Adding section to windows programs

[Hero]

Hi all
I write an small program that adds a section to a exe file.But when I tested
on notepad.exe or mspaint.exe,new program crashes.
I first think that my program is buggy,But when I see that the Yoda yC that
protects every normal program correctly(it adds section too) is crashing too,
I think perhaps there is a modification detection on windows programs.
Is my idea is correct?Is there any change detection in this windows programs?

sincerely yours

[omidgl]

You can use an external dll. and use executable file caves to load your dll and call your dll functions. It's better not to change the image size for several reasons.

I dont think that there is a protection on notepad because its one of the programs which is very often used for trying new protectors.

Maybe your new program crashes because you write on the bound import directory when you add a new section.
Try to set to 0 the VirtualAddress and the Size of the IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT in the PE Header of your new program and I think it will work perfectly

[taos]

to HERO:

Please read more stuff about PE HEADER, you need read more, :-) and test your final EXE with OLLYDebug.
If you think that in Notepad can have "a modification detection", definitely you must study more.

Quote:

Originally Posted by Eggi

I dont think that there is a protection on notepad because its one of the programs which is very often used for trying new protectors.

i must full agree witch that
Hero: if you written a program that add section to exe, you should remember
to move file sections (if needed - if no place to add next section, only 28h bytes) and important - change sizeof image - the place in memory where will be file code.. (sections), and you should remember to make a valid attributters to section like: valid VS, VA, RAW Size .. etc.. everything should be correct - specialy on XP systems..

Hero:

Somebody said that Notepad.exe has different PE format,I am not sure about it , but you'd better choose other programs to test.