9,506
社区成员
发帖
与我相关
我的任务
分享
BOOL FileInject(LPVOID lpImageBuffer)
{
if (lpImageBuffer == NULL)
return FALSE;
BYTE injectData[] = {
0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00, 0x6A, 0x00,
0xE8, 0x00, 0x00, 0x00, 0x00,
0xE9, 0x00, 0x00, 0x00, 0x00
};
FARPROC msgAddr = GetProcAddress(LoadLibrary(_T("user32.dll")), "MessageBoxA"); //0x74fe7e60 ,401A7D
LPBYTE pBaseData = (LPBYTE)lpImageBuffer;
PIMAGE_DOS_HEADER pImageDosHeader = (PIMAGE_DOS_HEADER)pBaseData;
PIMAGE_NT_HEADERS pImageNtHeader = (PIMAGE_NT_HEADERS)(pBaseData + pImageDosHeader->e_lfanew);
PIMAGE_FILE_HEADER pImageFileHeader = &pImageNtHeader->FileHeader;
PIMAGE_OPTIONAL_HEADER pImageOptionalHeader = &pImageNtHeader->OptionalHeader;
PIMAGE_SECTION_HEADER pImageSectionHeader = (PIMAGE_SECTION_HEADER)(pBaseData + pImageDosHeader->e_lfanew + 4 +sizeof(IMAGE_FILE_HEADER)+pImageFileHeader->SizeOfOptionalHeader);
//判断空闲空间大小
if (pImageSectionHeader->SizeOfRawData - pImageSectionHeader->Misc.VirtualSize < sizeof(injectData))
{
DEBUG_LOG(_T("空间不够."));
return FALSE;
}
//将代码复制到空闲区
DWORD dwCodeBegin = pImageSectionHeader->VirtualAddress + pImageSectionHeader->Misc.VirtualSize;
CopyMemory(pBaseData + dwCodeBegin, injectData, sizeof(injectData));
//修正E8地址
DWORD injectAddr = (DWORD)msgAddr - (pImageOptionalHeader->ImageBase + dwCodeBegin + 0xd);
CopyMemory((LPBYTE)pBaseData + dwCodeBegin + 9, &injectAddr, sizeof(DWORD));
//修正E9地址
DWORD jmpAddr =pImageOptionalHeader->ImageBase + pImageOptionalHeader->AddressOfEntryPoint - (pImageOptionalHeader->ImageBase+(dwCodeBegin+0x12));
CopyMemory(pBaseData + dwCodeBegin + 0xE, &jmpAddr, sizeof(DWORD));
//修正OEP
CopyMemory(&pImageOptionalHeader->AddressOfEntryPoint, &dwCodeBegin, sizeof(DWORD));
return TRUE;
}