BYTE
Shellcode[] =
{
0x6A,00,0x6A,00,0x6A,00,0x6A,00,
0xE8,00,00,00,00,
0xE9,00,00,00,00
};
int
PeHeader::AddShellcode(
int
Number)
{
int
fsize = 0;
for
(Number - 1; Number < pPEHeader->NumberOfSections; Number++)
{
fsize = (pSectionHeader + Number)->SizeOfRawData - (pSectionHeader + Number)->Misc.VirtualSize;
if
(fsize > Shellcode_length)
break
;
if
(Number == pPEHeader->NumberOfSections - 1)
return
0;
}
int
codebegin = (pSectionHeader + Number)->VirtualAddress + (pSectionHeader + Number)->Misc.VirtualSize;
int
call_s = MESSAGEBOXW_WZ - (codebegin + 0xE);
BYTE
c_wz[4];
mitol(call_s, c_wz);
memcpy
(Shellcode + 0x9, c_wz, 4);
int
jmp_s = pOptionHeader->AddressOfEntryPoint - (codebegin + 18);
BYTE
j_wz[4];
mitol(jmp_s, j_wz);
memcpy
(Shellcode + 0xE, j_wz, 4);
BYTE
OEP[4];
mitol((pSectionHeader + Number)->Misc.VirtualSize + (pSectionHeader + Number)->VirtualAddress, OEP);
memcpy
((
void
*)((
DWORD
)pNewBuffer + ((
DWORD
)pOptionHeader - (
DWORD
)pDosHeader) + 0x10), OEP, 4);
memcpy
((
void
*)((
DWORD
)pNewBuffer + codebegin), Shellcode, 18);
return
pOptionHeader->AddressOfEntryPoint;
}