View Full Version : Insert some functions
yan_kur
March 24th, 2003, 02:12
I want to insert some functions to an exe file. I don't know how to do that. Anyone can give me information about how to do that? What tool should I use?
squidge
March 24th, 2003, 03:12
You can use a hex editor as long as you can find a place big enough to insert your code.
yan_kur
March 24th, 2003, 03:35
I know a little about assembly language but not the exe format.
How do I find empty space? Is that the place with '00'? Is there any tool to shift the offset so I can make enough spaces?
Thanks
Aimless
March 24th, 2003, 04:14
Yan_kur,
You have to do the following:
1. Go to Immortal Descendents site (you can find a link of the archive below in the FAQ)
2. Search for "Adding functionality to Notepad"
3. Also, go to tsehp.cjb.net
4. Search for Razzia, adding functionality, DeFiler and code caves
5. Search in google for "CODE INJECTION" (minus the quotes, of course)
Have Phun,
yan_kur
March 24th, 2003, 05:11
OK thanks a lot.
I'll try to understand the tuts.
Stilgar
March 24th, 2003, 07:49
You can look at kaz a.k.a vman tuts on Trillian (I have found one at h++p://www.neschip.com/vman/trill.html) or the Spider Solitaire Game (Spider Solitaire Reverse Engineering Paper, pdf). They are pretty easy to follow.
yan_kur
March 25th, 2003, 23:06
Ok, I've found the code cave. No proble with code injection.
I still don't know how to inject some variables in the .data section.
Manko
March 26th, 2003, 02:22
Hmm... put your variables (data?) in the cave also... ?
Or did yu mean something completely diffrent?
/Manko
yan_kur
March 26th, 2003, 03:25
I want to put new data which contain text and print that text on the screen. How to do that?
squidge
March 26th, 2003, 03:28
Put the data in the code section and reference it there. If you need to modify the data, ensure the flags for the code section says it's writable (if it's not, make it so

yan_kur
March 26th, 2003, 03:45
Sorry, newbie here.
How to know that the flags for the code section says it's writable And if it's not how to make it so?
neviens
March 26th, 2003, 04:34
Most (if not all) compilers make non writeable .code sections.
This info is stored in flags dword of section table of PE header
of file. It looks like 60000020, and is editable with any
PE editor (LordPE for example).
Neviens.
yan_kur
March 26th, 2003, 04:40
OK, thanks that's very helpful.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.