I am trying to insert the new code caves inside windows malware PE files by expanding the size of existing sections. I was able to dig out the existing code caves in the file but expanding the size of existing sections to insert code caves (just the empty space) is confusing me a lot as it can easily break the file. Can someone help me with the details I should be looking at to insert those empty spaces which are not initially present inside the file?
Inserting new code caves inside sections of windows PE malware files
107 Views Asked by Kshitiz Aryal At
0
There are 0 best solutions below
Related Questions in WINDOWS
- how to play a sounds in c# forms?
- Echo behaviour of Microsoft Windows Telnet Client
- Getting error while running spark-shell on my system; pyspark is running fine
- DirectX 9 With No SDK Installed - How To Translate a D3DMATRIX?
- Gradle 8.7 cannot find installed JDK 22 in IntelliJ
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Cannot load modules/mod_dav_svn.so into server
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
- 32-bit applications do not display some files in Windows 10
- 'bun' is not recognized as an internal or external command
- mkssecreenshotmgr taking a screenshot
- Next js installation in windows 7 os
- Can't resize a partition using Mini Tool?
- Is there any way to set a printer as default according with Active Directory Policy Security Group and PC hostname?
- Electron Printing not working on Windows (Works on Mac)
Related Questions in REVERSE-ENGINEERING
- How to find a sequence of bytes on the target program from my injected dll?
- Reversing and vtable swapping in dxgi.dll
- How to know Vector3 Position in Unity Mono Game
- Extracting an archive created via Java RandomAccessFile with PHP
- How can I verbosely track the whole process of calling a function?
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- Grab SSL pinning certificate using Frida on iOS
- Kaitai Struct: error accessing elements in _parent
- How to restore damaged (mp3?) file
- CGSRegionRef: How is an arbitrary region represented as union of rects?
- can a convolutional neural network be reverse engineered?
- Decode suspected timestamps
- Extract Note Text Format (Bold/Italic/Strikethrough) from iOS OTG Backup
- Reverse engineer LCD Protocol used in MPC2000XL
- Opening a serial port using a prebuilt .so library
Related Questions in PORTABLE-EXECUTABLE
- How can I patch a function call to a Windows DLL (e.g. kernel32 LoadLibrary)? Is this even possible?
- How to protect MSI installer digital signature from tampering
- How can I extract raw bytes of DOS stub using python's pefile library?
- How can I decompile an exe protected by a PE packer?
- Spurious trampoline when calling function from DLL
- Trying to convert MASM into C equivalent, but getting different result
- Parse PE File with C in Windows
- PE Loader with Relocation
- How do file pointers point to the of data on the disk?
- Software copyright infringement
- Getting the forwarded function name
- parsing a PE file to find the export table address using CFF explorer and msdn doc
- Extract/parse resources from Portable Executable (PE) file
- A “universal” binary?
- Relocation Table and IDA
Related Questions in MALWARE
- Persistent Browser Extension Reinstalls Itself: How to Eradicate ‘YOfficeStop’ Permanently on Windows 7?
- USB is not recognized
- Remove Malware wp-cleansong
- Wordpress /wp-admin keeps reloading
- How do I decode malicious PHP code to find out what it does?
- How can I be sure that my keyboard is doing only what it supposed to do?
- Is deleting all partitions on USB is safe?
- PyInstalled my app and now Windows Defender thinks its a trojan? wth
- Can Android Studio be setup as an environment for malware analysis?
- FireEyeSUT Folder on C: Drive
- Raw Shellcode Injection (Quasar Rat)
- XOR encryption in payloads
- Tensorflow .pb file extension blocked by policy - risk of ransomware?
- What does this PowerShell script do? Is it malware? It auto-runs itself on my computer
- Java String Deobfuscation
Related Questions in CODECAVE
- Inserting new code caves inside sections of windows PE malware files
- C# - Coding a codecave (aobinjection)
- How can I inject 32-bit CodeCave into a 64-bit application?
- IDA patching, How to add new code, create new variable?
- call external dll in assembler (reverse engineer)
- Why does injecting code caves with thread injection crash my target win32 EXE?
- Calculate 64bit jmp for code cave in c#
- Addresses in OllyDbg Change on Program reload
- Managed Dll Injection without C/C++ or Assembly
- WPF code cave looping with timers
- Calling a function from a remote process using injected DLL
- How to hook Native process whose export functions are not available?
- How to serialize the data from hooked process for injector in C# and C++/CLI?
- How to hook MANAGED(.NET) Processes and collect information inside that process?
- VirtualAlloc C++ , injected dll, asm
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?