Page 1 of 3 123 LastLast
Results 1 to 15 of 33

Thread: How to add Function to Various System DLL.

  1. #1
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20

    Lightbulb How to add Function to Various System DLL.

    Hi Guys and Gals . I am trying to get my amd graphics driver work in xp.
    For that i needed to add various function to systemfiles like videoport.sys,ntoskrnl.exe,kernel32.dll and few other.
    please help me .

  2. #2
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    Great hope you are really serious about that ��⚠�� now will you try to formalize it what back ground have you gathered to achieve your goal any thoughts
    Last edited by blabberer; June 21st, 2016 at 00:45.

  3. #3
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    Quote Originally Posted by blabberer View Post
    Great hope you are really serious about that ��⚠�� now will you try to formalize it what back ground have you gathered to achieve your goal any thoughts
    Still trying. i Have a bit knowledge with PE.
    any tool exist for adding export to a dll?

  4. #4
    Learn Or Die.

  5. #5
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    thanks for help.
    But there is no export tool only import namely iidking

  6. #6
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    I want to add following function to kernel32.dll
    ==================================================================================================== ==========================================================
    LIBRARY NAME : kernel32.dll
    Function Added
    --------------------------------------------------------------------------------------------------------------------------------------------------------------
    DecodePointer
    EncodePointer
    GetNativeSystemInfo
    GetProcessHandleCount
    SetDllDirectoryW
    IsWow64Process
    IsWow64Message
    CheckRemoteDebuggerPresent
    SetDllDirectoryA
    GetModuleHandleExW
    InterlockedPopEntrySList
    InterlockedPushEntrySList
    InitializeSListHead
    InterlockedFlushSList
    QueryDepthSList
    AttachConsole
    TzSpecificLocalTimeToSystemTime
    RtlCaptureStackBackTrace
    GetSystemWow64DirectoryA
    GetSystemWow64DirectoryW
    GetHandleContext
    GetModuleHandleExA
    GetProcessId
    SetThreadUILanguage
    WTSGetActiveConsoleSessionId
    RemoveVectoredExceptionHandler
    AddVectoredExceptionHandler
    ReleaseActCtx
    CreateActCtxW
    CreateActCtxA
    ActivateActCtx
    DeactivateActCtx
    RtlCaptureContext
    GetGeoInfoW
    GetUserGeoID
    GetGeoInfoA
    GetSystemTimes
    GetVolumePathNamesForVolumeNameW
    GetVolumePathNamesForVolumeNameA
    IsProcessInJob
    GetCurrentActCtx
    GetThreadId
    GetDllDirectoryW
    DebugActiveProcessStop
    ZombifyActCtx
    AddRefActCtx
    QueryActCtxW
    FindActCtxSectionStringW
    FindActCtxSectionStringA
    SetProcessDEPPolicy
    GetSystemDEPPolicy
    GetProcessDEPPolicy
    GetThreadIOPendingFlag
    CreateMemoryResourceNotification
    QueryMemoryResourceNotification
    SetFirmwareEnvironmentVariableA
    SetFirmwareEnvironmentVariableW
    GetFirmwareEnvironmentVariableA
    GetFirmwareEnvironmentVariableW
    DecodeSystemPointer
    EncodeSystemPointer
    SetHandleContext
    EnumSystemGeoID
    ConvertFiberToThread
    BaseCheckAppcompatCache
    SetThreadStackGuarantee
    InitializeCriticalSectionEx
    FlsFree
    FlsGetValue
    FlsSetValue
    FlsAlloc
    FindActCtxSectionGuid
    GetDllDirectoryA
    LCMapStringEx
    InitOnceExecuteOnce
    RegisterApplicationRecoveryCallback
    ApplicationRecoveryInProgress
    RegisterApplicationRestart
    ApplicationRecoveryFinished
    GetLocaleInfoEx
    CompareStringEx
    GetNLSVersion
    GetNLSVersionEx
    GetTimeFormatEx
    GetDateFormatEx
    IsValidLocaleName
    EnumSystemLocalesEx
    CreateSemaphoreExW
    CreateSemaphoreExA
    GetThreadID
    GetThreadPreferredUILanguages
    SetThreadPreferredUILanguages
    CheckForReadOnlyResource
    FindFirstStreamW
    FindNextStreamW
    FindNLSString
    GetNumaNodeProcessorMask
    GetNumaProcessorNode
    GetLogicalProcessorInformation
    GetNumaHighestNodeNumber
    InitializeConditionVariable
    WakeConditionVariable
    SleepConditionVariableCS
    WakeAllConditionVariable
    QueryThreadCycleTime
    LocaleNameToLCID
    InterlockedCompareExchange64
    GetSystemRegistryQuota
    SetFileValidData
    GetCurrentProcessorNumber
    GetConsoleProcessList
    QueryFullProcessImageNameA
    QueryFullProcessImageNameW
    CheckNameLegalDOS8Dot3A
    CheckNameLegalDOS8Dot3W
    GetUserDefaultLocaleName
    GetSystemDefaultLocaleName
    SetFileInformationByHandle
    GetFileInformationByHandleEx
    OpenFileById
    CancelSynchronousIo
    CancelIoEx
    AcquireSRWLockExclusive
    AcquireSRWLockShared
    InitializeSRWLock
    ReleaseSRWLockExclusive
    ReleaseSRWLockShared
    LCIDToLocaleName
    K32GetProcessMemoryInfo
    GetProcessPreferredUILanguages
    SetProcessPreferredUILanguages
    GetFinalPathNameByHandleW
    K32EmptyWorkingSet
    K32EnumDeviceDrivers
    K32EnumProcessModules
    K32GetDeviceDriverBaseNameA
    K32GetDeviceDriverBaseNameW
    K32GetDeviceDriverFileNameA
    K32GetDeviceDriverFileNameW
    K32GetMappedFileNameA
    K32GetMappedFileNameW
    K32GetModuleBaseNameA
    K32GetModuleBaseNameW
    K32GetModuleFileNameExA
    K32GetModuleFileNameExW
    K32GetModuleInformation
    K32GetPerformanceInfo
    I have heard there is a tool namely ETCH but i cannot find it any where.
    PLease teach me.

  7. #7
    Never heard of it.
    Tell me why IIDKing will not work.
    http://www.woodmann.com/collaborative/tools/index.php/Category:Import_Editors
    Learn Or Die.

  8. #8
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    I don't know what AMD graphics card you have, but is there any reason why you can't use an XP compatible driver suite?

    http://support.amd.com/en-us/download/windows-legacy

    What you have in mind is a bad idea for many reasons, but let's start with why you've come to this point in the first place.

  9. #9
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    @Woodmann IID King Can add only import where i need to add export.
    Thanks a lot for your effort to keep such a awesome tool and ebook library.
    @ Kayaker
    Only few dependency need to be fixed to run it.
    Any way i didnot want to go to new os as they contain telemetry spyware.
    I cannot use as newer R9 Series is not supported.

  10. #10
    I guess you need a Virtual Machine to do this.
    Learn Or Die.

  11. #11
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    Thanks a lot every one.
    I myself added function to export table using most powerful tool That is hexeditor .
    I am too lazy to do that manually. Anyway last of all got driver working.
    Windows XP STill now rock , isnt it?

  12. #12
    Windows XP Forever
    Join Date
    Jun 2016
    Location
    Oshaka,Japan
    Posts
    20
    Anyone know how to add some space to PE

  13. #13
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    You need to write a driver that hooks mmmapviewofA and create extra space or use what woodmann suggested

  14. #14

    As Above

    Hello XPForever,

    Welcome to our board. If you have not worked a bit on cracking, you may find adding spaces to PE a bit more daunting (adding space is always easy -- getting the code to work is difficult)

    Now, if you search google for "add some space to PE" you will not find anything. The formal word for this is: "CODE CAVE".

    You can begin here:

    1) How to inject your code into a PE Executable: http://www.ntcore.com/files/inject2exe.htm

    2) What is a code cave by the way: https://en.wikipedia.org/wiki/Code_cave

    3) Making space for added bytecode (machine code) in a Windows PE executable: http://stackoverflow.com/questions/5619813/making-space-for-added-bytecode-machine-code-in-a-windows-pe-executable

    4) How do I make space for my code cave in a Windows PE 32bit executable: http://stackoverflow.com/questions/35685589/how-do-i-make-space-for-my-code-cave-in-a-windows-pe-32bit-executable

    5) Adding a section to your PE: the easy way : http://ge0-it.blogspot.in/2012/08/adding-section-to-your-pe-easy-way.html

    6) Adding New Functions to Compiled Code: http://sandsprite.com/CodeStuff/add_function.html

    Want a better way? Learn how to DETOURS (and by Microsoft, no less).

    Go for it. Don't get discouraged. Ask what want to know further. And remember, doing what you want to do (add space in a PE for your code) is DIFFERENT in PE and a .NET PE (You will need to learn .NET reversing for that).

    (And yes, ETCH used to exist. But it was on a university server only. It has now been (around a decade) that it's been taken off. ETCH was not exactly a tool, but a Framework with multiple tools (mostly DLLS and a few EXE). It was highly crude. Nothing what you are expecting. More like W32DASM. Good in it's days, no longer useful now (unless you want straight disassembly dumps). It was, in many ways, a percusor to Microsoft Detours. I used it a couple of times, but never managed to work for "REAL LIFE" applications. Detours and a few (by our great mods and members themselves) are better. There was an old tool by G-ROM (but for the life of me can't remember the name -- I think one of the mods also asked for the source but "Dream on" was the reply to that query by G-RoM, heh!) Anyways, I digress... Begin your journey by searching for how to create "Code Caves" in PE and in .NET PE. Then, as you learn, share it here. Knowledge or tools, everything is welcome. As are you.

    Have Phun
    Last edited by Aimless; June 29th, 2016 at 08:12.
    Blame Microsoft, get l337 !!

  15. #15
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    Quote Originally Posted by Aimless View Post
    There was an old tool by G-ROM (but for the life of me can't remember the name -- I think one of the mods also asked for the source but "Dream on" was the reply to that query by G-RoM, heh!) Anyways, I digress...
    ProcDump32 (1.6.2 FINAL) ?

    Heh, I think I can guess who might have asked for the source
    Digressing again, but here's what he wrote in the final version:

    Hi folks,

    Due to the fact I have less and less time to code this project, and the fact I have no more the time to do things related to scene, I decided to retire myself. As a direct concequence ProcDump32 won't be released and updated anymore. Yeah, that's the end of ProcDump32 project. Starting now, you should really unpack manually without useless ProcDump help.

    Since I know some of you will bug me here are some anticipated answers :

    - I won't publish the source code, not now, never. It is my code, my time, my whatever.
    - I will never be back.
    - I won't explain in any way how works part or whatever of ProcDump.

    U can however still try to mail me at g-rom@innocent.com . Anyway, I am pretty suresomething better than ProcDump will popup one day.

    G-RoM [17-12-1999]
    "If it runs, it can be defeated."
    Actually, both ProcDump32 by G-RoM, Lorian & Stone and LordPE Deluxe by yoda would still both be very useful for working with PE files in XP. Both can still be found on the web, though NTCore's CFF Explorer or several other more modern PE tools are probably a better bet now.

    And yeah XPFOREVER, XP still rocks in many ways, certainly for reversing fun

Similar Threads

  1. Function hooking on ARM
    By nothize in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: October 15th, 2010, 01:57
  2. Function Analysis
    By REBlog in forum Blogs Forum
    Replies: 0
    Last Post: October 19th, 2007, 20:27
  3. DLL Function Parameter Help
    By FattyMiller in forum OllyDbg Support Forums
    Replies: 1
    Last Post: October 27th, 2004, 09:02
  4. The Function in PE
    By AlanZheng in forum The Newbie Forum
    Replies: 10
    Last Post: February 16th, 2004, 11:06
  5. The Mod Function
    By Acid_Cool_178 in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: May 7th, 2001, 14:23

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •