本帖最后由 zapline 于 2010-2-20 02:06 编辑
功能:为指定PE文件添加一个指定大小指定名称的区段。(添加成功率有待提高,欢迎各位指点)
运行界面:
为程序添加区段,我把它分为如下几步:
第一步,获取部分需要的PE信息(包括DOS头,NT头,最后一个区段头,文件和区段对齐颗粒大小) f.Open(m_FileName,CFile::modeReadWrite);
f.Read(&dh,sizeof(IMAGE_DOS_HEADER));
f.Seek(dh.e_lfanew,CFile::begin);
f.Read(&nh,sizeof(IMAGE_NT_HEADERS));
SectionNum = nh.FileHeader.NumberOfSections;
f.Seek(sizeof(IMAGE_SECTION_HEADER) * (SectionNum-1), CFile::current);
f.Read(&sh,sizeof(IMAGE_SECTION_HEADER));
FileAlign = nh.OptionalHeader.FileAlignment;
SectionAlign = nh.OptionalHeader.SectionAlignment;
第二步,设置新区段的属性
Size = atoi(m_SectionSize);
NewSection.PointerToRelocations = 0;
NewSection.NumberOfRelocations = 0;
NewSection.PointerToLinenumbers = 0;
NewSection.NumberOfLinenumbers = 0;
NewSection.Characteristics = IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE;
NewSection.SizeOfRawData = (Size%FileAlign?FileAlign*(Size/FileAlign+1):Size);
NewSection.PointerToRawData = sh.PointerToRawData + sh.SizeOfRawData;
NewSection.Misc.VirtualSize = Size;
if (sh.SizeOfRawData % SectionAlign)
{
VirtualSize = SectionAlign * (sh.SizeOfRawData/SectionAlign+1);
}
else
{
VirtualSize = sh.SizeOfRawData;
}
NewSection.VirtualAddress = sh.VirtualAddress + VirtualSize;
temp.Format("%8s",m_SecthionName);
for (n=0;n<8;n++)
{
NewSection.Name[n] = temp.GetAt(n);
}
第三步,修改NT头(修改区段数,文件大小)nh.FileHeader.NumberOfSections++;
nh.OptionalHeader.SizeOfImage += Size;
f.Seek(dh.e_lfanew,CFile::begin);
f.Write(&nh,sizeof(IMAGE_NT_HEADERS));
第四步,增加区段信息
f.Seek(dh.e_lfanew+sizeof(IMAGE_NT_HEADERS32)+sizeof(IMAGE_SECTION_HEADER)*SectionNum, CFile::begin);
f.Write(&NewSection,sizeof(IMAGE_SECTION_HEADER));
第五步,增加区段
f.Seek(NewSection.PointerToRawData,CFile::begin);
LPBYTE pData = new BYTE[NewSection.SizeOfRawData];
f.Write(pData,NewSection.SizeOfRawData);
delete pData;
可执行文件+源码:
Release.rar
(157.33 KB, 下载次数: 334)
AddSection.rar
(225.41 KB, 下载次数: 285)
| 
发表于 2010-2-20 01:05
发表于 2010-2-20 01:22
|
发表于 2010-2-20 01:25
发表于 2010-2-20 01:51
