Code Caving PE Files

Code Caving is a Very easy topic to work on

PE (Portable Execuatble) has different section to store data. ".text" section contains the assembly code that is going to be executade by the CPU. Find a space in the .text file which has null spaces.

  1. JMP instruction to the freespace available. from the start of the programs. also copy the Call for the main funciton

  2. Save the state of the registers by using pushad, pushfd

  3. add the shell code after that.

  4. Find the exit call and JMP to the New function call

  5. POP the registers vale at that point by popfd,popad

  6. Then Add the main PE function call so that the program runs currectly.

PreviousUsing Mona.pyNextReverse Engineering

Last updated