This essay is for knowledge purposes only!!
Software developers spend much time in making their programs. They live from the money we give them!
Please buy good software!!
|I. What is it?|
|The title of this essay stands for itself: inserting code into a program. It consists of: finding a suitable place, inserting the code, calling the inserting code, returning to the orginal program.|
|II. What is it used for?|
|Most of the time it's used to add functionality to a program or to crack a packed program without unpacking it. You may wonder: "Why doing difficult code insertion when you can unpack the program and then crack it?". Well, because most packed .exe files become quite big and it would take too much time (on slow connections) to upload/download the whole program, in comparison to a < 5 KB crack.|
|III. How does it work?|
Imagine we have this packed program called packed.exe. You have found
out that at offset 415000 there's a registered-or-not-jump that has to be
NOP-ed out. As the program is packed, it 's impossible to do that in a hex
editor as you will just NOP out important, compressed data. Anyway, first
of all we have to find empty space in the .exe file which we can use to
add our own code. Just scroll around in a hex-editor and search for "00"
or "90" as hex values. Please be warned that you don't use empty space
that is used to write unpacked code to. You may have to give it a few
tries before you 've found a suitable place to add your code. Okay, now
before we let the program jump to our own inserted routine, the program
gotta be fully unpacked. Therefore we have to find the end of the
unpacking routine. (if you can't find this, or you don't know what i'm
talking about, read Volatility's essay on manually unpacking!). When
you've found the end of the unpacking routine, you have to insert a jump
to your inserted code. At the end of your inserted code: jump back. You
can also put a call at the end of the unpacking routine and put a 'ret' at
the end of your inserted code. Hmmmm, I can imagine that if you're a
beginner cracker this all can sound pretty confusing.
|IV. In the end|
Voilą, this was the easy part. More difficult is finding the protection of the program! Because (don't forget) you can't use a disassembler. That way you'll have to do everything with SoftICE. The best example I can give is my tutorial on ACDSee 3.0. Go and read it!
Essay written by The Blackbird © 1999-2000
This essay can be freely distributed/ published/ printed etc... as long as no modifications are made.