-
-
[原创]为程序增加区段
-
发表于: 2009-5-7 22:27
-
给和我一样的菜鸟
不修改原来的文章了
在这里总结一下,步骤如下
1.构造新的区段头
2.增加实际空间
3.修正NumberOfSections和SizeOfImage
NumberofSections(此值位于PE头开始的偏移6H处,WORD)你添加几个节就在原来的基础上加几
SizeOfImage(此值位于PE头开始的50h处,DWORD)则根据增加的Virtual Size做相应修改
手工增加后的test.exe已经上传
不修改原来的文章了
在这里总结一下,步骤如下
1.构造新的区段头
2.增加实际空间
3.修正NumberOfSections和SizeOfImage
NumberofSections(此值位于PE头开始的偏移6H处,WORD)你添加几个节就在原来的基础上加几
SizeOfImage(此值位于PE头开始的50h处,DWORD)则根据增加的Virtual Size做相应修改
手工增加后的test.exe已经上传
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
LZ谦虚了 终于住上了传说中的板凳了
|
|
|
|
|
|
额 手工的啊
我试着写过,加了区段 但就运行不了了 路过的大侠指点一下哦  #include "windows.h"
#include <assert.h>
#include <stdio.h>
#define SECTION_SIZE 0x2000
#define SECTION_NAME ".zapline"
BOOL AddSection(LPCSTR fileName);
int Align(int size, int base);
int main()
{
char a[30]="";
scanf("%s",a);
if ( AddSection(a) )
{
MessageBox(NULL,"成功!","",MB_OK);
}
else
{
MessageBox(NULL,"失败!","",MB_OK);
}
return 0;
}
BOOL AddSection(LPCSTR fileName)
{
IMAGE_DOS_HEADER *dosHeader;
IMAGE_NT_HEADERS *ntHeader;
IMAGE_SECTION_HEADER *sectionHeader;
IMAGE_SECTION_HEADER *newSectionHeader;
IMAGE_SECTION_HEADER *lastSectionHeader;
int numOfSections;
int FILE_ALIGN_MENT;
int SECTION_ALIGN_MENT;
HANDLE hFile=CreateFile(fileName,GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"open file failed!","",MB_OK);
return FALSE;
}
HANDLE hMap=CreateFileMapping(hFile,NULL,PAGE_READWRITE,NULL,NULL,NULL);
if(hMap==INVALID_HANDLE_VALUE)
{
MessageBox(NULL,"create map failed!","",MB_OK);
return FALSE;
}
LPVOID lpBase=MapViewOfFile(hMap,FILE_MAP_WRITE,0,0,0);
if(lpBase==NULL)
{
MessageBox(NULL,"get view failed!","",MB_OK);
return FALSE;
}
dosHeader=(IMAGE_DOS_HEADER*)lpBase;
if (dosHeader->e_magic!=IMAGE_DOS_SIGNATURE)
{
MessageBox(NULL,"not PE file!","",MB_OK);
return FALSE;
}
ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);
if(ntHeader->Signature!=IMAGE_NT_SIGNATURE)
{
MessageBox(NULL,"not FE file!","",MB_OK);
return FALSE;
}
FILE_ALIGN_MENT = ntHeader->OptionalHeader.FileAlignment;
SECTION_ALIGN_MENT = ntHeader->OptionalHeader.SectionAlignment;
numOfSections = ntHeader->FileHeader.NumberOfSections;
ntHeader->FileHeader.NumberOfSections++;
sectionHeader = (IMAGE_SECTION_HEADER*)((DWORD)ntHeader+sizeof(IMAGE_NT_HEADERS));
lastSectionHeader = (IMAGE_SECTION_HEADER *)§ionHeader[numOfSections-1];
newSectionHeader = (IMAGE_SECTION_HEADER *)§ionHeader[numOfSections];
memset(newSectionHeader,0,sizeof(IMAGE_SECTION_HEADER));
strncpy((char*)newSectionHeader->Name,SECTION_NAME,strlen(SECTION_NAME));
newSectionHeader->VirtualAddress = lastSectionHeader->VirtualAddress+Align(lastSectionHeader->Misc.VirtualSize,SECTION_ALIGN_MENT);
// ntHeader->OptionalHeader.AddressOfEntryPoint = newSectionHeader->VirtualAddress;
newSectionHeader->Misc.VirtualSize = Align(3000,SECTION_ALIGN_MENT);
newSectionHeader->PointerToRawData = lastSectionHeader->PointerToRawData+Align(lastSectionHeader->SizeOfRawData,FILE_ALIGN_MENT);
newSectionHeader->SizeOfRawData = Align(SECTION_SIZE, FILE_ALIGN_MENT);
newSectionHeader->Characteristics = 0xE0000020;
ntHeader->OptionalHeader.SizeOfCode = ntHeader->OptionalHeader.SizeOfCode+Align(SECTION_SIZE, FILE_ALIGN_MENT);
ntHeader->OptionalHeader.SizeOfImage = ntHeader->OptionalHeader.SizeOfImage+Align(SECTION_SIZE, SECTION_ALIGN_MENT);
FlushViewOfFile(lpBase,0);
UnmapViewOfFile(lpBase);
CloseHandle(hMap);
if(SetFilePointer(hFile,SECTION_SIZE,NULL,FILE_END)==-1)
{
MessageBox(NULL,"set file pointer failed!","",MB_OK);
return FALSE;
}
if(!SetEndOfFile(hFile))
{
MessageBox(NULL,"set file end failed!","",MB_OK);
return FALSE;
}
CloseHandle(hFile);
return TRUE;
}
int Align(int size, int base)
{
int ret,result;
assert( 0 != base);
result = size % base;
result != 0 ? ret = ((size / base) + 1) * base : ret = size;
return ret;
}
|
|
|
在sessiondiy前辈面前,我还有什么好说的
曾经误会过s前辈,言语上有冒犯,不知道是否还介怀 to zapline 学习pe结构的时候我曾经写过一段,增加了区段,写入了代码,改了入口点,测试正常。如有需要,可以发给你,不过是汇编写的。 |
|
|
|
|
|
ASM我只能勉强看懂 下次群里碰到传我一下哦 
|
|
|
额 貌似我都记得
是UB悬赏去弹网页吧
|
|
|
记不得就好,哈哈
不是那次,悬赏去弹网页是sessiondiy前辈来指点的,我只是和那个前来大放厥词的朋友吵了一下。 |
|
|
|
|
|
大侠看看 区段好像没问题
入口点好像也没问题
|
|
|
这个是没加区段的
hello zapline
|
|
|
楼主太谦虚了
这学习气氛真不错 
|
|
|
|
|
|
我十分想知道怎么手工添加区段!
sessiondiy前辈能指点指点吗?
|
|
|
|
|
|
|
|
|
|
|
|
谢谢师傅
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
