|
How to execute a snippet of code before the main execution!
Hi,
I just want to know if there is a way to execute a snippet of code before the windows loader tries to load the image of the code section into memory and use the address of EIP to execute the main program. If so,let me know how you would do this whether by sharing a source code or giving some explanation. Also if it's not possible,share some points about how to run a thread before running the main thread which is strictly attached to the main process. Also let me know which option with assembly Linker should be used to add a checksum in the PE file header. Thanks. Android. |
hi Android, can you explain what exactly you need, i meen i am litle bit comfused :o
you cannot something do before its loaded intro memory, but i think that you can loader that load thread in suspended mode, patch some bytes,dword etc... and after just resume thread but you can also i think copy executed code intro buffer and then emulate or execute part that you want you can also use wait for inputhandle etc... i was uploaded part from win32hlp file: hxxp://rapidshare.de/files/35189691/part.txt.html try to create in Suspended_Mode and then just ResumeThread i hope that this is the right ansver for your question best regards |
Before trying to hack your OS by modifying some kernel parts to jump somewhere else, you should try the second idea you thought of. (I assume you only used the wrong words and you don't want to execute something before Windows loads the executable into memory)
Just create the process with CREATE_SUSPENDED, which will prevent it from running. Then do what ever you want to do with it either from your loader process or with CreateRemoteThread. Then you can resume the process. |
Take a look at the TLS callback, used in Execryptor and some crackmes, maybe this trick can help.
|
1 Attachment(s)
the TLS is meant for this.
Try the attached example code (C++), Anyway consider that the TLS is not the only option, the same result is obtained putting your code into the DllMain of a dll added to the import table. The Dll is loaded by the system loader and the import table resolved. The DllMain of each dll is called at this stage. This latter approach requires an external dll anyway, but a solution to this is to add an export to your own program and adding itself to the export table doing a circular reference to itself. |
1 Attachment(s)
if u need here's tlscallback in asm.. :)
|
if the program have dlls of it own, each oep of each dll is executed before the program reach the entry point,so you can inject some routine in the dll some lines next to the oep of the dll.
Ricardo |
Hi,
Thanks all for your help and responses. I don't know C++ so I can't understand it. About the asm code it seems that I need SO special info about PE files. Can anybody share this specific info with me? Thanks in advance. Regards, Android. |
You don't need any special info about PE files. You just need to read the source code, since it clearly says what you need to do in order to use TLS callbacks. (it even lists the tools you can use)
|
| All times are GMT +8. The time now is 15:52. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX