#1
|
||||
|
||||
help me to remember..
Hi all,
I remember of a tool useful to find the right space where to insert a patch stub into a binary file. I mean enough 00s space to insert what I need for a patch.. could you help me to remember?
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
#2
|
|||
|
|||
Maybe this one?
__________________
http://youtu.be/H0QfVDebLFg |
The Following 4 Users Gave Reputation+1 to The Old Pirate For This Useful Post: | ||
alekine322 (12-22-2013), niculaita (12-21-2013), quygia128 (12-23-2013), Shub-Nigurrath (12-21-2013) |
#3
|
||||
|
||||
|
The Following 5 Users Gave Reputation+1 to Dreamer For This Useful Post: | ||
alekine322 (12-22-2013), niculaita (12-21-2013), Shub-Nigurrath (12-21-2013), uel888 (12-22-2013), wilson bibe (12-21-2013) |
#4
|
||||
|
||||
Topo, right. But also codecaver is nice I didn't know it.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com |
The Following User Gave Reputation+1 to Shub-Nigurrath For This Useful Post: | ||
Dreamer (12-21-2013) |
#5
|
||||
|
||||
You can add a section with LordPe.
|
#6
|
|||
|
|||
I guess giv´s suggestion is the proper way at all.. Add a section or look for gap between sections (and modify the section properties for read/write/execute if needed). Pasting something into 0 byte arrays that appear somewhere in the file aint a proper way at all.
|
#7
|
|||
|
|||
@Shub-Nigurrath
It is very simply You can search for enough null bytes for a cave Example Stubsize = 1000 Section end to start and count the Nullbytes backwarts ( why end to start? the most nullbytes is on end of section) If nullbytes not 1000 add a section for your Stub with 1000 bytes I hope you understand it if not Pm me. Quote:
Greets, |
#8
|
||||
|
||||
@Shub-Nigurrath: try load file into PEiD -> click(>) Section viewer then right-click chose "Cave finder"
BR, quygia128 |
#9
|
||||
|
||||
Notmex is right; it is sometimes really a problem when you insert code where are zero-bytes... you cannot say for sure if this area is not used just because there are zeroe's...
|
#10
|
There are a lot of tools able to insert "free zero'ed space" inside PE, anyway my personal reference document where you could gather, and sometimes remember and also learn, useful infos is h__p://www.ntcore.com/files/inject2exe.htm (in according to Giv, obviously). Greetings fly out to NtOsKrnl, the author of the magnificient CFF Explorer.
__________________
<<< The L10n won't give up >>> |
#11
|
As previously said the best way is to add a new section, so i have just found 2 nice tools from my archive when i was "younger", the 1st has been released by CiM team and works on win32 targets only, the 2nd one comes with source code. Have fun
ps) @Moderator, could you join my 2 latest messages, please? Thanks in advance
__________________
<<< The L10n won't give up >>> |
The Following 2 Users Gave Reputation+1 to arlequim For This Useful Post: | ||
alekine322 (12-26-2013), niculaita (12-25-2013) |
#12
|
||||
|
||||
sectionAdd.zip is virused ?
|
#13
|
|||
|
|||
lols, sorry for the groan.. probably something went wrong...
Merry Christmas all! |
#14
|
No virus at all, simply some functions look like some virus behavior.
My Eset says "sectionAdd.exe - Win32/RedBlood.21 trojan" -> False Alarm, due to heuristic algo, nothing more.
__________________
<<< The L10n won't give up >>> |
#15
|
|||
|
|||
@Shub-Nigurrath:
+1 / MaRKuS-DJM : you can't be sure that zero-bytes area is a good choice for adding code. ________________________________________________________________________________ @niculaita: sectionAdd.zip is sane. In case of, you have the source asm file inside. Regards for both. |
The Following User Gave Reputation+1 to LaDidi For This Useful Post: | ||
Shub-Nigurrath (12-31-2013) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
I can't remember which program!? | markbng | General Discussion | 2 | 03-04-2004 07:43 |