本帖最后由 zyjsuper 于 2020-2-29 22:59 编辑
从网上找到了一段使用C++完成的文件补丁代码,觉得挺好的,其他补丁制作工具制作出来的补丁均可以扫描出病毒,但是C++原生实现的,基本无毒,并且小巧,觉得非常不错,分享给大家,希望大家有好的思路共同讨论下。
代码如下:
[C++] 纯文本查看 复制代码 #include <Windows.h>
#include <iostream>
#include <stdio.h>
using namespace std;
int main(int argc, char *argv[])
{
DWORD dwFileOffset = 0x449; //文件偏移地址
BYTE bCode = 0;
DWORD dwReadNum = 0;
if (argc!=2)
{
cout << "FilePatch V1.0\n" << endl;
cout << "Usage:FilePatch.exe filename" << endl;
return -1;
}
//打开文件
HANDLE hFile = CreateFile(argv[1], GENERIC_WRITE | GENERIC_READ, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
cout << "File not exsit or it's already opened!" << endl;
return -1;
}
SetFilePointer(hFile, dwFileOffset, 0, FILE_BEGIN);
bCode=ReadFile(hFile, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum, NULL);
//比较当前位置是否为JNZ
if (TEXT('\x75') != bCode)
{
cout << "The bCode is:" << bCode << endl;
cout << "\nPlease close file and try again." << endl;
CloseHandle(hFile);
}
//修改为JZ
else
{
bCode = TEXT('\x74');
SetFilePointer(hFile, dwFileOffset, 0, FILE_BEGIN);
WriteFile(hFile, (LPVOID)&bCode, sizeof(BYTE), &dwReadNum, NULL);
cout << "Write the hex code Successfully !" << endl;
CloseHandle(hFile);
}
//运行修改后的程序
WinExec(argv[1], SW_SHOW);
getchar();
return 0;
}
|