[分享]我写的AddSection源码，希望对各位学习PE格式有点用-编程技术-看雪-安全社区|安全招聘|kanxue.com

[分享]我写的AddSection源码，希望对各位学习PE格式有点用

发表于: 2009-4-8 13:45 11648

[分享]我写的AddSection源码，希望对各位学习PE格式有点用

moonife

2009-4-8 13:45

11648

主要功能是给pe文件增加一个节（像记事本有绑定输入结构的先清0，在增加节，ZeroAdd，topo对这些程序的处理会出错），然后把数据文件写入新节，例子见我写的另一篇“PEDIY技术之新思路（一）”文章，希望各位指出不足之处，并加以完善，谢谢了！部分代码来自cyclotron大虾写的pelibrary，特别感谢！
----------------------------------------------------AddSection.asm------------------------------------------------------------------------
;***********************************************************************
.586
.model flat,stdcall
option casemap:none
;***********************************************************************
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
include Comdlg32.inc
includelib Comdlg32.lib
;***********************************************************************
IDD_DLGMain equ 1000
IDC_BDesFile equ 1001
IDC_EDesFile equ 1003
IDC_EScnName equ 1005
IDC_BData equ 1007
IDC_EData equ 1008
IDC_EScnSize equ 1009
IDC_CHKWrite equ 1012
IDC_CHKUpEntry equ  1013
IDC_EEntry equ 1017
IDC_EBase equ 1019
IDC_EScnNum equ 1021
IDC_EVOffset equ 1023
IDC_EFOffset equ 1025
IDC_ERSize equ 1027
IDC_BAbout equ 1029
IDC_BMake equ 1030
IDC_BExit equ 1031
ICO_ICON  equ 1045
;***********************************************************************
.data?
hInstance dd ?
hWinMain dd ?
hInFile dd  ?
hInDataFile dd ?
hOutFile  dd  ?
dwFileSize  dd  ?
dwDataFileSize dd ?
lpDataHead  dd ?
lpBytesRead  dd  ?
dwNewEntry  dd ?
lpPeHeader  dd  ?
lpFileHeader  dd  ?
szDesFileName db MAX_PATH dup (?)
szDataFileName db MAX_PATH dup (?)
szBuffer  db 100 dup(?)
dwNewScnSize dd ?
UpEntryFlag  dd ?
szNewSectionName  db  8 dup(?)
WriteDataFlag dd ?
IsPe  dd ?

PE_INFO  struct
  dwEntryPointRVA  dd  ?
  dwImageBase  dd  ?
  dwNumberOfSections  dd  ?
PE_INFO  ends

SCN_INFO  struct
  dwVirtualSize  dd  ?
  dwVirtualAddress  dd  ?
  dwRawSize  dd  ?
  dwRawAddress  dd  ?
  dwCharacteristics  dd  ?
SCN_INFO  ends

EXTRADATA_INFO  struct
  dwRawAddress  dd  ?
  dwSize dd  ?
  lpExtraData  dd  ?
EXTRADATA_INFO  ends

OrglastScainfo  SCN_INFO  <>
NewScnInfo SCN_INFO <>
PeInfo PE_INFO <>
ExtraData    EXTRADATA_INFO  <>
.data
szCaption db  'Info',0
szText db  '成功完成',0
ScnFlagsDefault    dd 0E0000020h
szAbout db ' AddSection 1.0',0dh,0ah
      db '    by:moonife',0dh,0ah
      db ' QQ:765496322',0dh,0ah
      db 'E-mail:moonife@163.com',0
szAboutCaption db 'About',0
szFilter  db 'All Files(*.*)',0,'*.*',0,0
szNotPe  db '不是PE文件，请重新选择！',0
szNotPeCap db 'Error',0
szNoFile  db '请先选择PE文件',0
szScnSize db  '请填写字节大小',0
szScnName db  '请填写节区名字',0
szData  db  '请先选择数据文件',0
szFormat  db '%lXh',0
;***********************************************************************
.code
;>>>>>>>>>>>>>>>
ErrorReport  proc
invoke  MessageBox,NULL,offset szText,offset szCaption,MB_ICONERROR or MB_OK
ret
ErrorReport  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_OpenFile proc  @lpFileName:dword
local @stOF:OPENFILENAME

invoke RtlZeroMemory,addr @stOF,sizeof @stOF
mov @stOF.lStructSize,sizeof @stOF
push hWinMain
pop @stOF.hwndOwner
mov @stOF.lpstrFilter,offset szFilter
push @lpFileName
pop @stOF.lpstrFile
mov @stOF.nMaxFile,MAX_PATH
mov @stOF.Flags,OFN_FILEMUSTEXIST or OFN_PATHMUSTEXIST
invoke GetOpenFileName,addr @stOF
ret

_OpenFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
InitFileMap  proc ;把文件映射到内存，然后进行处理 return 0 or 1
  invoke  CreateFile,addr szDesFileName,\
                     GENERIC_READ,\
                     FILE_SHARE_READ,\
                     NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,\
                     NULL
  .if  eax == INVALID_HANDLE_VALUE
mov  eax,FALSE
ret
  .else
mov  hInFile,eax
  .endif
  invoke  GetFileSize,hInFile,NULL
  mov  dwFileSize,eax
  invoke  VirtualAlloc,NULL,eax,MEM_COMMIT,PAGE_READWRITE
  mov  lpFileHeader,eax
  invoke  ReadFile,hInFile,eax,dwFileSize,offset lpBytesRead,NULL
  .if  eax != 0
mov  eax,TRUE
  .else
mov  eax,FALSE
  .endif
  ret
InitFileMap  endp
;>>>>>>>>>>>>>>>>>>>
InitDataFile proc
invoke  CreateFile,addr szDataFileName,\
                     GENERIC_READ,\
                     FILE_SHARE_READ,\
                     NULL,OPEN_EXISTING,FILE_ATTRIBUTE_ARCHIVE,\
                     NULL
  .if  eax == INVALID_HANDLE_VALUE
mov  eax,FALSE
ret
  .else
mov  hInDataFile,eax
  .endif
  invoke  GetFileSize,hInDataFile,NULL
  mov  dwDataFileSize,eax
  invoke  VirtualAlloc,NULL,eax,MEM_COMMIT,PAGE_READWRITE
  mov  lpDataHead,eax
  invoke  ReadFile,hInDataFile,eax,dwDataFileSize,offset lpBytesRead,NULL
  .if  eax != 0
mov  eax,TRUE
  .else
mov  eax,FALSE
  .endif
  ret
InitDataFile  endp
;>>>>>>>>>>>>>>>>>>>>>
CheckPEValidity  proc  uses esi    ;判断是否为pe文件 return  1 or 0
  mov  esi,lpFileHeader
  .if  word ptr [esi] == IMAGE_DOS_SIGNATURE
assume  esi:ptr IMAGE_DOS_HEADER
add  esi,[esi].e_lfanew
assume  esi:nothing
.if  word ptr [esi] == IMAGE_NT_SIGNATURE
   mov  lpPeHeader,esi
.else
   mov  eax,FALSE
   ret
.endif
  .else
mov  eax,FALSE
ret
  .endif
  mov  eax,TRUE
  ret
CheckPEValidity  endp
;>>>>>>>>>>>>>>>>>>>>>>
GetPeInfo  proc  uses esi edi @lpPeInfo:DWORD ;获取pe基本信息
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  mov  edi,@lpPeInfo
  assume  edi:ptr PE_INFO
  push  [esi].OptionalHeader.AddressOfEntryPoint
  pop  [edi].dwEntryPointRVA
  push  [esi].OptionalHeader.ImageBase
  pop  [edi].dwImageBase
  mov  ax,[esi].FileHeader.NumberOfSections
  cwd
  mov  [edi].dwNumberOfSections,eax
  assume  esi:nothing
  assume  edi:nothing
  ret
GetPeInfo  endp
;>>>>>>>>>>>>>>>>>>>>>>>>
CloseFileMap  proc  @lpFileHeader:DWORD ,@hInFile:dword ;释放文件影像 return 1 or 0
  invoke  VirtualFree,@lpFileHeader,0,MEM_RELEASE
  .if  eax==0
            mov  eax,FALSE
               ret
  .endif
  mov  @lpFileHeader,0
      invoke  CloseHandle,@hInFile
      mov  @hInFile,0
      mov  eax,TRUE
      ret
CloseFileMap  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 更新入口点RVA，返回值为原入口点RVA
UpdateEntryPoint  proc  uses esi @dwNewEntryPoint:dword  ;Return OEP
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  mov  eax,[esi].OptionalHeader.AddressOfEntryPoint
  add eax,[esi].OptionalHeader.ImageBase
  push  @dwNewEntryPoint
  pop  [esi].OptionalHeader.AddressOfEntryPoint
  assume  esi:nothing
  ret
UpdateEntryPoint  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 将输入双字按磁盘文件对齐值对齐
AlignFile  proc  uses ecx edx esi @OrgSize:dword
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  mov  ecx,[esi].OptionalHeader.FileAlignment
  assume  esi:nothing
  mov  eax,@OrgSize
  cdq
  div  ecx
  .if  edx != 0
inc  eax
  .endif
  mul  ecx
  ret
AlignFile  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 将输入双字按区块对齐值对齐
AlignScn  proc  uses ecx edx esi @OrgSize:dword
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  mov  ecx,[esi].OptionalHeader.SectionAlignment
  assume  esi:nothing
  mov  eax,@OrgSize
  cdq
  div  ecx
  .if  edx != 0
inc  eax
  .endif
  mul  ecx
  ret
AlignScn  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 取得指定区块的信息，0表示最后一个区块，同时如果输入区块序号大于区块数，也取得最后一个区块的信息
GetScnInfo  proc  uses ecx edx esi edi @nScn:dword,@lpScnInfo:dword
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  xor  ecx,ecx
  mov  cx,[esi].FileHeader.NumberOfSections
  add  esi,sizeof IMAGE_NT_HEADERS
  .if  @nScn == 0 || @nScn > ecx
dec  ecx
mov  @nScn,0
  .else
mov  ecx,@nScn
dec  ecx
  .endif
  mov  eax,sizeof IMAGE_SECTION_HEADER
  mul  ecx
  add  esi,eax
  assume  esi:ptr IMAGE_SECTION_HEADER
  mov  edi,@lpScnInfo
  assume  edi:ptr SCN_INFO
  push  [esi].Misc.VirtualSize
  pop  [edi].dwVirtualSize
  push  [esi].VirtualAddress
  pop  [edi].dwVirtualAddress
  push  [esi].SizeOfRawData
  pop  [edi].dwRawSize
  mov  eax,[esi].PointerToRawData
  mov  [edi].dwRawAddress,eax
  push  [esi].Characteristics
  pop  [edi].dwCharacteristics
  .if  @nScn == 0
mov  eax,FALSE
  .else
mov  eax,TRUE
  .endif
  assume  esi:nothing
  assume  edi:nothing
  ret
GetScnInfo  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 增加一个区块的块头信息，可以指定区块名称、大小和属性，同时更新NumberOfSections字段和ImageSize字段
AddSection  proc  uses ebx ecx edx esi edi @szScnName:dword,@dwSize:dword,@dwCharacteristics:dword
  local  @stNewScnInfo:SCN_INFO
  local  @dwImageSize
  xor eax,eax
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  lea  ebx,[esi].OptionalHeader.DataDirectory\
   [IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT*sizeof IMAGE_DATA_DIRECTORY]
  mov  edi,[ebx]
  .if  edi != 0
add  edi,lpFileHeader
mov  ecx,[ebx+4]
rep  stosb
mov  edi,ebx
mov  ecx,sizeof IMAGE_DATA_DIRECTORY
rep  stosb
  .endif
  xor  ecx,ecx
  mov  cx,[esi].FileHeader.NumberOfSections
  add  esi,sizeof IMAGE_NT_HEADERS
  assume  esi:ptr IMAGE_SECTION_HEADER
  mov  edi,[esi].PointerToRawData
  add  edi,lpFileHeader
  mov  eax,sizeof IMAGE_SECTION_HEADER
  mul  ecx
  add  esi,eax
  add  esi,sizeof IMAGE_SECTION_HEADER
  .if  esi <= edi
sub  esi,sizeof IMAGE_SECTION_HEADER
invoke  GetScnInfo,0, addr @stNewScnInfo
push  @dwSize
pop  [esi].Misc.VirtualSize
mov  eax,@stNewScnInfo.dwVirtualSize
;mov  eax,@dwSize
invoke  AlignScn,eax
add  eax,@stNewScnInfo.dwVirtualAddress
mov dwNewEntry,eax
mov  [esi].VirtualAddress,eax
add  eax,@dwSize
mov  @dwImageSize,eax
invoke  AlignFile,@dwSize
mov  [esi].SizeOfRawData,eax
mov  eax,@stNewScnInfo.dwRawSize
invoke  AlignFile,eax
add  eax,@stNewScnInfo.dwRawAddress
mov  [esi].PointerToRawData,eax
push  @dwCharacteristics
pop  [esi].Characteristics
mov  edi,@szScnName
xchg  esi,edi
mov  ecx,8
rep  movsb
mov  esi,lpPeHeader
assume  esi:ptr IMAGE_NT_HEADERS
inc  [esi].FileHeader.NumberOfSections
push  @dwImageSize
;push 0C000h
pop  [esi].OptionalHeader.SizeOfImage
mov  eax,TRUE
  .else
mov  eax,FALSE
  .endif
  assume  esi:nothing
  assume  edi:nothing
  ret
AddSection  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 取得附加数据的信息
GetExtraDataInfo  proc  uses ecx edx esi @lpExtraDataInfo:dword
  mov  esi,lpPeHeader
  assume  esi:ptr IMAGE_NT_HEADERS
  xor  ecx,ecx
  mov  cx,[esi].FileHeader.NumberOfSections
  add  esi,sizeof IMAGE_NT_HEADERS
  mov  eax,sizeof IMAGE_SECTION_HEADER
  dec  ecx
  mul  ecx
  add  esi,eax
  assume  esi:ptr IMAGE_SECTION_HEADER
  mov  edx,[esi].PointerToRawData
  add  edx,[esi].SizeOfRawData
  push  edx
  invoke  GetFileSize,hInFile,NULL
  pop  edx
  mov  esi,@lpExtraDataInfo
  assume  esi:ptr EXTRADATA_INFO
  .if  eax > edx
mov  [esi].dwRawAddress,edx
sub  eax,edx
mov  [esi].dwSize,eax
add  edx,lpFileHeader
mov  [esi].lpExtraData,edx
mov  eax,TRUE
  .else
mov  [esi].dwRawAddress,0
mov  eax,FALSE
  .endif
  assume  esi:nothing
  ret
GetExtraDataInfo  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 输出文件命名为xxx@.exe，并创建该文件，返回值为该文件的句柄
CreateOutFile  proc  uses ecx edi
  lea  edi,szDesFileName
  xor  ecx,ecx
  dec  ecx
  mov  al,'.'
  repnz  scasb
  dec  edi
  mov  al,'@'
  stosb
  mov  eax,'exe.'
  stosd
  xor  al,al
  stosb
  invoke  CreateFile,offset szDesFileName,GENERIC_READ or GENERIC_WRITE,\
      FILE_SHARE_READ,\
      NULL,CREATE_ALWAYS,\
      FILE_ATTRIBUTE_NORMAL,NULL
  .if  eax == INVALID_HANDLE_VALUE
mov  eax,FALSE
.else
mov  hOutFile,eax
  .endif
  ret
CreateOutFile  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 在新文件中写入新增区块并补上附加数据
AppendScnCode  proc  uses ebx esi edi @lpOrgLastScnInfo:dword,@lpExtraDataInfo:dword,\
      @lpNewScnData:dword,@dwNewScnSize:dword
  local  lpBytesWritten:dword

  mov  esi,@lpOrgLastScnInfo
  assume  esi:ptr SCN_INFO
  mov  ebx,[esi].dwRawSize
  add  ebx,[esi].dwRawAddress
  invoke  WriteFile,hOutFile,lpFileHeader,ebx,addr lpBytesWritten,NULL
  invoke  AlignFile,@dwNewScnSize
  mov  ebx,eax
  invoke  WriteFile,hOutFile,@lpNewScnData,ebx,addr lpBytesWritten,NULL
  mov  edi,@lpExtraDataInfo
  assume  edi:ptr EXTRADATA_INFO
  .if  [edi].dwRawAddress != 0
invoke  WriteFile,hOutFile,[edi].lpExtraData,[edi].dwSize,addr lpBytesWritten,NULL
  .endif
  invoke  SetEndOfFile,hOutFile
  assume  esi:nothing
  assume  edi:nothing
  ret
AppendScnCode  endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_windowcenter proc uses ebx edi esi hWnd
local @DlgHeight,@DlgWidth,@x,@y
local @DlgRect:RECT,@DesktopRect:RECT
local @hwindow
invoke GetWindowRect,hWnd,addr @DlgRect
invoke GetDesktopWindow
mov @hwindow,eax
invoke GetWindowRect,@hwindow,addr @DesktopRect
xor eax,eax
mov eax,@DlgRect.bottom
sub eax,@DlgRect.top
mov @DlgHeight,eax
xor eax,eax
mov eax,@DlgRect.right
sub eax,@DlgRect.left
mov @DlgWidth,eax
xor eax,eax
mov eax,@DesktopRect.left
add eax,@DesktopRect.right
sub eax,@DlgWidth
sar eax,1
mov @x,eax
xor eax,eax
mov eax,@DesktopRect.top
add eax,@DesktopRect.bottom
sub eax,@DlgHeight
sar eax,1
mov @y,eax
invoke MoveWindow,hWnd,@x,@y,@DlgWidth,@DlgHeight,FALSE
mov eax,TRUE
ret
_windowcenter endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_ICON
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke _windowcenter,hWnd
push hWnd
pop  hWinMain
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDC_BExit
invoke CloseFileMap,lpFileHeader,hInFile
         invoke CloseFileMap,lpDataHead,hInDataFile
invoke EndDialog,hWnd,NULL
.elseif ax==IDC_BDesFile
invoke _OpenFile,addr szDesFileName
mov eax,DWORD ptr szDesFileName
.if eax
invoke SetDlgItemText,hWnd,IDC_EDesFile,addr szDesFileName
invoke InitFileMap
invoke  CheckPEValidity
.if !eax
invoke MessageBox,hWnd,addr szNotPe,addr szNotPeCap,MB_OK or MB_ICONERROR
.else
mov IsPe,1
invoke  GetPeInfo,addr PeInfo
invoke wsprintf,addr szBuffer,addr szFormat,PeInfo.dwEntryPointRVA
invoke  SetDlgItemText,hWnd,IDC_EEntry,addr szBuffer
invoke wsprintf,addr szBuffer,addr szFormat,PeInfo.dwImageBase
invoke  SetDlgItemText,hWnd,IDC_EBase,addr szBuffer
invoke  SetDlgItemInt,hWnd,IDC_EScnNum,PeInfo.dwNumberOfSections,FALSE
.endif
.endif
.elseif ax==IDC_BData
invoke _OpenFile,addr szDataFileName
invoke SetDlgItemText,hWnd,IDC_EData,addr szDataFileName
.elseif ax==IDC_CHKWrite
invoke IsDlgButtonChecked,hWnd,IDC_CHKWrite
.if eax == BST_CHECKED
mov WriteDataFlag,TRUE
mov ebx,0
.else
mov WriteDataFlag,FALSE
mov ebx,1
.endif
invoke GetDlgItem,hWnd,IDC_EScnSize
;not WriteDataFlag
invoke EnableWindow,eax, ebx
.elseif  ax==IDC_CHKUpEntry
invoke IsDlgButtonChecked,hWnd,IDC_CHKUpEntry
.if eax == BST_CHECKED
mov UpEntryFlag,TRUE
.else
mov UpEntryFlag,FALSE
.endif
.elseif ax==IDC_BMake
mov eax,DWORD ptr szDesFileName
.if !eax || !IsPe    invoke MessageBox,hWnd,addr szNoFile,addr szNotPeCap,MB_OK or MB_ICONERROR
.else
invoke  GetScnInfo,0, addr OrglastScainfo
invoke  GetDlgItemText,hWnd,IDC_EScnName,addr szNewSectionName,8
.if !eax
invoke MessageBox,hWnd,addr szScnName,addr szNotPeCap,MB_OK or MB_ICONERROR
mov eax,TRUE
ret
.endif
.if !WriteDataFlag
invoke GetDlgItemInt,hWnd,IDC_EScnSize,NULL,FALSE
.if !eax
invoke MessageBox,hWnd,addr szScnSize,addr szNotPeCap,MB_OK or MB_ICONERROR
mov eax,TRUE
ret
.endif
mov dwNewScnSize,eax
.else
mov eax,DWORD ptr szDataFileName
.if !eax
invoke MessageBox,hWnd,addr szData,addr szNotPeCap,MB_OK or MB_ICONERROR
mov eax,TRUE
ret
.endif
invoke  InitDataFile
push  dwDataFileSize
pop dwNewScnSize
.endif
         invoke AddSection,offset szNewSectionName,dwNewScnSize,ScnFlagsDefault
         invoke GetExtraDataInfo,offset ExtraData
         .if UpEntryFlag
            invoke  UpdateEntryPoint,dwNewEntry
         .endif
         invoke  CreateOutFile
         invoke AppendScnCode,offset OrglastScainfo,offset ExtraData,lpDataHead,dwNewScnSize
         invoke GetScnInfo,0,addr NewScnInfo
         invoke wsprintf,addr szBuffer,addr szFormat,NewScnInfo.dwVirtualAddress
invoke  SetDlgItemText,hWnd,IDC_EVOffset,addr szBuffer
invoke wsprintf,addr szBuffer,addr szFormat,NewScnInfo.dwRawAddress
invoke  SetDlgItemText,hWnd,IDC_EFOffset,addr szBuffer
invoke wsprintf,addr szBuffer,addr szFormat,NewScnInfo.dwVirtualSize
invoke  SetDlgItemText,hWnd,IDC_ERSize,addr szBuffer
         invoke MessageBox,hWnd,addr szText,addr szCaption,MB_OK
         .endif
.elseif ax==IDC_BAbout
invoke MessageBox,hWnd,addr szAbout,addr szAboutCaption,MB_OK or MB_ICONINFORMATION
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret

_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,IDD_DLGMain,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
------------------------------------------------------the end-------------------------------------------------------------------------------------
ps：附件中文件有：AddSection.asm ，AddSection.rc ，AddSection.exe，Main.ico

登录后可查看完整内容

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)

上传的附件：

AddSection.rar （10.04kb，185次下载）

收藏・15

免费・7

支持

最新回复 (16)
dsjHZAHfaf 雪币： 148 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 29 回帖 391 粉丝 0 关注私信	dsjHZAHfaf 2 楼 set path=\masm32\bin;%path% set include=\masm32\include ml /c /coff /nologo addsection.asm rc addsection.rc set lib=\masm32\lib link /subsystem:windows /nologo addsection.obj addsection.res works fine. great work. thanks to topic owner. 2009-4-8 13:52 0
moonife 雪币： 370 活跃值： (52) 能力值： ( LV13，RANK：350 ) 在线值：发帖 133 回帖 852 粉丝 5 关注私信	moonife 8 3 楼谢谢指正，已经修改了，include xlib.inc 只是多余代码，去了就好 2009-4-8 14:08 0
我是土匪雪币： 546 活跃值： (1662) 能力值： ( LV12，RANK：210 ) 在线值：发帖 75 回帖 787 粉丝 7 关注私信	我是土匪 4 4 楼学习，多谢楼主分享。 2009-4-13 10:05 0
kmlch 雪币： 411 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 220 粉丝 0 关注私信	kmlch 5 楼不错，谢谢楼主moonife的分享。 2009-4-13 11:31 0
Fido 雪币： 107 活跃值： (404) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 1019 粉丝 1 关注私信	Fido 6 楼 IDD_DLGMain equ 1000 喜欢直接写数字 2009-4-13 13:00 0
himcrack 雪币： 264 活跃值： (11) 能力值： ( LV9，RANK：250 ) 在线值：发帖 8 回帖 194 粉丝 1 关注私信	himcrack 6 7 楼话说赛亚人的 PELib也是十分方便的.. 2009-4-15 21:50 0
雪山飞壶雪币： 400 活跃值： (78) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 15 粉丝 0 关注私信	雪山飞壶 8 楼谢谢楼主，学习拉～～～！ 2009-5-8 06:37 0
onbadday 雪币： 293 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 169 粉丝 0 关注私信	onbadday 9 楼好，学习了！ 2009-5-10 11:11 0
古月胡雪币： 238 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 96 粉丝 0 关注私信	古月胡 10 楼支持开源，好好向LZ学习 2009-5-15 10:27 0
riusksk 雪币： 433 活跃值： (1870) 能力值： ( LV17，RANK：1820 ) 在线值：发帖 169 回帖 2648 粉丝 260 关注私信	riusksk 41 11 楼 Support! 2009-10-9 18:26 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 12 楼 Sorry that i post english here!! I have found this thread and this source This is very good I have only a one problem can any translate this source in english please Greets, 2009-11-22 16:28 0
sndosej 雪币： 253 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 171 粉丝 0 关注私信	sndosej 13 楼 hi， There are Very few Chinese characters in the source code， You can use Google to translating. szText db 'successful completion', 0 ScnFlagsDefault dd 0E0000020h szAbout db 'AddSection 1.0', 0dh, 0ah db 'by: moonife', 0dh, 0ah db 'QQ: 765496322', 0dh, 0ah db 'E-mail: moonife@163.com', 0 szAboutCaption db 'About', 0 szFilter db 'All Files (.)', 0 ,'.', 0,0 szNotPe db 'is not a PE file, please re-select! ', 0 szNotPeCap db 'Error', 0 szNoFile db 'Please select PE file', 0 szScnSize db 'Please fill in the byte size', 0 szScnName db 'Please fill in the name of section', 0 szData db 'Please select the data file', 0 2009-11-22 18:00 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 14 楼 Thanks for your help I mean this resource file and i have try with google translater This exe give me not any Chinese characters i have only this characters CONTROL "ÐéÄâÆ«ÒÆ",IDC_STC4,"Static",WS_CHILD\|WS_VISIBLE,118,90,36,9 Greets 2009-11-22 20:13 0
riusksk 雪币： 433 活跃值： (1870) 能力值： ( LV17，RANK：1820 ) 在线值：发帖 169 回帖 2648 粉丝 260 关注私信	riusksk 41 15 楼老外也来跟帖？ 2009-11-22 20:36 0
sndosej 雪币： 253 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 171 粉丝 0 关注私信	sndosej 16 楼 IDD_DLGMain DIALOGEX 6,5,227,152 CAPTION "MSango" FONT 8,"MS Sans Serif",0,0,0 STYLE WS_VISIBLE\|WS_CAPTION\|WS_SYSMENU\|WS_THICKFRAME\|WS_MINIMIZEBOX BEGIN CONTROL "Destination File",IDC_BDesFile,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,9,54,13 CONTROL "",IDC_GRP1,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,-2,0,234,135 CONTROL "",IDC_EDesFile,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,64,9,148,13,WS_EX_CLIENTEDGE CONTROL "section name:",IDC_GRP2,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,6,42,70,26 CONTROL "",IDC_EScnName,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,8,51,64,13,WS_EX_CLIENTEDGE CONTROL "Bytes:",IDC_GRP3,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,78,42,62,26 CONTROL "Data File",IDC_BData,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,25,54,13 CONTROL "",IDC_EData,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,64,25,148,13,WS_EX_CLIENTEDGE CONTROL "",IDC_EScnSize,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,82,51,54,13,WS_EX_CLIENTEDGE CONTROL "write data file",IDC_CHKWrite,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP\|BS_AUTOCHECKBOX,150,46,66,9 CONTROL "Update entry address",IDC_CHKUpEntry,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP\|BS_AUTOCHECKBOX,150,59,64,9 CONTROL "PE Info:",IDC_GRP5,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,0,75,104,56 CONTROL "Results Report:",IDC_GRP6,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,112,75,104,56 CONTROL "Entry Point",IDC_STC1,"Static",WS_CHILD\|WS_VISIBLE,6,90,40,9 CONTROL "",IDC_EEntry,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,88,54,13,WS_EX_CLIENTEDGE CONTROL "Image Base",IDC_STC2,"Static",WS_CHILD\|WS_VISIBLE,6,103,34,9 CONTROL "",IDC_EBase,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,101,54,13,WS_EX_CLIENTEDGE CONTROL "Number Of Sections",IDC_STC3,"Static",WS_CHILD\|WS_VISIBLE,6,118,36,9 CONTROL "",IDC_EScnNum,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,114,54,13,WS_EX_CLIENTEDGE CONTROL "Virtual Offset",IDC_STC4,"Static",WS_CHILD\|WS_VISIBLE,118,90,36,9 CONTROL "",IDC_EVOffset,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,88,54,13,WS_EX_CLIENTEDGE CONTROL "File Offset",IDC_STC5,"Static",WS_CHILD\|WS_VISIBLE,118,103,36,9 CONTROL "",IDC_EFOffset,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,101,54,13,WS_EX_CLIENTEDGE CONTROL "Actual Size",IDC_STC6,"Static",WS_CHILD\|WS_VISIBLE,118,116,34,9 CONTROL "",IDC_ERSize,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,114,54,13,WS_EX_CLIENTEDGE CONTROL "About",IDC_BAbout,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,136,54,13 CONTROL "Generate",IDC_BMake,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,110,136,54,13 CONTROL "Exit",IDC_BExit,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,168,136,54,13 CONTROL "By:moonife",IDC_STC7,"Static",WS_CHILD\|WS_VISIBLE\|WS_DISABLED\|SS_SUNKEN,62,138,38,9 END 2009-11-22 20:44 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 17 楼 Wow this is very fast replys in your board You have many examples of Coding with this PE-Header only in your languages Thanks for this tranlsate Greets and happy coding, ragdog 2009-11-22 20:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

moonife

133

发帖

852

回帖

350

RANK

关注

私信

他的文章

[注意]邀请码发放公布（06.15~07.14） 7206

关于我们

联系我们

企业服务

看雪公众号

最新回复 (16)
dsjHZAHfaf 雪币： 148 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 29 回帖 391 粉丝 0 关注私信	dsjHZAHfaf 2 楼 set path=\masm32\bin;%path% set include=\masm32\include ml /c /coff /nologo addsection.asm rc addsection.rc set lib=\masm32\lib link /subsystem:windows /nologo addsection.obj addsection.res works fine. great work. thanks to topic owner. 2009-4-8 13:52 0
moonife 雪币： 370 活跃值： (52) 能力值： ( LV13，RANK：350 ) 在线值：发帖 133 回帖 852 粉丝 5 关注私信	moonife 8 3 楼谢谢指正，已经修改了，include xlib.inc 只是多余代码，去了就好 2009-4-8 14:08 0
我是土匪雪币： 546 活跃值： (1662) 能力值： ( LV12，RANK：210 ) 在线值：发帖 75 回帖 787 粉丝 7 关注私信	我是土匪 4 4 楼学习，多谢楼主分享。 2009-4-13 10:05 0
kmlch 雪币： 411 活跃值： (12) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 220 粉丝 0 关注私信	kmlch 5 楼不错，谢谢楼主moonife的分享。 2009-4-13 11:31 0
Fido 雪币： 107 活跃值： (404) 能力值： ( LV2，RANK：10 ) 在线值：发帖 4 回帖 1019 粉丝 1 关注私信	Fido 6 楼 IDD_DLGMain equ 1000 喜欢直接写数字 2009-4-13 13:00 0
himcrack 雪币： 264 活跃值： (11) 能力值： ( LV9，RANK：250 ) 在线值：发帖 8 回帖 194 粉丝 1 关注私信	himcrack 6 7 楼话说赛亚人的 PELib也是十分方便的.. 2009-4-15 21:50 0
雪山飞壶雪币： 400 活跃值： (78) 能力值： ( LV2，RANK：10 ) 在线值：发帖 1 回帖 15 粉丝 0 关注私信	雪山飞壶 8 楼谢谢楼主，学习拉～～～！ 2009-5-8 06:37 0
onbadday 雪币： 293 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 169 粉丝 0 关注私信	onbadday 9 楼好，学习了！ 2009-5-10 11:11 0
古月胡雪币： 238 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 96 粉丝 0 关注私信	古月胡 10 楼支持开源，好好向LZ学习 2009-5-15 10:27 0
riusksk 雪币： 433 活跃值： (1870) 能力值： ( LV17，RANK：1820 ) 在线值：发帖 169 回帖 2648 粉丝 260 关注私信	riusksk 41 11 楼 Support! 2009-10-9 18:26 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 12 楼 Sorry that i post english here!! I have found this thread and this source This is very good I have only a one problem can any translate this source in english please Greets, 2009-11-22 16:28 0
sndosej 雪币： 253 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 171 粉丝 0 关注私信	sndosej 13 楼 hi， There are Very few Chinese characters in the source code， You can use Google to translating. szText db 'successful completion', 0 ScnFlagsDefault dd 0E0000020h szAbout db 'AddSection 1.0', 0dh, 0ah db 'by: moonife', 0dh, 0ah db 'QQ: 765496322', 0dh, 0ah db 'E-mail: moonife@163.com', 0 szAboutCaption db 'About', 0 szFilter db 'All Files (.)', 0 ,'.', 0,0 szNotPe db 'is not a PE file, please re-select! ', 0 szNotPeCap db 'Error', 0 szNoFile db 'Please select PE file', 0 szScnSize db 'Please fill in the byte size', 0 szScnName db 'Please fill in the name of section', 0 szData db 'Please select the data file', 0 2009-11-22 18:00 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 14 楼 Thanks for your help I mean this resource file and i have try with google translater This exe give me not any Chinese characters i have only this characters CONTROL "ÐéÄâÆ«ÒÆ",IDC_STC4,"Static",WS_CHILD\|WS_VISIBLE,118,90,36,9 Greets 2009-11-22 20:13 0
riusksk 雪币： 433 活跃值： (1870) 能力值： ( LV17，RANK：1820 ) 在线值：发帖 169 回帖 2648 粉丝 260 关注私信	riusksk 41 15 楼老外也来跟帖？ 2009-11-22 20:36 0
sndosej 雪币： 253 活跃值： (11) 能力值： ( LV2，RANK：10 ) 在线值：发帖 3 回帖 171 粉丝 0 关注私信	sndosej 16 楼 IDD_DLGMain DIALOGEX 6,5,227,152 CAPTION "MSango" FONT 8,"MS Sans Serif",0,0,0 STYLE WS_VISIBLE\|WS_CAPTION\|WS_SYSMENU\|WS_THICKFRAME\|WS_MINIMIZEBOX BEGIN CONTROL "Destination File",IDC_BDesFile,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,9,54,13 CONTROL "",IDC_GRP1,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,-2,0,234,135 CONTROL "",IDC_EDesFile,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,64,9,148,13,WS_EX_CLIENTEDGE CONTROL "section name:",IDC_GRP2,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,6,42,70,26 CONTROL "",IDC_EScnName,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,8,51,64,13,WS_EX_CLIENTEDGE CONTROL "Bytes:",IDC_GRP3,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,78,42,62,26 CONTROL "Data File",IDC_BData,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,25,54,13 CONTROL "",IDC_EData,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,64,25,148,13,WS_EX_CLIENTEDGE CONTROL "",IDC_EScnSize,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,82,51,54,13,WS_EX_CLIENTEDGE CONTROL "write data file",IDC_CHKWrite,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP\|BS_AUTOCHECKBOX,150,46,66,9 CONTROL "Update entry address",IDC_CHKUpEntry,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP\|BS_AUTOCHECKBOX,150,59,64,9 CONTROL "PE Info:",IDC_GRP5,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,0,75,104,56 CONTROL "Results Report:",IDC_GRP6,"Button",WS_CHILD\|WS_VISIBLE\|BS_GROUPBOX,112,75,104,56 CONTROL "Entry Point",IDC_STC1,"Static",WS_CHILD\|WS_VISIBLE,6,90,40,9 CONTROL "",IDC_EEntry,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,88,54,13,WS_EX_CLIENTEDGE CONTROL "Image Base",IDC_STC2,"Static",WS_CHILD\|WS_VISIBLE,6,103,34,9 CONTROL "",IDC_EBase,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,101,54,13,WS_EX_CLIENTEDGE CONTROL "Number Of Sections",IDC_STC3,"Static",WS_CHILD\|WS_VISIBLE,6,118,36,9 CONTROL "",IDC_EScnNum,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,42,114,54,13,WS_EX_CLIENTEDGE CONTROL "Virtual Offset",IDC_STC4,"Static",WS_CHILD\|WS_VISIBLE,118,90,36,9 CONTROL "",IDC_EVOffset,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,88,54,13,WS_EX_CLIENTEDGE CONTROL "File Offset",IDC_STC5,"Static",WS_CHILD\|WS_VISIBLE,118,103,36,9 CONTROL "",IDC_EFOffset,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,101,54,13,WS_EX_CLIENTEDGE CONTROL "Actual Size",IDC_STC6,"Static",WS_CHILD\|WS_VISIBLE,118,116,34,9 CONTROL "",IDC_ERSize,"Edit",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,154,114,54,13,WS_EX_CLIENTEDGE CONTROL "About",IDC_BAbout,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,4,136,54,13 CONTROL "Generate",IDC_BMake,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,110,136,54,13 CONTROL "Exit",IDC_BExit,"Button",WS_CHILD\|WS_VISIBLE\|WS_TABSTOP,168,136,54,13 CONTROL "By:moonife",IDC_STC7,"Static",WS_CHILD\|WS_VISIBLE\|WS_DISABLED\|SS_SUNKEN,62,138,38,9 END 2009-11-22 20:44 0
ragdog 雪币： 206 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 2 回帖 10 粉丝 0 关注私信	ragdog 17 楼 Wow this is very fast replys in your board You have many examples of Coding with this PE-Header only in your languages Thanks for this tranlsate Greets and happy coding, ragdog 2009-11-22 20:51 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复