Patch the system exe program and the exe program

Patch the system exe program and the exe program

How to patch the system program so that it can start our program when exiting.
Here, the calc.exe program of the XP system is opened.

 

To enable calc.exe to start your own program, you must use an imported function, such as shell32.dll! ShellExecuteA
Use the lordpetool dig to find that calc.exe does not have the table import function shell32.dll! ShellExecuteA

For example, there is no shell32.dll! ShellExecuteA only has ShellAboutW

 

Therefore, you must add a block and add the import table function shell32.dll to the new block! ShellExecuteA

 

For example, the. Silvana block is newly added, and the ShellExecuteA function is also added. You can use the LordPE tool to add it here.

 

Open calc.exe with ODPS, and fill in the string information in the idle location in. data (if it is filled, but it cannot be saved to exe, you can try several more locations), as shown in add at 10149e0

 

Find the exit location of calc.exe, overwrite and add the following code (directly overwrite and fill in, do not write the command to the blank location, jmp blank, jump back)

For example, write code at 010125f3.
Push 5
Push 0
Push 10149e0
Push 10149e8
Push 10149f5
Push 0
Call ShellExecuteA
Push 0
Call exit

 

All have been completed here! Don't do bad things!
CalcPro.exe is the program startup parameter apprun,

Open calc.exe and supplemented calc1.exe, CalcPro.exe

Http://pan.baidu.com/s/1kTJ4mDh