|
|
|
|
#1
12-19-2004, 01:10
|
|||
|
|||
|
I've patched it, without checksum correcting, and XP works OK with my code inside. So os loader didn't check it.
UFOSPACE, you said "don't patch, but hook". But hooking during OS loading requires ring0 patching... Thanx all for suggests, but the problem remains. 
|
|
#2
01-12-2005, 11:43
|
|||
|
|||
|
hi amigo
try to debug the os loader to see what it does.
|
|
#3
01-12-2005, 23:38
|
|||
|
|||
|
I think the new PE ImageSize ( [PE_Header+0x50] ) is incorrect and should be recalculated.
PE ImageSize = Sum of the VirtualSize (aligned with ObjectAlign) of all Sections
|
|
#4
01-13-2005, 03:25
|
|||
|
|||
|
Try to see source code of Kriv virus, some technic very good to learn how to add code to kernel32.dll
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Bizarre problem resolving imports from KERNEL32 | ancev | General Discussion | 8 | 12-15-2005 23:11 |
| RE : Adding mouse functionality | LOUZEW | General Discussion | 7 | 04-26-2005 01:29 |
| KERNEL32 imports in IDA Pro | pez | General Discussion | 9 | 08-27-2004 05:10 |
| how to replace kernel32.dll in win2k/xp | tAz | General Discussion | 12 | 02-06-2004 03:46 |
Hybrid Mode
