|
|
30鱼币
关于在PE文件增加新节,但是增加后无法加
RtlCopyMemory(insertSections->Name, adata, 7);
insertSections->Characteristics = IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ;
insertSections->PointerToRawData = (insertSections - 1)->PointerToRawData + (insertSections - 1)->SizeOfRawData;
insertSections->SizeOfRawData = Align(codefilesize, lpnt->OptionalHeader.FileAlignment);
insertSections->VirtualAddress = (insertSections - 1)->VirtualAddress + Align((insertSections - 1)->Misc.VirtualSize, lpnt->OptionalHeader.SectionAlignment);
insertSections->Misc.VirtualSize = codefilesize;
lpnt->FileHeader.NumberOfSections ++;
lpnt->OptionalHeader.SizeOfCode += Align(codefilesize,lpnt->OptionalHeader.SectionAlignment);
lpnt->OptionalHeader.SizeOfImage += Align(codefilesize,lpnt->OptionalHeader.SectionAlignment);
lpnt->OptionalHeader.AddressOfEntryPoint = insertSections->VirtualAddress+0x4A;
SetFilePointer(hfile, insertSections->PointerToRawData, NULL, FILE_BEGIN);
DWORD NumbWrite;
WriteFile(hfile, lpcodefile, codefilesize, &NumbWrite, NULL);
SetFilePointer(hfile, insertSections->PointerToRawData + insertSections->SizeOfRawData, NULL, FILE_BEGIN);
SetEndOfFile(hfile);
lpnt->OptionalHeader.ImageBase = insertSections->VirtualAddress;
return 0;
//insertSections指向被增加的新节,lpnt指向NT头,文件执行代码在一个文件中被写入在一个打开的PE文件中,确确时时写入呢,那个入口地址的偏移是直接代码入口函数偏移,
//下面是计算对齐后的值
DWORD Align(DWORD dwSzie, DWORD dwAlign)//计算对齐参数1 对齐的数据大小,2 对齐粒度
{
if (dwSzie%dwAlign)
{
return ((dwSzie / dwAlign) + 1) * dwAlign;
}
else
{
return (dwSzie / dwAlign) * dwAlign;
}
return 0;
}
|
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2014-9-8 10:03:37
置顶卡
千斤顶
显身卡