I am trying to add a jmp instruction at the end of a text section in calc.exe for Windows XP, and I added it and changed the entry point to start from this address and changed the virtual size so that it can handle the added instruction, but the exe result does not work. so will i miss something here? here is the C # code I wrote to handle these things:
public static void inject()
{
StreamReader sr = new StreamReader("C:\\calc.EXE");
BinaryReader br = new BinaryReader(sr.BaseStream);
List<byte> bytesList = new List<byte>();
for (long i = 0; i < br.BaseStream.Length; i++)
{
bytesList.Add(br.ReadByte());
}
{
bytesList[280] = 176;
bytesList[281] = 42;
bytesList[282] = 1;
bytesList[283] = 0;
}
{
bytesList[496] = 192;
}
{
bytesList.RemoveRange(76464, 5);
byte[] injectedBytes = { 233, 255, 255, 249, 192 };
bytesList.InsertRange(76464, injectedBytes);
}
StreamWriter sw = new StreamWriter("C:\\calc2.EXE");
BinaryWriter bw = new BinaryWriter(sw.BaseStream);
bw.Write(bytesList.ToArray());
bw.Close();
}
and thanks in advance
Mousa source
share