flat assembler
Message board for the users of flat assembler.

Index > Windows > How to add a section to a PE Executable???

Author
Thread Post new topic Reply to topic
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
Hello, friends. I am writing a packer. I can't add a new section to the PE file. I am trying to do it, but it's hard. When I add the new section, I break the correct PE filesize. Can somebody tell me how to add a section to a PE?¿??

Thanks for spend your time in my problem.

_________________
Мне нравится программирование.
Post 03 Sep 2014, 18:06
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
Look at the patch tool at http://comrade.ownz.com/projects/petools.html. It adds a section. There are also plenty of tutorials about this on the web. This is a very common question.

Quote:
I am trying to do it, but it's hard. When I add the new section, I break the correct PE filesize.

Have you fixed the SizeOfImage correction bug you had asked about in another thread?
Post 04 Sep 2014, 03:03
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
Thanks for your help, comrade. I have tried to fix the issue related to the imagesize. I can't do it. I have the following formule (sometimes work, sometimes don't work, at least in appareance):

Code:

SizeOfImage = { [ (VSize + VAddress) / section_aligment ] + 1 } * section_aligment

    


I am learning from your tool. Continues to develop projects. They are quite useful for people like me who just started in the world of assembler. Thanks for your help. If I have another problem I will return here.

Sorry, I am not a native english speaker.

_________________
Мне нравится программирование.
Post 05 Sep 2014, 22:53
View user's profile Send private message Reply with quote
randomdude



Joined: 01 Jun 2012
Posts: 83
randomdude
wrong section i know, but.. does anyone know how to add a section in a ELF executable? i have looked everywhere but there isnt a single tool/tutorial/example on the net and reading the elf format didnt help either
Post 07 Sep 2014, 09:14
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
ELF has program headers and section headers (though both really are sections). What are you trying to do - inject code? Have you looked at virii sites? Or look for a source code of a Linux virus.
Post 07 Sep 2014, 16:26
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
randomdude



Joined: 01 Jun 2012
Posts: 83
randomdude
I just want to insert some asm/data (no malware related) directly by hex editing because there is not enough space at the end of the sections
Post 07 Sep 2014, 17:19
View user's profile Send private message Reply with quote
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
comrade, can you tell me how to get the proper SizeOfImage value??? I have looked my code and I found that the only problem that I have it's the wrong value of SizeOfImage.

Somebody knows a method to find the proper SizeOfImage??? I have tried with this code:

Code:
;Calculates the new image size aligned to the section aligment
    mov eax, dword[ebx+8]    ;Get virtual size
    mov ecx, dword[ebx+12]   ;Get virtual address
    add eax, ecx        ;eax = Virtual size + Virtual address
    mov ecx, dword [ebp+section_alignment]
    div ecx             ; eax = eax / section aligment
    inc eax
    ;Use imul to perform integer multiplication.
    imul eax, ecx             ;eax = eax * section_aligment
                        ;eax = image size
    


If I test this formule with an existing executable, my calculations are right. But when I use this formule to infect an executable and update its size, it is wrong.

Can somebody tell me how to get the SizeOfImage properly??? Please, help me. It is just the thing that I need to complete my software.

_________________
Мне нравится программирование.
Post 08 Sep 2014, 00:09
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
[ebx+12] - is this the MAXIMUM virtual address across all sections? [ebx+8] should be its size.
Post 08 Sep 2014, 05:57
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
Yes, I, m using the virtual address and virtual size of the last section. I have tried but the result of the previous code fragment is bad when I apply it to a infected executable. When I use it in a uninfected executable, it works.

I am using another solution now, I am testing it to see if it works. I am calculating the SizeOfImage doing this (Another method that I find):

Code:
SizeOfImage = Last Virtual Size + Last Virtual Address
    


If I have problems, I come back here. Thanks for your help, comrade

_________________
Мне нравится программирование.


Last edited by jhonny6721 on 08 Sep 2014, 18:25; edited 1 time in total
Post 08 Sep 2014, 16:55
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
also, make sure you're clearing EDX before using DIV
Post 08 Sep 2014, 18:01
View user's profile Send private message Reply with quote
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
Okey. Thanks for your help, typedef
Post 08 Sep 2014, 18:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.