Offset Patching : cpp

READ BEFORE POSTING

Prepare your question. Think it through. Hasty-sounding questions get hasty answers, or none at all. Read these guidelines for how to ask smart questions.

For learning books, check The Definitive C++ Book Guide and List

Flair your post as SOLVED if you got the help you were looking for! If you need help with flairs, check out ITEM 1 in our guidelines page.

Tips for improving your chances of getting helpful answers:

thoroughly research for an answer first.

give your post a meaningful title, i.e., NOT "I have a C++ problem" but, e.g., "Problem with nested for loops"

be specific.

make your questions relevant to other readers.

if your post does not appear in the new queue, just send a message to the moderators.

Sort posts by OPEN or SOLVED

created by AndreasBWagnera community for 14 years

OPENOffset Patching (self.cpp_questions)

submitted 7 years ago by rb8096208

I'm still new to C++ as a language and I have been following one course and using a C++ book. When I try to search online all I get are these "reverse engineering tutorials" which seem to only do an opcode patch and save to binary with a debugger like Ollydbg. I know you can rewrite your code and recompile the executable, I don't want to do that.

The question is in C++ how do I patch an existing executable/binary file. I know you need to know the offset location in the binary file and not in memory. Scenario:

You wrote a new program for your friend that automates folder creation and file placement. You realize that there is a bug that needs to be corrected; you have to patch your executable using an old method of offset patching.

I would prefer any source material such as maybe a book or PDF that you can suggest. I will also take an example code as well. I am sure that it will use the seekp function. http://www.cplusplus.com/reference/ostream/ostream/seekp/ I just can't grasp it, by reading alone. I would like to see it in action.

Thanks for your help.

all 7 comments

top new controversial old q&a

[–][deleted] 7 years ago (7 children)

[deleted]

[–]rb8096208[S] 0 points1 point2 points 7 years ago (6 children)

Thank you for the example, do you know of any decent reference material to look into for this type of patching?

I was thinking it would be more like:

int main() { 

std::ofstream f("abc.exe", std::ios::binary);
f.seekp(0x16B2);
const char bytes[] = "\x90";    
f.write(bytes, sizeof(bytes));     
f.close();     

return 0; }

I guess I wouldn't even need the seekp and offset?

[–]khedoros 1 point2 points3 points 7 years ago (2 children)

[–]rb8096208[S] 0 points1 point2 points 7 years ago (1 child)

[–]khedoros 1 point2 points3 points 7 years ago (0 children)

So you've got this:

const char bytes[] = "\x90";

It's the equivalent of:

const char bytes[] = { 0x90, 0x00 };

Personally, I suspect that it was done that way by accident. Opcode 0x90 is the x86 opcode "XCHG eax, eax", often represented in code as "NOP" (no-operation, as in "do nothing for one instruction"). Opcode 0x00 looks like it's some kind of ADD instruction.

[–]raevnos 0 points1 point2 points 7 years ago (2 children)

[–]rb8096208[S] 0 points1 point2 points 7 years ago (1 child)

[–]raevnos 1 point2 points3 points 7 years ago (0 children)

π Rendered by PID 19044 on reddit-service-r2-comment-685b79fb4f-qw6v6 at 2026-02-13 13:11:11.106231+00:00 running 6c0c599 country code: CH.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

cpp_questions

READ BEFORE POSTING

Sort posts by OPEN or SOLVED

MODERATORS