Six Black Roses
January 17th, 2004, 12:53
I have an executable that I want to add a DLL function to. If the executable doesn't already have an import table, I want to create one. I want the addition to be as native as possible--which means I'm not interested in any LoadLibrary schemes.
The machine code for a function call, MessageBoxA for example, is like this:
00402000 PUSH lastParam
00402001 PUSH secondParam
00402002 PUSH firstParam
; Call to MessageBoxA
00402003 CALL 00403000
...
; Call to MessageBoxA
00403000 JMP dword prt [87654321]
What happens when Windows load the executable is that the DLL, in this case User32.dll, is loaded into the virtual space of the executable, and the address at 00403000 is patched to jump to the correct location in User32.dll.
What I'm looking for is a utility that will do nothing more than look for an existing import table, and if one doesn't exist create it, then add the proper information to the PE header and import table to accommodate for the newly added function. Then I want it to place an instruction like at 00403000 somewhere in the executable and then tell me where it is. All that is to be set up so that the Windows loader will patch that instruction to jump to the correct place in the DLL.
After I add the function to the executable, I'll be able to call it by simply pushing the parameters and CALLing the JMP instruction that jumps to the correct place in the DLL.
I hope I was clear enough. So is there a utility out there like it already? What is it?
The machine code for a function call, MessageBoxA for example, is like this:
00402000 PUSH lastParam
00402001 PUSH secondParam
00402002 PUSH firstParam
; Call to MessageBoxA
00402003 CALL 00403000
...
; Call to MessageBoxA
00403000 JMP dword prt [87654321]
What happens when Windows load the executable is that the DLL, in this case User32.dll, is loaded into the virtual space of the executable, and the address at 00403000 is patched to jump to the correct location in User32.dll.
What I'm looking for is a utility that will do nothing more than look for an existing import table, and if one doesn't exist create it, then add the proper information to the PE header and import table to accommodate for the newly added function. Then I want it to place an instruction like at 00403000 somewhere in the executable and then tell me where it is. All that is to be set up so that the Windows loader will patch that instruction to jump to the correct place in the DLL.
After I add the function to the executable, I'll be able to call it by simply pushing the parameters and CALLing the JMP instruction that jumps to the correct place in the DLL.
I hope I was clear enough. So is there a utility out there like it already? What is it?