D' Normalization painted everything correctly, only in reality everything is somewhat more complicated. Window creation functions (menus and all controls are also windows; windows are the same) do not accept color as a parameter anywhere. By default, windows are drawn in the colors of the system "theme". To redefine colors, you need to intercept the WndProc of the corresponding window, set the color of Pen and Brush to the WM_PAINT event in it , forward the message to the original handler and hope that it does not redefine Pen and Brush for each WM_PAINT call.
You will have to add a lot of code, compile it so that it either does not have absolute addresses at all (relative short jumps) or all absolute addresses exactly fall into the area in which the insert is supposed to be. Here it is already impossible to do without an assembler (how many questions have recently been asked on the Toaster: "Where is the assembler indispensable?").
Next comes the introduction of code, like viruses. You can find a lot of literature on this topic. In short, there are two options: 1) add your code to the "tail" of the code section, if it fits; 2) create another section of code at the end of the file, this option opens up more options, but most antiviruses will swear at such an exe file.
Then find a point for the patch, cut out a part of the code from there (for example, calling an api function with arguments preparation), transfer it to your code, and at that point patch something like call our_code_block \ nop \ nop \ nop ....
In general, the problem is very serious and this cannot be solved with a swoop.

What's the problem?
Tools:
- MSDN
- OllyDbg
- any disassembler
Actions:
- Find on MSDN the name of the function that is responsible for creating the window / setting its parameters
- Open OllyDbg and find the right place in the program in it.
- Patch to "hot" and look at the result
- If the last point worked, find the right place in the disassembler and write down the address you need.
- Write a patcher in any known language that will put down the desired value at the right address.

Can be done in 3 ways:
1. Patch (or offline debug):
1.1 Resource Hacker: angusj.com/resourcehacker
1.2 PE Explorer: www.heaventools.com/overview.htm
1.3 And good old Restorator: www.bome. com/products/restorator/whatsnew
2. On the fly: https://msdn.microsoft.com/en-us/library/windows/d... by sending a message to the window to change properties.
3. Disassembling is much more difficult...
3.1 www.thefreecountry.com/programming/disassemblers.shtml
3.2 www.smidgeonsoft.prohosting.com/pebrowse-pro-inter...
(PEBrowseDbg64ScreenShot)
It all depends on the specific task.