I am trying to insert code into a DLL file without any luck, it just crashes each time it is ran. I can't just overwrite certain instructions as the code I wish to insert is larger. Is there a tool which fixes the file after inserting code or am I goin about this all wrong.

I have read a thread on here about code insertion but it didn't really help. I have also tried Hiew but it does not seem to support inserting, just overwriting.

Any comments greatly appreciated.

You just can't overwrite existing code with yours, unless you fully replace its functionality.

Modifying a PE image is not generally a trivial task if you have never tried before, however here is how I would do it - bare handed, of course:

1) add a new section to the dll (sized to contain your code)
2) paste your binary code in your new section
3) redirect the old code to jump to your new code

This simplistic approach will work provided your code does not reference imported APIs or other routines in the dll (that's because of relocation). If you need to refer to certain memory location, you must use relative references... another funny technique that needs time to be mastered.

Good luck!
Peres

There are 2 MOV instructions which move an ID into the registers, I need to 'fix' what these MOV instructions move into memory... nothing fancy.

So how would I go about this ? I don't know how to do what you said above. If I add my own section of code, how do I call it from the place I need as this would involve inserting a function to call this code ?!?

Can you show us an example, or the exact MOV instruction lines?

SiGiNT

mov ecx, [eax]
mov edx, [eax+4]

I need to change them to something like:

mov ecx, 90040001
mov edx, 90040002

What would probably be easiest for you is to jump to an empty section of code. These empty sections are called "caves". you can find these sections pretty easily yourself but if you want to save some time get the "Section Tool" plugin for PEID. That will automatically find code caves for you. Once you have the address of the code cave modify the program to jump to that location when you want to patch.

Example:
Let's say your patch location is at 412345
And let's say that the "Section tool" found a cave at 4F0000

So you modify your program to patch:

to become


Then go to 004F0000 (your code cave) and enter in whatever intructions you want executed.

then at the end of your code cave jump back to the normal flow of execution


Make sure you jump back to the instruction AFTER the jump you took to the code cave

Or, if your target value is within the range available you could -

add or sub e_x, value to equal what you want, if not I think Gabir3l's solution is the answer.

SiGiNT

Thanks gabri3l, I think this is the way to go.

Thanks to everyone who replied, I couldn't have done it without you lot !