180320 Reverse - secondary development of code (2) Manual construction of blocks

Others 2022-04-22 20:25:26 views: 0

1625-5 Wang Ziang summarized "March 20, 2018" [Summary for the 535th consecutive day]
A. Secondary development of the code (2)
B.

Building blocks by hand

The space size of the block gap is limited. If the required code is not much, the above method is convenient and fast. But if you need to add a lot of code, the block gap is not enough. Blocks must be added manually at this point.

Manual construction of blocks must be familiar with the PE format, and tools are generally available for practical operation.
There are three main tasks to be done:
1. Increase the block header
2. Increase the data segment pointed to by the block header
3. Adjust the image size in the file header

When constructing blocks, you must pay attention to the alignment of the blocks. If it is not aligned, an error may be reported on some systems.

  1. Modify the block table The
    block table is composed of a series of IMAGE_SECTION_HEADER structures after the PE file header.
    Each structure describes a block, and the order of the structures is the same as the order of the blocks in the file. The
    block table ends with an empty structure logo

If you want to add a new section, you need to add a block
header and fill in the attributes as needed.
Pay attention to the problem of block alignment.
2. Add data segment.
With the block header, you need to add content to the block.
Insert at the end of the file 0x1000h size data block is enough

Tool Aid Building Blocks

When actually adding a block, because it is cumbersome, it is generally done quickly with a tool. Open the file
with LordPE, and on the block list, execute the add section header function in the right-click menu to add a block. Check 'autofix SizeOfImage' to automatically fix the image size value. However, the content of the data segment still needs to be added by yourself.

The CFF Explorer is more complete and can automatically increase the corresponding data segment

Precautions

Generally, the block table of the software PE header is followed by a space of all 0s (used to align the following blocks), so the new block will not destroy the file
, but sometimes the block table just fills the alignment unit. , or something else behind it. At this point, it is not very convenient to add block headers.
In theory, it should be possible to correct the offset behind, but the amount of work is a bit large. 233

C. Tomorrow plan
Get function call

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325255124&siteId=291194637
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com