Yes, you append the data outside/after the end of the defined PE image. You can do a simple concatenation if you don't want to deal with the PE header.
For instance "echo abcd >> myprogram.exe" would work, resulting in 'abcd' appended to the end of 'myprogram.exe'. Myprogram.exe would run fine. Then you'd just need to code a way to find your appended data (e.g. traverse header to find end of defined image by finding end of last section, or store a static offset somewhere in the EXE you can later read). For instance, you could store the offset you saved the data at in the last 4 bytes of the file. Then you always know the static offset is at EOF-4.
Alternatively, if you wanted your appended data to get loaded into virtual memory when the process loads, you could actually extend the last section of the PE image and put your data there.
Watch for file alignment on last section, you'll want to expand to next file alignment (0x200 or 0x1000 usually), then add your stuff.
As the author of an executable compressor who has seen some weird PEs, let me say there is no steadfast rule that the last section defined in the section table is the last in the image (they could be out of order). That is to say, they can be out of order. However, they are in order 99% of the time unless made by some weird linker or modified with some external utility.
My packer (PECompact) has beta support for 'overlay/extra-data emulation' BTW - meaning it can actually compress this data slapped on the end along WITH the EXE, then emulate its uncompressed form in memory when you do I/O on the EXE file. Alternatively, it can leave the extra-data/overlay on the outside of the file and compress the rest, but adjust reads and writes so the physical offset won't have changed. This is necessary because SO MANY installers and SFX archives actually reference the appended data by a static offset, instead of properly computing its location at runtime by traversing the PE header.
David Hall's link does a little more than you need to do, unless you want to keep the signature. That method does allow preservation/use of digital signing, inserting your data into an expanded certificate area at the end of the file.
You have no need for dealing with the header at all if you don't want to, and don't care about preserving the code signing!
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…