store settigns in a new pe section (help)

[shad0w]

is possible to store settigns in a new pe section, then read it? i think a saw a snippet in ic0de by cracksman doing this, what do you think?

thanks in advanced

[cracksman]

hey, lucky you. i'll see if i still have it on my computer somewhere.

[cracksman]

found it :p, I honestly haven't touched this since 2013, and can no longer guarantee it's usefulness.
there is a usage example at the bottom. if you remove {$APPTYPE CONSOLE} you must also remove all references to "writeln()" and "readln" or it will crash.

Code:

program PEAddSection_Berlin;

{$APPTYPE CONSOLE}

uses
  Windows;

{
  ReadFile, check PE-signatures,
  Find the last section.

}

{$DEFINE CrACKsMAN}

Function Align(Value: DWORD; Alignment: DWORD): Int32;
Begin
  if (Value MOD Alignment = 0) then Exit(Value);
  Result := (Value + Alignment) - (Value mod Alignment);
End;

Function BuildSection(lpFileName: LPCSTR; SectionName: LPCSTR; SectionCharacteristics: DWORD; SectionBuffer: PByte; SectionSize: DWORD): Boolean;
Var
  Handle: THandle;
  lpFile: PByte;
  IDH   : ^_IMAGE_DOS_HEADER;
  INH   : ^_IMAGE_NT_HEADERS;
  ISH   : ^_IMAGE_SECTION_HEADER;
  Last  : ^_IMAGE_SECTION_HEADER;

  First : PImageSectionHeader;

  sections: Int32;
  len     : Int32;
  Offset  : UInt32;
  Size    : UInt32;
  dwRead  : UInt32;
Begin
  Result  := False;
  Handle  := CreateFileA(lpFileName, GENERIC_READ or GENERIC_WRITE, 0, Nil, OPEN_EXISTING, 0, 0);
  IF (Handle <> INVALID_HANDLE_VALUE) Then
  Begin
    Size  := GetFileSize(handle, nil);
    lpFile:= VirtualAlloc(Nil, Size, MEM_COMMIT OR MEM_RESERVE, PAGE_READWRITE);
    IF (ReadFile(Handle, lpFile^, Size, dwRead, nil) = TRUE) Then
    Begin
      IDH := @lpFile[0];
      INH := @lpFile[IDH._lfanew];
      IF (IDH.e_magic <= IMAGE_DOS_SIGNATURE) AND (INH.Signature = IMAGE_NT_SIGNATURE) Then
      Begin
        Sections:= INH.FileHeader.NumberOfSections-1;
        //offset of new section
        Offset := IDH._lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + INH.FileHeader.SizeOfOptionalHeader + ((Sections+1) * sizeof(IMAGE_SECTION_HEADER));
        //make sure there is enough space to add a new section.
        IF (INH.OptionalHeader.SizeOfHeaders >= Offset) Then
        Begin
          Last:= @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections))];
          ISH := @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections+1))];
          //
          ZeroMemory(ISH, sizeof(IMAGE_SECTION_HEADER));
          len := length(SectionName);
          IF(Len > 8)Then
            Move(SectionName[0], ISH^.Name[0], 8)
          Else
            Move(SectionName[0], ISH^.Name[0], Len);
          //
          ISH^.Characteristics   := SectionCharacteristics;
          ISH^.PointerToRawData  := Align(Last.PointerToRawData + Last.SizeOfRawData, INH.OptionalHeader.FileAlignment);
          ISH^.SizeOfRawData     := Align(SectionSize, INH.OptionalHeader.FileAlignment);
          ISH^.VirtualAddress    := Align(Last.VirtualAddress + Last.Misc.VirtualSize, INH.OptionalHeader.SectionAlignment);
          ISH^.Misc.VirtualSize  := Align(SectionSize, INH.OptionalHeader.SectionAlignment);
          //
          Inc(INH.FileHeader.NumberOfSections, 1);
          INH.OptionalHeader.SizeOfImage := ISH.VirtualAddress + ISH.Misc.VirtualSize;

          INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress := 0;
			    INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size := 0;

          //update the NTHeader
          SetFilePointer(Handle, IDH._lfanew, Nil, FILE_BEGIN);
          IF (WriteFile(Handle, INH^, Sizeof(INH^), dwRead, Nil) = TRUE) Then
          Begin
            //Add the new Section
            SetFilePointer(Handle, Offset, Nil, FILE_BEGIN);
            IF (WriteFile(Handle, ISH^, Sizeof(ISH^), dwRead, Nil) = TRUE) Then
            Begin
              //Add the section's data
              SetFilePointer(Handle, 0, Nil, FILE_END);
              SectionSize := Align(SectionSize, INH.OptionalHeader.FileAlignment);
              IF (WriteFile(Handle, SectionBuffer[0], SectionSize, dwRead, Nil) = TRUE) Then
              Begin
                Result := TRUE;
              End Else Writeln('WRITEFILE FAILED (BUFFER).');
            End Else Writeln('WRITEFILE FAILED (ISH).');
          End Else Writeln('WRITEFILE FAILED (INH).');
          Writeln(GetLastError());

        End Else Writeln('NOT_ENOUGH_SPACE.');
      End Else Writeln('INVALID_PE_IMAGE');
    End Else Writeln('FILE_NOT_READ');
    CloseHandle(Handle);
  End Else Writeln('INVALID_HANDLE_VALUE');
End;

var
  dwCharacteristics : DWORD = IMAGE_SCN_MEM_READ or IMAGE_SCN_MEM_EXECUTE or IMAGE_SCN_CNT_CODE;
  Buffer : Array [0..511] of byte;
begin
  ZeroMemory(@Buffer, 512);
//
  BuildSection('Project8.exe', '.lol', dwCharacteristics, @Buffer[0], sizeof(Buffer));
  readln;
end.