About

In this multipart tutorial, I will be presenting several ways in which you can add functionality to closed source Windows executables through DLLs, PE header modification, and good old assembly code. You should have basic knowledge of assembly and a decent knowledge of C programming, particularly creating DLL files (if you need a refresher on DLLs, i've included a short DLL tutorial as well). It is suggested that you read the tutorials sequentially, as each tutorial builds off of the information covered in the previous tutorials.

What Will Be Covered, What Is Needed

I will be covering how to add code to existing code caves, modifying PE headers to create code caves and/or import DLL functions, adding backdoors to programs, and adding plugin support to closed-source programs. Most notably you will need OllyDbg, a C compiler (I use Dev-C++) and LordPE. Some tutorials require other tools, but each tutorial provides links to all required/helpful resources.

The Tutorials

[~] Part 1 - Detour notepad's execution flow and add a call to the MessageBeep API.
[~] Part 2 - Modify notepad's PE headers and add a backdoor via reverse shellcode.
[~] Part 3 - Write a custom DLL and modify notepad's PE headers to load it.
[~] Part 4 - Add plugin functionality to notepad, allowing the easy addition of multiple DLL files.

Contact

Feel free to contact me with any comments/questions/suggestions at craig [at] craigheffner.com.

Copyright ©2006 craigheffner.com