PE内容 向代码空白区加代码时出现00000005错误 共3个红包, 当前剩余2个, 每个1元 互助问答
  • 2103 等级 N0
    2019-02-26 03:59

    #include "stdafx.h"
    #include <windows.h>
    #include <malloc.h>
    #include "Globle.h"

    //测试函数之 向代码段空闲区添加代码
    #define FILEPATH_IN "D:\\飞鸽 1.exe"
    #define FILEPATH_OUT "D:\\飞鸽 1_New.exe"
    #define MESSAGEBOXADDR 0x76321F70
    #define SHELLCODELENGTH 0x12

    BYTE shellCode[] = {
    0x6A,00, 0x6A,00, 0x6A,00, 0x6A,00,
    0xE8,00, 00,00,00,
    0xE9,00, 00,00,00
    };

    VOID TestAddCodeInCodeSec()
    {
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;

    LPVOID pFileBuffer = NULL;
    LPVOID pImageBuffer = NULL;
    LPVOID pNewBuffer = NULL;

    PBYTE codeBegin = NULL;
    BOOL siOK = FALSE;
    DWORD size = 0;
    //File->FileBuffer
    ReadPEFile(FILEPATH_IN, &pFileBuffer);
    if(!pFileBuffer)
    { printf("File->FileBuffer失败");
    return;
    }
    //FileBuffer->ImageBuffer
    CopyFileBufferToImageBuffer(pFileBuffer,&pImageBuffer); //★★★★★★★我把断点下到最上面,然后单步下来,可是走到这里时出现00000005错误, 请问各位老师 这是什么原因????
    if(!pImageBuffer)
    { printf("FileBuffer->ImageBuffer失败");
    free(pFileBuffer);
    return;
    }
    //判断代码段空闲区的大小能否存得下shellCode代码 (shellCode已经在上面全局里定义过了)
    pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)(((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER); //其中IMAGE_SIZEOF_FILE_HEADER 可F12跟进是20
    pSectionHeader = (PIMAGE_SECTION_HEADER) (((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER + IMAGE_SIZEOF_NT_OPTIONAL_HEADER);
    if( ( (pSectionHeader->SizeOfRawData) - (pSectionHeader->Misc.VirtualSize) ) < SHELLCODELENGTH )
    {
    printf("代码空闲区空间不够");
    free(pFileBuffer);
    free(pImageBuffer);
    }

    ……………………

    ……………………

    ……………………

  • 浏览 353
  • 点赞 0
  • 分享 2
  • 点赞 已赞 收藏 已收藏
回答 (6)
    正在加载中...
    ---到底了---
    talk 6 top
    展开
    >