2

i am trying to add a single NOP instruction at the very beginning of the .text section in a simple hello world executable that i have written, i know that it is not just that straight forward, so i am using a dissasembling library in order to patch all addresses accordinly(for example if i insert 1 byte opcode into the binary, all addresses after that instruction will be pushed 1 byte forward, so i patch all calls to that address to use the new one).

i am also updating the AddressOfEntryPoint field in the OptionalHeader of the PE header so that the entrypoint is correct, but i am still not getting this to work.

So my question is basicly, what is required of me to "fix" in the executable after adding 1 single nop instruction at the very beginning(and i checked that i do not break any instructions by inserting it). are there more field in the PE header that has to be fixed ? or what am i missing here ? :S

Improve this question
6
  • 1
    Why would you want to do this? Just curious... Commented Jan 11, 2016 at 14:23
  • 3
    A far easier approach is the ancient virus approach: Don't try to insert something at the beginning... Overwrite something at the entry point and jump to something that you've appended. Reimplement whatever you've overwritten at the end of your code and then jump back to where things should have been. Sort of a "detour" Commented Jan 11, 2016 at 14:30
  • i am trying to make en engine for adding functionality to existing binaries using assembly, i am not looking to do this any other way either :P and i do know i can't just put in random instructions that woud modify stack/registers ofc.. Commented Jan 11, 2016 at 14:31
  • yeah i could detour, but i am looking to add mid code instructions in several places, not just to run my code in a detour :) i know this won't be simple but i have enough time on my hands :P Commented Jan 11, 2016 at 14:32
  • 1
    I honestly believe that you are adding unreasonable conditions and overcomplicating the problem. Sorry. :) Commented Jan 11, 2016 at 14:35

1 Answer 1

Reset to default
2

You very probably have to relocate your binary executable (which might not be possible in the general case, e.g. for stripped binaries). Dive into Levine's Linkers and loaders book.

If you can recompile that executable, consider adding some plugin abilities to it (and use dynamic linking).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Yeah, i am relocating all addresses and data used in the executable by x amount of bytes that i have pushed the given resource forward in the executable, keep in mind that this is a static executable and not a running process.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.