Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

PE Library

Questions concerning tools (other than OllyDbg) - IDA Pro, SoftIce, member contributions, etc.
<b>NOTE:</b> You must <b>always</b> make sure you cannot find what you are looking for in our <a href="/collaborative/tools">Collaborative RCE Tool Library</a> before asking for <b>any</b> tools that can do this or that though!
Locked
User avatar
LaptoniC
Senior Member
Posts: 199
Joined: Fri Oct 27, 2000 9:35 am
Location: Turkey
Contact:

PE Library

Post by LaptoniC »

Hi,
I am trying to add new import function to exe file. However I don't want to use external tool but do it by myself. I have tried several PE libraries and most of them either doesn't have ability to add import or they crash or executables don't run. Any ASM or C code is welcomed. Thanks.

Libraries
Patch by comrade Produced executable doesn't run.
PeLibrary 0.3c by Pumqara CRASH during adding import
m-PE Class by in4matics Produced executable doesn't run.
TitanEngine by ReversingLabs Couldn't make it work.


Tools
PeTools by NEOx Works
StudPE Works
IIDKing Crashes
"There is only one road to human greatness: through the school of hard knocks." Albert Einstein
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

LaptoniC wrote:Any ASM or C code is welcomed....
PeTools by NEOx Works
StudPE Works
Load PeTools or StudPE into IDA and you now have your ASM code.
User avatar
LaptoniC
Senior Member
Posts: 199
Joined: Fri Oct 27, 2000 9:35 am
Location: Turkey
Contact:

Post by LaptoniC »

Thanks @ disavowed I am having an epiphany now. How on earth I couldn't think that one? Your comment is 100% correct but it is not helpful at all. I don't want to reinvent the wheel if possible. It takes time to reverse to convert all this functions, initialization codes and unknown structures. I actually disassembled both of them and PeTools have cleaner code. I just don't want to fix all those codes if there is an easy way. I really didn't want to take your precious time that is why I posted with detailed explanations. However, after all those years in here, I don't think that I deserve to be mocked in such way.
"There is only one road to human greatness: through the school of hard knocks." Albert Einstein
User avatar
Aimless
Senior Member
Posts: 869
Joined: Thu Sep 13, 2001 3:11 am

Post by Aimless »

Hello Laps,

Maybe you've already done this but, if possible check the F+ archive of software reverse engineering for Razzia+ tut on Code caves and modifying NOTEPAD (adding new functionality to it).

Though I last read it around 10 years ago, I distinctly remember him CODING with DISASSEMBLY and RAW HEX BYTES (using Hexview -- big thing then, if you remember), additional functionality AND new imports. Perhaps, that could help.

Here's a link that uses nothing but a PE Editor and Hex Calculator. I am sure will be useful. PDF, including example files:

Code: Select all

http://tuts4you.com/download.php?view.1569
Let me know how it goes.

Have Phun
Blame Microsoft, get l337 !!
User avatar
LaptoniC
Senior Member
Posts: 199
Joined: Fri Oct 27, 2000 9:35 am
Location: Turkey
Contact:

Post by LaptoniC »

Thanks Aimless. I have read that paper before. However in his example, there is enough empty space to add extra dll to IAT. My executable doesn't have this space. Therefore I have to add new section copy old ones and add new import. So it doesn't work for me. I will search more and if I can't find any reasonable source to use, I had to reverse some of the tools.
"There is only one road to human greatness: through the school of hard knocks." Albert Einstein
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

ashraf cracker posted a tutorial about adding a section and import manually which might be useful

http://www.woodmann.com/forum/showthrea ... n-Manually
sope
Member
Posts: 83
Joined: Thu Dec 12, 2002 2:19 pm

Post by sope »

Hi Laptonic,
PE Bliss
Cross-Platform Portable Executable C++ Library

code.google.com/p/portable-executable-library/
Hope it helps!

Cheers, Sope!
Read to Lead
Locked