-
-
[推荐]ModifyPE(ModifyPE图形版及原版,用于修复文件Checksum)
-
发表于: 2007-8-29 09:28
-
晕了,竟然发现看雪没有收录这种工具,偶来补充一下
工具转载自 深度技术论坛
主要用于修复文件的Checksum,一个应用就是在做系统盘美化系统文件时,安装过程中系统文件不能复制,就用这个修复文件的CRC信息来通过微软的检测,或者是修改SYS文件后系统无法启动用它来修复。
附件中提供两种版本:0.81原版,DOS界面、0.81图形界面,由 深度技术论坛 drag0n首发,但只是应用了 -c 一个参数而已。
用法
Modify PE v0.8 <c> 1999 metheus
Syntax: ModifyPE file [operation] [switches]
SWITCHES
-c Checksum File
-C Print Credits
-p Prevent Padding of Last Section
-v Verbose Output
OPERATIONS Only one can be used
-a sectionname length Add Physical Space
-A sectionname length Add Virtual Space
-d sectionname length Delete Physical Space
-D sectionname length Delete Virtual Space
-r alignment Realign Physical
-R alignment Realign Virtual
offset is relativ to Image Base
all number are to be entered and read in hex, of course ;)
e.g 12babe
原版描述:
DISCLAIMER
This software is provided "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantibility and fitness for a particular purpose are disclaimed. In no event shall the author be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
DESCRIPTION
Modify PE is a commandline tool, which can be used to manipulate the Header of PE-Executables. The tool has two main functions.
-realign the physical/virtual structure of a file (can be used to make executables smaller without packing)
-delete/add physical/virtual space in a section (can be used to add code to an executable)
The virtual/physical realignment are self explanatory and can be used by most people even if they know nothing about the PE Structure or Asm. Just be careful what alignment you choose, because there is no sanity check in the code. According to Microsoft Object Align must be a power of 2 between 512 and 256MB, File Align should be a power of 2 between 512 and 64KB.
But the second feature is the main reason i have written this tool. If you want to shrink or extend a section, there are a lot of RVAs (relativ virtual addresses) in the file which need patching. This is tedious to say the least, and if you dont know the PE Structure by heart you will certainly forget one RVA and corrupt the file. The tool takes care of patching all RVAs (hopefully ;) ). Only RVAs and the ObjectTable are patched nothing else.
If you delete/add phyiscal space, virtual space of the same size will also be deleted/added. The modified sections are aligned to object alignment and file alignment as specified in the PE Header.
EditPE copies the file to %root/temp/modifype.tmp. Then modifype.tmp get memmapped, and modified. If no error occurs the memmapped file is saved under the original filename. Therefore if a fatal error occurs and you didnt backup your file, the unmodified file can be found in the %root/temp folder and restored by hand.
USAGE
Type ModifyPE to get help.
There are no sanity checks on the parameters you enter, in order to give you more control. This means your file will get corrupted if you dont take care.
-v (verbose output)
If you specify verbose output, some status information will be printed to Standard Output. Changes in size are always printed as size increases, e.g. if the virtual size of the image decreases by 0x1000 you will get the output: Increase by: FFFFF000.
-p (prevent padding)
If you use physical realign, this switch prevents the padding of the last section to file alignment. A few bytes can be saved this way, but I am not sure the executable will run on every Win32 Platform.
LIMITATIONS
Files must be < 4 GB.
By using realign, holes in the virtual/phyiscal layout of the sections get deleted, e.g. the RVA of a section is 0x1000, virtual size of section is 0x2000, ObjectAlignment ist 0x2000 but the RVA of the next section is 0x6000 and not 0x4000. I do not know why the linker would leave such a hole in the virtual/physical section layout. Perhaps somebody has more information and could enlighten me.
NOTES
If FileAlignment is bigger than ObjectAlignment, the file will not run.
This is still a beta, and I know there are problems under Win95. Under WinNT it was tested and should run without trouble. I also lack information on the exact structure of the reloc section. There may be some RVAs my code does not patch.
HISTORY
01.09.99 v0.8, first official release (still beta version)
11.12.99 v0.81, bug fixes
CONTACT
metheus@gmx.net
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
