flat assembler
Message board for the users of flat assembler.
Index
> Main > insert bytes |
Author |
|
pal 09 May 2009, 16:40
One way could be to map the size of memory so that you have sizeof(file) + sizeof(section to add). Fill the memory. You will then have to shift all of the bytes at the point you want to add by the size of the section you are adding. You can use the PE header structures to navigate the PE file. There are members which tell you how many sections there are and offsets to them (only the first one?).
|
|||
09 May 2009, 16:40 |
|
revolution 09 May 2009, 17:33
It is common to just add extra sections at the end of a PE file and just change the entry point. This is much easier than having to completely realign the whole file (which may be impossible to do with many files).
|
|||
09 May 2009, 17:33 |
|
TheLord 09 May 2009, 18:43
I was misunderstanding my problem.
Many exe just add nothing next to the end of the last section, and there is enough free space to put a new section header. It is not the case for all the files. It seems that some other (such as regedit.exe, calc.exe => I tested those) put extras data like the BOUNDIMPORTS table. I did raised the BOUNDIMPORT size and addr to 0 in the corresponding data directory structure, it seems to work fine now. revolution, do you think this trick will cover all case or there is something I still dont know ? |
|||
09 May 2009, 18:43 |
|
revolution 09 May 2009, 18:53
Somehow I doubt it. Most "tricks" have a habit of not working in many cases.
What is wrong with tacking on an extra section for all files? No tricks required. |
|||
09 May 2009, 18:53 |
|
pal 09 May 2009, 19:05
Just look for a possible code cave in the data. Do like revolution said and save yourself some time and trouble.
|
|||
09 May 2009, 19:05 |
|
TheLord 09 May 2009, 19:28
revolution wrote:
Losing the time I already spent :p But You have to be right.I tested some other files, it does not work on all of them exemple : ollydbg.exe + adding the section (the way i do it) just corrupt the modded PE. I can't believe I have to work again from the beginning ... |
|||
09 May 2009, 19:28 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.