|
“七嘴八舌:说说你曾经疯狂的事”活动结果公布!活动奖品已经发出
我来说一些曾经疯狂的经历。 大家都知道番茄花园,也知道番茄花园前一阵子出事了。因此也知道了番茄花园和四川网联、蔡文胜等关系单位的事情。四川网联——曾经的中国互联网行业的一条大鳄,就此土崩瓦加灰飞烟灭。四川网联的老板孙雨据说避难去了新加坡。 在番茄花园最兴盛的时代,我正在从事的是流氓软件行业。那时候,我们自称插件。每日里除了完成功能之外,就是和杀毒软件打架。他们追,我们跑。在他们版本升级之前完成自身的进化。每日种子的存活率数字,就是我们的兴奋剂。不分昼夜,不论周末的奋战在弹窗广告、后台安装的第一线。为广告主的点击率事业努力奋斗。驱动保护、自变形技术,无所不用其极。到了后面发展出了分布式点击欺诈、后台弹出窗口后台点击等技术。最最卑鄙的就是通过一个渠道安装插件后经过潜伏期,直接杀死所有安装渠道的计算机系统,以此打击竞争对手的渠道。 曾经的宝蓝德尔养活了酷热科技,酷热科技又合并了暴风影音,暴风影音的名字后面又合并了超级解霸的知识产权。这些曾经的以及现在的播放器老大背后,都是不折不扣的流氓! 那个时候我和四川网联的关系算是比较密切。给孙雨讲过课。主要介绍P2P流媒体系统。番茄花园里面集成的第一版插件和工具条就是我开发的。 洗手不干这么久了。还经常回忆起那个疯狂的年代。 上面并没有写太多我自己做过的事情。因为在这些事情中,我只是冲杀在第一线的一个小程序员。 谨借上面的文字,怀念那一段疯狂的经历。 |
|
请求PE装载器的例子代码
有没有人可以帮帮我啊? |
|
请求PE装载器的例子代码
有人吗?救命啊! |
|
请求PE装载器的例子代码
我调用的是DLL。所以有重定位表,这位高手下面说的话,可以解释一下吗?如何操作也请一并告知。谢谢! 最初由 jjnet 发布 |
|
请求PE装载器的例子代码
我处理了重定位啊. |
|
请求PE装载器的例子代码
请问有人可以帮忙解释一下吗? |
|
|
|
请求PE装载器的例子代码
#pragma once #include <WinNT.h> #define SIZE_OF_NT_SIGNATURE sizeof(DWORD) /* PE文件签名的偏移量。 */ #define NTSIGNATURE(a) ((LPVOID)((BYTE *)a + \ ((PIMAGE_DOS_HEADER)a)->e_lfanew)) /* MS-OS头标示出NT的PE文件签名的dword; PE文件头就存在于那个dword之后。 */ #define PEFHDROFFSET(a) ((LPVOID)((BYTE *)a + \ ((PIMAGE_DOS_HEADER)a)->e_lfanew + \ SIZE_OF_NT_SIGNATURE)) /* PE可选头就在PE文件头的后面。 */ #define OPTHDROFFSET(a) ((LPVOID)((BYTE *)a + \ ((PIMAGE_DOS_HEADER)a)->e_lfanew + \ SIZE_OF_NT_SIGNATURE + \ sizeof (IMAGE_FILE_HEADER))) /* 节头就在PE可选头的后面。 */ #define SECHDROFFSET(a) ((LPVOID)((BYTE *)a + \ ((PIMAGE_DOS_HEADER)a)->e_lfanew + \ SIZE_OF_NT_SIGNATURE + \ sizeof (IMAGE_FILE_HEADER) + \ sizeof (IMAGE_OPTIONAL_HEADER))) typedef struct tagImportDirectory { DWORD dwRVAFunctionNameList; //函数名字列表的RVA DWORD dwUseless1; //未用1 DWORD dwUseless2; //未用2 DWORD dwRVAModuleName; //模块名字的RVA DWORD dwRVAFunctionAddressList; //函数地址列表的RVA }IMAGE_IMPORT_MODULE_DIRECTORY, * PIMAGE_IMPORT_MODULE_DIRECTORY; DWORD ImageFileType ( LPVOID lpFile) { /* DOS文件签名先出现。 */ if (*(USHORT *)lpFile == IMAGE_DOS_SIGNATURE) { /* 从DOS头开始确定PE文件头的位置。 */ if (LOWORD (*(DWORD *)NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE || LOWORD (*(DWORD *)NTSIGNATURE (lpFile)) == IMAGE_OS2_SIGNATURE_LE) return (DWORD)LOWORD(*(DWORD *)NTSIGNATURE (lpFile)); else if (*(DWORD *)NTSIGNATURE (lpFile) == IMAGE_NT_SIGNATURE) return IMAGE_NT_SIGNATURE; else return IMAGE_DOS_SIGNATURE; } else /* 未知的文件类型。 */ return 0; } int NumOfSections ( LPVOID lpFile) { /* 文件头中标示的节的数量。 */ return (int)(((PIMAGE_FILE_HEADER) PEFHDROFFSET (lpFile))->NumberOfSections); } LPVOID GetModuleEntryPoint ( LPVOID lpFile) { PIMAGE_OPTIONAL_HEADER poh; poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile); if (poh != NULL) return (LPVOID)poh->AddressOfEntryPoint; else return NULL; } BOOL GetSectionHdrByName ( LPVOID lpFile, IMAGE_SECTION_HEADER *sh, char *szSection) { PIMAGE_SECTION_HEADER psh; int nSections = NumOfSections (lpFile); int i; if ((psh = (PIMAGE_SECTION_HEADER)SECHDROFFSET (lpFile)) != NULL) { /* 按名字寻找节 */ for (i=0; i<nSections; i++) { if (!strcmp ((const char *)psh->Name, szSection)) { /* copy data to header */ CopyMemory ((LPVOID)sh, (LPVOID)psh, sizeof (IMAGE_SECTION_HEADER)); return TRUE; } else psh++; } } return FALSE; } LPVOID ImageDirectoryOffset ( LPVOID lpFile, DWORD dwIMAGE_DIRECTORY, PIMAGE_SECTION_HEADER *pSH) { PIMAGE_OPTIONAL_HEADER poh; PIMAGE_SECTION_HEADER psh; int nSections = NumOfSections (lpFile); int i = 0; LPVOID VAImageDir; /* 检索出节头和可选头的偏移量。 */ poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile); psh = (PIMAGE_SECTION_HEADER)SECHDROFFSET (lpFile); /* 一直到(NumberOfRvaAndSizes-1)都必须为0。 */ if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes) return NULL; /* 定位映像文件目录的相对虚拟地址。 */ VAImageDir = (LPVOID)poh->DataDirectory [dwIMAGE_DIRECTORY].VirtualAddress; /* 定位包含映像文件目录的节。 */ while (i++<nSections) { if (psh->VirtualAddress <= (DWORD)VAImageDir && psh->VirtualAddress + psh->SizeOfRawData > (DWORD)VAImageDir) break; psh++; } if (i > nSections) return NULL; if (pSH) *pSH=psh; /* 返回映像文件输入目录的偏移量。 */ return (LPVOID)((int)lpFile + (int)VAImageDir); } int WINAPI GetExportFunctionNames ( LPVOID lpFile, HANDLE hHeap, char **pszFunctions) { IMAGE_SECTION_HEADER sh; PIMAGE_EXPORT_DIRECTORY ped; char *pNames, *pCnt; int i, nCnt; /* 为.edata节取得节头和数据目录的指针。 */ if ((ped = (PIMAGE_EXPORT_DIRECTORY)ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_EXPORT,NULL)) == NULL) return 0; GetSectionHdrByName (lpFile, &sh, ".edata"); /* 确定输出函数名字的偏移量。 */ pNames = (char *)(*(int *)((int)ped->AddressOfNames - (int)sh.VirtualAddress + (int)sh.PointerToRawData + (int)lpFile) - (int)sh.VirtualAddress + (int)sh.PointerToRawData + (int)lpFile); /* 计算所有字符串需分配多少内存。 */ pCnt = pNames; for (i=0; i<(int)ped->NumberOfNames; i++) while (*pCnt++); nCnt = (int)(pCnt-pNames); /* 从堆中为函数名字分配内存。 */ *pszFunctions = (char *)HeapAlloc (hHeap, HEAP_ZERO_MEMORY, nCnt); /* 复制所有字符串到缓存区中。 */ CopyMemory ((LPVOID)*pszFunctions, (LPVOID)pNames, nCnt); return nCnt; } int WINAPI GetImportModuleNames ( LPVOID lpFile, HANDLE hHeap, char **pszModules) { PIMAGE_IMPORT_MODULE_DIRECTORY pid; IMAGE_SECTION_HEADER idsh; BYTE *pData; int nCnt = 0, nSize = 0, i; char *pModule[1024]; char *psz; pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT,NULL); pData = (BYTE *)pid; /* 定位".idata"节的节头。 */ if (!GetSectionHdrByName (lpFile, &idsh, ".idata")) return 0; /* 提取所有的输入模块。 */ while (pid->dwRVAModuleName) { /* 为字符串的绝对偏移量分配缓冲区。 */ pModule[nCnt] = (char *)(pData + (pid->dwRVAModuleName-idsh.VirtualAddress)); nSize += strlen (pModule[nCnt]) + 1; /* 增量到下一个输入目录项。*/ pid++; nCnt++; } /* 复制所有字符串到堆内存的一个块当中。 */ *pszModules = (char *)HeapAlloc (hHeap, HEAP_ZERO_MEMORY, nSize); psz = *pszModules; for (i=0; i<nCnt; i++) { strcpy (psz, pModule[i]); psz += strlen (psz) + 1; } return nCnt; } int WINAPI GetImportFunctionNamesByModule ( LPVOID lpFile, HANDLE hHeap, char *pszModule, char **pszFunctions) { PIMAGE_IMPORT_MODULE_DIRECTORY pid; IMAGE_SECTION_HEADER idsh; DWORD dwBase; int nCnt = 0, nSize = 0; DWORD dwFunction; char *psz; /* 定位".idata"节的节头。 */ if (!GetSectionHdrByName (lpFile, &idsh, ".idata")) return 0; pid = (PIMAGE_IMPORT_MODULE_DIRECTORY)ImageDirectoryOffset (lpFile, IMAGE_DIRECTORY_ENTRY_IMPORT,NULL); dwBase = (DWORD)pid; /* 找出模块的pid。 */ while (pid->dwRVAModuleName && strcmp (pszModule, (char *)(pid->dwRVAModuleName+dwBase))) pid++; /* 如果找不到模块则退出。 */ if (!pid->dwRVAModuleName) return 0; /* 计算函数名的数量以及字符串的长度。 */ dwFunction = pid->dwRVAFunctionNameList; while (dwFunction && *(DWORD *)(dwFunction + dwBase) && *(char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)) { nSize += strlen ((char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)) + 1; dwFunction += 4; nCnt++; } /* 为函数名在堆中分配内存。 */ *pszFunctions = (char *)HeapAlloc (hHeap, HEAP_ZERO_MEMORY, nSize); psz = *pszFunctions; /* 复制函数名到内存指针。 */ dwFunction = pid->dwRVAFunctionNameList; while (dwFunction && *(DWORD *)(dwFunction + dwBase) && *((char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2))) { strcpy (psz, (char *)((*(DWORD *)(dwFunction + dwBase)) + dwBase+2)); psz += strlen((char *)((*(DWORD *)(dwFunction + dwBase))+ dwBase+2)) + 1; dwFunction += 4; } return nCnt; } |
|
请求PE装载器的例子代码
// test.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <Windows.h> #include <WinNT.h> #include <stdio.h> #include <conio.h> #include "tools.h" int main(int argc, char* argv[]) { try{ HANDLE hFile=CreateFile("core.dll",GENERIC_READ,NULL,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL); printf("hFile=%d\n",hFile); if (hFile==INVALID_HANDLE_VALUE){ throw "hFile==INVALID_HANDLE_VALUE"; } try{ DWORD dwFileSize=GetFileSize(hFile,NULL); printf("dwFileSize=%d\n",dwFileSize); if (!dwFileSize){ throw "dwFileSize==0"; } try{ HANDLE hFileMapping=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL); printf("hFileMapping=%d\n",hFileMapping); if (hFileMapping==INVALID_HANDLE_VALUE){ throw "hFileMapping==INVALID_HANDLE_VALUE"; } try{ void *pFileMapping=MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0); printf("pFileMapping=%d\n",pFileMapping); if (!pFileMapping){ throw "pFileMapping==0"; } try{ PIMAGE_DOS_HEADER pDosHeader; pDosHeader=(PIMAGE_DOS_HEADER)pFileMapping; if (pDosHeader->e_magic!=IMAGE_DOS_SIGNATURE){ throw "pDosHeader->e_magic!=IMAGE_DOS_SIGNATURE"; } printf("pDosHeader->e_magic==IMAGE_DOS_SIGNATURE\n"); printf("pDosHeader->e_lfanew=%d\n",pDosHeader->e_lfanew); DWORD *pPeFlag=(DWORD *)((DWORD)pFileMapping+pDosHeader->e_lfanew); if (*pPeFlag!=IMAGE_NT_SIGNATURE){ throw "*pPeFlag!=IMAGE_NT_SIGNATURE"; } printf("*pPeFlag==IMAGE_NT_SIGNATURE\n"); PIMAGE_FILE_HEADER pPeHeader=(PIMAGE_FILE_HEADER)((DWORD)pPeFlag+sizeof(DWORD)); pPeHeader->NumberOfSections; printf("NumOfSections=%d\n",pPeHeader->NumberOfSections); PIMAGE_OPTIONAL_HEADER pOptionalHeader=(PIMAGE_OPTIONAL_HEADER)((DWORD)pPeHeader+sizeof(IMAGE_FILE_HEADER)); if (pOptionalHeader->Magic!=0x010B){ throw "pOptionalHeader->Magic!=0x010B"; } printf("pOptionalHeader->Magic==0x010B\n"); printf("SizeOfImage=%d\n",pOptionalHeader->SizeOfImage); printf("SizeOfHeaders=%d\n",pOptionalHeader->SizeOfHeaders); printf("SizeOfCode=%d\n",pOptionalHeader->SizeOfCode); printf("FileAlignment=%d\n",pOptionalHeader->FileAlignment); printf("SectionAlignment=%d\n",pOptionalHeader->SectionAlignment); printf("AddressOfEntryPoint=%d(RVA)\n",pOptionalHeader->AddressOfEntryPoint); HANDLE hMemoryExec=CreateFileMapping(INVALID_HANDLE_VALUE,NULL,PAGE_EXECUTE_READWRITE,0,pOptionalHeader->SizeOfImage,NULL); printf("hMemoryExec=%d\n",hMemoryExec); if (hMemoryExec==INVALID_HANDLE_VALUE){ throw "hMemoryExec==INVALID_HANDLE_VALUE"; } try{ void *pMemoryExec=MapViewOfFile(hMemoryExec,FILE_MAP_WRITE,0,0,0); printf("pMemoryExec=%d\n",pMemoryExec); if (!pMemoryExec){ throw "pMemoryExec==0"; } try{ memcpy(pMemoryExec,pFileMapping,pOptionalHeader->SizeOfHeaders); PIMAGE_SECTION_HEADER pIMAGE_SECTION_HEADER=(PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader+sizeof(IMAGE_OPTIONAL_HEADER)); UINT i; for (i=0;i<pPeHeader->NumberOfSections;i++) { printf("SECTION Name=%s\n",pIMAGE_SECTION_HEADER[i].Name); printf("PointerToRawData=%d\n",pIMAGE_SECTION_HEADER[i].PointerToRawData); printf("SizeOfRawData=%d\n",pIMAGE_SECTION_HEADER[i].SizeOfRawData); printf("VirtualAddress=%d(RAV)\n",pIMAGE_SECTION_HEADER[i].VirtualAddress); if (pIMAGE_SECTION_HEADER[i].PointerToRawData){ memcpy((void *)((DWORD)pMemoryExec+pIMAGE_SECTION_HEADER[i].VirtualAddress),(void *)((DWORD)pFileMapping+pIMAGE_SECTION_HEADER[i].PointerToRawData),pIMAGE_SECTION_HEADER[i].SizeOfRawData); }else{ memset((void *)((DWORD)pMemoryExec+pIMAGE_SECTION_HEADER[i].VirtualAddress),0,pIMAGE_SECTION_HEADER[i].SizeOfRawData); } } PIMAGE_SECTION_HEADER psh; PIMAGE_BASE_RELOCATION pBaseRelocation=(PIMAGE_BASE_RELOCATION)ImageDirectoryOffset(pMemoryExec,IMAGE_DIRECTORY_ENTRY_BASERELOC,&psh); printf("pBaseRelocation=%d\n",pBaseRelocation); if (!pBaseRelocation){ throw "Can'not find IMAGE_DIRECTORY_ENTRY_BASERELOC"; } printf("pBaseRelocation@SECTION %s\n",psh->Name); UINT16 *pBL; for (i=(pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size/4096)+1;i>0;i--){ pBL=(UINT16 *)((DWORD)pBaseRelocation+sizeof(IMAGE_BASE_RELOCATION)); for (DWORD j=1;j<=(pBaseRelocation->SizeOfBlock-sizeof(IMAGE_BASE_RELOCATION))/2;j++){ if (*pBL&0xF000){ printf("Found RELOCATION Block #%d\n",j); printf("Base Address=%d(RVA)\n",pBaseRelocation->VirtualAddress); printf("Offset=%d\n",*pBL&0x0FFF); DWORD *Point=(DWORD *)((DWORD)pMemoryExec+pBaseRelocation->VirtualAddress+(*pBL&0x0FFF)); printf("Memary@%d\n",Point); printf("Old Point=%d\n",*Point); printf("New Point=%d\n",*Point+((DWORD)pMemoryExec)-pOptionalHeader->ImageBase); *Point+=(((DWORD)pMemoryExec)-pOptionalHeader->ImageBase); } pBL++; } pBaseRelocation+=4096; } PIMAGE_IMPORT_DESCRIPTOR pImportedSymbols=(PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryOffset(pMemoryExec,IMAGE_DIRECTORY_ENTRY_IMPORT,&psh); printf("pImportedSymbols=%d\n",pImportedSymbols); if (!pImportedSymbols){ throw "Can'not find IMAGE_DIRECTORY_ENTRY_BASERELOC"; } printf("pImportedSymbols@SECTION %s\n",psh->Name); for (i=0;i<(pOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size/sizeof(IMAGE_IMPORT_DESCRIPTOR));i++){ if (pImportedSymbols[i].Characteristics==0){ break; } printf("Found DLL Import %s\n",(char *)((DWORD)pMemoryExec+pImportedSymbols[i].Name)); DWORD * pImageThunkData=(DWORD *)((DWORD)pMemoryExec+pImportedSymbols[i].FirstThunk); PIMAGE_IMPORT_BY_NAME pImageImportByName; HMODULE hDll=LoadLibrary((char *)((DWORD)pMemoryExec+pImportedSymbols[i].Name)); if (!hDll){ throw "Can't load dll"; } printf("Load Library %s ; HMODULE=%d\n",(char *)((DWORD)pMemoryExec+pImportedSymbols[i].Name),hDll); do{ pImageImportByName=(PIMAGE_IMPORT_BY_NAME)((DWORD)pMemoryExec+*pImageThunkData); printf("Found Function Import %s @ %d\n",pImageImportByName->Name,pImageImportByName); *pImageThunkData=(ULONG)GetProcAddress(hDll,(char *)pImageImportByName->Name); printf("Import %s @ %d\n",pImageImportByName->Name,*pImageThunkData); pImageThunkData++; }while(*pImageThunkData); } BOOL (__stdcall* entry)(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved); entry=(BOOL (__stdcall *)(HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved))((DWORD)pMemoryExec+pOptionalHeader->AddressOfEntryPoint); printf("Run Exec @ %d\n",entry); BOOL result=entry((HANDLE)1,(DWORD)1,(LPVOID)1); printf("result=%d\n",result); }catch(char *str){ printf("Exceptional %s\n",str); } UnmapViewOfFile(pMemoryExec); }catch(char *str){ printf("Exceptional %s\n",str); } CloseHandle(hMemoryExec); }catch(char *str){ printf("Exceptional %s\n",str); } UnmapViewOfFile(pFileMapping); }catch (char *str){ printf("Exceptional %s\n",str); } CloseHandle(hFileMapping); }catch(char *str){ printf("Exceptional %s\n",str); } }catch(char *str){ printf("Exceptional %s\n",str); } CloseHandle(hFile); }catch(char *str){ printf("Exceptional %s\n",str); }catch(...){ printf("Exceptional Unknow,LastError=%d\n",GetLastError()); } printf("Exit\n"); return 0; } |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值