jinTao
October 8th, 2012, 12:07
hi all,
I was trying to encode a metasploit generated payload (EXE file )using shikata_ga_nai encoder . The encoder failed and reported that the .text section of the PE file was too small to be usable. So it implied that I needed to add some extra bytes to the .text section.
I followed a tutorial from the internet, wherein the last section of a PE - the .rsrc section, was extended by 1000 bytes. I tried to do the same thing to the .text section , but the .exe stops running
I understand that I have to relocate all the following sections as my .text section is the first section in the PE. I used lordPE and Hex workshop to do that, but obviously did not succeed.
Can someone guide me as to how to extend the .text section and also relocate the following sections, such that the PE still remains functional ?
thanks in advance and hoping to learn from you all
bye
jintao
I was trying to encode a metasploit generated payload (EXE file )using shikata_ga_nai encoder . The encoder failed and reported that the .text section of the PE file was too small to be usable. So it implied that I needed to add some extra bytes to the .text section.
I followed a tutorial from the internet, wherein the last section of a PE - the .rsrc section, was extended by 1000 bytes. I tried to do the same thing to the .text section , but the .exe stops running
I understand that I have to relocate all the following sections as my .text section is the first section in the PE. I used lordPE and Hex workshop to do that, but obviously did not succeed.
Can someone guide me as to how to extend the .text section and also relocate the following sections, such that the PE still remains functional ?
thanks in advance and hoping to learn from you all
bye
jintao