I am making an Encryptor and currently trying to change the characteristic of the .text section in the PE section of the file.  Right now my code basically opens up the file with read/write access.  It then maps the file to memory and finds where the PE header starts and from there I write the new characteristic to the .text section.  I then display Entry Point and characteristic of the .text section with message boxes.  Problem is I am getting ERROR_MOD_NOT_FOUND when writing to the file.  I downloaded dependency walker and it says
Warning: At least one module has an unresolved import due to a missing export function in a delay-load dependent module.

And MPR.DLL is highlighted.  Any ideas on how to fix?
.386
.model flat, stdcall

option casemap:none

includelib <kernel32.lib>
includelib <user32.lib>
includelib <debug.lib>

include <debug.inc>
include <windows.inc>
include <kernel32.inc>
include <user32.inc>

.data
Read_Write BYTE 0E0h,00h,00h,40h
.data?
Buffer BYTE 20 dup(?)
OriginalEntryPoint DWORD ?
TextCharacteristics DWORD ?
PEHeader DWORD ?
.code

GetStartOfPEHeader proc src:DWORD

mov eax,src
xor edi,edi
.while word ptr ds: != 4550h
inc edi
.endw
mov PEHeader,edi
add edi,eax
ret

GetStartOfPEHeader endp

ReadPE proc FilePath:DWORD
LOCAL hFile:DWORD
LOCAL hMap:DWORD
LOCAL hMapView:DWORD
invoke CreateFile,FilePath,GENERIC_READ+GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
mov hFile,eax
invoke CreateFileMapping,hFile,0,PAGE_READONLY,0,0,0
mov hMap,eax
invoke MapViewOfFile,hMap,FILE_MAP_READ,0,0,0
mov hMapView,eax
invoke GetStartOfPEHeader,eax
invoke UnmapViewOfFile,hMapView
invoke CloseHandle,hMap
invoke SetFilePointer,hFile,PEHeader,0,FILE_BEGIN
invoke WriteFile,hFile,addr Read_Write,8,0,0
mov ebx,dword ptr ds:
mov OriginalEntryPoint,ebx
mov ebx,dword ptr ds:
mov TextCharacteristics,ebx
invoke CloseHandle,hFile
ret

ReadPE endp

start:
invoke ReadPE,CTEXT("C:\Documents and Settings\Antihaxer\My Documents\masm\Hacks\General\PE\test.dll")
invoke wsprintf,addr Buffer,CTEXT("%08x"),OriginalEntryPoint
invoke MessageBox,0,addr Buffer,CTEXT("Original Entry Point"),MB_OK
invoke wsprintf,addr Buffer,CTEXT("%08x"),TextCharacteristics
invoke MessageBox,0,addr Buffer,CTEXT("Text Characteristics"),MB_OK
Invoke ExitProcess,NULL

end start
Posted on 2009-03-15 20:28:36 by antihaxer