I am trying to insert the new code caves inside windows malware PE files by expanding the size of existing sections. I was able to dig out the existing code caves in the file but expanding the size of existing sections to insert code caves (just the empty space) is confusing me a lot as it can easily break the file. Can someone help me with the details I should be looking at to insert those empty spaces which are not initially present inside the file?
Asked
Active
Viewed 64 times
0
-
Show us the code you already have! – Anders Jun 27 '22 at 16:11
-
I have worked to insert code caves at the end of each section as in https://github.com/Zitihskx/Code-Caves/blob/master/ReInsertingCaves.py . But my concern is to add code caves in other regions of the PE section without breaking the file. – Kshitiz Aryal Aug 11 '22 at 15:19