things I need to accomplish: 1. I need to do a particular byte replacement in a.dll at the runtime of a particular .exe, then to return the .dll to the former state thereafter. 2. I should be able to pause the .exe as soon as I open it in order to accomplish this, then replace the bytes when a particular dialog appears. Of the two, number 1 is the most important. please email me at jomamameister@yahoo.com thanks in advance to anyone who can help me.

You are not going to be able to do this unless you have access to the source codes that the ,exe was written with. If this dialouge is produced by the .dll waiting for it to appear wil be to late as by then it will be loaded into memory. You will need to find out where in memory the byte resides which is likely to be different every time the DLL loads. No trivial task. Replacing the bye on disk would be easier as it will always be in the same place. That means replacing it before it loads. Then you need to know how the .DLl is loaded. Is it loaded at startup at the same time as the .exe or is it loaded on demand after the .exe has started to run. Stuart

Stuart, i have to interrupt (suspend) the program as it opens, before it calls the .dll and patch the .dll., then resume execution.... "You are not going to be able to do this unless you have access to the source codes that the ,exe was written with." of course, you don't need the source code, that is how debuggers operate, without the original source code. they use other operands and programming techniques to accomplish this. but whether a batch file can accomplish this or i need to use good old assembly programming or c++ to do my work is the question. thank you for your response stuart. i appreciate it. houdinihar

>> of course, you don't need the source code, that is how debuggers operate, without the original source code. they use other operands and programming techniques to accomplish this. but whether a batch file can accomplish this or i need to use good old assembly programming or c++ to do my work is the question. << Debuggers are put there by the progrmmer and are removed when the programme is debugged. A debugger will not suspend an application unless it is being run under a development enviroment and for that, you need the source code. Stuart

StuartS: A debugger will not suspend an application unless it is being run under a development enviroment I'm pretty sure this is false; Microsoft seems to agree with me. houdinihar: Have you tried modifying the DLL and saving it to the application's directory to see if the application picks the modified version? It could make things extremely simple if the application does.

>> I'm pretty sure this is false; Microsoft seems to agree with me. << As this is in the Microfot Developer Network it indicates the is releveant to developers, not users. The following paragraph under communicating with the Debugger should indicate what the debugger does, The OutputDebugString function sends a string from the process being debugged to the debugger by generating an OUTPUT_DEBUG_STRING_EVENT debugging event. A process can detect whether it is being debugged by calling the IsDebuggerPresent function. The DebugBreak function causes a breakpoint exception in the current process. A breakpoint is a location in a program where execution is stopped to allow the developer to examine the program's code, variables, and register values and, as necessary, to make changes, continue execution, or terminate execution. If you are going to examine the programmes code, variables and register values you need to be in a development environment. If a debug event occures and there is no debugger to handle it you get a BSOD and that terminates the application, not suspends it. Stuart

Eh, so we're going there, are we? StuartS: If you are going to examine the programmes code, variables and register values you need to be in a development environment. If by "development environment" you mean "have a debugger, (or are willing to work with ReadProcessMemory() and GetThreadContext())" then I agree with you. What relevance this has with byte replacement, I know not. StuartS: If a debug event occures and there is no debugger to handle it you get a BSOD and that terminates the application, not suspends it. *singing* Then attach one, dear Henry, dear Henry, dear Henry... *singing continues* Also the PC doesn't crash, just the application.