As title, I now have been used in python lief in the PE file added a new section
Bin=lief. Parse (INPUT_PE)
Bin. Add_section (section_my) # is roughly such
How to use c/c + +. The text section extend, at the back of the section can be postponed to not affect the function of the PE file, rather than adding a new section, or use of the c/c + + can also add a new section, I as a 'new,
what should learn?2. Seh installation problems
I can now be in a. CPP program to increase an own handle function, similar to this, can be solved when the trigger abnormal return to continue to perform, how to insert in the section of exe file itself into the handle function and to the seh installation, use of exception of new best can have can be used to imitate the code, I can know how to get a smile [crying]
# define WIN32_LEAN_AND_MEAN
#include
#include
EXCEPTION_DISPOSITION
__cdecl
_except_handler (
Struct _EXCEPTION_RECORD * ExceptionRecord,
Void * EstablisherFrame,
Struct _CONTEXT * ContextRecord,
Void * DispatcherContext)
{
Printf (" oh, this is my exception handler \ n ");
ContextRecord - & gt; Eax=(DWORD) & amp; Scratch;
Return ExceptionContinueExecution;
}
Int main ()
{
DWORD handler=(DWORD) _except_handler;
The __asm
{//Build EXCEPTION_REGISTRATION record;
Push the handler//handler function address
Push the FS: [0]//before a handler address
Mov FS: [0], esp//install new EXCEPTION_REGISTRATION
}
The __asm
{
Mov eax, 0
Mov eax], 2//trigger error
}
Printf (" After writing!" );
The __asm
{
Mov eax, (esp)
Mov FS: [0], eax
Add the esp, 8
}
return 0;
}
CodePudding user response:
Insert far-gone rhythm,
C/c + + to make before, insert the tail section, and then modify the entry point for the new section. Run out their code and then jump to the original oep.
Generally no packer exe insert, but add case was not able to put some of the code, can't run
CodePudding user response: