1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: store settigns in a new pe section (help)

Results 1 to 3 of 3

  1. #1
    Junior Member
    Join Date Feb 2016
    Posts 5
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    0 Post(s)

    store settigns in a new pe section (help)

    is possible to store settigns in a new pe section, then read it? i think a saw a snippet in ic0de by cracksman doing this, what do you think?

    thanks in advanced
  2. #2
    cracksman's Avatar
    Senior Member
    Join Date Dec 2006
    Location behind your little sister
    Posts 1,694
    Like (Stats)
    Mentioned
    25 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    45 Post(s)
    hey, lucky you. i'll see if i still have it on my computer somewhere.
    [14:13] <%lolage> Delphi this, VB that; shitty trojan here, terrible code there.
  3. #3
    cracksman's Avatar
    Senior Member
    Join Date Dec 2006
    Location behind your little sister
    Posts 1,694
    Like (Stats)
    Mentioned
    25 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    45 Post(s)
    found it :p, I honestly haven't touched this since 2013, and can no longer guarantee it's usefulness.
    there is a usage example at the bottom. if you remove {$APPTYPE CONSOLE} you must also remove all references to "writeln()" and "readln" or it will crash.
    Code:
    program PEAddSection_Berlin;
    
    {$APPTYPE CONSOLE}
    
    uses
      Windows;
    
    {
      ReadFile, check PE-signatures,
      Find the last section.
    
    }
    
    {$DEFINE CrACKsMAN}
    
    Function Align(Value: DWORD; Alignment: DWORD): Int32;
    Begin
      if (Value MOD Alignment = 0) then Exit(Value);
      Result := (Value + Alignment) - (Value mod Alignment);
    End;
    
    Function BuildSection(lpFileName: LPCSTR; SectionName: LPCSTR; SectionCharacteristics: DWORD; SectionBuffer: PByte; SectionSize: DWORD): Boolean;
    Var
      Handle: THandle;
      lpFile: PByte;
      IDH   : ^_IMAGE_DOS_HEADER;
      INH   : ^_IMAGE_NT_HEADERS;
      ISH   : ^_IMAGE_SECTION_HEADER;
      Last  : ^_IMAGE_SECTION_HEADER;
    
      First : PImageSectionHeader;
    
      sections: Int32;
      len     : Int32;
      Offset  : UInt32;
      Size    : UInt32;
      dwRead  : UInt32;
    Begin
      Result  := False;
      Handle  := CreateFileA(lpFileName, GENERIC_READ or GENERIC_WRITE, 0, Nil, OPEN_EXISTING, 0, 0);
      IF (Handle <> INVALID_HANDLE_VALUE) Then
      Begin
        Size  := GetFileSize(handle, nil);
        lpFile:= VirtualAlloc(Nil, Size, MEM_COMMIT OR MEM_RESERVE, PAGE_READWRITE);
        IF (ReadFile(Handle, lpFile^, Size, dwRead, nil) = TRUE) Then
        Begin
          IDH := @lpFile[0];
          INH := @lpFile[IDH._lfanew];
          IF (IDH.e_magic <= IMAGE_DOS_SIGNATURE) AND (INH.Signature = IMAGE_NT_SIGNATURE) Then
          Begin
            Sections:= INH.FileHeader.NumberOfSections-1;
            //offset of new section
            Offset := IDH._lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + INH.FileHeader.SizeOfOptionalHeader + ((Sections+1) * sizeof(IMAGE_SECTION_HEADER));
            //make sure there is enough space to add a new section.
            IF (INH.OptionalHeader.SizeOfHeaders >= Offset) Then
            Begin
              Last:= @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections))];
              ISH := @lpFile[IDH._lfanew + sizeof(INH^) + (SizeOf(ISH^) * (Sections+1))];
              //
              ZeroMemory(ISH, sizeof(IMAGE_SECTION_HEADER));
              len := length(SectionName);
              IF(Len > 8)Then
                Move(SectionName[0], ISH^.Name[0], 8)
              Else
                Move(SectionName[0], ISH^.Name[0], Len);
              //
              ISH^.Characteristics   := SectionCharacteristics;
              ISH^.PointerToRawData  := Align(Last.PointerToRawData + Last.SizeOfRawData, INH.OptionalHeader.FileAlignment);
              ISH^.SizeOfRawData     := Align(SectionSize, INH.OptionalHeader.FileAlignment);
              ISH^.VirtualAddress    := Align(Last.VirtualAddress + Last.Misc.VirtualSize, INH.OptionalHeader.SectionAlignment);
              ISH^.Misc.VirtualSize  := Align(SectionSize, INH.OptionalHeader.SectionAlignment);
              //
              Inc(INH.FileHeader.NumberOfSections, 1);
              INH.OptionalHeader.SizeOfImage := ISH.VirtualAddress + ISH.Misc.VirtualSize;
    
              INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress := 0;
    			    INH.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size := 0;
    
              //update the NTHeader
              SetFilePointer(Handle, IDH._lfanew, Nil, FILE_BEGIN);
              IF (WriteFile(Handle, INH^, Sizeof(INH^), dwRead, Nil) = TRUE) Then
              Begin
                //Add the new Section
                SetFilePointer(Handle, Offset, Nil, FILE_BEGIN);
                IF (WriteFile(Handle, ISH^, Sizeof(ISH^), dwRead, Nil) = TRUE) Then
                Begin
                  //Add the section's data
                  SetFilePointer(Handle, 0, Nil, FILE_END);
                  SectionSize := Align(SectionSize, INH.OptionalHeader.FileAlignment);
                  IF (WriteFile(Handle, SectionBuffer[0], SectionSize, dwRead, Nil) = TRUE) Then
                  Begin
                    Result := TRUE;
                  End Else Writeln('WRITEFILE FAILED (BUFFER).');
                End Else Writeln('WRITEFILE FAILED (ISH).');
              End Else Writeln('WRITEFILE FAILED (INH).');
              Writeln(GetLastError());
    
            End Else Writeln('NOT_ENOUGH_SPACE.');
          End Else Writeln('INVALID_PE_IMAGE');
        End Else Writeln('FILE_NOT_READ');
        CloseHandle(Handle);
      End Else Writeln('INVALID_HANDLE_VALUE');
    End;
    
    var
      dwCharacteristics : DWORD = IMAGE_SCN_MEM_READ or IMAGE_SCN_MEM_EXECUTE or IMAGE_SCN_CNT_CODE;
      Buffer : Array [0..511] of byte;
    begin
      ZeroMemory(@Buffer, 512);
    //
      BuildSection('Project8.exe', '.lol', dwCharacteristics, @Buffer[0], sizeof(Buffer));
      readln;
    end.
    Last edited by cracksman; 4 Weeks Ago at 23:15.
    [14:13] <%lolage> Delphi this, VB that; shitty trojan here, terrible code there.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 02-07-2011, 16:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts