DWORD32 CkRepairRelactionTable(IN OUT PVOID pImageBuffer, IN DWORD32 dwImageBase)
{
/
/
DOS头
IMAGE_DOS_HEADER
*
pDosHeader
=
(IMAGE_DOS_HEADER
*
)pImageBuffer;
/
/
NT头
IMAGE_NT_HEADERS
*
pNtHeaders
=
(IMAGE_NT_HEADERS
*
)((DWORD32)pImageBuffer
+
pDosHeader
-
>e_lfanew);
/
/
PE头
IMAGE_FILE_HEADER
*
pFileHeader
=
(IMAGE_FILE_HEADER
*
)((DWORD32)pNtHeaders
+
sizeof(pNtHeaders
-
>Signature));
/
/
可选头
IMAGE_OPTIONAL_HEADER
*
pOpHeader
=
(IMAGE_OPTIONAL_HEADER
*
)((DWORD32)pFileHeader
+
sizeof(IMAGE_FILE_HEADER));
/
/
获取重定位表
IMAGE_BASE_RELOCATION
*
pRelocationTable
=
(IMAGE_BASE_RELOCATION
*
)((DWORD32)pImageBuffer
+
pOpHeader
-
>DataDirectory[
5
].VirtualAddress);
IMAGE_BASE_RELOCATION
*
pCurrentRelocationTable
=
pRelocationTable;
/
/
遍历所有页
while
(pCurrentRelocationTable
-
>VirtualAddress !
=
0
|| pCurrentRelocationTable
-
>SizeOfBlock !
=
0
)
{
/
/
当前页需要修改的个数
DWORD32 dwCnt
=
(pCurrentRelocationTable
-
>SizeOfBlock
-
sizeof(IMAGE_BASE_RELOCATION))
/
sizeof(UINT16);
/
/
地址位置
DWORD32 dwAddr
=
((DWORD32)pCurrentRelocationTable)
+
sizeof(IMAGE_BASE_RELOCATION);
for
(
int
i
=
0
; i < dwCnt; i
+
+
)
{
if
((
*
(DWORD32
*
)(dwAddr
+
i
*
sizeof(UINT16)) &
0x0000F000
) !
=
0x00003000
)
{
continue
;
}
/
/
获取要修改的地址
DWORD32
*
pRepairAddr
=
(DWORD32
*
)((DWORD32)pImageBuffer
+
pCurrentRelocationTable
-
>VirtualAddress
+
(
*
((UINT16
*
)dwAddr
+
i) &
0x0FFF
));
/
/
修正重定位表值
*
pRepairAddr
+
=
dwImageBase
-
pOpHeader
-
>ImageBase;
}
pCurrentRelocationTable
=
(IMAGE_BASE_RELOCATION
*
)((DWORD32)&pCurrentRelocationTable
-
>VirtualAddress
+
pCurrentRelocationTable
-
>SizeOfBlock);
}
/
/
修改imagebase
pOpHeader
-
>ImageBase
=
dwImageBase;
return
pOpHeader
-
>SizeOfImage;
}