PE添节
来源:互联网 发布:江北新区网络问政 编辑:程序博客网 时间:2024/04/30 15:00
IMAGE_DOS_HEADER DosHeader;
IMAGE_NT_HEADERS32 ExeHeader;
int NumOfSections;
FILE *fp;
fp=fopen(FileName.c_str(),"rb+");
fseek(fp,0,SEEK_SET);
fread(&DosHeader,sizeof(DosHeader),1,fp);
if (DosHeader.e_magic!=IMAGE_DOS_SIGNATURE)
{
ShowMessage("不是有效的MZ文件");
return ;
}
fseek(fp,DosHeader.e_lfanew,SEEK_SET);
fread(&ExeHeader,sizeof(ExeHeader),1,fp);
if (ExeHeader.Signature!=IMAGE_NT_SIGNATURE)
{
ShowMessage("不是有效的PE文件");
return ;
}
int NumSection = ExeHeader.FileHeader.NumberOfSections;
fseek(fp,(DosHeader.e_lfanew+sizeof(ExeHeader.Signature)+sizeof(ExeHeader.FileHeader)+ (ExeHeader.FileHeader.SizeOfOptionalHeader)),SEEK_SET);
IMAGE_SECTION_HEADER OLD_SECTION;
//来到最后一个节
for (int i = 0; i < NumSection; i++)
{
fread(&OLD_SECTION,sizeof(IMAGE_SECTION_HEADER),1,fp);
}
IMAGE_SECTION_HEADER iMageNewSection;
memset(&iMageNewSection,0,sizeof(iMageNewSection));
//添加新节
memcpy((char*)iMageNewSection.Name,".fish",strlen(".fish"));
iMageNewSection.VirtualAddress=ExeHeader.OptionalHeader.SizeOfImage;
iMageNewSection.Misc.VirtualSize=0x1000;
iMageNewSection.PointerToRawData=OLD_SECTION.PointerToRawData+OLD_SECTION.SizeOfRawData;
iMageNewSection.SizeOfRawData=0x200;
iMageNewSection.Characteristics=IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE;
fseek(fp,DosHeader.e_lfanew+sizeof(IMAGE_NT_HEADERS)+NumSection*sizeof(IMAGE_SECTION_HEADER),SEEK_SET);
fwrite(&iMageNewSection,sizeof(iMageNewSection),1,fp);
//设置PE头,以便使一些设置生效..
ExeHeader.FileHeader.NumberOfSections++;
ExeHeader.OptionalHeader.SizeOfCode=ExeHeader.OptionalHeader.SizeOfCode+0x1000;
ExeHeader.OptionalHeader.SizeOfImage=ExeHeader.OptionalHeader.SizeOfImage+0x1000;
ExeHeader.OptionalHeader.AddressOfEntryPoint=iMageNewSection.VirtualAddress;
ExeHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
ExeHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
fseek(fp,DosHeader.e_lfanew,SEEK_SET);
fwrite(&ExeHeader,sizeof(ExeHeader),1,fp);
IMAGE_NT_HEADERS32 ExeHeader;
int NumOfSections;
FILE *fp;
fp=fopen(FileName.c_str(),"rb+");
fseek(fp,0,SEEK_SET);
fread(&DosHeader,sizeof(DosHeader),1,fp);
if (DosHeader.e_magic!=IMAGE_DOS_SIGNATURE)
{
ShowMessage("不是有效的MZ文件");
return ;
}
fseek(fp,DosHeader.e_lfanew,SEEK_SET);
fread(&ExeHeader,sizeof(ExeHeader),1,fp);
if (ExeHeader.Signature!=IMAGE_NT_SIGNATURE)
{
ShowMessage("不是有效的PE文件");
return ;
}
int NumSection = ExeHeader.FileHeader.NumberOfSections;
fseek(fp,(DosHeader.e_lfanew+sizeof(ExeHeader.Signature)+sizeof(ExeHeader.FileHeader)+ (ExeHeader.FileHeader.SizeOfOptionalHeader)),SEEK_SET);
IMAGE_SECTION_HEADER OLD_SECTION;
//来到最后一个节
for (int i = 0; i < NumSection; i++)
{
fread(&OLD_SECTION,sizeof(IMAGE_SECTION_HEADER),1,fp);
}
IMAGE_SECTION_HEADER iMageNewSection;
memset(&iMageNewSection,0,sizeof(iMageNewSection));
//添加新节
memcpy((char*)iMageNewSection.Name,".fish",strlen(".fish"));
iMageNewSection.VirtualAddress=ExeHeader.OptionalHeader.SizeOfImage;
iMageNewSection.Misc.VirtualSize=0x1000;
iMageNewSection.PointerToRawData=OLD_SECTION.PointerToRawData+OLD_SECTION.SizeOfRawData;
iMageNewSection.SizeOfRawData=0x200;
iMageNewSection.Characteristics=IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE;
fseek(fp,DosHeader.e_lfanew+sizeof(IMAGE_NT_HEADERS)+NumSection*sizeof(IMAGE_SECTION_HEADER),SEEK_SET);
fwrite(&iMageNewSection,sizeof(iMageNewSection),1,fp);
//设置PE头,以便使一些设置生效..
ExeHeader.FileHeader.NumberOfSections++;
ExeHeader.OptionalHeader.SizeOfCode=ExeHeader.OptionalHeader.SizeOfCode+0x1000;
ExeHeader.OptionalHeader.SizeOfImage=ExeHeader.OptionalHeader.SizeOfImage+0x1000;
ExeHeader.OptionalHeader.AddressOfEntryPoint=iMageNewSection.VirtualAddress;
ExeHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
ExeHeader.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
fseek(fp,DosHeader.e_lfanew,SEEK_SET);
fwrite(&ExeHeader,sizeof(ExeHeader),1,fp);
