View Full Version : Section Atributes

February 20th, 2002, 06:51
Gentlemen, Ladies & those of you who are unsure,

I have been playing about with injecting a dll code into executables.

As usual everything is fune under 98 SE unfortunitely things take a turn for the worse under 2K (& above).

I need to modify the section charactistics from 60000020 to E0000020 to get write access.

I thiought that if I wrote a loader and used writeprocessmemory to modify these before resuming the thread would do the trick.

However this dosn't seem to be the case, I still get an access violation

Am I barking up the wrong tree ?

One possible solution would be to use writeprocessmemory from the dll which I am injecting, but I am unsure how to get the process handle for the processs I have unjected the .dll into.

Any suggestions ?


Why don't we all go back to DOS instead of all this windows crap

February 20th, 2002, 07:43
OOPS I appear to have discovered getcurrentprocess.

However any hints & tips on the best method to use would be appreciated.


February 20th, 2002, 10:37
I am using ApiHooks (http://elicz.cjb.net) library of EliCZ and it works pretty good on every windows version.

February 20th, 2002, 11:09

Either great minds think alike or fools seldom differ.

I'm using apihooks too, the problem that I have is that I cannot atch several bytes in memoru because the section attribute is 60000020 and under 2K I get an exception.

What I need to do is get write access to that section.

I have tried various methods of writing to that secton without success.

So I am forced to using Peedit to set the attributes by hand then injecting my dll.


February 20th, 2002, 19:37
I am using Masm, and AH library automatically set section attribute of ApiHooks to E0000020.I use /MERGE:ApiHooks=.text /SECTION:.text,EWR switches also to put ApiHooks section in first section.It worked quite well.If you are usign other languages I dont have any idea

February 20th, 2002, 19:59
I need to modify the section charactistics from 60000020 to E0000020 to get write access.

Hello Kilby,

I don't know if I understand your q. well but ... I've seen an example that changes the section characteristics from xxxxxxxx to E0000020:

MOV [Section.Characteristics],0E0000020h


MOV [EDX].Characteristics,0E0000020h

(nearly same, heh)
And it works under Win98/Win2000.

Btw. nice example on Latigo's site (hello) - Nag injection (section char. changing included).


February 21st, 2002, 06:39
Heheh, possibly I was being a little obtuse.

I have put together a .dll which intercepts an redirected api call.

However I need to modify the code which this redirected API passes through and this section has section an attribute of 60000020.

Under 98 this is fine but under 2K & XP I get an access error.

I hope this clarifys the problem that I have.


February 21st, 2002, 11:58
VirtualProtectEx should handle your Problem....