In the previous study time, can not imagine how to add functionality to EXE files when there is no source code, think it is incredible, in understanding the assembly and anti-compilation of some knowledge, the original idea can be achieved. We need to directly modify the EXE file, write our code directly to the EXE file, so that we can achieve our function.
Of course, to direct the EXE file directly to modify must have a good compilation basis, the disassembly technology has a certain foundation. Otherwise, it will be very vacant.
There are generally two ways to add the functionality we need to the EXE file.
The first is to take advantage of the page alignment mechanism, because generally, the last page of each section has free space, that is, the last page is generally not used up, because the next section is to align the page at the beginning, so that the middle of the space let us write code. We can use the tool to convert the memory virtual and the file offset address directly to get the file offset location, which is the place where we end up writing the machine code.
The second is that we ourselves add a section to the EXE file, this section is dedicated to writing our code. This is more beneficial, because we can arbitrarily specify the size of this section, and the last method is to use the gap between the nodes to write our code, if the code is more than we can be difficult to do, so the second method is more universal, but relatively the first is easier. It is important to note here that if we add the section directly, it is better to set the space allocated for the section to an integer multiple of the page size, the size of the allocated space in the file is also allocated to the same size as the virtual space, and the block alignment size of the general file is smaller than the block alignment of the page.
Also note that if we add a section to the EXE file, there may be an EXE file can not be run, this time, we usually rebuild the exe file.
I hope I can help a friend who likes to disassemble.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
