|
|
|
|
#1
01-14-2005, 18:16
|
|||
|
|||
|
I think the key to this problem is the OS loader. Probably OS loader limits the image size...
BART's advice is a solution maybe, if your codes don't be executed during loading. 
|
|
#2
01-14-2005, 21:34
|
|||
|
|||
|
Now it works
Hi
Great thanks for all I resolved the problem. I don't believe I made silly mistake as follows: I had increased both Raw and Virtual Size, keeping Raw=Virtual. I worked only on PE header, the file size didn't changed. Then, the Raw Size in PE header was above EOF  (.This caused the error . After adding some nullz to the EOF all is OK. I added new section after last original, .reloc. There's 3000 h free space between kernel32 and ntdll images (XP SP1), so I create new section 3000h of size.This is enough for my code. . Of course, Omidgl, I can explain what I'm doing. It write some kind of universal antiviral protection. I add my code to some procs (CreateProcess, CreateService etc) My code check the name of starting process/service and its properties (size, checksum) with the list. When the starting process is not present on the list, the messagebox appears :" Do you want to start CIH.exe, image size..., created .... ?". If answer is not, it writes 0 as a first byte of path, so the system message 'can't find the file' appears  . Ye, I know, it's a little lame..... Regards amigo
|
|
#3
01-15-2005, 01:49
|
|||
|
|||
|
Quote:
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bizarre problem resolving imports from KERNEL32 | ancev | General Discussion | 8 | 12-15-2005 23:11 |
| RE : Adding mouse functionality | LOUZEW | General Discussion | 7 | 04-26-2005 01:29 |
| KERNEL32 imports in IDA Pro | pez | General Discussion | 9 | 08-27-2004 05:10 |
| how to replace kernel32.dll in win2k/xp | tAz | General Discussion | 12 | 02-06-2004 03:46 |
Hybrid Mode
