* Select the executable file and the necessary tools.
* To study the structure of the executable file.
* Write implemented by the executable code in machine language.
The structure of the executable file.
1. Portable Executable (PE) – executable file format, object code and dynamic libraries used in 32-bit and 64-bit versions of Microsoft Windows operating system. PE format is a data structure that contains all the information necessary PE-loader to display the file in memory. The executable code includes references to bind dynamic link libraries, export and import of the table API functions, data management and data thread local storage (TLS). The family of operating systems Windows NT format is used for PE EXE, DLL, SYS (device driver) and other types of executable files.
******* thirty Figure 7 is a point entry can be found in the PE file header.
2. PE files contain position-independent code. Instead they are compiled for the preferred base address, and all of the addresses generated by the compiler / linker, fixed in advance. If PE-file can not be loaded at its preferred address (because he was busy with something else), the operating system will be to relocate it. For the process of this fact is unknown, because in such a situation it operates in the space of virtual addresses (VA), wherein the location coincides with ImageBase. By default, ImageBase value for executable files – 0x00400000. There is also a relative virtual address (RVA), which simplifies the process of transferring the executable code in the address space. Address section of the RVA is calculated by counting ImageBase executable file, or, in rare cases, by “magic” constants.
3. PE file consists of several titles and sections which indicate the dynamic linker how to map the file into memory. The executable image is composed of several different areas (sections), each of which requires a different memory access rights; thus, the beginning of each section must be aligned on a page boundary. For example, typically section .text, which contains program code, executed and displayed as a read-only, and .data section that contains global variables, shown as non-executable and is available for reading and writing.
The work has been studied the structure of the format of a Windows executable file – PE. skills were received with the tools for debugging and editing of executable files.
Usage and download from source:
git clone https://github.com/MaximillianMS/Inject-shellcode && cd Inject-shellcode