c++ NKSP.EXE

[someone]

thanks for all.

 

i have learning c++ and i know a little about that (but not much). i have been trying to edit those files with hex editor but i can't read it. it looks like that:

 

2

 

and i don't know how to understand that codes.

 

for example:

 

on the top of the page there is the code of the nksp.exe and i want to read the .dll codes like the code that is up not like it appears in the image. how can i read the code decrypted?

 

p.d. sorry for my ignorance. i don't know if it is possible to read the code like the code is up or not

Thats the executable header(the first 1000 hex bytes are information about the executable, imports, etc ).

 

it is defined here::

2

 

But you don't need to know about that unless you're making an OS emulator, or a debugger(which this is advance stuff not good for a beginner).

 

If you just started learning C++, I suggest learning C first then learn C++ because C++ is a Object Orientated version of C(why go with the hard stuff from the beginning when you can when you can learn slowly and understand).

 

Hex is not a human reading language(its machine language), the lowest level human reading language is ASM, To understand ASM you must at least know 1 high level language(even then it looks hard for some people, but with time people learn).

 

There are already debuggers that disassembles the PE file, according to its header information and the info from the code section, to translate it into an ASM language(some debuggers translate it into C like language).

 

Once you got the offset from disassembler you can convert the virtual address into a file address(knowing the code section file offsets, or finding it using some simple math). Or you can simply edit them directly from a debugger/Assembler.

 

If you want to edit the file using a hex editor, you can only edit some strings in the file, or knowing some file offsets you can edit the instruction knowing the ASM OP Codes for each instruction.

2

 

There are packers that packs the PE file (scrambles ad compresses the PE file, virtualizes the PE file), which there are other methods used to edit those files(unpacking a packed PE file sometimes is a pain).

[soryjero]

Thats the executable header(the first 1000 hex bytes are information about the executable, imports, etc ).

 

it is defined here::

2

 

But you don't need to know about that unless you're making an OS emulator, or a debugger(which this is advance stuff not good for a beginner).

 

If you just started learning C++, I suggest learning C first then learn C++ because C++ is a Object Orientated version of C(why go with the hard stuff from the beginning when you can when you can learn slowly and understand).

 

Hex is not a human reading language(its machine language), the lowest level human reading language is ASM, To understand ASM you must at least know 1 high level language(even then it looks hard for some people, but with time people learn).

 

There are already debuggers that disassembles the PE file, according to its header information and the info from the code section, to translate it into an ASM language(some debuggers translate it into C like language).

 

Once you got the offset from disassembler you can convert the virtual address into a file address(knowing the code section file offsets, or finding it using some simple math). Or you can simply edit them directly from a debugger/Assembler.

 

If you want to edit the file using a hex editor, you can only edit some strings in the file, or knowing some file offsets you can edit the instruction knowing the ASM OP Codes for each instruction.

2

 

There are packers that packs the PE file (scrambles ad compresses the PE file, virtualizes the PE file), which there are other methods used to edit those files(unpacking a packed PE file sometimes is a pain).

 

O.o

 

i see that is more complex i thought. i will try to learn c and then asm and then, i will start to investigate .dll files

 

thanks for all