PE 将notepad存入内存后 文件大小变小问题
#define _CRT_SECURE_NO_WARNINGS#include<stdio.h>
#include<stdlib.h>
#include<Windows.h>
#include<string.h>
//代码在虚拟机可以用 这台win7读出文件大小和真实大小不一样OK
//是不是32位的原因呢?
int file(PVOID* fp1)
{
FILE* fp = NULL;
fp = fopen("C:\\Windows\\System32\\notepad.exe", "rb");
if (!fp)
{
printf("fopen error");
return 0;
}
fseek(fp, 0, SEEK_END);
int fsize = ftell(fp);
printf("filesize is %d\n",fsize);
rewind(fp);
*fp1 = fp;
fp = NULL;
//fclose(fp);buxing
return fsize;
}
int filebuffer(int size, FILE* fp, PVOID* pTempFileBuffer)
{
if (!fp)
{
printf("open error");
return 0;
}
PVOID temp = malloc(size);
if (!temp)
{
printf("malloc error");
return 0;
}
fread(temp, 1, size, fp);
PIMAGE_DOS_HEADER pdos = (PIMAGE_DOS_HEADER)temp;
printf("magic is %x\nlfanew is %x \n", pdos->e_magic, pdos->e_lfanew);
*pTempFileBuffer = temp;
temp = NULL;
return 0;
}
int movFilBuffer2ImageBuffer(PVOID* pTempImageBuffer, PVOID pTempFileBuffer)
{
PIMAGE_DOS_HEADER pdos = (PIMAGE_DOS_HEADER)pTempFileBuffer;
PIMAGE_NT_HEADERS32 pnt = (PIMAGE_NT_HEADERS32)((DWORD)pdos + pdos->e_lfanew);
if (pnt->Signature != IMAGE_NT_SIGNATURE)
{
printf("signature error");
return 0;
}
PIMAGE_FILE_HEADER pfile = (PIMAGE_FILE_HEADER)((DWORD)pnt + 4);
PIMAGE_OPTIONAL_HEADER32 pop = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pfile + 0x14);
PIMAGE_SECTION_HEADER psec = (PIMAGE_SECTION_HEADER)((DWORD)pop + pfile->SizeOfOptionalHeader);
printf("op magic is %x\n", pop->Magic);
printf("name is %s\n", psec->Name);
PVOID temp = malloc(pop->SizeOfImage);
if (!temp)
{
printf("malloc error");
return 0;
}
memset(temp, 0, pop->SizeOfImage);
memcpy(temp, pTempFileBuffer, pop->SizeOfHeaders);
for (int i = 0;i < pfile->NumberOfSections;i++, psec++)
{
memcpy((PVOID)((DWORD)temp + psec->VirtualAddress), (PVOID)((DWORD)pTempFileBuffer + psec->PointerToRawData), psec->SizeOfRawData);
}
*pTempImageBuffer = temp;
temp = NULL;
return pop->SizeOfImage;
return 0;
}
int movImageBuffer2NewfileBuffer(int size,PVOID* pNewFileBuffer, PVOID pTempImageBuffer)
{
PVOID temp = malloc(size);
if (!temp)
{
printf("malloc error");
return 0;
}
PIMAGE_DOS_HEADER pdos = (PIMAGE_DOS_HEADER)pTempImageBuffer;
PIMAGE_NT_HEADERS32 pnt = (PIMAGE_NT_HEADERS32)((DWORD)pdos + pdos->e_lfanew);
if (pnt->Signature != IMAGE_NT_SIGNATURE)
{
printf("signature error");
return 0;
}
PIMAGE_FILE_HEADER pfile = (PIMAGE_FILE_HEADER)((DWORD)pnt + 4);
PIMAGE_OPTIONAL_HEADER32 pop = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pfile + 0x14);
PIMAGE_SECTION_HEADER psec = (PIMAGE_SECTION_HEADER)((DWORD)pop + pfile->SizeOfOptionalHeader);
memset(temp, 0, size);
memcpy(temp, pTempImageBuffer, pop->SizeOfHeaders);
int newsize = (int)pop->SizeOfHeaders;
for (int i = 0;i < pfile->NumberOfSections;i++,psec++)
{
memcpy((PVOID)((DWORD)temp + (DWORD)psec->PointerToRawData), (PVOID)((DWORD)pTempImageBuffer + (DWORD)psec->VirtualAddress), psec->SizeOfRawData);
newsize += psec->SizeOfRawData;
}
*pNewFileBuffer = temp;
temp = NULL;
return newsize;
}
int writefile(int newsize,PVOID pNewFileBuffer)
{
FILE* fp2 = fopen("D:\\test\\1.exe", "wb");
if (!fp2)
{
printf("wopen error");
return 0;
}
fwrite(pNewFileBuffer, 1, newsize, fp2);
fclose(fp2);
return 1;
}
void fun()
{
FILE* fp = NULL;
PVOID pTempFileBuffer = NULL;
PVOID pTempImageBuffer = NULL;
PVOID pNewFileBuffer = NULL;
int filesize = file((PVOID*)(&fp));
printf("file size is %x\n", filesize);
int filebuffersize = filebuffer(filesize, fp, &pTempFileBuffer);
int imagesize = movFilBuffer2ImageBuffer(&pTempImageBuffer, pTempFileBuffer);
printf("imagesize is %x\n",imagesize);
int Newsize = movImageBuffer2NewfileBuffer(filesize, &pNewFileBuffer, pTempImageBuffer);
printf("newsize is %x\n", Newsize);
int res = writefile(Newsize, pNewFileBuffer);
printf("res is %d", res);
}
int main()
{
fun();
getchar();
}
页:
[1]