Hi,

how can I add additional space to a dll-file? Let's say for example 10kbytes more space in the file to implement new functions.
The nop sections aren't big enough.

Here the original data:
http://www.directupload.net/060829/temp/Z9n5j9kv.jpg (http://www.directupload.net/show/d/804/Z9n5j9kv.jpg)

cu,

You can add an extra section to the file with the size desired. Just give it the appropiate flags (you can copy the flags from the code section if you are in doubt). LordPE and a lot of other tools are capable of doing it for you.

Ten kilobytes? Are you sure you need that much space, or is that 10Kb of bloated compiler output?

Your 150x101 pixel image that you linked to is a bit hard to read.

The link was only the preview. Here the right link:
http://www.directupload.net/show/d/804/Z9n5j9kv.jpg

I never have done a filesize change. Is there a FAQ or How to for Step by Step?

When I want to insert additional space where can I implement it? Before code start, at end,....

Easiest way to add a block to an exe file at its end is this, from command tool:
copy /b "original.exe"+"new_block.bin" "joint.exe"

Or you can paste this line into a .bat file and execute it all times you need, to do some tests

And you should add in the executable PE header a new section after last one with a PE editor, such as CFF or LordPE...

Cheers

Nacho_dj

To insert your code in the exe, you can find a cave code or can add a new section with Cff in this way:
1.Open the file
2.Go on SectionHeaders
3.Right click and AddSection(Empty Space)
4.Save the file
Now you can write your asm code with olly in this new section.
To execute your code as EP, you must change the Ep with the RVA of new section and set a jmp to old_ep at the end of your code

Make sure the data is aligned - the last section's size does not need to be a multiple of the FileAlign. Add padding as necessary.

Naive question:

Schwa is talking about a dll.
Don't all dlls have to be reloc(able), and doesn't relocation add some extra complications to take care when you add an extra section/ and extra code??

Only if you write your code to depend on fixed offsets and thus need to add extra relocation records (that can get complicated). Otherwise, keeping everything on the stack and not accessing global variables etc. should result in position-independent code.

I tried with Cff to add a new section.
The new section got implementet at the end of the file.
Offset 1F1E00. Without modification in the original code it was running.

But I could not make calls from the original code to the new section -> crash.

Tried debugging it?

I think you are getting troubles because of the flags (characteristics) in the new section. Try to config them to let you access to the data, as the .data section, for instance. And if new section contains code, as .text section...

Cheers

Nacho_dj

Infact, you tray to change the Characteristics of the section with cff in this way:
1) Right click on the section and "change section flags"
2)Now set those flags: executable, readable, writable

However I remember to you, that a call doesn't use the Virtual Address or the RVA

I don't think so. They may not always load if they're not relocatable, but I'm pretty sure it's not necessary as long as there are no address space collisions.