鱼C论坛

 找回密码
 立即注册
查看: 3757|回复: 4

[技术交流] 手工打造Win32可执行文件

[复制链接]
发表于 2015-8-8 20:41:54 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能^_^

您需要 登录 才可以下载或查看,没有账号?立即注册

x
本帖最后由 黑龍 于 2015-8-9 09:44 编辑

工具
C32 等其他反汇编工具(只要可以进行16进制编辑的工具就可以)
----------------------------------------------------------------------
大牛可以飘过。。。。(PS 这个是在网上看到的一篇文章 感觉不错 就学习了一下)
不过感觉很蛋疼 表示电脑真的太蠢了 不过这个比二进制好点。。。。。
反正我语文不好
先简单说下PE文件

DOS MZ
DOS stub
PE header
Section table
Section 1
Section 2
Section ...
Section N

PE中的00字节就是PE文件的空隙 当然不只有00  
以上就是PE文件的基本结构

PS 如果要复制最好别点击复制代码 我就点击复制代码试了一次结果 exe文件结构被破坏 所以最好自己选中复制
z.png
这里用C32做例子
新建一个16进制文件
我们知道PE文件必须要有MZ文件头这里添加上
4D5A90000300000004000000FFFF0000
1.png
不要以为写完文件头就完了。。。还有一些错误信息没有写出来 其实这个我去掉过 谁知去掉了就不能运行了 只能把这个HEX码给写上了   
B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000C00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000E32B61C1A74A0F92A74A0F92A74A0F9229551C92A04A0F925B6A1D92A64A0F92604C0992A64A0F9252696368A74A0F9200000000000000000000000000000000504500004C01040005F7C5550000000000000000E0000F010B01050C00020000000600000000000000100000001000000020000000004000001000000002000004000000040000000400000000000000005000000004000048640000020000000000100000100000000010000010000000000000100000000000000000000000102000003C0000000040000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000001000000000000000000000000000000000000000
2.png
PE文件区段(必须有 否则写的PE文件没什么功能)
00000000000000002E7465787400000026000000001000000002000000040000000000000000000000000000200000602E7264617461000092000000002000000002000000060000000000000000000000000000400000402E646174610000001B000000003000000002000000080000000000000000000000000000400000C02E72737263000000100000000040000000020000000A0000000000000000000000000000400000400000000000000000
3.png
PE中的空隙 占个位置
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
4.png
6A40680030400068023040006A00E8070000006A00E806000000FF2508204000FF2500204000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
5.png
但是此时的exe文件还是不能运行的!因为还有一些资源没有写出来
76200000000000005C200000000000005420000000000000000000006A200000082000004C20000000000000000000008420000000200000000000000000000000000000000000000000000076200000000000005C20000000000000B1014D657373616765426F7841007573657233322E646C6C00009B004578697450726F63657373006B65726E656C33322E646C6C
6.png
又是空白字节(占个位置)
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
7.png
文本信息
200048692157656C636F6D6520746F2050452070726F6772616D000000000000
8.png
最后剩下的都是空白字节 还是占个位置
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
9.png
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
10.png
将所有的代码写在一起然后保存为一个exe文件后运行
你就会发现提示一个信息
a.png
最后附加 附上一些 C格式化和 汇编格式化的代码 (我把写好的文件重新载入的)
附件.rar (1.25 KB, 下载次数: 5)
还有一个附件 一个是点击复制代码写出的文件(打不开) 一个是将每个代码选中复制后写出的文件(可以打开)   仅限于我的电脑 别的电脑不知可不可以
反正这个文件是我研究用HEX手工写文件的一个汇编简单程序
文件.rar (960 Bytes, 下载次数: 2)

@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼@小甲鱼

评分

参与人数 2荣誉 +15 鱼币 +15 贡献 +13 收起 理由
zzk176 + 5 + 5 + 3 支持楼主!
小甲鱼 + 10 + 10 + 10 热爱鱼C^_^

查看全部评分

想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复

使用道具 举报

发表于 2015-8-11 23:14:14 | 显示全部楼层
帅啊,一定要分享~
想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复 支持 反对

使用道具 举报

发表于 2015-8-18 09:08:00 | 显示全部楼层
绝对支持。不错。{:1_1:}
想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复 支持 反对

使用道具 举报

发表于 2015-10-15 00:39:01 | 显示全部楼层

绝对支持
想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复 支持 反对

使用道具 举报

发表于 2015-12-15 22:47:42 | 显示全部楼层
感谢楼主
想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|手机版|Archiver|鱼C工作室 ( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)

GMT+8, 2024-12-23 11:16

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表