I am trying to insert the new code caves inside windows malware PE files by expanding the size of existing sections. I was able to dig out the existing code caves in the file but expanding the size of existing sections to insert code caves (just the empty space) is confusing me a lot as it can easily break the file. Can someone help me with the details I should be looking at to insert those empty spaces which are not initially present inside the file?
Inserting new code caves inside sections of windows PE malware files
105 Views Asked by Kshitiz Aryal At
0
There are 0 best solutions below
Related Questions in WINDOWS
- Get Maximum Log Size
- Debugging Windows Services while starting
- Possible consequences of duplicate ProgId for different classes
- How to chain BCryptEncrypt and BCryptDecrypt calls using AES in GCM mode?
- mingw-64 conflicting declarations when cross-compiling
- I run an EXE program from a Windows Service but I can't see form C#?
- Why is PowerShell "not recognized" when installing Chocolatey?
- How to check if Windows device is phone or tablet/pc?
- How to add directories to Cygwin gcc default search path
- Can't install anything with pip2 on Windows 7 due to UnicodeDecodeError
- Active directory and linux nslcd binding without extending the AD schema
- How To Prevent Over Scrolling in Scroll Viewer Windows Phone 8.1
- Unicode error from pip install
- Where is the 'EnablePinning' property in the ribbon framework's recent items?
- How can I implement the same models and data across ASP.NET and Windows Apps
Related Questions in REVERSE-ENGINEERING
- How to break code on a click event?
- How to increment versionCode using APKTool?
- Alloy traces and projection issues
- Understanding assembly of a simple C program
- Bomb lab phase 5
- I am not able to generate hibernate.reveng.xml
- Database reverse engineering tool with columnDefinition support
- Unable to see all the classes in an android application using AndBug tool
- Reverse engineer database in spring data rest
- Entity Framework 6.1 - debug t4 script execution with customized code first reverse engineering
- Differences between call, push+ret and push+jump in assembly
- Bomb lab assembly explanation
- Android bytecode: value of some variables not defined
- Reverse engineering proprietary magnetic card formats
- How many arguments are passed in a function call?
Related Questions in PORTABLE-EXECUTABLE
- Determine physical file address of directory RVA in PE file
- What is the relationship between sections and data directories in a PE file?
- I am confusing some assembly code about enable PE within boot/setup.s file in Linux 0.11
- Is it true that PE files map directly into memory?
- What Does Windows Do Before Main() is Called?
- Call "main" function programmatically in Windows
- Memory Address files
- Determining if the running executable has IMAGE_FILE_LARGE_ADDRESS_AWARE?
- Identification of PE section characteristic
- Is kernel32.dll always loaded below 0x80000000 (x64) ?
- How can I find the public key of any PE file?
- PE format, what is the use for IAT Directory
- How to insert/remove some garbage instructions into ELF/PE file without changing its functionality?
- How does the linker determine at which line a symbol is called?
- How can I use pe.entry_point to write YARA rules?
Related Questions in MALWARE
- Malware injection in site, how to remedy?
- How can I remove delta-homes.com from browsers?
- What does this code?
- How to analyze Malware when it infected all my exe files
- wordpress malware files inspection
- How would I write a malware detection software?
- What is the difference between different anti-virus and anti-malware apps?
- Javascript malware. How to study a ciphered function?
- Designing a Bash Script to Remove Malware
- Find iframe injection and remove from site
- UIWebView - Advertising banners on loading remote URL on Amazon
- Can't install lxml on OS X 10.8.5
- How do I figure out how a given malware works?
- text section of MFC in memory changes everytime
- Where to find and fix malware infected files in Joomla 2.5
Related Questions in CODECAVE
- Addresses in OllyDbg Change on Program reload
- Injecting thread with codecave
- IDA patching, How to add new code, create new variable?
- Does an Export table contain all entries of Win32 Exe functions?
- How can I inject 32-bit CodeCave into a 64-bit application?
- Calling a function from a remote process using injected DLL
- C# Theoretical: Write a JMP to a codecave in asm
- What is a code cave, and is there any legitimate use for one?
- VirtualAlloc C++ , injected dll, asm
- How to hook MANAGED(.NET) Processes and collect information inside that process?
- Why does injecting code caves with thread injection crash my target win32 EXE?
- Inserting new code caves inside sections of windows PE malware files
- Managed Dll Injection without C/C++ or Assembly
- How to hook Native process whose export functions are not available?
- C# - Coding a codecave (aobinjection)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?