Hi friends
i have compiled Exe-File and i want to open dialog
load it and add call function from my DLL.
(so when you run compiled Exe-File will call function from
my DLL FILE)
please how to do that i searched all internet but found
nothing

| Сообщение посчитали полезным:

i searched all internet but found
nothing

| Сообщение посчитали полезным:

abatu at first search for "IID-King" (or you can use "Lord PE") and add to import table record about your function (with help of "IID-king" or "Lord PE"). And in code of your EXE-file add call to this function. I will try to show you it in a simple code:

Method 1

401000 push 0 ; some variable 1 that you will use in your DLL-function
401002 push 1 ; some variable 2 that you will use in your DLL-function
401006 push 403052 ; some variable 3 that you will use in your DLL-function
40100A call SomeFunction ; call to your function

Method 2

Method 2 will based on strings adding to a code and not need in editing import table (with "IID-king", "Lord PE", etc.):

let at address 405333 will be a string with name of your dll "SomeDLL.dll" and at address 406999 will be a string "SomeFunctionFromMyDLL". So to call your function from DLL you must write code like this:

push 405333 ; string reference to "SomeDLL.dll"
call LoadLibraryA

push eax ; handle to your DLL it will recieved after call to LoadLibraryA
push 406999 ; string reference to "SomeFunctionFromMyDLL"
call GetProcAddressA ; after call to this function you will recieve to register EAX address to function in your dll

push 0
push 1
push 403052
call eax ; call to function from your DLL =)

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

Just add your dll to import with any PE editor and when needed call refence to your function in iat.
Like call ADDRESS_OF_IMPORTED_FUNCTION_IN_IAT

| Сообщение посчитали полезным:

If you need to inject your code before implementation of some API function read about API Splicing (так чтолько сплайсинг по англицку пишется :s6

-----
Researcher

| Сообщение посчитали полезным:

HandMill пишет:
Method 1
and
Method 2

I really sorry, but (again!) I want to say one more time : for a newborn it's very difficult and non an effective way.
Reasons:
1) so many hands' work each time if necessary to change Exe-file and DLL.
2) what do you do with overwriting code in the Exe-file?
3) where do you planing to execute this code?
4) do you remember about stack and registers?
5) what do you do for change function from DLL?
6) Just imagine debug of this construction..

All this for a newborn?

Good enough?

ps/ of course, it's your choice....

| Сообщение посчитали полезным:

DMD, you asked stuppid questions, because:
1) If you wanna be rich - WORK, WORK and WORK (because there is no tools to do this automatically - it is unreal .... no ... it's real, but it is not useful). With hand-working practic you will better understand code.
2) Use OllyDBG to write a code manually. At first do some changes, then "Copy to Executeble->Save all changes" and you will recieve normally edited EXE file (or an DLL)
3) You interesting? - LOL !
4) Yes, of course! Be carefully
5) He is not asked about changing function from DLL. =)
6) ??? Is he need debugging?

Yes, this is for newborn ))

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

Thank u very much friends!!!!
but i don't know how to use OllyDBG or Lord PE ,etc
please look at this example and tell me how can i useit in dlphi.
Please...
www.uploading.com/files/Z653GVRY/sectionAdd.zip.html

| Сообщение посчитали полезным:

Sorry I forgot to say there is no virus but Antivirus software may detect it as virus, so don’t worry .

| Сообщение посчитали полезным:

So I'am not understand what you want. You want add section (by your program) to exe (you want an exe, compiled in Delphi) and insert into new section some code (that will use your dll) with call to some dll? Or manually add to this exe file calling procedure to some dll?

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

Yes Friend :
exactly i want to add section to exe and insert into new section some code to call function in my dll.

| Сообщение посчитали полезным:

HandMill
это не для abatu, это для тебя

HandMill пишет:
you asked stuppid questions, because:
1) If you wanna be rich - WORK, WORK and WORK (because there is no tools to do this automatically - it is unreal .... no ... it's real, but it is not useful). With hand-working practic you will better understand code.
2) Use OllyDBG to write a code manually. At first do some changes, then "Copy to Executeble->Save all changes" and you will recieve normally edited EXE file (or an DLL)
3) You interesting? - LOL !
4) Yes, of course! Be carefully
5) He is not asked about changing function from DLL. =)
6) ??? Is he need debugging?

Yes, this is for newborn ))
да?! никогда не думал, что богатство как-то связано с практикой "руками" в RE..

Теперь к делу.
Отлично, для чудака, который:
abatu пишет:
but i don't know how to use OllyDBG or Lord PE, etc
ты предложил самое простое решение. Особо учитывая :
HandMill пишет:
So I'am not understand what you want.
ps/ между нами : следует писать несколько иначе:
"I don't understant what do you want". и "Do You interesting? " но это не важно.

HandMill пишет:
5) He is not asked about changing function from DLL. =)
конечно, парень - гений, и все пишет с первого раза на века. Поэтому я и спросил как быть когда он будет дорабатывать свою DLL и поплывет все_что_можно?

Так вот, для знакомых с предметом, вопрос не представляет ни сложности и не имеет смысла его задавать - и так все ясно.
Для a man а-ля наш новый знакомый - любые советы не имеют смысла, поскольку он все равно не сможет ими воспользоваться и реализовать их.

Сама проблема инжекта и выполнения некого кода стара как мир и всеми решалась применительно "к месту".
Дабы закончить ненужные приперательства, можно вынести ее как отдельный топик и там обсудить и методики (хотя их отсуждали не раз где только можно) и код.
И с точки зрения простоты и ручного труда и прочих аспектов.

Хотя.. по здравому размышлению..
парню примитивного лоадера через создание процесса + тривиальные gbdapi с одним ВР и выполнением кода - выше_дальше_некуда...
Ну вообщем, вариантов в достатке,,,

Кстати, вопрос о ОС-независимости либо отсутствии таковой тоже не оговорен.

Вот и выясняется - вопросов куда как больше чем вразумительных ответов.

| Сообщение посчитали полезным:

abatu пишет:
exactly i want to add section to exe and insert into new section some code to call function in my dll.

Hi abatu,

Is your main task - to execute code in remote process?
Maybe you should try API hooking?
BTW this way will not be signaled by most AV software.

Kind Regards.

DMD
HandMill

Хватить препираться уже, как маленькие Кто что умеет, то и советует.

-----
Security through obscurity is just an illusion

| Сообщение посчитали полезным:

This code(in attach) will only add new section to PE file [sources inside]. To compile it use RadASM IDE http://www.radasm.com/ (also you need IDE pack and RadASM programming pack) and MASM32 http://www.wasm.ru/tools/7/masm32.zip . I am not like a TASM. I am working now for add call to a DLL function.

DMD kill yourself.

pushick стараемся не припираться - вот и даём кодес. Кстати, я когда-то давно писал библиотеку для инжекта кода (я всунул туда её сорсы). Если что - добавим команд

abatu read docs about PE format debug-debug-debug and you will better understand this example.

5e8d_08.08.2007_CRACKLAB.rU.tgz - SecADD.rar

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

abatu , read www.tuts4you.com/download.php?list.27

-----
Researcher

| Сообщение посчитали полезным:

Really a big thanks for all of you but I could do nothing.
I think I have to read more and more about programming…
Any way thank you again

| Сообщение посчитали полезным:

abatu

I looked source in your attach. Do you decide to write a new virus?
Ok, it's your business.
I think, the best way for you is rewrite/translate this source into any language which you know - delfi, C, ams, etc. After it you can optimize/change code as you want.

What can I say about this source?...
Not bad.
Method of searching kernel base via SEH is well-known. But I usually use my own code.
Method of creating new section is very sample and reliable. But I usally use "hand-made" method.

Conclusion: read docs about PE-format and try to coding. No necessary to use inject for transformation Exe-file. try to write your own code yourself!

Good luck!

ps/
Virus:Trojan Horse clean sectionAdd.zip[sectionAdd.exe] - Very fine!

pps/
if you have some questions - just ask.

| Сообщение посчитали полезным:

DMD Kill yourself, because:

abatu writes:
Sorry I forgot to say there is no virus but Antivirus software may detect it as virus, so don’t worry .

DMD writes:
read docs about PE-format and try to coding. No necessary to use inject for transformation Exe-file. try to write your own code yourself!

of course

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

HandMill

расслабься - не тебе писано

| Сообщение посчитали полезным:

DMD пишет:
But I usually use my own code.
for writing self not bad viruses?

-----
invoke OpenFire

| Сообщение посчитали полезным:

Ice-T

FYI, searching of kernel base in meaning of "not bad viruses" is nonsense by declaration. This technique can be used for many things, as well as any other technique.

abatu, I suggest you stop using third-party code (even translated) and start from the programming theory (including PE file format) and please concretize your questions in future.

-----
Security through obscurity is just an illusion

| Сообщение посчитали полезным:

pushick
and why to help and more so to praise a virus-writer?

-----
invoke OpenFire

| Сообщение посчитали полезным:

Ice-T, why not?

-----
Researcher

| Сообщение посчитали полезным:

overwriter because all virus-writers are stupid teaports =\

-----
invoke OpenFire

| Сообщение посчитали полезным:

pushick - Bravo!

Ice-T пишет:
because all virus-writers are stupid teaports

"Judge not, that ye be not judged. " Matthew, 7:1

The presumable purpose of the author - a writing of a virus - is my assumption only.
Nobody knows the true purpose of abatu.
Especially, nobody did not give for another advice except advice to read and study.
We don't say about HandMill's code. as for me it isn't a help.

| Сообщение посчитали полезным:

[offtop]
DMD can i see you last posts contens only help.. i'm dont try to judge anybody.. but help must come to that, who deserves it. i was say IMHO and consider a theme on your own closed. next only offtop, and i dont wanna see a lord anger therefore i'm stop it. relax kids..

-----
invoke OpenFire

| Сообщение посчитали полезным:

Hi friends
Actually I want to make CD/DVD copy protection program and already made DLL file with many functions to detect Drive, checksum ….etc.
But I have two problems:
1-How to add section to exe and insert into new section some code to call function in my DLL.
2- Read CD sector (Delphi).
And one more thing do you know anything about “Data position Measurement “?
Sure you do! I mean how to set or read?

| Сообщение посчитали полезным:

Ok, now I'll show you how add some code.

997a_09.08.2007_CRACKLAB.rU.tgz - SecImport.rar

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

Hi friend
When I open project with radASM i get next error:
*** Error opening code templates file
*** \masm.ct
*** Please setup the .ct file for your assembler
*** or disable Code Templates addin with Addin Manager
I installed lcc-win32 but the same error shows again...
What I have to do?

| Сообщение посчитали полезным:

abatu пишет:
Actually I want to make CD/DVD copy protection program and already made DLL file with many functions to detect Drive, checksum ….etc.
But I have two problems:

oops...
too global target and two problems only?!
funny.. very funny..

abatu, I think you don't understand situation as a whole as well.
If main idea of soft isn't big secret - tell about it.
you can use private message for it or write in this topic.
very interesting because you can't surpass well-known soft, it's 101% guarantee {I assess you by your questions}.
although... will see

by the way, time to time you spoke about some Exe-file.. What does it ("Exe-file") mean?

| Сообщение посчитали полезным: