Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add dll to import table

See original GitHub issue

  Can use AsmResolver to inject a dll function into the import table. For example, a simple 64bit dll:

code

#include "pch.h"
extern "C" __declspec(dllexport) void puts()
{
    MessageBoxA(0, "hi", "hello", 0);
    return;
}

BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD  ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        puts();
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

I want to add the export function "puts" to the IAT of notepad.

Dll1.zip

Can you give some hints or piece of code

Issue Analytics

State:
Created 2 years ago
Comments:13 (7 by maintainers)

Top GitHub Comments

1reaction

Washi1337commented, Dec 5, 2021

Like I mentioned in the previous post, make sure you add both the import lookup as well as the import address table to your PE, and that you update the data directories accordingly.

(Incomplete) example:

// Read raw PE file. 
var file = PEFile.FromFile("notepad.exe");
var image = PEImage.FromFile(file);

// Create new import
var module = new ImportedModule("Dll.dll");
module.Symbols.Add(new ImportedSymbol(0, "puts"));
image.Imports.Add(module);

// Reconstruct import dirs
var buffer = new ImportDirectoryBuffer(file.OptionalHeader.Magic == OptionalHeaderMagic.Pe32);
foreach (var m in image.Imports)
    buffer.AddModule(m);

// Build up new section
var sectionBuilder = new SegmentBuilder();
sectionBuilder.Add(buffer.ImportAddressDirectory);
sectionBuilder.Add(buffer, 4);

var section = new PESection(".asmres",
    SectionFlags.ContentInitializedData | SectionFlags.MemoryRead | SectionFlags.MemoryWrite
    | SectionFlags.MemoryExecute);
 
section.Contents = sectionBuilder;

// Add it.
file.Sections.Add(section);

// Update data dirs.
file.AlignSections();
file.OptionalHeader.DataDirectories[(int) DataDirectoryIndex.ImportDirectory]
    = new DataDirectory(buffer.Rva, buffer.GetPhysicalSize());
file.OptionalHeader.DataDirectories[(int) DataDirectoryIndex.IatDirectory]
    = new DataDirectory(buffer.ImportAddressDirectory.Rva, buffer.ImportAddressDirectory.GetPhysicalSize());

// Save
file.Write("notepad2.exe");

https://asmresolver.readthedocs.io/en/latest/peimage/pe-building.html

0reactions

laommscommented, Dec 10, 2021

I use a new dll test the code in other pe, It doesn’t work.But it doesn’t matter, you can close this issue.