Results 1 to 4 of 4

Thread: i need info

  1. #1
    mustapha
    Guest

    i need info

    Hi to all,
    1==I added some lines of code to a program and it works fine. I did not change the virtual size, I have to do it? It is necessary?

    2==Can someone recommend me tuts/urls about extracting, inserting etc.. sections from/to a Pe file format?

    3==Where can I find info about reversing CD copy-protections?

    Thanks
    Saludos
    Mustapha
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    ?ferret
    Guest
    Hola,

    I can be of assistance on 2 of he 3 ;-)

    1) Adding to to the virtual size....if you find enough NOP's (90h) or Empty (0h) bytes in a program, you can insert your code there w/o making any changes.

    3) The search engine on this board should give some results....one good tut for the 'basics' is the DREADed Guide To Cracking...There's a section on CD protections by MisterE that I found helpful.

    as for your q about adding to the PE, that's still beyond my scope, I haven't gotten quite that ambitious yet ;-)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Hi Mustapha,

    I'm no expert on code injection, but I had occasion to need to add some imports to the import table in a reversing project a while ago, and I ran across a couple of little related utilites you might be interested in for this purpose.

    The first is Iczelion's Snippet Creator: here is a little description borrowed from protools.cjb.net where you can download it if you're interested...

    - Can generate code snippets and save them as binary files.
    - Support both TASM and MASM.
    - Integrated PE editor
    - Can insert the snippet into the target PE files as a new section or into any existing section or even in
    PE header.
    - You can call any functions that are imported by the target PE file.
    - Full source code included.

    The second one is IDDKing by SantMat. You can also get it from protools.cjb.net...

    - IID King allows you to add imports to ANY PE file's import table.
    - Allows you to specify how much MORE zero-padded code you wish to add to the end of the
    section ".IIDKing" that is created when you change a PE file.
    - You can run the program as many times on the program you wish!

    Regards,
    Clandestiny

  4. #4
    Carpathia
    Guest
    Im surprised no-one has yet mentioned neurals notepad essay. Its an excellent tute on code injection and pe manipulation.
    http://neudump.cjb.net

    My advice is to ignore snippet creator until you've done it a few times manually. Theres lots to be learnt from injecting code by hand. Once your confident you understand eveyrthing youre doing, you can use snippet creator to save time.

    Regards

    Carpathia
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. looking for Microguard PC info.
    By requiem in forum The Newbie Forum
    Replies: 0
    Last Post: September 19th, 2004, 06:59
  2. Some info about USB
    By Polaris in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 17th, 2003, 17:13
  3. need info on ROR and ROL
    By javelin in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: October 21st, 2001, 04:38
  4. uk-info 6.5 info required...
    By sadsack in forum Malware Analysis and Unpacking Forum
    Replies: 6
    Last Post: October 13th, 2001, 10:11
  5. Further info
    By Hoof Arted in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 10th, 2001, 05:38

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •