2024年2月25日发(作者:)

if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) return FALSE; pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader+pDosHeader->e_lfanew); if(pNtHeader->Signature != IMAGE_NT_SIGNATURE ) return FALSE; return TRUE;}PIMAGE_NT_HEADERS GetNtHeader(LPVOID ImageBase) //获取NT结构指针{ PIMAGE_DOS_HEADER pDosHeader = NULL; PIMAGE_NT_HEADERS pNtHeader = NULL; if(!IsPeFile(ImageBase)) return NULL; pDosHeader = (PIMAGE_DOS_HEADER)ImageBase; pNtHeader = (PIMAGE_NT_HEADERS32)((DWORD)pDosHeader+pDosHeader->e_lfanew); return pNtHeader;}PIMAGE_FILE_HEADER WINAPI GetFileHeader(LPVOID Imagebase){ PIMAGE_FILE_HEADER pFileHeader; PIMAGE_NT_HEADERS pNtHeader = NULL; pNtHeader = GetNtHeader(Imagebase); if(!pNtHeader) return NULL; pFileHeader = & pNtHeader->FileHeader;

return pFileHeader;}PIMAGE_OPTIONAL_HEADER GetOptionalHeader(LPVOID ImageBase){ PIMAGE_OPTIONAL_HEADER pOptionHeader = NULL; PIMAGE_NT_HEADERS pNtHeader = NULL; pNtHeader = GetNtHeader(ImageBase); if(!pNtHeader) return NULL; pOptionHeader = & pNtHeader->OptionalHeader; return pOptionHeader;}BOOL RvaToOffset(LPVOID lpMoudle,DWORD Rva){ //定义变量存储转换后的偏移值和节表数 DWORD FileOffset; WORD nSectionNum; //取NT结构头 IMAGE_NT_HEADERS *pNTHead; pNTHead=GetNtHeader(lpMoudle); nSectionNum=pNTHead->OfSections;

DWORD datavirtualbase=p->VirtualAddress+p->lSize; DWORD datafileoffect=p->PointerToRawData+p->lSize; SetFilePointer(file,datafileoffect,NULL,FILE_BEGIN); WriteFile(file,funcname,16,0,0); WriteFile(file,DLLname,16,0,0); WriteFile(file,Caption,16,0,0); WriteFile(file,Content,16,0,0); WriteFile(file,&LoadLibraryAAddr,4,0,0); WriteFile(file,&GetProcAddress,4,0,0); DWORD codevirtualbase=p->VirtualAddress+p->lSize+datalength; DWORD cedefileoffset=p->PointerToRawData+p->lSize+datalength; p->lSize+=(codeslength+datalength); SetFilePointer(file,cedefileoffset,NULL,FILE_BEGIN); DWORD oldentry=nthead->sOfEntryPoint; DWORD JMPOffset=oldentry-(codevirtualbase+codeslength-5)-5; memcpy(codes+codeslength-4,&JMPOffset,sizeof(DWORD)); nthead->sOfEntryPoint=codevirtualbase; DWORD writesize=0; SetFilePointer(file,cedefileoffset,NULL,FILE_BEGIN); if(!WriteFile(file,codes,codeslength,&writesize,0) ) { TCHAR *buffer; ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,GetLastError(),0,( LPTSTR )&buffer,0,NULL ); MessageBox(0,buffer,L"ok",0); } cout<<"success"<

}

p++; }}

void main(){

HANDLE hFile = CreateFile(L"", // open pe file

GENERIC_READ|GENERIC_WRITE, // open for reading

NULL, // share for reading

NULL, // no security

OPEN_EXISTING, // existing file only

FILE_ATTRIBUTE_NORMAL, // normal file

NULL); // no attr. template

HANDLE hFileMap = CreateFileMapping(hFile,NULL,PAGE_READWRITE,0,0,NULL); if(!hFileMap ) { TCHAR *buffer ; ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,NULL,GetLastError(),0,( LPTSTR )&buffer,0,NULL ); MessageBox(0,buffer,L"ok",0); } LPVOID lpMemory = MapViewOfFile(hFileMap,FILE_MAP_READ|FILE_MAP_WRITE ,NULL,NULL,NULL);

if(IsPeFile(lpMemory)) { //AnalyzeNTHEADER(lpMemory); cout<<"yes"<NumberOfRvaAndSizes<

HandleSessionTable(hFile,lpMemory);

} else cout<<"no"<