 1) First open up "Hex Workshop" and *Click* File  pen: Find your server or whatever you are hexing and *Click* it and then *Click* open.2) In you workfield all the HexValues should pop-up. Get familiar with the file look at certain bytes this will help you understand more. 3) Scroll down to about the middle and *Click* the first offsett on the left side. Grab it and drag down as you drag down do NOT let go or you will have to return and do it again. Keep holding it down until your at the bottom of the file Offsett 1. 4) Seeing half the file highlighted. Right *Click* and *Click* Fill. A new window should open, in the textbox instead of 0 put 00. Then *Click* Ok. 5) What you have just done is cut the file in half. The 00 byte has no values at all, another common used byte used in hexing is 90 it is the no-operation byte. 6) Ok now you have half the file filled with 00's right? Good... Point your arrow to the left hand corner. *Click* File: Save As. Save the file 1.exe. Be sure to remember the offsett you cut the file at. 7) Go to the directory you saved 1.exe in, and right *Click* it and find a tab called Scan It For Viruses with your AV logo beside it. Once its done scanning if it is detected that means the detected string is not in that half which you filled with 00's. How an AV detects Malware An AV program is very powerfull it stops about 98% of common malware from infecting your PC. Our goal like said earlier is to be apart of that 2%. An AV when it scans a file looks for a string it could be anywhere in the file. Most likely it is in the most vulnerable spot, via if you arn't carefull you could corrupt your server. The detected string is a digital string that is in the database of the AV. Have you ever seen your AV connect to the internet and look for updates? This is your AV downloading new strings that it will later use to defend your computer against malware. That is how a common AV works! Ok lets move on once again, right now you should have your original server, and the detected half of your server (1.exe). Now in HexWorkshop open up your Original Server. Why we are doing this is, because the AV when it detected (1.exe) it deleted all the bytes. So now find the offsett in the middle which you started at, and pull it down or up again, but this time do not go all they way (cutting it in half). Bring it down or up about 5-10,000 offsetts from the middle point. Fill the highlighted area with 00's. Then save the file as Scan.exe, also save it as scanbackup.exe. FootNote: The names are examples you may name them whatever you like just remember them. Also me personally i record all the offsetts i stop and start at in notepad. 9) Now in the directory you saved Scan.exe right click it and Scan it for viruses once more. If it is still detected then you have not found the offsett yet. How you know when you find it? You know that you have found the offsett when your AV no longer detects the file. Be sure to remember that if your AV detects the file you scanned it will delete the whole file. This is why you should always keep a backup. 10) Ok by now you should get the jist of how to find the detected string. Most AV's detect 2-3 strings sometimes though it could be as little as 2 bytes or as large as 10 strings. Continue until you find the detected strings..... 11) Ahh yes you have found them. Congratulations!!! Now your not through quite yet, just a little more to go. You have located the detected strings now you must edit them ever so slightly to make the file UD and the server to still work. Change the numbers around using the fill option explained earlier to do this. If you do it just right and things aren't to different you will have successfully HexEdited. Have fun! Last edited by Bendik; 06-29-2008 at 10:41 PM.  |
| D3scene |
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
#2
06-30-2008, 01:33 AM
| |||
| |||
| Quite helpful, good job. rep4u |
| D3scene |
|
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
| Tags |
| hex, hex workshop, how to hexedit, server |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
| All times are GMT +1. The time now is 12:52 AM. |
