well probably my explanation wasnt quiet good

naides what i mean is there is no place you wont see that place in hexeditor too
to iilustrate my point ill do a little jig
take iczelions tut -02 message box exe in the .asm add this line
in start
db 1d8h dup (90h)
re assemble it now if you open it in olly you will see
Code:
004011D5 NOP
004011D6 NOP
004011D7 NOP
004011D8 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004011DA PUSH msgbox.00403000 ; |Title = "Iczelion's tutorial no.2"
004011DF PUSH msgbox.00403019 ; |Text = "Win32 Assembly is Great!"
004011E4 PUSH 0 ; |hOwner = NULL
004011E6 CALL <JMP.&USER32.MessageBoxA> ; \MessageBoxA
004011EB PUSH 0 ; /ExitCode = 0
004011ED CALL <JMP.&KERNEL32.ExitProcess> ; \ExitProcess
004011F2 JMP NEAR DWORD PTR DS:[<&KERNEL32.Ex>; KERNEL32.ExitProcess
004011F8 JMP NEAR DWORD PTR DS:[<&USER32.Mess>; USER32.MessageBoxA
004011FE DB 00
004011FF DB 00
00401200 DB 00
00401201 DB 00
00401202 DB 00
00401203 DB 00
00401204 DB 00
00401205 DB 00
00401206 DB 00
00401207 DB 00
00401208 DB 00
00401209 DB 00
0040120A DB 00
0040120B DB 00
0040120C DB 00
assuming you now want to revese this exe to interchange caption with text and text with caption by adding code (that is trampolining not modifying in place the pointer )
if you do this kind of reversing and test it within ollydbg it will work fine
because loader allocated 1000 bytes to the .text section
Code:
004011D4 NOP
004011D5 NOP
004011D6 JMP SHORT msgbox.00401200
004011D8 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
004011DA PUSH msgbox.00403000 ; |Title = "Iczelion's tutorial no.2"
004011DF PUSH msgbox.00403019 ; |Text = "Win32 Assembly is Great!"
004011E4 PUSH 0 ; |hOwner = NULL
004011E6 CALL <JMP.&USER32.MessageBoxA> ; \MessageBoxA
004011EB PUSH 0 ; /ExitCode = 0
004011ED CALL <JMP.&KERNEL32.ExitProcess> ; \ExitProcess
004011F2 JMP NEAR DWORD PTR DS:[<&KERNEL32.Ex>; KERNEL32.ExitProcess
004011F8 JMP NEAR DWORD PTR DS:[<&USER32.Mess>; USER32.MessageBoxA
004011FE DB 00
004011FF DB 00
00401200 PUSH 0
00401202 PUSH msgbox.00403019 ; ASCII "Win32 Assembly is Great!"
00401207 PUSH msgbox.00403000 ; ASCII "Iczelion's tutorial no.2"
0040120C PUSH 0
0040120E JMP SHORT msgbox.004011E6
00401210 DB 00
00401211 DB 00
00401212 DB 00
but if you try to save this back to the exe olly say it cant locate the data
and ask you do you want to skip it or cancel
because physically in the raw image there is no place
if you will look at it in hexeditor
you will see yo just have two bytes that you can use and at 600 the .rdata section has started like this
Code:
000005F2 FF25 00204000 JMP NEAR DWORD PTR DS:[402000]
000005F8 FF25 08204000 JMP NEAR DWORD PTR DS:[402008]
000005FE 0000 ADD BYTE PTR DS:[EAX], AL
00000600 5C POP ESP <---- st
00000601 2000 AND BYTE PTR DS:[EAX], AL
00000603 0000 ADD BYTE PTR DS:[EAX], AL
00000605 0000 ADD BYTE PTR DS:[EAX], AL
00000607 0078 20 ADD BYTE PTR DS:[EAX+20], BH
now this need a new section or enlarging the .text section to 400 bytes
if you are taking the path of enlarging the existing section then
you have to relocate the pointers that are in the following section
etc etc etc which is kinda tough
if you want to add a section at the end all it takes is use an existing tool
like zeroadd iidking etc and name your section denote the size and its a two click job

btw you need to have physical place in pe header ( that is also 200 bytes
and many protectors nowadays fill the whole header space with junk sections to thwart section adding tricks
hope i am clear
its not a wrinkle using olly
