MOR 90 - Giggles, Guffaws, and Gasps
Podcast March 6th, 2009
Recorded: March 4, 2009
Your Host: Steve Murawski, Rich Niemeier, and Keith Albright
Show Length: 52:19
This show is brought to you by Sapien Technologies and Quest Software.
SAPIEN Technologies is out to make scripting — whether you’re working with Web scripts, Flash scripts, Windows administrative scripts, or related technologies — simpler.
Find out how Sapien can simplify your scripting.
Links:
- Rich’s favorite new
toytool - TechNet Perfmon article
- Top Ten Perfmon Counters
- Making BackTrack4 boot disk changes persistent
- Installing BackTrack4 on an EeePC
- UNetBootin Bootable USB drive utility
- XVI32 Hex Editor - editing an executable
- The Experts Community
- Cahoots
Read the full show notes here.
Read the UStream chat log here.
Website Picks
Rich - AppScout - application review website
Keith - Linux Starter Pack
Get on the fast track to PowerShell scripting success with PowerGUI
Join PowerShell MVPs Dmitry Sotnikov and Kirk Munro for a live chat at Quest Connect, a free, on-demand virtual tradeshow where you can get the answers you need to solve your toughest PowerShell challenges.
Visit www.quest.com/poshchat today to learn more and to register
March 10th, 2009 at 3:09 pm
I think it was Keith that talked about Orca MSI editor a while back. I am having issues with a piece of software (MSI) that I need to remove one of the prerequisites in the MSI. Can you point me back to that show or article?
March 11th, 2009 at 9:44 am
Brian,
We talked about Orca on two shows; Episode 55 and Episode 73. See the show notes for links:
http://podcast.acoupleofadmins.com/pmwiki/pmwiki.php?n=Main.Episode55
http://podcast.acoupleofadmins.com/pmwiki/pmwiki.php?n=Main.Episode73
Also, Steve emailed me recently with a another app being called Orca’s replacement. It’s called InstEdit and you can check it out at http://www.instedit.com/
I haven’t tried InstEdit yet, so if you do, drop me a note on your thoughts.
I hope that helps.
Keith
March 13th, 2009 at 12:04 pm
Hello.
Regarding the editing of the executable:
- first, backup the old one
- you are right that resource hacker and similar products are very unlikely to help you here (if the original developer had the idea to put the string into the resources, s/he would almost certainly have the idea not to hardcode it :-))
- you are almost guaranteed success if the new path is shorter than the old one. If it is longer (and especially more than 3-4 characters longer), you will have trouble
- supposing that the new string is shorter, make sure that you pad with zero bytes (ie hexa 0×00, not the character ‘0′) the new string (the most secure solution is to overwrite with 0×00 all the remaining characters)
- if the original executable was compiled with some Pascal derivative compiler (like Delphi, FreePascal, etc), you will find that the byte (or the two bytes) before the string may contain its length. If this is the case, make sure that it is also adjusted.
Finally, I would be happy to take a look at the executable for you. As a former reverse-engineer, I’m confident that I can help you out.
Hope this helps.
Best regards.