I was having hard time trying to add specific dll with certain function to an executable PE file until I reached two great tuts about this subject
here and here
The first thing we have to have extra space in that PE file, for me I am accustomed with adding new section using some article from Sunshine( the same site of the latter link) but the problem was the conflict that I faced while investigating assembled file using masm32 compared toother executable files, the difference was easy, but hard to find for a novice coder like me, in the articles(above) pointed that OriginalFirstThunk and FirstThunk in the ImportDirectory may be put same,but they are not similar in masm32 assembled files, and the other thing regarding masm32 is that creates JMP table, so when call user32!MessageBoxA, it actually redirect that into JMP user32!MessageBoxA.
The other thing I sought in whole this die hard one day of trial and error of coding, is that don't ever try to remove the original ImportTable nor modify it after copying it to the new location, just temper by adding new ImportDirectory, if it sounds confusing now I will try to throw a tutorial/Code snippet in upcoming post(s), cause JMP and CALLs point to the FirstThunk values, so if you want to change those values you should go on though the whole code trying to find the RVAs and changing them accordingly.
Now, I am too thrilled to re-adjust and optimize my current example code, But first I need to have a rest ;)
Music: Cymphony of Pain[Snakeskin], this is Duetsch[Esibrecher]., 1000 flammen[Eisbrecher]..etc(whole day music hardly memorizing them)
here and here
The first thing we have to have extra space in that PE file, for me I am accustomed with adding new section using some article from Sunshine( the same site of the latter link) but the problem was the conflict that I faced while investigating assembled file using masm32 compared toother executable files, the difference was easy, but hard to find for a novice coder like me, in the articles(above) pointed that OriginalFirstThunk and FirstThunk in the ImportDirectory may be put same,but they are not similar in masm32 assembled files, and the other thing regarding masm32 is that creates JMP table, so when call user32!MessageBoxA, it actually redirect that into JMP user32!MessageBoxA.
The other thing I sought in whole this die hard one day of trial and error of coding, is that don't ever try to remove the original ImportTable nor modify it after copying it to the new location, just temper by adding new ImportDirectory, if it sounds confusing now I will try to throw a tutorial/Code snippet in upcoming post(s), cause JMP and CALLs point to the FirstThunk values, so if you want to change those values you should go on though the whole code trying to find the RVAs and changing them accordingly.
Now, I am too thrilled to re-adjust and optimize my current example code, But first I need to have a rest ;)
Music: Cymphony of Pain[Snakeskin], this is Duetsch[Esibrecher]., 1000 flammen[Eisbrecher]..etc(whole day music hardly memorizing them)
Labels: ImportDirectory, Win32 PE
Smilar pages
posted by buggycoder at 10:53 AM
0 Comments:
Post a Comment
<< Home