Results 1 to 6 of 6

Thread: Made a patch in C, now how to bind it into an existing DLL ? Share/Save - My123World.Com!

  1. #1

    Post Made a patch in C, now how to bind it into an existing DLL ?

    First of - Hello and thank you for reading this,

    I have one DLL which I do not have the source code but need to add some functionalities into it.

    I made up another DLL implementing all these needed functionalities in C - using Visual Studio.

    Now I need to insert the generated code from this new DLL into the target DLL (it has to be done at the file level {not at runtime}).

    I am probably creating a new PE section on the target DLL and put there all the code/data/rdata from the dll I made up. The problem is that I need somehow to fix the IAT and the relocs relative to this new inserted code on the target DLL.

    My question is:

    What is the best way to do it?

    It would be nice if Visual Studio came up with an option to build using only (mostly) relative addressing - This would save me a lot when dealing with the relocs. I guess I could encapsulate all my vars and constants into a struct, hopefully MSVC would then only need to relocate the address of this "container" struct and use relative addressing to access its members. But don't know if this is a good idea.

    I could even go further and get rid of the IAT by making a function pointer which would dynamically load the needed function module (kind of the Delay Load Module). And again, put this function pointer inside the "container" struct I said before.

    The last option I have is to make it all by hand, manually editing the binary in hex... which I really didn`t want to do, because it would take some good time to do it for every single IAT entry and reloc entry. I have already written a PE file encryptor some time ago so I know most of the inner workings and know it can be done, just want to know your thoughts and maybe a tool already exists to help me out?

    Any suggestions is highly appreciated!

    Thanks again for your time for reading this!

  2. #2
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    Well I am not sure apart form the last method you listed there is an option achieving what you'r trying to do. Binders and related tools are there, but for best results since your looking for a functional final module , you will have to manually do it .

    If you find any other optons please do share with us.
    Hacking Is a Matter of Time Knowledge and Patience

  3. #3
    @pitb00l

    Read Code Injection on windows

    Code Injection in Windows

  4. #4
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    another simple and nice read for DLL injection DLL Injection – A Simple Message Box The Legend Of Random
    In the world of 0s and 1s, are you a zero or The One !

  5. #5
    Thanks guys, but as I said " (it has to be done at the file level {not at runtime}).". So Dll injection is not an option here, I don't want a dll hanging around.
    Bottomline is I coded a tool which takes two PE files (exes or dlls) and merges them into one single file, fixing the IAT and relocs .. then I could easily do manual patching of the functions on the target dll making it jump right into the trampolines of my hack dll.

  6. #6
    This may solve ur IAT and Reloc Issues https://github.com/fancycode/MemoryModule its kind of InMemoryLoadLibrary()

    More Explanation

    Loading a DLL from memory ~magog/public
    Last edited by Arunpreet Singh; 10-23-2012 at 02:15 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •