Jump to content
Tuts 4 You

change entry point

ragdog

By ragdog
in Programming and Coding

Recommended Posts

ragdog

ragdog

Posted
Posted

hi

I search an example for change entry point in masm32

can your help me please?

greets,

ragdog

Killboy

Killboy

Posted
Posted

you kidding ? this is getting ridiculous <_<

seriously, do some research on your own for once...

you cant always come up with a question and request source code you can copy one by one.

there are tons of documents about the PE format, there are all sorts of MASM defines for the needed structs.

that should get you started:

http://win32assembly.online.fr/tut13.html

http://win32assembly.online.fr/pe-tut2.html

http://win32assembly.online.fr/pe-tut3.html

http://win32assembly.online.fr/pe-tut4.html

xsp!d3r

xsp!d3r

Posted
Posted (edited)

whoops Killboy is angry :P

Edited by Xspider
ragdog

ragdog

Posted
  • Author
Posted (edited)

It was a normal question :rolleyes:

My problem is not read the entrypoint,this problem is only save the new entrypoint in a Target exe

Edited by ragdog
xsp!d3r

xsp!d3r

Posted
Posted

but to read or save new entrypoint you should know the PE format and there are a lot of tutorials about that ;)

Killboy

Killboy

Posted
Posted
My problem is not read the entrypoint,this problem is only save the new entrypoint in a Target exe

It's not like I just ranted at you, I also posted a few useful links for you.

If you would have taken a look at the very first link, there is even ready-made masm code for mapping and saving a file.

If that's not what you wanted, you should rephrase your question in a more detailed way, I can't guess your thoughts can I :rolleyes:

I don't like being unfriendly to beginners or anything, but you have to do something yourself and not just rip stuff from other people's sources.

Copying source doesn't bring you anywhere, as long as you don't learn from it.

One day you want to have sources for a dll injector and a week later you don't know how to change an entrypoint.

xsp!d3r

xsp!d3r

Posted
Posted
:lol: that's confusing!
ragdog

ragdog

Posted
  • Author
Posted (edited)

the links what you posted use i allready.

and the dll injector was not my code i have this found in web

my problem is only change the entrypoint with MapViewOfFile not with hook in memory

I am new to the theme injection and PE therefore ,I have to inform me with these theme and also sought masm example in order to learn

and i hope you have the understanding then I have a lot to ask if I am interested for a theme

greets,

Edited by ragdog
Killboy

Killboy

Posted
Posted

so what are you trying to do ? edit a file's entrypoint on disk or in a running process ?

the second one doesn't really make sense but what do I know :D

ragdog

ragdog

Posted
  • Author
Posted (edited)

i edit a file's entrypoint on disk with CreateFileMapping

Edited by ragdog
human

human

Posted
Posted (edited)

what? you can mod entry point with any program like winhex hiew etc if you know basics of pe header. with use of cff explorer,yoda or pe tools you can mod EP without knowing pe format.

for example with inline patch.

but so far as we can see you need to mod EP for code injection. odd and stupid way.

and no you dont need to ask to learn, use google like we all do.

we are not teachers.

we can help but will not lead you by hand.

you will never understand things fully if you dont solve them alone.

and to update EP there is no need to map or ****ing read whole exe. just 1st 4kb and write them again after update. even you can do that with 2 byte buffer in 2 or 3 moves.

Edited by human
Mouradpr

Mouradpr

Posted
Posted (edited) 
.data
	 StrFileName db "C:\My Documents\Pe File.exe",0.code
	 invoke plOpenFile,PL_NO_OPEN_DIALOG,addr strFileName
	 invoke plChangeEP, 00001000h

some bug Fixed By Me see the exemple

PeLibrary_0.3c.rar

exemple_radasm.rar

Edited by Mouradpr
ragdog

ragdog

Posted
  • Author
Posted

@human

I learn for 5 days PE and injection

I was just about the new entry point to save with CreateFileMapping <_<

@Mouradpr

Thanks this is a good library

greets,

ragdog

My Problem is solved

Teddy Rogers

Teddy Rogers

Posted
Posted

RagDog, do not be offended by what people have said, I am sure they did not mean any offence. I think if you clarified your question at the beginning the topic would have turned out better.

Please don't let it put you off asking questions again... :thumbs:

Ted.

human

human

Posted
Posted (edited)

i learned code injection in 1h, for pe format you dont need to know all, you got msdn,luvsmeyer pe format.txt and tons of other.

all is on google.

i think this suits you and many others!

Edited by Teddy Rogers
Thats not going to help... :)
Guest
This topic is now closed to further replies.
Go to topic listing
×
×
  • Create New...