首页
社区
课程
招聘
[原创]扩大节-合并节
发表于: 2022-10-19 17:44 7005

[原创]扩大节-合并节

2022-10-19 17:44
7005

img

注意:扩大节最好在最后节扩展 不然要修改好多东西

一:扩大节

1、拉伸到内存

2、分配一块新的空间:SizeOfImage+Ex

3、将最后一个节的SizeOfRawData 和 VirtualSize改成N

SizeOfRawData = VirtualSize = N

N = (SizeOfRawData或者Virtualsize 内存对齐后的值)+Ex

4、修改sizeofimage大小

Sizeofimage= sizeofimage+Ex

合并节是将多个节合并;

例如所有节合并为一个节:

1】只保留一个节表;

2】所有的节当作一个节,将描述信息写在第一个节表中;

合并节后,原来节表的地方空出来了,可以方便插入新节;

有多个节时,拉伸时需要循环遍历各个节表做对齐之类的操作;合并节 表后减少了这些操作;

如果把所有节合并,那么节与节之间就不再考虑内存对齐或者文件对齐了,由于我们是在文件装载到内存后合并的节,如果内存对齐和文件对齐不一样,那么最后将合并后的文件再还原成硬盘上的状态时,所有的节会当成一个整体,不会再文件对齐了,所以就导致了合并后文件可能会变大

1)拉伸到内存

2)将第一个节的内存大小、文件大小改成一样

3)将第一个节的属性改为包含所有节的属性,即用第一个节的属性与其他的节的属性做运算

4)修改节的数量为1

 
 
 
 
 
 
 
 
 
VOID ExpansionSection()
{
    PVOID pFileBuffer = NULL;
    PVOID pImageBuffer = NULL;
    PVOID pNewBuffer = NULL;
    PVOID pNewImageBuffer = NULL;
 
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_FILE_HEADER pPEHeader = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeaderUP = NULL;
    PBYTE codeBegin = NULL;
    BOOL isOk = FALSE;
    DWORD size = 0;
 
    ReadPEFile(file_path, &pFileBuffer);
    if (!pFileBuffer)
    {
        printf("文件->缓冲区失败");
        return;
    }
    /*FileBuffer->ImageBuffer*/
    CopyFileBufferToImageBuffer(pFileBuffer, &pImageBuffer);
    if (!pImageBuffer)
    {
        printf(" 复制文件到缓冲区失败");
        free(pFileBuffer);
        return;
    }
    pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;
    pPEHeader = (PIMAGE_FILE_HEADER)((DWORD)((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4);
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)(((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER);
    pSectionHeader = (PIMAGE_SECTION_HEADER)(((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER + pPEHeader->SizeOfOptionalHeader);
 
    pOptionHeader->SizeOfImage += 0x1000;
    pSectionHeader[pPEHeader->NumberOfSections - 1].Misc.VirtualSize += 0x1000;
    pSectionHeader[pPEHeader->NumberOfSections - 1].SizeOfRawData += 0x1000;
    size = CopyImageBufferToNewFileBuffer(pImageBuffer, &pNewBuffer);
 
    if (size == 0 || !pNewBuffer)
    {
        printf("存盘失败");
        free(pFileBuffer);
        free(pImageBuffer);
        free(pNewBuffer);
        return;
    }
 
    isOk = MemoryToFile(pNewBuffer, size, write_file_path);
    printf("MemoryToFile");
    if (isOk)
    {
        printf("存盘成功");
        return;
    }
    free(pFileBuffer);
    free(pImageBuffer);
    free(pNewBuffer);
 
    return;
}
VOID ExpansionSection()
{
    PVOID pFileBuffer = NULL;
    PVOID pImageBuffer = NULL;
    PVOID pNewBuffer = NULL;
    PVOID pNewImageBuffer = NULL;
 
    PIMAGE_DOS_HEADER pDosHeader = NULL;
    PIMAGE_FILE_HEADER pPEHeader = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeader = NULL;
    PIMAGE_SECTION_HEADER pSectionHeaderUP = NULL;
    PBYTE codeBegin = NULL;
    BOOL isOk = FALSE;
    DWORD size = 0;
 
    ReadPEFile(file_path, &pFileBuffer);
    if (!pFileBuffer)
    {
        printf("文件->缓冲区失败");
        return;
    }
    /*FileBuffer->ImageBuffer*/
    CopyFileBufferToImageBuffer(pFileBuffer, &pImageBuffer);
    if (!pImageBuffer)
    {
        printf(" 复制文件到缓冲区失败");
        free(pFileBuffer);
        return;
    }
    pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;
    pPEHeader = (PIMAGE_FILE_HEADER)((DWORD)((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4);
    pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)(((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER);
    pSectionHeader = (PIMAGE_SECTION_HEADER)(((DWORD)pImageBuffer + pDosHeader->e_lfanew) + 4 + IMAGE_SIZEOF_FILE_HEADER + pPEHeader->SizeOfOptionalHeader);
 
    pOptionHeader->SizeOfImage += 0x1000;
    pSectionHeader[pPEHeader->NumberOfSections - 1].Misc.VirtualSize += 0x1000;
    pSectionHeader[pPEHeader->NumberOfSections - 1].SizeOfRawData += 0x1000;
    size = CopyImageBufferToNewFileBuffer(pImageBuffer, &pNewBuffer);
 
    if (size == 0 || !pNewBuffer)
    {
        printf("存盘失败");
        free(pFileBuffer);
        free(pImageBuffer);
        free(pNewBuffer);
        return;
    }
 
    isOk = MemoryToFile(pNewBuffer, size, write_file_path);
    printf("MemoryToFile");
    if (isOk)
    {
        printf("存盘成功");

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 3
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//