Log in

View Full Version : i need info

mustapha
February 15th, 2001, 19:25
Hi to all,
1==I added some lines of code to a program and it works fine. I did not change the virtual size, I have to do it? It is necessary?

2==Can someone recommend me tuts/urls about extracting, inserting etc.. sections from/to a Pe file format?

3==Where can I find info about reversing CD copy-protections?

Thanks
Saludos
Mustapha
?ferret
February 15th, 2001, 20:21
Hola,

I can be of assistance on 2 of he 3 ;-)

1) Adding to to the virtual size....if you find enough NOP's (90h) or Empty (0h) bytes in a program, you can insert your code there w/o making any changes.

3) The search engine on this board should give some results....one good tut for the 'basics' is the DREADed Guide To Cracking...There's a section on CD protections by MisterE that I found helpful.

as for your q about adding to the PE, that's still beyond my scope, I haven't gotten quite that ambitious yet ;-)
Clandestiny
February 15th, 2001, 22:21
Hi Mustapha,

I'm no expert on code injection, but I had occasion to need to add some imports to the import table in a reversing project a while ago, and I ran across a couple of little related utilites you might be interested in for this purpose.

The first is Iczelion's Snippet Creator: here is a little description borrowed from protools.cjb.net where you can download it if you're interested...

- Can generate code snippets and save them as binary files.
- Support both TASM and MASM.
- Integrated PE editor
- Can insert the snippet into the target PE files as a new section or into any existing section or even in
PE header.
- You can call any functions that are imported by the target PE file.
- Full source code included.

The second one is IDDKing by SantMat. You can also get it from protools.cjb.net...

- IID King allows you to add imports to ANY PE file's import table.
- Allows you to specify how much MORE zero-padded code you wish to add to the end of the
section ".IIDKing" that is created when you change a PE file.
- You can run the program as many times on the program you wish!

Regards,
Clandestiny
Carpathia
February 16th, 2001, 03:02
Im surprised no-one has yet mentioned neurals notepad essay. Its an excellent tute on code injection and pe manipulation.
http://neudump.cjb.net

My advice is to ignore snippet creator until you've done it a few times manually. Theres lots to be learnt from injecting code by hand. Once your confident you understand eveyrthing youre doing, you can use snippet creator to save time.

Regards

Carpathia