pe文件增加空节 求原代码最好是c/c++的如果好的话在加分到200 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 主要code,没有考虑在原有段之间添加,只在文件结尾填0。hmm,最近在看一个壳的源文件,顺手写的一段,错误难免,望楼主可以 去渣求精struct SECTION(char szName[7];DWORD dwVirtualSize;DWORD dwVirtualAddress;DWORD dwSizeOfRawData;DWORD LpPointerToRawData;DWORD LpPointerToRelocations;DWORD LpPointerToLineNumbers;WORD NumbersOfRelocations;WORD NumbersOfLineNumbers;DWORD dwCharacteristics;)if(InitFile("test.exe",LphFile)){ if(IsPE(LphFile)) { AddSection(LphFile,"test",0,0,0,0x60000020); }}BOOL InitFile(LPCTSTR LpszFile,HANDLE LphFile){LphFile = CreateFile( LpszFile, // create MYFILE.TXT GENERIC_WRITE, // open for writing 0, // do not share NULL, // no security CREATE_ALWAYS, // overwrite existing FILE_ATTRIBUTE_NORMAL | // normal file FILE_FLAG_OVERLAPPED, // asynchronous I/O NULL ); // no attr. template if (LphFile == INVALID_HANDLE_VALUE) { return FALSE;} return TURE;}BOOL IsPE(HANDLE hFile){ WORD temp; DWORD dwEntryPoint; DWORD dwRead; DWORD dwOffset; SetFilePointer(hFile, 0, NULL, FILE_BEGIN); ReadFile(hFile, &temp, 2, &dwRead, NULL); if (temp != 'ZM') return FALSE; SetFilePointer(hFile, 0x3C, NULL, FILE_BEGIN); ReadFile(hFile, &dwOffset, 4, &dwRead, NULL); SetFilePointer(hFile, dwOffset, NULL, FILE_BEGIN); ReadFile(hFile, &temp, 2, &dwRead, NULL); if (temp != 'EP') return FALSE; SetFilePointer(hFile, dwOffset+0x16, NULL, FILE_BEGIN); ReadFile(hFile, &temp, 2, &dwRead, NULL); SetFilePointer(hFile, dwOffset+0x28, NULL, FILE_BEGIN); ReadFile(hFile, &dwEntryPoint, 4, &dwRead, NULL); if (dwEntryPoint == 0) return FALSE; if ((temp & 0x2000) != 0) bDLL = TRUE; else bDLL = FALSE; SetFilePointer(hFile, 0, NULL, FILE_BEGIN); return TRUE;}AddSectionn(HANDLE LphFile,LPCTSTR LpszFileName,DWORD dwVirtualSize,DWORD dwVirtualAddress,DWORD dwRawSize,DWORD dwCharacteristics){/*初始化data*/DWORD dwNum;DWORD dwOffset;DWROD dwSecNum;SECTION DataWrite;SECTION TEMP;char* ZeroData = calloc(dwRawSize);ZeroMemory(&DataWrite,0x28);DataWrite.dwVirtualSize = dwVirtualSize;DataWrite.dwVirtualAddress = dwVirtualAddress;DataWrite.dwSizeOfRawData = dwRawSize;DataWrite.dwCharacteristics = dwCharacteristics;/*写入*/SetFilePointer(LphFile, 0x3C, NULL, FILE_BEGIN); ReadFile(LphFile, &dwOffset, 4, &dwNum, NULL);SetFilePointer(LphFile, dwOffset + 0x6, NULL, FILE_BEGIN);ReadFile(LphFile, &dwSecNum, 2, &dwNum,NULL); if(0 < ++dwSecNum) { WriteFile(LphFile, &dwSecNum,2, &dwNum,NULL); } if(dwOffset +=(0xf8 + (dwSecNum - 2)*0x28) ) { SetFilePointer(LphFile, dwOffset, NULL, FILE_BEGIN); ReadFile(LphFile, &TEMP,0x28,&dwNum,NULL); DataWrite.LpPointerToRawData = TEMP.LpPointerToRawData + TEMP.DwSizeToRawData; }if(dwOffset += 0x28){ SetFilePonter(LphFile, dwOffset,NULL, FILE_BEGIN); WriteFile(LphFile,&dwDataWrite, 0x28,&dwNum,NULL); if(DataWrite.LpPointerToRawData) { SetFilePonter(LphFile, DataWrite.LpPointerToRawData,NULL, FILE_BEGIN); WriteFile(LphFile,ZeroData, dwRawSize,&dwNum,NULL); }}} 要熟悉PE文件的格式先判断PE头是否有足够的空间插入一个节目录,如果可以,根据文件头的信息生成节目录并添加节,包括节的偏移大小什么的,然后修正PE头相关的项目建议LZ先熟悉PE文件的格式,不然的话,拿到代码也没有意义,看起来会很痛苦,那样浪费时间,我一般用汇编实现 VC++修改PE文件http://download.csdn.net/source/728345一份PE文件修改的VC源码http://www.onegreen.net/code/HTML/11373.htmlPE文件添加节显示启动信息(ASM)http://dev.csdn.net/article/15/15234.shtm int *nLen 指针如何赋值?? 急!急!急!!!我遍历关闭所有的窗口,为什么却提示关闭系统??? 在对话框内动态画图(波型的问题) 如何判断本地网卡是否被禁用 怎样在richedit中插入bitmap 关于dynamic_cast 关闭我的文档时,怎么才能不提示保存? 哪个窗口收到消息? 初用VC,小小毛毛问题 请问在什么情况下应该进行网络序的转换? 在VC++里面的TabControl怎么操作 windows系统信息的获取
hmm,最近在看一个壳的源文件,顺手写的一段,错误难免,望楼主可以 去渣求精
struct SECTION
(
char szName[7];
DWORD dwVirtualSize;
DWORD dwVirtualAddress;
DWORD dwSizeOfRawData;
DWORD LpPointerToRawData;
DWORD LpPointerToRelocations;
DWORD LpPointerToLineNumbers;
WORD NumbersOfRelocations;
WORD NumbersOfLineNumbers;
DWORD dwCharacteristics;
)if(InitFile("test.exe",LphFile))
{
if(IsPE(LphFile))
{
AddSection(LphFile,"test",0,0,0,0x60000020);
}
}
BOOL InitFile(LPCTSTR LpszFile,HANDLE LphFile)
{
LphFile = CreateFile(
LpszFile, // create MYFILE.TXT
GENERIC_WRITE, // open for writing
0, // do not share
NULL, // no security
CREATE_ALWAYS, // overwrite existing
FILE_ATTRIBUTE_NORMAL | // normal file
FILE_FLAG_OVERLAPPED, // asynchronous I/O
NULL
); // no attr. template if (LphFile == INVALID_HANDLE_VALUE)
{
return FALSE;
}
return TURE;
}BOOL IsPE(HANDLE hFile)
{
WORD temp;
DWORD dwEntryPoint;
DWORD dwRead;
DWORD dwOffset; SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
if (temp != 'ZM')
return FALSE;
SetFilePointer(hFile, 0x3C, NULL, FILE_BEGIN);
ReadFile(hFile, &dwOffset, 4, &dwRead, NULL);
SetFilePointer(hFile, dwOffset, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
if (temp != 'EP')
return FALSE;
SetFilePointer(hFile, dwOffset+0x16, NULL, FILE_BEGIN);
ReadFile(hFile, &temp, 2, &dwRead, NULL);
SetFilePointer(hFile, dwOffset+0x28, NULL, FILE_BEGIN);
ReadFile(hFile, &dwEntryPoint, 4, &dwRead, NULL);
if (dwEntryPoint == 0)
return FALSE;
if ((temp & 0x2000) != 0)
bDLL = TRUE;
else
bDLL = FALSE;
SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
return TRUE;
}AddSectionn(HANDLE LphFile,LPCTSTR LpszFileName,DWORD dwVirtualSize,DWORD dwVirtualAddress,DWORD dwRawSize,DWORD dwCharacteristics)
{/*初始化data*/
DWORD dwNum;
DWORD dwOffset;
DWROD dwSecNum;
SECTION DataWrite;
SECTION TEMP;
char* ZeroData = calloc(dwRawSize);
ZeroMemory(&DataWrite,0x28);
DataWrite.dwVirtualSize = dwVirtualSize;
DataWrite.dwVirtualAddress = dwVirtualAddress;
DataWrite.dwSizeOfRawData = dwRawSize;
DataWrite.dwCharacteristics = dwCharacteristics;/*写入*/
SetFilePointer(LphFile, 0x3C, NULL, FILE_BEGIN);
ReadFile(LphFile, &dwOffset, 4, &dwNum, NULL);
SetFilePointer(LphFile, dwOffset + 0x6, NULL, FILE_BEGIN);
ReadFile(LphFile, &dwSecNum, 2, &dwNum,NULL);
if(0 < ++dwSecNum)
{
WriteFile(LphFile, &dwSecNum,2, &dwNum,NULL);
}
if(dwOffset +=(0xf8 + (dwSecNum - 2)*0x28) )
{
SetFilePointer(LphFile, dwOffset, NULL, FILE_BEGIN);
ReadFile(LphFile, &TEMP,0x28,&dwNum,NULL);
DataWrite.LpPointerToRawData = TEMP.LpPointerToRawData + TEMP.DwSizeToRawData;
}
if(dwOffset += 0x28)
{
SetFilePonter(LphFile, dwOffset,NULL, FILE_BEGIN);
WriteFile(LphFile,&dwDataWrite, 0x28,&dwNum,NULL);
if(DataWrite.LpPointerToRawData)
{
SetFilePonter(LphFile, DataWrite.LpPointerToRawData,NULL, FILE_BEGIN);
WriteFile(LphFile,ZeroData, dwRawSize,&dwNum,NULL);
}
}}
先判断PE头是否有足够的空间插入一个节目录,如果可以,根据文件头的信息生成节目录并添加节,包括节的偏移大小什么的,然后修正PE头相关的项目
建议LZ先熟悉PE文件的格式,不然的话,拿到代码也没有意义,看起来会很痛苦,那样浪费时间,我一般用汇编实现
http://download.csdn.net/source/728345
一份PE文件修改的VC源码
http://www.onegreen.net/code/HTML/11373.html
PE文件添加节显示启动信息(ASM)
http://dev.csdn.net/article/15/15234.shtm