求救增加PE区块问题！！！-软件逆向-看雪-安全社区|安全招聘|kanxue.com

求救增加PE区块问题！！！

发表于: 2006-8-22 10:43 5592

求救增加PE区块问题！！！

liangjc

2006-8-22 10:43

5592

用ZeroAdd增加一个PE文件区块时，出现“There if not enough blank space in the PE header to insert the data for a new section。”提示，PE头空间不足，，不能增加区块，用LordPE工具查看BoundImport结构时，RVA和Size都是零的，为何不能增加一个新的区块呢？？希望高手门帮帮忙，，小弟不胜感激！！

[课程]Android-CTF解题方法汇总！

收藏・0

免费・0

支持

最新回复 (12)
kanxue 雪币： 44229 活跃值： (19965) 能力值： (RANK：350 ) 在线值：发帖 2369 回帖 17027 粉丝 528 关注私信	kanxue 8 2 楼估计是你PE头空间不足。你用十六进制打开你程序，将PE头这部分文本帖出来看看。 2006-8-22 17:30 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 3 楼用十六进制打开的PE头文件是这样子的。 [URL=http://rapidshare.de/files/30428727/1.jpg.html] 如果PE头文件空间不足什么样增加空间呢？ 2006-8-23 15:12 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 4 楼 PE头文件十六进制是这样子的： 00000000h: 4D 5A 40 00 01 00 00 00 02 00 04 00 FF FF 02 00 ; MZ@........... 00000010h: 40 00 00 00 0E 00 00 00 1C 00 00 00 00 00 00 00 ; @............... 00000020h: 57 69 6E 33 32 20 6F 6E 6C 79 21 0D 0A 24 0E B4 ; Win32 only!..$.? 00000030h: 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 ; .?..??L?@... 00000040h: 50 45 00 00 4C 01 07 00 42 DA 81 3C 5B 4C 6F 72 ; PE..L...B?<[Lor 00000050h: 64 50 45 5D E0 00 0F 01 0B 01 06 00 00 70 0F 00 ; dPE]?.......p.. 00000060h: 00 60 07 00 00 00 00 00 3F 0B 17 00 00 10 00 00 ; .`......?....... 00000070h: 00 80 0F 00 00 00 40 00 00 10 00 00 00 02 00 00 ; .?....@......... 00000080h: 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ; ................ 00000090h: DC 3F 18 00 00 08 00 00 00 00 00 00 02 00 00 00 ; ?.............. 000000a0h: 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ; ................ 000000b0h: 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000c0h: 00 10 18 00 2C 01 00 00 00 D0 12 00 C8 04 04 00 ; ....,....?.?.. 000000d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000100h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000110h: 00 00 00 00 00 00 00 00 2C 11 18 00 B4 07 00 00 ; ........,...?.. 00000120h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000130h: 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 01 49 ; .........text..I 00000140h: 00 70 0F 00 00 10 00 00 06 61 0F 00 00 08 00 00 ; .p.......a...... 00000150h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000160h: 2E 72 64 61 74 61 00 00 00 30 02 00 00 80 0F 00 ; .rdata...0...?.. 00000170h: DC 28 02 00 00 6A 0F 00 00 00 00 00 00 00 00 00 ; ?...j.......... 00000180h: 00 00 00 00 40 00 00 C0 2E 64 61 74 61 00 00 00 ; ....@..?data... 00000190h: 00 20 01 00 00 B0 11 00 10 80 00 00 00 94 11 00 ; . ...?..?...?. 000001a0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 000001b0h: 2E 72 73 72 63 00 00 00 00 10 04 00 00 D0 12 00 ; .rsrc........?. 000001c0h: 90 12 04 00 00 16 12 00 00 00 00 00 00 00 00 00 ; ?.............. 000001d0h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 000001e0h: 00 10 01 00 00 E0 16 00 00 10 01 00 00 2A 16 00 ; .....?......*.. 000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000200h: 2E 67 64 61 74 61 00 00 00 20 00 00 00 F0 17 00 ; .gdata... ...?. 如果PE头空间不足，，什么样增加PE头空间呢？ 2006-8-23 16:13 0
peaceclub 雪币： 255 活跃值： (207) 能力值： ( LV9，RANK：250 ) 在线值：发帖 59 回帖 967 粉丝 1 关注私信	peaceclub 6 5 楼 SizeOfImage: 0x00183FDC SizeOfHeaders: 0x00000800 试着扩大SizeOfHeaders至0x1000试试. 2006-8-23 16:50 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 6 楼我已经把SizeOfHeaders至0x1000了还是不行，，不知道为什么？？ 2006-8-23 17:40 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 7 楼为什么还不能增加区块？？昨天想了一个晚上还解决不了？有谁可以指导我一下呢？ 2006-8-24 08:42 0
kanxue 雪币： 44229 活跃值： (19965) 能力值： (RANK：350 ) 在线值：发帖 2369 回帖 17027 粉丝 528 关注私信	kanxue 8 8 楼先看看200h到800h之间是不是全为0. 试试将NumberOfSection改成6 2006-8-24 09:09 0
nbw 雪币： 339 活跃值： (1510) 能力值： ( LV13，RANK：970 ) 在线值：发帖 141 回帖 2842 粉丝 23 关注私信	nbw 24 9 楼估计是你的PE头里面没法插入新的table信息了。你直接把最后一个区段扩大就行了，没必要非增加一个新的节区。 2006-8-24 09:31 0
peaceclub 雪币： 255 活跃值： (207) 能力值： ( LV9，RANK：250 ) 在线值：发帖 59 回帖 967 粉丝 1 关注私信	peaceclub 6 10 楼建议你把文件传上来,让网友们帮你试试. 2006-8-24 17:33 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 11 楼 00000000h: 4D 5A 40 00 01 00 00 00 02 00 04 00 FF FF 02 00 ; MZ@........... 00000010h: 40 00 00 00 0E 00 00 00 1C 00 00 00 00 00 00 00 ; @............... 00000020h: 57 69 6E 33 32 20 6F 6E 6C 79 21 0D 0A 24 0E B4 ; Win32 only!..$.? 00000030h: 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 ; .?..??L?@... 00000040h: 50 45 00 00 4C 01 07 00 42 DA 81 3C 5B 4C 6F 72 ; PE..L...B?<[Lor 00000050h: 64 50 45 5D E0 00 0F 01 0B 01 06 00 00 70 0F 00 ; dPE]?.......p.. 00000060h: 00 60 07 00 00 00 00 00 3F 0B 17 00 00 10 00 00 ; .`......?....... 00000070h: 00 80 0F 00 00 00 40 00 00 10 00 00 00 02 00 00 ; .?....@......... 00000080h: 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ; ................ 00000090h: DC 4F 18 00 00 04 00 00 00 00 00 00 02 00 00 00 ; 芟.............. 000000a0h: 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ; ................ 000000b0h: 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000c0h: 00 10 18 00 2C 01 00 00 00 D0 12 00 C8 04 04 00 ; ....,....?.?.. 000000d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000100h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000110h: 00 00 00 00 00 00 00 00 2C 11 18 00 B4 07 00 00 ; ........,...?.. 00000120h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000130h: 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 ; .........text... 00000140h: 00 70 0F 00 00 10 00 00 06 61 0F 00 00 04 00 00 ; .p.......a...... 00000150h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000160h: 2E 72 64 61 74 61 00 00 00 30 02 00 00 80 0F 00 ; .rdata...0...?.. 00000170h: DC 28 02 00 00 66 0F 00 00 00 00 00 00 00 00 00 ; ?...f.......... 00000180h: 00 00 00 00 40 00 00 C0 2E 64 61 74 61 00 00 00 ; ....@..?data... 00000190h: 00 20 01 00 00 B0 11 00 10 80 00 00 00 90 11 00 ; . ...?..?...?. 000001a0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 000001b0h: 2E 72 73 72 63 00 00 00 00 10 04 00 00 D0 12 00 ; .rsrc........?. 000001c0h: 90 12 04 00 00 12 12 00 00 00 00 00 00 00 00 00 ; ?.............. 000001d0h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 000001e0h: 00 10 01 00 00 E0 16 00 00 10 01 00 00 26 16 00 ; .....?......&.. 000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000200h: 2E 67 64 61 74 61 00 00 00 20 00 00 00 F0 17 00 ; .gdata... ...?. 00000210h: 00 20 00 00 00 36 17 00 00 00 00 00 00 00 00 00 ; . ...6.......... 00000220h: 00 00 00 00 40 00 00 C0 2E 67 69 64 61 74 61 00 ; ....@..?gidata. 00000230h: DC 3F 00 00 00 10 18 00 DC 3F 00 00 00 56 17 00 ; ?......?...V.. 00000240h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 00000250h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 00000260h: 2E 72 73 72 63 00 00 00 C8 04 04 00 00 D0 12 00 ; .rsrc...?...?. 00000270h: 90 12 04 00 00 40 12 00 00 00 00 00 00 00 00 00 ; ?...@.......... 00000280h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 00000290h: D1 05 01 00 00 E0 16 00 00 10 01 00 00 60 16 00 ; ?...?......`.. 000002a0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 000002b0h: 2E 67 64 61 74 61 00 00 DC 17 00 00 00 F0 17 00 ; .gdata..?...?. 000002c0h: 00 20 00 00 00 70 17 00 00 00 00 00 00 00 00 00 ; . ...p.......... 000002d0h: 00 00 00 00 40 00 00 C0 2E 67 69 64 61 74 61 00 ; ....@..?gidata. 000002e0h: DC 3F 00 00 00 10 18 00 00 30 00 00 00 90 17 00 ; ?.......0...?. 000002f0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 由于前面我贴出来的PE头太少，，在诸位朋友热心的提醒下，，现在已经能够增加新的块，，我认为主要是：260h--2f0h不全为0，，重复出现前面已经建好的块，有七个块，，用工具来辅助增加块时，，可能是在第七块后面开始增加新的块，，由于该地址已经被占用，，所以出现头文件空间不足，，不能插入的现象，，把260h--2f0h全部清零后，，就可以增加新的区块了！！在此非常感谢各位朋友热心的帮助！！ 2006-8-25 09:00 0
usingasm 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 15 粉丝 0 关注私信	usingasm 12 楼最初由 kanxue* 发布* 先看看200h到800h之间是不是全为0. 试试将NumberOfSection改成6 200h到800h之间应该存放些什么东东?? 2006-8-26 10:43 0
CrackWang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	CrackWang 13 楼 topo 1.2不知道可不可以解决？我记得《加密与解密（第二版）》上有相关的说明的。 2006-8-26 10:56 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

liangjc

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (12)
kanxue 雪币： 44229 活跃值： (19965) 能力值： (RANK：350 ) 在线值：发帖 2369 回帖 17027 粉丝 528 关注私信	kanxue 8 2 楼估计是你PE头空间不足。你用十六进制打开你程序，将PE头这部分文本帖出来看看。 2006-8-22 17:30 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 3 楼用十六进制打开的PE头文件是这样子的。 [URL=http://rapidshare.de/files/30428727/1.jpg.html] 如果PE头文件空间不足什么样增加空间呢？ 2006-8-23 15:12 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 4 楼 PE头文件十六进制是这样子的： 00000000h: 4D 5A 40 00 01 00 00 00 02 00 04 00 FF FF 02 00 ; MZ@........... 00000010h: 40 00 00 00 0E 00 00 00 1C 00 00 00 00 00 00 00 ; @............... 00000020h: 57 69 6E 33 32 20 6F 6E 6C 79 21 0D 0A 24 0E B4 ; Win32 only!..$.? 00000030h: 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 ; .?..??L?@... 00000040h: 50 45 00 00 4C 01 07 00 42 DA 81 3C 5B 4C 6F 72 ; PE..L...B?<[Lor 00000050h: 64 50 45 5D E0 00 0F 01 0B 01 06 00 00 70 0F 00 ; dPE]?.......p.. 00000060h: 00 60 07 00 00 00 00 00 3F 0B 17 00 00 10 00 00 ; .`......?....... 00000070h: 00 80 0F 00 00 00 40 00 00 10 00 00 00 02 00 00 ; .?....@......... 00000080h: 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ; ................ 00000090h: DC 3F 18 00 00 08 00 00 00 00 00 00 02 00 00 00 ; ?.............. 000000a0h: 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ; ................ 000000b0h: 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000c0h: 00 10 18 00 2C 01 00 00 00 D0 12 00 C8 04 04 00 ; ....,....?.?.. 000000d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000100h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000110h: 00 00 00 00 00 00 00 00 2C 11 18 00 B4 07 00 00 ; ........,...?.. 00000120h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000130h: 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 01 49 ; .........text..I 00000140h: 00 70 0F 00 00 10 00 00 06 61 0F 00 00 08 00 00 ; .p.......a...... 00000150h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000160h: 2E 72 64 61 74 61 00 00 00 30 02 00 00 80 0F 00 ; .rdata...0...?.. 00000170h: DC 28 02 00 00 6A 0F 00 00 00 00 00 00 00 00 00 ; ?...j.......... 00000180h: 00 00 00 00 40 00 00 C0 2E 64 61 74 61 00 00 00 ; ....@..?data... 00000190h: 00 20 01 00 00 B0 11 00 10 80 00 00 00 94 11 00 ; . ...?..?...?. 000001a0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 000001b0h: 2E 72 73 72 63 00 00 00 00 10 04 00 00 D0 12 00 ; .rsrc........?. 000001c0h: 90 12 04 00 00 16 12 00 00 00 00 00 00 00 00 00 ; ?.............. 000001d0h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 000001e0h: 00 10 01 00 00 E0 16 00 00 10 01 00 00 2A 16 00 ; .....?......*.. 000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000200h: 2E 67 64 61 74 61 00 00 00 20 00 00 00 F0 17 00 ; .gdata... ...?. 如果PE头空间不足，，什么样增加PE头空间呢？ 2006-8-23 16:13 0
peaceclub 雪币： 255 活跃值： (207) 能力值： ( LV9，RANK：250 ) 在线值：发帖 59 回帖 967 粉丝 1 关注私信	peaceclub 6 5 楼 SizeOfImage: 0x00183FDC SizeOfHeaders: 0x00000800 试着扩大SizeOfHeaders至0x1000试试. 2006-8-23 16:50 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 6 楼我已经把SizeOfHeaders至0x1000了还是不行，，不知道为什么？？ 2006-8-23 17:40 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 7 楼为什么还不能增加区块？？昨天想了一个晚上还解决不了？有谁可以指导我一下呢？ 2006-8-24 08:42 0
kanxue 雪币： 44229 活跃值： (19965) 能力值： (RANK：350 ) 在线值：发帖 2369 回帖 17027 粉丝 528 关注私信	kanxue 8 8 楼先看看200h到800h之间是不是全为0. 试试将NumberOfSection改成6 2006-8-24 09:09 0
nbw 雪币： 339 活跃值： (1510) 能力值： ( LV13，RANK：970 ) 在线值：发帖 141 回帖 2842 粉丝 23 关注私信	nbw 24 9 楼估计是你的PE头里面没法插入新的table信息了。你直接把最后一个区段扩大就行了，没必要非增加一个新的节区。 2006-8-24 09:31 0
peaceclub 雪币： 255 活跃值： (207) 能力值： ( LV9，RANK：250 ) 在线值：发帖 59 回帖 967 粉丝 1 关注私信	peaceclub 6 10 楼建议你把文件传上来,让网友们帮你试试. 2006-8-24 17:33 0
liangjc 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 13 粉丝 0 关注私信	liangjc 11 楼 00000000h: 4D 5A 40 00 01 00 00 00 02 00 04 00 FF FF 02 00 ; MZ@........... 00000010h: 40 00 00 00 0E 00 00 00 1C 00 00 00 00 00 00 00 ; @............... 00000020h: 57 69 6E 33 32 20 6F 6E 6C 79 21 0D 0A 24 0E B4 ; Win32 only!..$.? 00000030h: 09 BA 00 00 1F CD 21 B8 01 4C CD 21 40 00 00 00 ; .?..??L?@... 00000040h: 50 45 00 00 4C 01 07 00 42 DA 81 3C 5B 4C 6F 72 ; PE..L...B?<[Lor 00000050h: 64 50 45 5D E0 00 0F 01 0B 01 06 00 00 70 0F 00 ; dPE]?.......p.. 00000060h: 00 60 07 00 00 00 00 00 3F 0B 17 00 00 10 00 00 ; .`......?....... 00000070h: 00 80 0F 00 00 00 40 00 00 10 00 00 00 02 00 00 ; .?....@......... 00000080h: 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ; ................ 00000090h: DC 4F 18 00 00 04 00 00 00 00 00 00 02 00 00 00 ; 芟.............. 000000a0h: 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 ; ................ 000000b0h: 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000c0h: 00 10 18 00 2C 01 00 00 00 D0 12 00 C8 04 04 00 ; ....,....?.?.. 000000d0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000e0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 000000f0h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000100h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000110h: 00 00 00 00 00 00 00 00 2C 11 18 00 B4 07 00 00 ; ........,...?.. 00000120h: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ; ................ 00000130h: 00 00 00 00 00 00 00 00 2E 74 65 78 74 00 00 00 ; .........text... 00000140h: 00 70 0F 00 00 10 00 00 06 61 0F 00 00 04 00 00 ; .p.......a...... 00000150h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000160h: 2E 72 64 61 74 61 00 00 00 30 02 00 00 80 0F 00 ; .rdata...0...?.. 00000170h: DC 28 02 00 00 66 0F 00 00 00 00 00 00 00 00 00 ; ?...f.......... 00000180h: 00 00 00 00 40 00 00 C0 2E 64 61 74 61 00 00 00 ; ....@..?data... 00000190h: 00 20 01 00 00 B0 11 00 10 80 00 00 00 90 11 00 ; . ...?..?...?. 000001a0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 000001b0h: 2E 72 73 72 63 00 00 00 00 10 04 00 00 D0 12 00 ; .rsrc........?. 000001c0h: 90 12 04 00 00 12 12 00 00 00 00 00 00 00 00 00 ; ?.............. 000001d0h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 000001e0h: 00 10 01 00 00 E0 16 00 00 10 01 00 00 26 16 00 ; .....?......&.. 000001f0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 00000200h: 2E 67 64 61 74 61 00 00 00 20 00 00 00 F0 17 00 ; .gdata... ...?. 00000210h: 00 20 00 00 00 36 17 00 00 00 00 00 00 00 00 00 ; . ...6.......... 00000220h: 00 00 00 00 40 00 00 C0 2E 67 69 64 61 74 61 00 ; ....@..?gidata. 00000230h: DC 3F 00 00 00 10 18 00 DC 3F 00 00 00 56 17 00 ; ?......?...V.. 00000240h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 00000250h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 00000260h: 2E 72 73 72 63 00 00 00 C8 04 04 00 00 D0 12 00 ; .rsrc...?...?. 00000270h: 90 12 04 00 00 40 12 00 00 00 00 00 00 00 00 00 ; ?...@.......... 00000280h: 00 00 00 00 40 00 00 40 2E 67 74 69 64 65 00 00 ; ....@..@.gtide.. 00000290h: D1 05 01 00 00 E0 16 00 00 10 01 00 00 60 16 00 ; ?...?......`.. 000002a0h: 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 E0 ; ............ ..? 000002b0h: 2E 67 64 61 74 61 00 00 DC 17 00 00 00 F0 17 00 ; .gdata..?...?. 000002c0h: 00 20 00 00 00 70 17 00 00 00 00 00 00 00 00 00 ; . ...p.......... 000002d0h: 00 00 00 00 40 00 00 C0 2E 67 69 64 61 74 61 00 ; ....@..?gidata. 000002e0h: DC 3F 00 00 00 10 18 00 00 30 00 00 00 90 17 00 ; ?.......0...?. 000002f0h: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 ; ............@..? 由于前面我贴出来的PE头太少，，在诸位朋友热心的提醒下，，现在已经能够增加新的块，，我认为主要是：260h--2f0h不全为0，，重复出现前面已经建好的块，有七个块，，用工具来辅助增加块时，，可能是在第七块后面开始增加新的块，，由于该地址已经被占用，，所以出现头文件空间不足，，不能插入的现象，，把260h--2f0h全部清零后，，就可以增加新的区块了！！在此非常感谢各位朋友热心的帮助！！ 2006-8-25 09:00 0
usingasm 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 0 回帖 15 粉丝 0 关注私信	usingasm 12 楼最初由 kanxue* 发布* 先看看200h到800h之间是不是全为0. 试试将NumberOfSection改成6 200h到800h之间应该存放些什么东东?? 2006-8-26 10:43 0
CrackWang 雪币： 200 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	CrackWang 13 楼 topo 1.2不知道可不可以解决？我记得《加密与解密（第二版）》上有相关的说明的。 2006-8-26 10:56 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复