|
|
|
|
#1
12-03-2004, 00:56
|
|||
|
|||
|
Did you recalculate the checksum field after modifying the .exe? (just a guess)
|
|
#2
12-03-2004, 16:49
|
|||
|
|||
|
Yes,
Checksum doesn't matter here  , loader doesn't check it, after modification inside existing code it loads the file OK without correcting checksum. It depends of total size of image - I can increase last section 'a little' - up to the total size of ED000h (alignment 1000h) and above this value the crash occurs. Regards amigo
|
|
#3
12-10-2004, 19:34
|
|||
|
|||
|
Maybe MS load kernel without standart EXE loader.
It will be very strange, but who know MS ways? 
|
|
#4
12-11-2004, 08:53
|
|||
|
|||
|
don't pacth kernel32.dll, it maybe a protected system file by os loader.
use global hook or DLL inject.
|
|
#5
12-19-2004, 01:10
|
|||
|
|||
|
I've patched it, without checksum correcting, and XP works OK with my code inside. So os loader didn't check it.
UFOSPACE, you said "don't patch, but hook". But hooking during OS loading requires ring0 patching... Thanx all for suggests, but the problem remains.
|
|
#6
01-12-2005, 11:43
|
|||
|
|||
|
hi amigo
try to debug the os loader to see what it does.
|
|
#7
01-12-2005, 23:38
|
|||
|
|||
|
I think the new PE ImageSize ( [PE_Header+0x50] ) is incorrect and should be recalculated.
PE ImageSize = Sum of the VirtualSize (aligned with ObjectAlign) of all Sections
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bizarre problem resolving imports from KERNEL32 | ancev | General Discussion | 8 | 12-15-2005 23:11 |
| RE : Adding mouse functionality | LOUZEW | General Discussion | 7 | 04-26-2005 01:29 |
| KERNEL32 imports in IDA Pro | pez | General Discussion | 9 | 08-27-2004 05:10 |
| how to replace kernel32.dll in win2k/xp | tAz | General Discussion | 12 | 02-06-2004 03:46 |
Hybrid Mode
