Hi
Great thanks for all
I resolved the problem. I don't believe I made silly mistake as follows:
I had increased both Raw and Virtual Size, keeping Raw=Virtual.
I worked only on PE header, the file size didn't changed.
Then, the Raw Size in PE header was above EOF
(.
This caused the error .
After adding some nullz to the EOF all is OK.
I added new section after last original, .reloc. There's 3000 h free space between kernel32 and ntdll images (XP SP1), so I create new section 3000h of size.This is enough for my code.
.
Of course, Omidgl, I can explain what I'm doing.
It write some kind of universal antiviral protection.
I add my code to some procs (CreateProcess, CreateService etc)
My code check the name of starting process/service and its properties (size, checksum) with the list. When the starting process is not present on the list, the messagebox appears :" Do you want to start CIH.exe, image size..., created .... ?".
If answer is not, it writes 0 as a first byte of path, so the system message 'can't find the file' appears
.
Ye, I know, it's a little lame.....
Regards
amigo