Index
> Windows > How to add a section to a PE Executable??? |
| Author |
|
|
comrade 04 Sep 2014, 03:03
Look at the patch tool at http://comrade.ownz.com/projects/petools.html. It adds a section. There are also plenty of tutorials about this on the web. This is a very common question.
Quote: I am trying to do it, but it's hard. When I add the new section, I break the correct PE filesize. Have you fixed the SizeOfImage correction bug you had asked about in another thread? |
|||
04 Sep 2014, 03:03 |
|
|
jhonny6721 05 Sep 2014, 22:53
Thanks for your help, comrade. I have tried to fix the issue related to the imagesize. I can't do it. I have the following formule (sometimes work, sometimes don't work, at least in appareance):
Code: SizeOfImage = { [ (VSize + VAddress) / section_aligment ] + 1 } * section_aligment I am learning from your tool. Continues to develop projects. They are quite useful for people like me who just started in the world of assembler. Thanks for your help. If I have another problem I will return here. Sorry, I am not a native english speaker. _________________ Мне нравится программирование. |
|||
|
05 Sep 2014, 22:53 |
|
|
randomdude 07 Sep 2014, 09:14
wrong section i know, but.. does anyone know how to add a section in a ELF executable? i have looked everywhere but there isnt a single tool/tutorial/example on the net and reading the elf format didnt help either
|
|||
|
07 Sep 2014, 09:14 |
|
|
comrade 07 Sep 2014, 16:26
ELF has program headers and section headers (though both really are sections). What are you trying to do - inject code? Have you looked at virii sites? Or look for a source code of a Linux virus.
|
|||
|
07 Sep 2014, 16:26 |
|
|
randomdude 07 Sep 2014, 17:19
I just want to insert some asm/data (no malware related) directly by hex editing because there is not enough space at the end of the sections
|
|||
|
07 Sep 2014, 17:19 |
|
|
jhonny6721 08 Sep 2014, 00:09
comrade, can you tell me how to get the proper SizeOfImage value??? I have looked my code and I found that the only problem that I have it's the wrong value of SizeOfImage.
Somebody knows a method to find the proper SizeOfImage??? I have tried with this code: Code: ;Calculates the new image size aligned to the section aligment mov eax, dword[ebx+8] ;Get virtual size mov ecx, dword[ebx+12] ;Get virtual address add eax, ecx ;eax = Virtual size + Virtual address mov ecx, dword [ebp+section_alignment] div ecx ; eax = eax / section aligment inc eax ;Use imul to perform integer multiplication. imul eax, ecx ;eax = eax * section_aligment ;eax = image size If I test this formule with an existing executable, my calculations are right. But when I use this formule to infect an executable and update its size, it is wrong. Can somebody tell me how to get the SizeOfImage properly??? Please, help me. It is just the thing that I need to complete my software. _________________ Мне нравится программирование. |
|||
|
08 Sep 2014, 00:09 |
|
|
comrade 08 Sep 2014, 05:57
[ebx+12] - is this the MAXIMUM virtual address across all sections? [ebx+8] should be its size.
|
|||
|
08 Sep 2014, 05:57 |
|
|
jhonny6721 08 Sep 2014, 16:55
Yes, I, m using the virtual address and virtual size of the last section. I have tried but the result of the previous code fragment is bad when I apply it to a infected executable. When I use it in a uninfected executable, it works.
I am using another solution now, I am testing it to see if it works. I am calculating the SizeOfImage doing this (Another method that I find): Code: SizeOfImage = Last Virtual Size + Last Virtual Address If I have problems, I come back here. Thanks for your help, comrade _________________ Мне нравится программирование. Last edited by jhonny6721 on 08 Sep 2014, 18:25; edited 1 time in total |
|||
|
08 Sep 2014, 16:55 |
|
|
typedef 08 Sep 2014, 18:01
also, make sure you're clearing EDX before using DIV
|
|||
|
08 Sep 2014, 18:01 |
|
|
jhonny6721 08 Sep 2014, 18:25
Okey. Thanks for your help, typedef
|
|||
|
08 Sep 2014, 18:25 |
|
< Last Thread | Next Thread > |
Forum Rules:
|