News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests

Main Menu

CreateFile API return -1

Started by Ding, May 15, 2020, 10:20:08 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Ding

May 15, 2020, 10:20:08 AM
Hello ,
This is my first topic here , get ready for questions  :mrgreen:
I am working on a small project which is a PE parser .
I want to make something like CFF explorer which I believe it will take me along time but I am ready .
When opening any file CreateFile API return the handle to that file everything works fine !
but when I try it on the executable itself it returns -1 .
The interesting part is that CFF Explorer can do this . how can that be achived ?

Best Regards,
Ding .

jimg

#1
May 15, 2020, 10:26:04 AM
It depends upon how you open it.  You can open it for read only, but since it's running, you can't open it for changes.

Ding

#2
May 15, 2020, 10:58:13 AM
Hi jimg ,
am using RadASM 3 as my main IDE .
I used CreateFile , CreateFileMapping and MapViewOfFile respectively .
The goal is to map the file to memory to retrieve PE header informations .
For every api I have changed the flags to READONLY and it worked .
But what if i want to modify some bytes ? how am I suppose to do that with readonly access ?

Ding.

jimg

#3
May 15, 2020, 03:25:42 PM Last Edit: May 15, 2020, 11:59:54 PM by jimg
If I understand what you are asking, you want to modify some bytes of the file on disk, of your program while it is running.  What would be the reason for this?  Change the bytes on a copy and then rename it.  Or copy it to another file, run that, which can change the original.   You can't change the bytes of a file while the system is using it.
You can, however, change the bytes of your program in memory while it is running.  I have done it in the past for efficiencies sake, that is the program determines the best way to run, and changes the instructions it is running as desired.  This does not physically change the file, however, only the running program.  And all it saves is a big string of if's or case statements, or other decision structures running over and over.  Usually not worth the effort.

If you want to get really tricky, your program could spawn an independent process, close out, and then the other process could change the original file.

If you are only trying to change some data values, well, that's what ini files are for.

Ding

#4
May 16, 2020, 01:25:47 AM
Thank you so much for helping me .

Ding .
Print
Go Up Pages1
User actions