添加区段的c++代码

zapline · 发表于 2009-5-8 22:33

本帖最后由 zapline 于 2009-9-7 19:34 编辑

面向过程的，应该比较容易阅读

#include "windows.h"
#include <stdio.h>
#include <assert.h>
#define SECTION_SIZE 0x1000
#define SECTION_NAME ".zapline"

BOOL AddSection(LPCSTR fileName);
int Align(int size, int base);
int main()
{
char a[30]="";
scanf("%s",a);
if ( AddSection(a) )
{
MessageBox(NULL,"成功！","",MB_OK);
}
else
{
MessageBox(NULL,"失败！","",MB_OK);
}
return 0;
}
BOOL AddSection(LPCSTR fileName)
{
IMAGE_DOS_HEADER *dosHeader;
IMAGE_NT_HEADERS *ntHeader;
IMAGE_SECTION_HEADER *sectionHeader;
IMAGE_SECTION_HEADER *newSectionHeader;
IMAGE_SECTION_HEADER *lastSectionHeader;
int numOfSections;
int FILE_ALIGN_MENT;
int SECTION_ALIGN_MENT;

HANDLE hFile=CreateFile(fileName,GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"open file failed!","",MB_OK);
return FALSE;
}

HANDLE hMap=CreateFileMapping(hFile,NULL,PAGE_READWRITE,NULL,NULL,NULL);
if(hMap==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"create map failed!","",MB_OK);
return FALSE;
}

LPVOID lpBase=MapViewOfFile(hMap,FILE_MAP_WRITE,0,0,0);
if(lpBase==NULL)
{
MessageBox(NULL,"get view failed!","",MB_OK);
return FALSE;
}

dosHeader=(IMAGE_DOS_HEADER*)lpBase;

if (dosHeader->e_magic!=IMAGE_DOS_SIGNATURE)
{
MessageBox(NULL,"not PE file!","",MB_OK);
return FALSE;
}

ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);
if(ntHeader->Signature!=IMAGE_NT_SIGNATURE)
{
MessageBox(NULL,"not FE file!","",MB_OK);
return FALSE;
}
FILE_ALIGN_MENT = ntHeader->OptionalHeader.FileAlignment;
SECTION_ALIGN_MENT = ntHeader->OptionalHeader.SectionAlignment;
numOfSections = ntHeader->FileHeader.NumberOfSections;
ntHeader->FileHeader.NumberOfSections++;

sectionHeader = (IMAGE_SECTION_HEADER*)((DWORD)ntHeader+sizeof(IMAGE_NT_HEADERS));
lastSectionHeader = (IMAGE_SECTION_HEADER *)&sectionHeader[numOfSections-1];
newSectionHeader = (IMAGE_SECTION_HEADER *)&sectionHeader[numOfSections];

memset(newSectionHeader,0,sizeof(IMAGE_SECTION_HEADER));
strncpy((char*)newSectionHeader->Name,SECTION_NAME,strlen(SECTION_NAME));

newSectionHeader->VirtualAddress = lastSectionHeader->VirtualAddress+Align(lastSectionHeader->Misc.VirtualSize,SECTION_ALIGN_MENT);
// ntHeader->OptionalHeader.AddressOfEntryPoint = newSectionHeader->VirtualAddress;
newSectionHeader->Misc.VirtualSize = Align(3000,SECTION_ALIGN_MENT);
newSectionHeader->PointerToRawData = lastSectionHeader->PointerToRawData+Align(lastSectionHeader->SizeOfRawData,FILE_ALIGN_MENT);
newSectionHeader->SizeOfRawData = Align(SECTION_SIZE, FILE_ALIGN_MENT);
newSectionHeader->Characteristics = 0xE0000020;
ntHeader->OptionalHeader.SizeOfCode = ntHeader->OptionalHeader.SizeOfCode+Align(SECTION_SIZE, FILE_ALIGN_MENT);
printf("%x--%x",ntHeader->OptionalHeader.SizeOfImage,Align(SECTION_SIZE,SECTION_ALIGN_MENT));
ntHeader->OptionalHeader.SizeOfImage = ntHeader->OptionalHeader.SizeOfImage+Align(SECTION_SIZE, SECTION_ALIGN_MENT);

FlushViewOfFile(lpBase,0);
UnmapViewOfFile(lpBase);
CloseHandle(hMap);
if(SetFilePointer(hFile,SECTION_SIZE,NULL,FILE_END)==-1)
{
MessageBox(NULL,"set file pointer failed!","",MB_OK);
return FALSE;
}

if(!SetEndOfFile(hFile))
{
MessageBox(NULL,"set file end failed!","",MB_OK);
return FALSE;
}

CloseHandle(hFile);
return TRUE;
}

int Align(int size, int base)
{
int ret,result;
assert( 0 != base);
result = size % base;
result != 0 ? ret = ((size / base) + 1) * base : ret = size;
return ret;
}

wellen · 发表于 2009-5-8 23:12

:)你的东西一定得看看

zzage · 发表于 2009-5-8 23:20

[s:216]，占位，学习一下！

cracker · 发表于 2009-5-9 00:17

[s:43]检测条件不少...

guxiaokang · 发表于 2011-5-9 10:40

提示: 作者被禁止或删除内容自动屏蔽

帐号		自动登录	找回密码
密码			注册[Register]

guxiaokang guxiaokang 当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	guxiaokang 发表于 2011-5-9 10:40 提示: 作者被禁止或删除内容自动屏蔽
	如何快速判断一个文件是否为病毒！
	回复支持举报

[其他转载] 添加区段的c++代码

免费评分