-
-
[求助]各位帮忙看看这个函数,yC壳里的一段代码
-
发表于:
2009-4-13 16:53
3744
-
//----------------------------------------------------------------
//The _ImageRvaToSection function locates a relative virtual
//address (RVA) within the image header of a file that is
//mapped as a file and returns a pointer to the section table
//entry for that virtual address.
PIMAGE_SECTION_HEADER _ImageRvaToSection(char* Base,DWORD dwRVA)
{
IMAGE_SECTION_HEADER section;
IMAGE_NT_HEADERS nt_headers;
DWORD dwPE_Offset,SectionOffset;
CopyMemory(&dwPE_Offset,Base+0x3c,4);
CopyMemory(&nt_headers,Base+dwPE_Offset,sizeof(IMAGE_NT_HEADERS));
SectionOffset=dwPE_Offset+sizeof(IMAGE_NT_HEADERS);
for(int i=0;i<nt_headers.FileHeader.NumberOfSections;i++)
{
CopyMemory(§ion,Base+SectionOffset+i*0x28,sizeof(IMAGE_SECTION_HEADER));
if((dwRVA>=section.VirtualAddress) && (dwRVA<=(section.VirtualAddress+section.SizeOfRawData)))
{
return ((PIMAGE_SECTION_HEADER)§ion);
}
}
return(NULL);
}
这里
return ((PIMAGE_SECTION_HEADER)§ion);
该函数返回一个局部变量的地址。。这样也可以?
返回后栈内的数据是无效的了吧,也就是说返回了一个指针指向了无效的内容
是我哪看错了吗?
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
