新增一个节 下面这些代码不知道哪里出问题了 拖到PETool里发现节仍然没有增加过 共5个红包, 当前剩余0个, 每个3元 互助问答
  • 2103 等级 N0
    2019-03-31 16:56

    VOID TestAddCode()
    {
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_FILE_HEADER pPEHeader = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;

    LPVOID pFileBuffer = NULL;
    LPVOID pImageBuffer = NULL;
    LPVOID pNewBuffer = NULL;

    PBYTE codeBegin = NULL;
    BOOL siOK = FALSE;
    DWORD size = 0;
    //File->FileBuffer
    ReadPEFile(FILEPATH_IN, &pFileBuffer);
    if(!pFileBuffer)
    { printf("File->FileBuffer失败");
    return;
    }
    //FileBuffer->ImageBuffer
    CopyFileBufferToImageBuffer(pFileBuffer,&pImageBuffer);
    if(!pImageBuffer)
    { printf("FileBuffer->ImageBuffer失败");
    free(pFileBuffer);
    return;
    }
    //判断头部是否有空间可以新增一个节表
    pDosHeader = (PIMAGE_DOS_HEADER) pImageBuffer;
    pPEHeader = (PIMAGE_FILE_HEADER) ((DWORD)pImageBuffer + (pDosHeader->e_lfanew + 4));
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pImageBuffer + (pDosHeader->e_lfanew + 4 + IMAGE_SIZEOF_FILE_HEADER));
    //判断
    if( (pOptionHeader->SizeOfHeaders - (pDosHeader->e_lfanew + 0x4 + IMAGE_SIZEOF_FILE_HEADER+ IMAGE_SIZEOF_NT_OPTIONAL_HEADER
    + IMAGE_SIZEOF_SECTION_HEADER * pPEHeader->NumberOfSections)) < IMAGE_SIZEOF_SECTION_HEADER*2 )
    {
    printf("空闲空间不够!\n");
    free(pFileBuffer);
    free(pImageBuffer);
    return;
    }
    //新增一个节: 因为是以1000对齐的 所以是增加1000最合适
    LPVOID pNewImageBuffer = NULL;
    pNewImageBuffer = malloc(pOptionHeader->SizeOfImage + 0x1000);
    if(!pNewImageBuffer)
    { printf("新增给pNewImageBuffer的空闲失败!\n");
    free(pFileBuffer);
    free(pImageBuffer);
    return;
    }
    memcpy(pNewImageBuffer,pImageBuffer,pOptionHeader->SizeOfImage);
    //经过考贝 就可对pNewImageBuffer里的这些头的指针进行赋值
    pDosHeader = (PIMAGE_DOS_HEADER) pNewImageBuffer;
    pPEHeader = (PIMAGE_FILE_HEADER) ((DWORD)pNewImageBuffer + (pDosHeader->e_lfanew + 0x4));
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32) ((DWORD)pNewImageBuffer + (pDosHeader->e_lfanew + 0x4 + IMAGE_SIZEOF_FILE_HEADER));
    pSectionHeader = (PIMAGE_SECTION_HEADER) (((DWORD)pNewImageBuffer + pDosHeader->e_lfanew) + 0x4 + IMAGE_SIZEOF_FILE_HEADER + IMAGE_SIZEOF_NT_OPTIONAL_HEADER);
    //新增一个节表
    memcpy(pSectionHeader + pPEHeader->NumberOfSections, pSectionHeader, IMAGE_SIZEOF_SECTION_HEADER);
    //把新增一个节表后面的40个字节全设置成0
    memset( (pSectionHeader + pPEHeader->NumberOfSections + 1), 0, IMAGE_SIZEOF_SECTION_HEADER);
    //修改新增节表里的内容
    strcpy((char*)(pSectionHeader + pPEHeader->NumberOfSections),"NewSec");
    (pSectionHeader + pPEHeader->NumberOfSections)->Misc.VirtualSize = 0x1000;
    (pSectionHeader + pPEHeader->NumberOfSections)->SizeOfRawData = 0x1000;
    (pSectionHeader + pPEHeader->NumberOfSections)->VirtualAddress = pOptionHeader->SizeOfImage;
    (pSectionHeader + pPEHeader->NumberOfSections)->PointerToRawData = pSectionHeader->PointerToRawData + pSectionHeader->SizeOfRawData;
    (pSectionHeader + pPEHeader->NumberOfSections)->Characteristics = pSectionHeader->Characteristics; 属性不必改 因为本节表是从第一个节表中复制过来的, 如果你想写的话也查以写成左边这样子

    pPEHeader->NumberOfSections + 1;
    pOptionHeader->SizeOfImage + 0x1000;

    //pNewImageBuffer->NewBuffer
    size = CopyImageBufferToNewBuffer(pNewImageBuffer, &pNewBuffer);
    if(size == 0 || !pNewBuffer)
    {
    printf("ImageBuffer->NewBuffer失败");
    free(pFileBuffer);
    free(pNewImageBuffer);
    return;
    }
    //NewBuffer->文件 (就是存盘)
    siOK = MemeryTOFile(pNewBuffer,size,FILEPATH_OUT);
    if(siOK)
    {
    printf("存盘成功");
    return;
    }
    //最后把用到过的内存全释放掉
    free(pFileBuffer);
    free(pNewImageBuffer);
    free(pNewBuffer);
    }

  • 浏览 245
  • 点赞 1
  • 分享 3
  • 点赞 已赞 收藏 已收藏
回答 (11)
    正在加载中...
    ---到底了---
    talk 11 top
    展开
    >