How to modify update.exe?

[doldolekim]

After referencing above post, I decided to modify sp 1's update.exe.

I opened it with IDA and found validateUpdateSingleFile blah blah, but I can't change the word, 'test' to 'xor'.

How do I change 'test' to 'xor'?

[jaclaz]

Maybe you want to change the text "jnz" to "jz" or "jmp" instead ..

Seriously , what you posted is the disassembly view, you need to change the OPCODE(s) in the binary, that is the idea of the given commands:

First one search and replaces a number of hex bytes:
gsar -o -s:xE8:x02:xBA:x02:x00:x85:xC0:x75:x41 -r:xE8:x02:xBA:x02:x00:x31:xC0:xEB:x41 update.exe

Second one re-validates the PE checksum:

pechecksum -c update.exe

In the -s hex the 85C0 is "test eax,eax", and 75 is "jnz", in the -r hex this becomes 31C0 for "xor eax. eax" and (you never know) the EB is "jmp" (short, unconditional), see (example):
http://www.mathemainzel.info/files/x86asmref.html

You will need to change the other bytes before and after in the gsar command line to match the different binary you have (or use an hex editor, maybe easier).

In any case make sure and double sure that gsar finds the right occurrence/area before adding the -r vaues.

jaclaz