Jump to content

Edit Export Table in PEMaker whitout corrupting the file


WinFX

Recommended Posts

I am using PEMaker to add these two functions in the core of Windows XP SP1 DecodePointer and EncodePointer, because a lot of software requires it like New Moon from roytam1, and all versions of Firefox 13+, I want to make a little KernelEX for Windows XP SP1 that can run SP3 software.
All good up there, but when I save the export table, the import table is corrupted since those two ordinals occupy part of the import table and therefore the dependency walker sees it as a corrupt file, but when I change the addresses of the import table does not move the table and extends the capacity, it only changes the line of code in which it begins and it is also corrupted.
With PEMaker I was able to successfully add in ntdll.dll; RtlDecodePointer and RtlEncodePointer since it had no import table.
Does anyone know how I can add one or more instructions to a file with both export and import tables, without making them corrupt.

Link to comment
Share on other sites


You need to add another section and move your export table there <3
If you don't mind, pm me your ntdll & kernel32 I will do it for you .

I personally too like Windows XP sp1 over sp2.

 

 

Link to comment
Share on other sites

3 hours ago, Dibya said:

You need to add another section and move your export table there <3
If you don't mind, pm me your ntdll & kernel32 I will do it for you .

I personally too like Windows XP sp1 over sp2.

 

 

How to add another section? Can it be done with PEMaker? With section refers to .text .reloc and .rsrc for example?

Link to comment
Share on other sites

I'm using PETool 0.0.5, but i'm going to add section before .rsrc and .reloc, i'm have the error "No more room for more sections.". When i'm move .rsrc and .reloc i have the error "Invalid number."

Edited by WinFX
Link to comment
Share on other sites

Hello Dibya, when extending the table in kernel32, in dependency walker it was correct, but when replacing it I got BSOD and Windows restarts indefinitely.
Here I send you files of the operating systems that I want to add functions to the kernel32 in this case XP SP1 and 2003 RTM (both in Spanish).
When you can get the edited kernel to work with the DecodePointer and EncodePointer instructions in case of kernel32, and the dll file is in good condition when opened with dependency walker and Windows starts up the desktop, send me the files and tell me the procedure you did with the files of both systems and what software did you use.

 

https://drive.google.com/open?id=1t_8zdfHrBwztlGObGKPRs3RaMFa9ApwA

Edited by WinFX
Link File
Link to comment
Share on other sites

I already managed to create the kernel32 with DecodePointer and EncodePointer but when I got to the desktop, when starting some programs I have the error 0xc000005. I added the instructions with PEMaker

Edited by WinFX
Link to comment
Share on other sites

I think you might have corrupted some code.

Their may be some other changes like dx9 upgrade .

Anyway does already compatible software show same ?

 

Edited by Dibya
Link to comment
Share on other sites

Yes, in firefox 12 I have that error. I use the blackwingcat kernel32 addresses for Windows 2000, which does not call any instructions, instead the one from SP3 calls NTDLL and I don't know if it works.
I Fixed "No more room for sections" bug in PEMaker with Del Rich.

Link to comment
Share on other sites

19 hours ago, WinFX said:

Yes, in firefox 12 I have that error. I use the blackwingcat kernel32 addresses for Windows 2000, which does not call any instructions, instead the one from SP3 calls NTDLL and I don't know if it works.
I Fixed "No more room for sections" bug in PEMaker with Del Rich.

You didn't add any code with hex editor. That's the reason.

I am comparing dlls with sp3 , I am looking out for changes made if any fix needed.

Just wait I will do it for you .

 

Link to comment
Share on other sites

What type of code do you mean? It happens that I want to know since in the future I am going to add more ordinals and I will also do it with other systems such as NT 4.0 and 9x if possible.

Link to comment
Share on other sites

On 5/5/2020 at 10:44, Dibya said:

Necesita codificar la cueva de algunas implementaciones. Es un proceso complejo muy difícil de explicar.

Ok, explain it to me as you can

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...