is possible to store settigns in a new pe section, then read it? i think a saw a snippet in ic0de by cracksman doing this, what do you think?
thanks in advanced
Results 1 to 3 of 3
is possible to store settigns in a new pe section, then read it? i think a saw a snippet in ic0de by cracksman doing this, what do you think?
thanks in advanced
hey, lucky you. i'll see if i still have it on my computer somewhere.
found it :p, I honestly haven't touched this since 2013, and can no longer guarantee it's usefulness.
there is a usage example at the bottom. if you remove {$APPTYPE CONSOLE} you must also remove all references to "writeln()" and "readln" or it will crash.
Code:program PEAddSection_Berlin; {$APPTYPE CONSOLE} uses Windows; { ReadFile, check PE-signatures, Find the last section. } {$DEFINE CrACKsMAN} Function Align(Value: DWORD; Alignment: DWORD): Int32; Begin if (Value MOD Alignment = 0) then Exit(Value); Result := (Value + Alignment) - (Value mod Alignment); End; Function BuildSection(lpFileName: LPCSTR; SectionName: LPCSTR; SectionCharacteristics: DWORD; SectionBuffer: PByte; SectionSize: DWORD): Boolean; Var Handle: THandle; lpFile: PByte; IDH : ^_IMAGE_DOS_HEADER; INH : ^_IMAGE_NT_HEADERS; ISH : ^_IMAGE_SECTION_HEADER; Last : ^_IMAGE_SECTION_HEADER; First : PImageSectionHeader; sections: Int32; len : Int32; Offset : UInt32; Size : UInt32; dwRead : UInt32; Begin Result := False; Handle := CreateFileA(lpFileName, GENERIC_READ or GENERIC_WRITE, 0, Nil, OPEN_EXISTING, 0, 0); IF (Handle <> INVALID_HANDLE_VALUE) Then Begin Size := GetFileSize(handle, nil); lpFile:= VirtualAlloc(Nil, Size, MEM_COMMIT OR MEM_RESERVE, PAGE_READWRITE); IF (ReadFile(Handle, lpFile^, Size, dwRead, nil) = TRUE) Then Begin IDH := @lpFile[0]; INH := @lpFile[IDH._lfanew]; IF (IDH.e_magic <= IMAGE_DOS_SIGNATURE) AND (INH.Signature = IMAGE_NT_SIGNATURE) Then Begin Sections:= INH.FileHeader.NumberOfSections-1; //offset of new section Offset := IDH._lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + INH.FileHeader.SizeOfOptionalHeader + ((Sections+1) * sizeof(IMAGE_SECTION_HEADER)); //make sure there is enough space to add a new section. IF (INH.OptionalHeader.SizeOfHeaders >= Offset) Then Begin Last:= @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections))]; ISH := @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections+1))]; // ZeroMemory(ISH, sizeof(IMAGE_SECTION_HEADER)); len := length(SectionName); IF(Len > 8)Then Move(SectionName[0], ISH^.Name[0], 8) Else Move(SectionName[0], ISH^.Name[0], Len); // ISH^.Characteristics := SectionCharacteristics; ISH^.PointerToRawData := Align(Last.PointerToRawData + Last.SizeOfRawData, INH.OptionalHeader.FileAlignment); ISH^.SizeOfRawData := Align(SectionSize, INH.OptionalHeader.FileAlignment); ISH^.VirtualAddress := Align(Last.VirtualAddress + Last.Misc.VirtualSize, INH.OptionalHeader.SectionAlignment); ISH^.Misc.VirtualSize := Align(SectionSize, INH.OptionalHeader.SectionAlignment); // Inc(INH.FileHeader.NumberOfSections, 1); INH.OptionalHeader.SizeOfImage := ISH.VirtualAddress + ISH.Misc.VirtualSize; INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress := 0; INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size := 0; //update the NTHeader SetFilePointer(Handle, IDH._lfanew, Nil, FILE_BEGIN); IF (WriteFile(Handle, INH^, Sizeof(INH^), dwRead, Nil) = TRUE) Then Begin //Add the new Section SetFilePointer(Handle, Offset, Nil, FILE_BEGIN); IF (WriteFile(Handle, ISH^, Sizeof(ISH^), dwRead, Nil) = TRUE) Then Begin //Add the section's data SetFilePointer(Handle, 0, Nil, FILE_END); SectionSize := Align(SectionSize, INH.OptionalHeader.FileAlignment); IF (WriteFile(Handle, SectionBuffer[0], SectionSize, dwRead, Nil) = TRUE) Then Begin Result := TRUE; End Else Writeln('WRITEFILE FAILED (BUFFER).'); End Else Writeln('WRITEFILE FAILED (ISH).'); End Else Writeln('WRITEFILE FAILED (INH).'); Writeln(GetLastError()); End Else Writeln('NOT_ENOUGH_SPACE.'); End Else Writeln('INVALID_PE_IMAGE'); End Else Writeln('FILE_NOT_READ'); CloseHandle(Handle); End Else Writeln('INVALID_HANDLE_VALUE'); End; var dwCharacteristics : DWORD = IMAGE_SCN_MEM_READ or IMAGE_SCN_MEM_EXECUTE or IMAGE_SCN_CNT_CODE; Buffer : Array [0..511] of byte; begin ZeroMemory(@Buffer, 512); // BuildSection('Project8.exe', '.lol', dwCharacteristics, @Buffer[0], sizeof(Buffer)); readln; end.
Last edited by cracksman; 4 Weeks Ago at 23:15.
There are currently 1 users browsing this thread. (0 members and 1 guests)
