Hi,
I am trying to add new import function to exe file. However I don't want to use external tool but do it by myself. I have tried several PE libraries and most of them either doesn't have ability to add import or they crash or executables don't run. Any ASM or C code is welcomed. Thanks.

Libraries
Patch by comrade Produced executable doesn't run.
PeLibrary 0.3c by Pumqara CRASH during adding import
m-PE Class by in4matics Produced executable doesn't run.
TitanEngine by ReversingLabs Couldn't make it work.


Tools
PeTools by NEOx Works
StudPE Works
IIDKing Crashes

Load PeTools or StudPE into IDA and you now have your ASM code.

Thanks @ disavowed I am having an epiphany now. How on earth I couldn't think that one? Your comment is 100% correct but it is not helpful at all. I don't want to reinvent the wheel if possible. It takes time to reverse to convert all this functions, initialization codes and unknown structures. I actually disassembled both of them and PeTools have cleaner code. I just don't want to fix all those codes if there is an easy way. I really didn't want to take your precious time that is why I posted with detailed explanations. However, after all those years in here, I don't think that I deserve to be mocked in such way.

Hello Laps,

Maybe you've already done this but, if possible check the F+ archive of software reverse engineering for Razzia+ tut on Code caves and modifying NOTEPAD (adding new functionality to it).

Though I last read it around 10 years ago, I distinctly remember him CODING with DISASSEMBLY and RAW HEX BYTES (using Hexview -- big thing then, if you remember), additional functionality AND new imports. Perhaps, that could help.

Here's a link that uses nothing but a PE Editor and Hex Calculator. I am sure will be useful. PDF, including example files:



Let me know how it goes.

Have Phun

Thanks Aimless. I have read that paper before. However in his example, there is enough empty space to add extra dll to IAT. My executable doesn't have this space. Therefore I have to add new section copy old ones and add new import. So it doesn't work for me. I will search more and if I can't find any reasonable source to use, I had to reverse some of the tools.

ashraf cracker posted a tutorial about adding a section and import manually which might be useful

http://www.woodmann.com/forum/showthread.php?14799-How-to-add-section-and-Import-Function-Manually

Hi Laptonic,
PE Bliss
Cross-Platform Portable Executable C++ Library

code.google.com/p/portable-executable-library/
Hope it helps!

Cheers, Sope!