flat assembler
Message board for the users of flat assembler.

Index > Windows > How to insert code and resize PE file?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
snify



Joined: 02 Dec 2004
Posts: 39
snify
I got template pe file to be filled with code, but I want resize it after fillin it in
Post 01 Feb 2008, 10:53
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
easiest way is to add new section.
Post 01 Feb 2008, 11:17
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
but i've got code inside this section related to that buffer that i want to resize, any way to resize the section/whole pe file?
Post 01 Feb 2008, 11:29
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Yes, it's doable, but you might have to fix up a whole lot of PE structures.

What are you going to use this for? Perhaps there's a smarter way.
Post 01 Feb 2008, 11:36
View user's profile Send private message Visit poster's website Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
for a "compiler". I fill the main buffer with code and I need a resize routine for the pe.
Post 01 Feb 2008, 12:41
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
You should consider writing "proper" PE output code, then... you'll benefit from it in the long run.
Post 01 Feb 2008, 13:02
View user's profile Send private message Visit poster's website Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
anyway, I just need that.. any opinions how to do it? sources, tutorials?
Post 01 Feb 2008, 13:19
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
It's not "just". Doing it this way could actually be harder, especially for lot of things "compiler" must do.
Post 01 Feb 2008, 14:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
it's not harder, that's what I need. so somebody have a code that resizes a section?
Post 01 Feb 2008, 16:58
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
note that only last section can be safely resized, and last section usually isn't code section (first is).
Post 01 Feb 2008, 17:32
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
I know that. I need it for the last section.
Post 01 Feb 2008, 20:31
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Well, looks like nobody will give you the code. If you really want to resize PE (virus/trojan Razz ), then study PE manual.

If you really want to write compiler, then resizing is bad way to do it.
Post 02 Feb 2008, 11:03
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
doh.. I write a jit (vm) on C (to be multiplatform), the jit runs codebuffer (so the jit is inside the same exe, not as framework like .net/java etc.) so my 'compiler' fills up the codebuffer with bytecode that is executed by the jit. I use tcc to create the smallest template executable, but I need to resize it (if the code is ex. 5000 bytes, and template is 1k). You get my point? Smile
Post 02 Feb 2008, 13:24
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i would suggest you to use some backend compiler (NASM, YASM) to create executable properly.

Increasing size of section is too tricky.
Post 02 Feb 2008, 14:01
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17662
Location: In your JS exploiting you and your system
revolution
You can use one of two methods.

1) Make your code section the last section in the exe file, then you can extend it with your bytecode data.
2) Make a new section at the end for your bytecodes, this is by far the easiest method.
Post 02 Feb 2008, 15:05
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
hmm.. sry but I have to do this. Check out metaPHOR, I think I have code if u need it, I got it to check out PE file internals by myself, I don't consider it a virus if you're not using it for that purpose. Pretty crazy how it totally obfuscates the host program's code, and injects it's own, I think it's an example of just what you're looking for.
Post 02 Feb 2008, 15:28
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Add a new section / expand last section, or simply attach the bytecode to the end of the .exe file.
Post 03 Feb 2008, 23:24
View user's profile Send private message Visit poster's website Reply with quote
FrozenKnight



Joined: 24 Jun 2005
Posts: 128
FrozenKnight
there are so many ways to do this, none of them are easy for someone who doesn't know the PE structure. my suggestion would be to try coding a PE by hand. after you've done that once you should have learned enough to revise any part of a PE file.
Post 04 Feb 2008, 21:48
View user's profile Send private message Reply with quote
snify



Joined: 02 Dec 2004
Posts: 39
snify
ok somebody know an app to make the import section first, and code section last? I mean changing the positions of sections. so I can easily resize last (.code) section. LordPE does not do that Sad
Post 06 Feb 2008, 10:39
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17662
Location: In your JS exploiting you and your system
revolution
Snify: You can't just simply change the section order of a binary PE and expect it to still work properly. You will need to recompile/relink from the source/object files. This is necessary to properly set all the links and offsets within the program.
Post 06 Feb 2008, 10:46
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.