[C++/Help] Injecting Hello World into a program

[0xNOP]

This is my code so far!!!

 

I'm using a PE Library called "PE Bliss" its quite an extensive and nice and rich in features Library as far as I've seen, but given my novice skills with this, I've been running into a problem lately, I want to inject code to a file this are the steps I have gathered used to do that manually:

 

- Get & Store OEP
- Add Section
- Replace old OEP to new Section OEP
- Write MessageBoxA Structrue to new Section & Jump to old entry point
- Rebuild PE
- Save PE

However in my code as shown below when I try to write such data, I can't, it writes the first few bytes into the section, and I still don't know why it's happening?

#include <iostream>
#include <fstream>
#include <pe_bliss.h>
#ifdef PE_BLISS_WINDOWS
#include "lib.h"
#include "main.h"
#endif
#include <basetsd.h>

#define PAUSE system("pause");

using namespace pe_bliss;

int main(int argc, char* argv[])
{
	std::ifstream pe_file("1.exe", std::ios::in | std::ios::binary);

	if (!pe_file)
	{
		//Problems problems problems...
		std::cout << "PE File Could Not Be Opened!" << std::endl;

		PAUSE
		return -1;
	}

	try
	{
		//////////////////READ OEP//////////////////////////////
		std::cout << "[+] Reading OEP ..." << std::endl;

		pe_base image(pe_factory::create_pe(pe_file)); // Create stub image based on PE File
		int oep = image.get_ep(); // Get Image Entry Point for later redirection (TODO: NOT DONE YET!)

		////////////////////ADD NEW SECTION//////////////////////
		std::cout << "[+] Adding New Section ..." << std::endl;

		char data[24] = {
			0x6A, 0x10, 0x68, 0x18, 0x70, 0x62, 0x00, 0x68, 0x26, 0x70, 0x62, 0x00, 0x6A, 0x00, 0xE8, 0xD3,
			0x8D, 0xA9, 0x76, 0xE9, 0x14, 0xA4, 0xFA, 0xFF
		};
		section new_section; // New section declaration

		new_section.set_name(".hw"); // New Section Name (.hw aka Hello World :D)
		new_section.readable(true).executable(true).writeable(true); // Making New Section R/E/W
		new_section.set_size_of_raw_data(100); // Size of Section
		new_section.set_raw_data(data); //  Data to be Written

		std::cout << "[+] Injecting Data to PE ..." << std::endl;

		image.add_section(new_section); // Adding Image

		std::cout << "[+] New Section Added to the Image!" << std::endl;

		///////////////////////GENERATING NEW PE///////////////////////////////////

		//Create new PE file
		//Get the name of original file without directory
		std::string base_file_name("1");
		std::string file_extension(".exe");
		std::string dir_name;
		std::string::size_type slash_pos;
		if ((slash_pos = base_file_name.find_last_of("/\\")) != std::string::npos)
		{
			dir_name = base_file_name.substr(0, slash_pos + 1); //Source File Directory
			base_file_name = base_file_name.substr(slash_pos + 1); //Source File Name
		}

		//Give a name to a new file
		//Concatenate it with original directory name to save it to a folder where
		//original file is stored
		base_file_name = dir_name + base_file_name + "+" + file_extension;
		//Create file
		std::ofstream new_pe_file(base_file_name.c_str(), std::ios::out | std::ios::binary | std::ios::trunc);
		if (!new_pe_file)
		{
			//If failed to create file - display an error message
			std::cout << "Cannot create " << base_file_name << std::endl;
			return -1;
		}

		//Rebuild PE image
		//Strip DOS header, writing NT headers over it
		//(second parameter (true) is responsible for this)
		//Do not recalculate SizeOfHeaders - third parameter is responsible for this
		rebuild_pe(image, new_pe_file, true, false);

		//Alert the user that file is successfully injected
		std::cout << "[+] New File Saved to: " << base_file_name << std::endl;

		PAUSE
		return 1;
		
	}
	catch (const std::exception& e)
	{
		//Woops? Something wrong?
		std::cout  << e.what() << std::endl;

		PAUSE
		return 0;
	}

	//FINISHED YAY!
	PAUSE
	return 0;
}

Soo, this is how it looks after it's been finished and served:

 

Any ideas, suggestions, recommendations? They will be highly appreciated!

 

*EDIT*

I think I know why it's happening! I found out that, whenever the data gets to 0x00 it terminates writing to the section!

You see:

		char data[24] = {
			0x6A, 0x10, 0x68, 0x18, 0x70, 0x62, 0x00, 0x68, 0x26, 0x70, 0x62, 0x00, 0x6A, 0x00, 0xE8, 0xD3,
			0x8D, 0xA9, 0x76, 0xE9, 0x14, 0xA4, 0xFA, 0xFF
		};

The first 6 bytes are good until it gets to the 7th byte which is 0x00, I think that's a null terminator? as data gets written needs to be null terminated, so if it sees a null termination it ceases to write?

I have managed to bypass the null termination by changing 0x00 to 0x90 :S it somehow works, but now I need to see why when the data gets written it appends some garbage at the end of that data...

*EDIT 2*

Oh wow! I'm amazed how some times things can be simple!

I just followed the same principles and now by adding that last null terminator it doesn't adds that garbage!

It's all done thanks for any further help!

Edited January 23, 2016 by 0xNOP

[mrexodia]

Some of the worst behaviors in a library you can have  probable documented but shit anyway (should have used a size buffer or std containers)...