【求助】我的向pe文件注入一个section,这个节里面添加一个加壳的dll 文件格式可以被exescope正确打开但是不能运行提示不正确的win32格式

q123456789098 2009-08-27 09:11:42
int __addnewsection_to_pefile(const char*exefil,const char* dllnew,const char* code,int codelen,int flag_shellbefore)
{
HANDLE pMap,pfile;
char* pmemHandle;
LoadPEFile(exefil,&pmemHandle);
//pmemHandle=(char*)crt_mapf2(exefil,&pMap,&pfile,0);//如何如何得到用户的进程内存景象
//HANDLE hCurrent = 0;
IMAGE_DOS_HEADER *pi_dos_header;
IMAGE_NT_HEADERS *pi_nt_header;
IMAGE_DATA_DIRECTORY *pi_data_dir_import,*pIMAGE_DATA_DIRECTORYbase;
IMAGE_IMPORT_DESCRIPTOR *pi_import_des;
IMAGE_THUNK_DATA *pitdTHUNK_DATA, *pitdTHUNK_DATA2;
pi_dos_header = (IMAGE_DOS_HEADER *)pmemHandle;
pi_nt_header = (IMAGE_NT_HEADERS *)((DWORD)pmemHandle + pi_dos_header->e_lfanew);
/////////////////
SECTION_ALIG=pi_nt_header->OptionalHeader.SectionAlignment;
FILE_ALIG=pi_nt_header->OptionalHeader.FileAlignment;

int nSections=pi_nt_header->FileHeader.NumberOfSections;
int sectionsTable_offsetinfile=(char*)pi_nt_header+sizeof(IMAGE_NT_HEADERS)-pmemHandle;
pIMAGE_DATA_DIRECTORYbase=pi_nt_header->OptionalHeader.DataDirectory;
pi_data_dir_import = &pIMAGE_DATA_DIRECTORYbase[1];
char* pImport_data_offset_infile = pmemHandle+RVA2(pmemHandle,pi_data_dir_import->VirtualAddress);
INT numberofImportEntry=pi_data_dir_import->Size/sizeof(IMAGE_IMPORT_DESCRIPTOR);
numberofImportEntry--;
int newsectionoff_infile=sectionsTable_offsetinfile+nSections*sizeof(IMAGE_SECTION_HEADER);
IMAGE_SECTION_HEADER* pFirstSection=(IMAGE_SECTION_HEADER*)((char*)pi_nt_header+sizeof(IMAGE_NT_HEADERS));
IMAGE_SECTION_HEADER NewSection;
IMAGE_SECTION_HEADER SEChea;
IMAGE_SECTION_HEADER FirstSection;
char zer0;
zer0=0;
int dwfilesize;// = filesz(exefil);
//dwfilesize = filesz((char*)exefil);
SEChea= *((IMAGE_SECTION_HEADER*)(sectionsTable_offsetinfile+pmemHandle)+nSections-1);
FirstSection=*pFirstSection;
//InsertFileLoop(exefil,SEChea.PointerToRawData+SEChea.Misc.VirtualSize,&zer0,sizeof(zer0),aligSize(SEChea.SizeOfRawData,SECTION_ALIG));
////////////////////////////////////////////////////////////////////////////////////////////////////
//InsertFile(exefil,&zer0,sizeof(zer0),aligSize(SEChea.Misc.VirtualSize,SECTION_ALIG));
// dwfilesize+=aligSize(SEChea.Misc.VirtualSize,SECTION_ALIG);
///////////////////////////////////////////////////////////////////////////////////////////////////////
dwfilesize=filesz((char*)exefil);
int olddwFileSize=dwfilesize;
InsertFileEndLoop(exefil,&zer0,sizeof(zer0),aligSize(dwfilesize,FILE_ALIG));
InsertFileEndLoop(exefil,&zer0,sizeof(zer0),SECTION_ALIG);
ZeroMemory(&NewSection,sizeof(NewSection));

strcpy((char*)NewSection.Name,".llydd");
NewSection.VirtualAddress=SEChea.VirtualAddress+alig(SEChea.Misc.VirtualSize,SECTION_ALIG)+FILE_ALIG;
NewSection.PointerToRawData=filesz((char*)exefil)-SECTION_ALIG;//SEChea.PointerToRawData+SEChea.SizeOfRawData;//dwfilesize+sizeof(IMAGE_SECTION_HEADER);
NewSection.Misc.VirtualSize=(numberofImportEntry+2)*sizeof(IMAGE_IMPORT_DESCRIPTOR)+strlen(dllnew)+1;
NewSection.SizeOfRawData=alig(NewSection.Misc.VirtualSize,SECTION_ALIG);
NewSection.Characteristics=0xc0000040;//0xE0000020;
// int nNewImageSize=NThea.OptionalHeader.SizeOfImage+alig(nShellLen,SECTION_ALIG);
// int nNewSizeofCode=NThea.OptionalHeader.SizeOfCode+alig(nShellLen,FILE_ALIG);
int i_str=0;
///////////////////////////////////////////////////////////////////////////////////////////////////////
if(newsectionoff_infile+2*sizeof(NewSection)>=FirstSection.PointerToRawData){
MessageBox(0,0,"litle for new section entry in sect table",0);
return -1;
}
WriteFileBuffer(exefil,newsectionoff_infile,(char*)&NewSection,sizeof(NewSection));
IMAGE_SECTION_HEADER SEzer0;
ZeroMemory(&SEzer0,0,sizeof(SEzer0));
WriteFileBuffer(exefil,newsectionoff_infile+sizeof(NewSection),(char*)&SEzer0,sizeof(SEzer0));
///////////////////////////////////////////////////////////////////////////////////////////////////////
//InsertFile(exefil,newsectionoff_infile,(char*)&NewSection,sizeof(NewSection));
IMAGE_IMPORT_DESCRIPTOR newImportDesc;
IMAGE_IMPORT_BY_NAME *pimport_name;
ZeroMemory(&newImportDesc,sizeof(newImportDesc));
// dwfilesize += sizeof(IMAGE_SECTION_HEADER);
newImportDesc.Name=NewSection.VirtualAddress+sizeof(IMAGE_IMPORT_DESCRIPTOR)*(numberofImportEntry+2);
newImportDesc.OriginalFirstThunk=newImportDesc.Name+64;
newImportDesc.FirstThunk=newImportDesc.OriginalFirstThunk+32;
///////////////////////////////////////////////////////////////////////////////////////////////////////
WriteFileBuffer(exefil,NewSection.PointerToRawData,pImport_data_offset_infile,numberofImportEntry*sizeof(IMAGE_IMPORT_DESCRIPTOR));
//dwfilesize += (numberofImportEntry+2)*sizeof(IMAGE_IMPORT_DESCRIPTOR);
//////////////////////////////////////////////////////////////////////////////////////////
WriteFileBuffer(exefil,NewSection.PointerToRawData+numberofImportEntry*sizeof(IMAGE_IMPORT_DESCRIPTOR),
(char*)&newImportDesc,sizeof(newImportDesc));
numberofImportEntry++;
ZeroMemory(&newImportDesc,sizeof(newImportDesc));
WriteFileBuffer(exefil,NewSection.PointerToRawData+numberofImportEntry*sizeof(IMAGE_IMPORT_DESCRIPTOR),
(char*)&newImportDesc,sizeof(newImportDesc));
//InsertFile(exefil,NewSection.PointerToRawData+numberofImportEntry*sizeof(IMAGE_IMPORT_DESCRIPTOR),(char*)&newImportDesc,sizeof(newImportDesc));
numberofImportEntry++;
WriteFileBuffer(exefil,NewSection.PointerToRawData+(numberofImportEntry)*sizeof(IMAGE_IMPORT_DESCRIPTOR),(char*)dllnew,strlen(dllnew)+1);
//dwfilesize +=aligSize((numberofImportEntry+2)*sizeof(IMAGE_IMPORT_DESCRIPTOR)+strlen(dllnew)+1,SECTION_ALIG);
// pi_import_des = (IMAGE_IMPORT_DESCRIPTOR *)((DWORD)pmemHandle + rva2offset(pmemHandle,pi_data_dir_import->VirtualAddress));
// IMAGE_IMPORT_DESCRIPTOR* preimage_import_descriptor=pi_import_des;
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
SelfFileInt(exefil,(char*)&pi_data_dir_import->Size-pmemHandle,sizeof(IMAGE_IMPORT_DESCRIPTOR));
WriteFileInt(exefil,(char*)&(pi_data_dir_import->VirtualAddress)-pmemHandle,NewSection.VirtualAddress);
//WriteFileInt(exefil,(char*)&pi_data_dir_import->Size-pmemHandle,desi+1);
SelfFileInt(exefil,(char*)&pi_nt_header->OptionalHeader.SizeOfImage-pmemHandle,SECTION_ALIG+aligSize(olddwFileSize,0x1000));
SelfFileInt(exefil,(char*)&pi_nt_header->FileHeader.NumberOfSections-pmemHandle,1);
WriteFileInt(exefil,(char*)&pi_nt_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress-pmemHandle,0);
WriteFileInt(exefil,(char*)&pi_nt_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size-pmemHandle,0);
return 0;
}



//////////////////////////////file
...全文
80 点赞 收藏 3
写回复
3 条回复
切换为时间正序
请发表友善的回复…
发表回复
q123456789098 2009-08-27
int alig(int size,unsigned int align)
{
if(size%align!=0)
return (size/align+1)*align;
else
return size;
}
int aligSize(int size,unsigned int align)
{
int ret;
if(size%align!=0){
ret = size/align;
ret+=1;
ret *= align;
ret-=size;

return ret;
}
else {
return 0;
}
}
回复
q123456789098 2009-08-27
不知为何我给不了分
回复
q123456789098 2009-08-27
unsigned long LoadPEFile(const char *FileName, char **Buffer)
{
FILE *fp = fopen(FileName, "rb");
fseek(fp, 0, SEEK_END);
unsigned long len = ftell(fp);
fseek(fp, 0, SEEK_SET);
char* bbuff = new char[len + 4];
char*plog=bbuff;
*Buffer=bbuff;

//memset(*Buffer, 0x0, len + 4);
unsigned long i = 0;
int ret=0;
while(i < len)
{
ret=fread(bbuff , 1, len-i, fp);
i+=ret;
bbuff+=ret;
}
fclose(fp);
return len;
}

void InsertFile(const char* file,int offset,char* data,char size)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, 0, SEEK_END);
long i = 0;
long len = ftell(fp);
if(offset==-1){
fwrite(data,1,size,fp);
}else if(offset>len){
char fillc=0;
for(i=0;i<offset-len;i++){
fwrite(&fillc,1,1,fp);
}
fwrite(data,1,size,fp);
}

else{
fseek(fp, offset, SEEK_SET);
char*pBuffer = new char[len -offset+ 4];
// memset(pBuffer, 0x0, len + 4);
while(i < len -offset)
{
fread(pBuffer + i, 4, 1, fp);
i+=4;
}
//fclose(fp);
fseek(fp, offset, SEEK_SET);
int ret;
ret=fwrite(data,1,size,fp);
ret=GetLastError();
ret=fwrite(pBuffer,1,len -offset,fp);
}
fflush(fp);
fclose(fp);
}
int InsertFileLoop(const char*exefil,int offset1,char* buf,int buffsize,int loops)
{
int i;
for(i=0;i<loops;i++){
InsertFile(exefil,offset1+i*buffsize,buf,buffsize);
}
return 0;
}
void InsertFileEnd(const char* file,char* data,char size)
{
InsertFile(file,-1,data, size);
}
int InsertFileEndLoop(const char*exefil,char* buf,int buffsize,int loops)
{
int i;
for(i=0;i<loops;i++){
InsertFileEnd(exefil,buf,buffsize);
}
return 0;
}
int InsertFileEnd2(const char* exefil,char* zero,int dw,int times)
{
int i;
for(i=0;i<times;i++){
InsertFileEnd(exefil,zero,dw);
}
return 0;
}

//void WriteFileBuffer(char* file,int offset,char* data,char* size)
//{
// FILE *fp = fopen(file, "rwb");
// fseek(fp, offset, SEEK_SET);
// fwrite(data,size,1,fp);
// fclose(fp);
//}
int ReadFileInt(const char* file,int offset);
void ReadFileBuffer(const char* file,int offset,char*p,int len)
{
FILE *fp = fopen(file, "r+b");
int v;
fseek(fp, offset, SEEK_SET);
int ret=fread(p,1,len,fp);
fclose(fp);
return ;
}
void WriteFileBuffer(const char* file,int offset,char*dat,int len)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
fwrite(dat,1,len,fp);
fflush(fp);
fclose(fp);
char *p=new char[len];
ReadFileBuffer(file,offset,p,len);
if(memcmp(dat,p,len)){
::MessageBox(0,0,"WriteFileInt",0);
}
delete p;


}
void WriteFileInt(const char* file,int offset,int v)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
fwrite(&v,1,sizeof(v),fp);
fflush(fp);
fclose(fp);
int k=ReadFileInt(file,offset);
if(v!=k){
v=v;
::MessageBox(0,0,"WriteFileInt",0);
}
}
void WriteFileChar(const char* file,int offset,char v)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
fwrite(&v,1,sizeof(v),fp);
fflush(fp);

fclose(fp);
}
void WriteFileShort(const char* file,int offset,short v)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
fwrite(&v,1,sizeof(v),fp);
fflush(fp);

fclose(fp);
}

int ReadFileInt(const char* file,int offset)
{
FILE *fp = fopen(file, "r+b");
int v;
fseek(fp, offset, SEEK_SET);
int ret=fread(&v,1,sizeof(v),fp);
fclose(fp);
return v;
}
char ReadFileChar(const char* file,int offset)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
char v;
fread(&v,1,sizeof(v),fp);
fclose(fp);
return v;
}
short ReadFileShort(const char* file,int offset)
{
FILE *fp = fopen(file, "r+b");
fseek(fp, offset, SEEK_SET);
short v;
fread(&v,1,sizeof(v),fp);
fclose(fp);
return v;
}
void SelfFileInt(const char* file,int offset,int sec)
{
int v=ReadFileInt(file,offset);
v+=sec;
WriteFileInt(file,offset,v);
}
void SelfFileShort(const char* file,int offset,short sec)
{
short v=ReadFileShort(file,offset);
v+=sec;
WriteFileShort(file,offset,v);
}

void SelfFileChar(const char* file,int offset,char sec)
{
char v=ReadFileChar(file,offset);
v+=sec;
WriteFileChar(file,offset,v);
}
回复
发动态
发帖子
VC/MFC
创建于2007-09-28

1.5w+

社区成员

VC/MFC相关问题讨论
申请成为版主
社区公告
暂无公告