找zeroadd找了半天找不到,决定自己写一个,但是如题,imagesize始终拿不准,而导致生成文件出错.
希望高手帮忙修改,指点一二,QQ:56228956,大恩不言谢!
以下是代码:
[CODE].386
.model stdcall,flat
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
include comdlg32.inc
includelib comdlg32.lib
SectionAdd proto lpNTHeader:DWORD,lpSectionTable:DWORD,lpSectionName:DWORD,dwAddSize:DWORD
GetAlignedAddr proto AlignNum:DWORD,lpAddress:DWORD
.data
ofn OPENFILENAME <>
szAppName db "SectionAdd Version 1.0 By:Nonsener 2006",0
FilterString db "Executable Files (*.exe)",0,"*.exe",0
db "All Files (*.*)",0,"*.*",0,0
FileOpenError db "Cannot open the file!",0
FileOpenMappingError db "Cannot open file for memory mapping!",0
FileMappingError db "Cannot mapping the file into memory!",0
FileValidExe db "This file is a valid executable file!",0
FileInvalidExe db "This file is not a valid executable file!",0
OkMessage db "Section added Successfully!",0
szError db "Failed maybe because not enough room in pe header,file format invalid or a bad PE head and so on",0
szRoom db "There is not enough room in pe header",0
szBakEx db ".bak",0
szAdd db ".Non",0,0,0,0
addlen db 4
buffer db 512 dup (0)
.data?
hFile DWORD ?
hMapping DWORD ?
pMapping DWORD ?
hInst DWORD ?
;lpNTHeader DWORD ?
;lpSectionTable DWORD ?
OriginalFileSize DWORD ?
OriginalSectionNum WORD ?
szBakup db 512 dup (?)
.code
start:
invoke GetModuleHandle,NULL
mov hInst,eax
mov ofn.lStructSize,SIZEOF OPENFILENAME
push hInst
pop ofn.hInstance
mov ofn.lpstrFilter,offset FilterString
mov ofn.lpstrFile,offset buffer
mov ofn.nMaxFile,512
mov ofn.Flags,OFN_FILEMUSTEXIST OR OFN_PATHMUSTEXIST OR OFN_LONGNAMES OR OFN_EXPLORER
invoke GetOpenFileName,addr ofn
or eax,eax
jnz _CreateFile
invoke MessageBox,NULL,offset FileOpenError,offset szAppName,MB_OK
xor eax,eax
ret
_CreateFile:
invoke lstrcpy,offset szBakup,offset buffer
invoke lstrcat,offset szBakup,offset szBakEx
invoke CreateFile,offset buffer,\
GENERIC_READ+GENERIC_WRITE,\
FILE_SHARE_READ,NULL,\
OPEN_EXISTING,\
FILE_ATTRIBUTE_NORMAL,\
NULL
cmp eax,INVALID_HANDLE_VALUE
jnz _CreatFileMapping
invoke MessageBox,NULL,offset FileOpenMappingError,offset szAppName,MB_OK
xor eax,eax
ret
_CreatFileMapping:
mov hFile,eax
invoke GetFileSize,hFile,0
mov OriginalFileSize,eax
add eax,100h
invoke CreateFileMapping,hFile,NULL,PAGE_READWRITE,0,eax,0
or eax,eax
jnz _MapViewOfFile
invoke MessageBox,NULL,offset FileMappingError,offset szAppName,MB_OK
invoke CloseHandle,hFile
xor eax,eax
ret
_MapViewOfFile:
mov hMapping,eax
invoke MapViewOfFile,hMapping,FILE_MAP_WRITE,0,0,0
or eax,eax
jnz _CheckExe
jmp _ProgramExit
_CheckExe:
mov pMapping,eax
mov edi,pMapping
cmp WORD ptr [edi],'ZM'
jne _InvalidExe
mov ebx,[edi+3ch]
add edi,ebx ;edi----------->NT_HEADER
mov esi,edi
; mov lpNTHeader,edi
cmp WORD ptr [edi],'EP'
jne _InvalidExe
xor ecx,ecx
mov cx,WORD ptr [edi+06h] ;Store NumberOfSections in------------>ecx
mov OriginalSectionNum,cx
xor ebx,ebx
mov bx,WORD ptr [edi+14h]
add edi,18h
add edi,ebx ;Now edi---------->SectionTable
; mov lpSectionTable,edi
invoke SectionAdd,esi,edi,offset szAdd,100h
or eax,eax
je _Error
_SectionAddedOK:
invoke MessageBox,NULL,offset OkMessage,offset szAppName,MB_OK
jmp _ProgramExit
_InvalidExe:
invoke MessageBox,NULL,offset FileInvalidExe,offset szAppName,MB_OK
jmp _ProgramExit
_Error:
invoke MessageBox,NULL,offset szError,offset szAppName,MB_OK
_ProgramExit:
invoke UnmapViewOfFile,pMapping
invoke CloseHandle,hFile
invoke ExitProcess,0
ret
SectionAdd proc lpNTHeader:DWORD,lpSectionTable:DWORD,lpSectionName:DWORD,dwAddSize:DWORD
LOCAL dwVirtualSize:DWORD
LOCAL lpVirtualAddr:DWORD
LOCAL dwSizeofRaw:DWORD
LOCAL lpPointToRaw:DWORD
pushad
mov esi,lpNTHeader
mov eax,dwAddSize
mov dwVirtualSize,eax
mov edi,lpSectionTable
cmp DWORD ptr [esi+38h],0
je _OnError
cmp DWORD ptr [esi+3ch],0
je _OnError
_MoveTo:
add edi,28h
loop _MoveTo ;Move to the last section table item
mov ecx,0ah
mov edx,28h
_CheckRoom:
cmp DWORD ptr [edx+edi],0
jne _RoomNotEnough
add edx,4
loop _CheckRoom
push edi
push esi
xor ecx,ecx
mov cl,8
mov esi,lpSectionName
rep movsb
pop esi
pop edi
sub edi,28h
mov eax,DWORD ptr [edi+0ch]
add eax,DWORD ptr [edi+08h]
mov ebx,DWORD ptr [esi+38h] ;ebx---------->Section Alignment
push eax
push ebx
call GetAlignedAddr
mov lpVirtualAddr,eax
mov eax,DWORD ptr [edi+14h]
add eax,DWORD ptr [edi+10h]
mov ebx,DWORD ptr [esi+3ch] ;ebx---------->File Alignment
push eax
push ebx
call GetAlignedAddr
mov lpPointToRaw,eax
mov eax,dwVirtualSize
mov ebx,DWORD ptr [esi+3ch]
push eax
push ebx
call GetAlignedAddr
mov dwVirtualSize,eax
push eax
mov ebx,DWORD ptr [esi+3ch]
push eax
push ebx
call GetAlignedAddr
mov dwSizeofRaw,eax
add DWORD ptr [esi+50h],eax ;Modify the ImageSize field
inc WORD ptr [esi+06h] ;Modify the NumberofSections
add edi,28h
mov eax,dwVirtualSize
mov DWORD ptr [edi+08h],eax
mov eax,lpVirtualAddr
mov DWORD ptr [edi+0ch],eax
mov eax,dwSizeofRaw
mov DWORD ptr [edi+10h],eax
mov eax,lpPointToRaw
mov DWORD ptr [edi+14h],eax
mov DWORD ptr [edi+24h],0C00000E0h
popad
jmp _AddedSuccessful
_RoomNotEnough:
invoke MessageBox,0,offset szRoom,offset szAppName,0
_OnError:
xor eax,eax
ret
_AddedSuccessful:
mov eax,1
ret
SectionAdd endp
GetAlignedAddr proc uses ebx,AlignNum:DWORD,lpAddress:DWORD
mov eax,lpAddress
mov ebx,AlignNum
xor edx,edx
_ThisLoop:
push eax
div ebx
pop eax
test edx,edx
je _GetIt
inc eax
jmp _ThisLoop
_GetIt:
ret
GetAlignedAddr endp
end start
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
