I figured out how to modfy kernel32.dll without crashing i copied it somewhere else. under different name, modified the Export table, copied it to system under diff name wroe a wininit.ini to update the kernel, and instead of a seperate app, i made my program part of the kernel by tacking it onto the last section and pointing the exports addresses there to the code
zoiks! Well, I still don't think it's a good idea, but hats off to you :) It could be an interesting way to optimise some of the slower windows DLLs...... umbongo
Well, it's nice to know it's possible, but pls post a link to your program(s source) when it's finished too :D
yup what i did was this. iused CopyFileA copied the kernel to windows dir, opened it there in read/write then, i had my program go to section headers and modify the last section to make room for my proggie, then put my proggie in that space, then parsed kernel32.dll export table, and changed APis addies in Address Of Functons Array to point to my program, but before that i saved the orignal addy so my TSR will be like this: Someone calls API and it goes to my code NewAPI: pusha pushf push esi push edi push ebp
mov eax,Offset OrginalAPIAddy
Which OS did you do this under? Sounds cool - we can rewrite the OS one piece at a time :P
this is great man..... ough you can do real hard to trace trojans i guess.. wasn't it hard to change the table?
Ok W32_Guy. I see what you said in the previous thread BUT: your method consist in adding your code in a static way into the dll. Let suppose now that you want to go back to the original version of the code. Are you obliged to reboot the system or not ?
to go to the orignal code is easy, when changing the Kernel we save the orignal address so when we want to giuve control to the orignal routine: mov eax,offset OrignalAPIAddress jmp eax