Adding code to a PE file is essential when we crack a program or add functionality to an application. In this post, you and I will learn together about adding code to a section.
We will see CODE section. I use CFF Explorer. You can view detail in CFF Explorer:
In the illustration above we see VirtualSize(00001000) as the SizeOfRawData(00000575).Virtual size icon is shown.
use the real code. The size of raw data determines the amount of space used on your hard disk.
In the Hexeditor program observed at the end of the CODE section (in front of the DATA section starting at 800h),
This address space is completely unused and not mapped into memory. We need to make sure our command when placed into this space will be loaded into memory. Therefore, we need to edit the size attribute. Right now we see that the size of this Section is 0575 we will up to 05ff, that’s the largest size we can use.
We will add a small program to take control of the entry point and then only return the execution to OriginalEntryPoint. I use Ollydbg.
Load PE file with LordPE you can see EntryPoint is: 1000 and ImageBase is 00400000. When we load the program into Ollydbg the EP is 401000. We will add some lines later and later change the entry point to the first line of the code:
MOV EAX, 00401000 ; Load in EAX the Original Entry Point (OEP)
JMP EAX ; Jump to OEP
We will put the above code at the address 07B0. To convert from RAW Offset to RVA to use for Ollydbg we will use the following formula:
RVA = raw offset – raw offset of section +virtual offset of section +ImageBase
= 7B0 – 200 + 1000 + 400000 = 4015B0
Load PE file into Ollydbg and go to target section(Ctrl + G and enter the calculated value 4015B0). When it comes to the position we need. Proceed to enter the command we want.
Save file PE. Right click select Copy to Executable and All modifications next select Copy All and Save File.
Open file PE with HexEditor:
So we have finished adding code to the section. We can add a code of 128 bytes length to the PE file.
This is an extremely simple technique that I want to share with everyone. In the following articles we will go into more complex techniques. If you have any comment or comment let me know.