How to hex edit an exe file safely?

I am working on a small puzzle/wargame which involves coding Windows Forms in C#..

To get to a certain level I need a password which is stored in an exe. The same exe allo开发者_StackOverflow社区ws me send that password to a default person which is stored in a variable. The password sending is accomplished by updating the given user's data in a MySQL database.

The challenge was that a user should hex edit the exe and change the default recipient to the user desired username. But when I hex edited the file and put the desired user name and tried to run it, it showed an error "x.exe not a valid win32 application"..

Is there a way to safely hex edit a file without encountering this error. Or is there a way to modify the source so that, just one variable may be safely edited using a hex editor..

Editing a PE image in hex is going to be difficult since you will need to update various parts of the PE image if you change the length of a section or if the EXE is signed you would also invalidate it. The PE image spec can be found here if you want to understand all the fields you will need to update. If you want a nice UI, I would use something like CFF Explorer to edit to PE image correctly.

You could also use ildasm, only for .NET assemblies, to disassemble the EXE, edit the IL, and then use ilasm to reassemble and run it. This would eliminate the need to edit the PE image and be safer.

Assuming this is not an illegal alteration of an executable... (It sounds like a challenge in a contest, the way you have it worded.)

Most likely your change caused the program to no longer be able to verify the checksum. If you wish to successfully alter the exe, you need to recalculate the checksum. (This is just one possibile explanation for why the exe was corrupted.)

Altering a compiled executable and having it work is tricky to say the least. It's a pretty advanced topic and not likely something that can be answered fully here.

When I was doing something similar before I remember I had to replace variables with same-length strings for it to work properly. e.g. "someone@example.com" could be replaced with "another@example.net" or "myname@anexample.us". If you're using Gmail this would be easier because "mynameis@gmail.com" is the same as "my.name.is...+slim.shady@gmail.com".

Though, I think @David Stratton's idea is probably more relevant to exe's. I'm pretty sure the files I edited were just data files (it was a long time ago), but I know everything worked then for me as long as I didn't add or remove any bytes in the middle of the file.

When modifying strings inside EXE/DLL files it is important that the length of the string you are editing is kept the same, for example if I changed "Hello User" to "Welcome User", we overflowed the stack for 2 bytes.

This will obviously result in an error. In order to have a successful edit accomplished, it is important that the modified string you put does not overflow the string that you are inserting it on.

TLDR;

If the string you are editing is 12 characters long, you can only change 12 characters in total.