能力值:
( LV2,RANK:10 )
|
-
-
2 楼
我也是DELPHI爱好者看看
|
能力值:
( LV13,RANK:810 )
|
-
-
3 楼
你设置了PE段数但是没有设置总内存空间
lpNtHeaders^.FileHeader.NumberOfSections
lpNtHeaders^.OptionalHeader.SizeOfImage
---老大。。。对称式编码好好学习一下。看的晕头转向
又是流又是HASH的。。。
第一个段。。。的定位不太正规
lpNtHeaders^.FileHeader.SizeOfOptionalHeader---使用这个进行计算
lpSectionHeader := PImageSectionHeader(DWORD(lpNtHeaders) + SizeOf(DWORD) + SizeOf(TImageFileHeader) + lpNtHeaders^.FileHeader.SizeOfOptionalHeader);
对Delphi不熟。。只能用一些很原始的方法写
贴个以前写的
// 给PE添加一个新节
function AddPeFileSection(lpszFileName: PChar; lpszSectionName: PChar; lpAddFileData: Pointer; dwDataSize: DWORD): Boolean;
var
bResult: Boolean;
hFile: THandle;
dwFileSize, dwFileDataSize, dwBytes: DWORD;
lpFileData: Pointer;
lpNtHeaders: PImageNtHeaders;
lpSectionHeader: PImageSectionHeader;
stNewSectionHeader: TImageSectionHeader;
begin
Result := False;
hFile := CreateFile(lpszFileName, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile = INVALID_HANDLE_VALUE) then Exit;
dwFileSize := GetFileSize(hFile, nil);
lpFileData := Pointer(GlobalAlloc(GMEM_FIXED, dwFileSize));
if (lpFileData = nil) then Exit;
bResult := ReadFile(hFile, lpFileData^, dwFileSize, dwBytes, nil);
CloseHandle(hFile);
if Not bResult then Exit;
// 验证PE结构
if (PImageDosHeader(lpFileData)^.e_magic <> IMAGE_DOS_SIGNATURE) then
begin
GlobalFree(DWORD(lpFileData));
Exit;
end;
lpNtHeaders := PImageNtHeaders(DWORD(lpFileData) + DWORD(PImageDosHeader(lpFileData)^._lfanew));
if (lpNtHeaders^.Signature <> IMAGE_NT_SIGNATURE) then
begin
GlobalFree(DWORD(lpFileData));
Exit;
end;
// 读取最后一个段数据
lpSectionHeader := PImageSectionHeader(DWORD(lpNtHeaders) + SizeOf(DWORD) + SizeOf(TImageFileHeader) + lpNtHeaders^.FileHeader.SizeOfOptionalHeader);
lpSectionHeader := PImageSectionHeader(DWORD(lpSectionHeader) + (SizeOf(TImageSectionHeader) * (DWORD(lpNtHeaders^.FileHeader.NumberOfSections)- 1)));
// 设置段属性-以DATA为标准
dwFileDataSize := GetAlignedSize(dwDataSize, lpNtHeaders^.OptionalHeader.FileAlignment);
ZeroMemory(@stNewSectionHeader, SizeOf(TImageSectionHeader));
lstrcpyn(@stNewSectionHeader.Name[0], lpszSectionName, 8);
stNewSectionHeader.VirtualAddress := lpSectionHeader^.VirtualAddress + lpNtHeaders^.OptionalHeader.SectionAlignment;
stNewSectionHeader.Misc.VirtualSize := (dwFileDataSize div lpNtHeaders^.OptionalHeader.FileAlignment) * lpNtHeaders^.OptionalHeader.SectionAlignment;
stNewSectionHeader.SizeOfRawData := dwFileDataSize;
stNewSectionHeader.PointerToRawData := lpSectionHeader^.SizeOfRawData + lpSectionHeader^.PointerToRawData;
stNewSectionHeader.Characteristics := $C0000040;
CopyMemory(Pointer(DWORD(lpSectionHeader) + SizeOf(TImageSectionHeader)), @stNewSectionHeader, SizeOf(TImageSectionHeader));
// 设置PE空间&段数量
lpNtHeaders^.FileHeader.NumberOfSections := lpNtHeaders.FileHeader.NumberOfSections + 1;
lpNtHeaders^.OptionalHeader.SizeOfImage := lpNtHeaders^.OptionalHeader.SizeOfImage + stNewSectionHeader.Misc.VirtualSize;
// 填充数据
dwFileSize := dwFileSize + dwFileDataSize;
lpFileData := Pointer(GlobalReAlloc(DWORD(lpFileData), dwFileSize, GMEM_FIXED or GMEM_MOVEABLE or GMEM_ZEROINIT));
if (lpFileData = nil) then Exit;
hFile := CreateFile(lpszFileName, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile = INVALID_HANDLE_VALUE) then Exit;
bResult := WriteFile(hFile, lpFileData^, dwFileSize, dwBytes, nil);
if (bResult) then
begin
SetFilePointer(hFile, dwFileSize - dwFileDataSize, nil, FILE_BEGIN);
bResult := WriteFile(hFile, lpAddFileData^, dwDataSize, dwBytes, nil);
if (bResult) then
begin
Result := True;
end;
end;
GlobalFree(DWORD(lpFileData));
CloseHandle(hFile);
end;
|
能力值:
( LV9,RANK:420 )
|
-
-
4 楼
我是来膜拜强大的女王的,哦也~
|