How do i manually change a call like :call [xxxxxxxxx] in exmpl. :
call getprocaddress ?
I don't mean in memory but change the exe or dll it self.
Tried with hiew but this didn't work(or i did it the wrong way..)

Greetzzz Spek

You cannot.

Not only do you have to change the call xxxx to call getprocess, you also have to change the thunks (if there are any) and the entries in the import table.

A better way would be to:

1. Get a PE modifier
2. Add sections to your PE or fill it with 0s or NOPS
3. Write your code there
4. Get your call to JUMP/CALL from there

But do take note to include the name of the API in the import table. THough, you may not REALLY need to do this as the PE probably imports the stuff. Try looking at the currently imported APIs. If your API is there then you can complete the same in the 4 steps.

...Have Phun

Thanks aimless yep that's a good way to do it..


Ciao