#define _CRT_SECURE_NO_WARNINGS
#include<stdio.h>
#include<stdlib.h>
#include<string.h>
#include<Windows.h>
#include<malloc.h>
DWORD Read2file(LPSTR file_path, PVOID* pfilebuffer);
char file_path[] = "C:\\CTF\\notepad.exe";
char save_path[] = "C:\\CTF\\cp_addsec_note.exe";
// exe->filebuffer
DWORD Read2file(LPSTR file_path, PVOID* pFilebuffer)
{
FILE* pFile = NULL;
DWORD filesize = 0;
PVOID pFileBufferTemp = NULL;
// 打开文件需要判断
pFile = fopen(file_path, "rb");
if (!pFile) {
printf("Can't open file\n");
return 0;
}
//计算文件大小
fseek(pFile, 0, SEEK_END);
filesize = ftell(pFile);
fseek(pFile, 0, SEEK_SET);
pFileBufferTemp = malloc(filesize);
if (!pFileBufferTemp) {
printf("Allocate dynamic memory failed!\n");
fclose(pFile);
return 0;
}
//将文件中的数据读取到动态内存中
DWORD n = fread(pFileBufferTemp, filesize, 1, pFile);
if (!n)
{
printf("read file failed\n");
free(pFileBufferTemp);
fclose(pFile);
return 0;
}
*pFilebuffer = pFileBufferTemp;
pFileBufferTemp = 0;
fclose(pFile);
return filesize;
}
DWORD CopyImageBufferToNewBuffer(PVOID pFileBuffer, PVOID* pNewBuffer, DWORD file_size)
{
PVOID pNewTempBuffer = NULL;
DWORD New_file_size = 0;
DWORD Remained_size = 0;
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionalHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
PIMAGE_SECTION_HEADER pLastSection = NULL;
// ====================判断是否为有效exe文件======================================
// 判断filebuffer是否有效
if (!pFileBuffer) {
printf("读取filebuffer失败\n");
return 0;
}
if (*((PWORD)pFileBuffer) != IMAGE_DOS_SIGNATURE) {
printf("不含MZ标志,不是合法的exe文件!\n");
return 0;
}
pDosHeader = PIMAGE_DOS_HEADER(pFileBuffer);
if ((*(PWORD)((DWORD)pFileBuffer + pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE)
{
printf("不是有效的PE标志!\n");
return 0;
}
// ====================开辟新的内存空间,并拷贝到新的内存中======================
New_file_size = file_size + 0x1000;
pNewTempBuffer = malloc(New_file_size);
if (!pNewTempBuffer) {
printf("PNTB开辟空间失败");
return 0;
}
memset(pNewTempBuffer, 0, New_file_size);
memcpy(pNewTempBuffer, pFileBuffer, file_size);
// ============================判断剩余的空间是否足够============================
// 初始化PE头部结构体
pDosHeader = (PIMAGE_DOS_HEADER)(pNewTempBuffer);
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pNewTempBuffer + pDosHeader->e_lfanew);//****
pPEHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader + 4);
pOptionalHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pPEHeader + IMAGE_SIZEOF_FILE_HEADER);
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionalHeader + pPEHeader->SizeOfOptionalHeader);
//最后一个节表的地址
pLastSection = &pSectionHeader[pPEHeader->NumberOfSections - 1];//********
Remained_size = (DWORD)(pOptionalHeader->SizeOfHeaders - pDosHeader->e_lfanew - 4 - IMAGE_SIZEOF_FILE_HEADER - pPEHeader->SizeOfOptionalHeader - IMAGE_SIZEOF_SECTION_HEADER * pPEHeader->NumberOfSections);
if (Remained_size < 2 * IMAGE_SIZEOF_SECTION_HEADER) {
printf("exe文件头剩余空间不足\n");
free(pNewTempBuffer);
return 0;
}
// ============================修改信息============================
// 其他头部需要修改的内容
PWORD pNumberofSection = &pPEHeader->NumberOfSections;
PDWORD pSizeofImage = &pOptionalHeader->SizeOfImage;
//初始化节表信息
PVOID pSecName = &pSectionHeader[pPEHeader->NumberOfSections].Name;
PDWORD pSecMisc = &pSectionHeader[pPEHeader->NumberOfSections].Misc.VirtualSize;
PDWORD pSecVirtualAddress = &pSectionHeader[pPEHeader->NumberOfSections].VirtualAddress;
PDWORD pSecSizeofRawdate = &pSectionHeader[pPEHeader->NumberOfSections].SizeOfRawData;
PDWORD pSecPointertoRawData = &pSectionHeader[pPEHeader->NumberOfSections].PointerToRawData;
*pNumberofSection = pPEHeader->NumberOfSections + 1;
printf("*pNumberofSection:%#x\n", pPEHeader->NumberOfSections);//***********
*pSizeofImage = pOptionalHeader->SizeOfImage + 0x1000;
printf("pSizeofImage:%#x\n", pOptionalHeader->SizeOfImage);
memcpy(pSecName, ".newsec", 8);
*pSecMisc = 0x1000;
DWORD add_size = pLastSection->Misc.VirtualSize > pLastSection->SizeOfRawData ?
pLastSection->Misc.VirtualSize : pLastSection->SizeOfRawData;
*pSecVirtualAddress = pLastSection->VirtualAddress + add_size;
if (*pSecVirtualAddress % pOptionalHeader->SectionAlignment)
{
*pSecVirtualAddress = *pSecVirtualAddress / pOptionalHeader->SectionAlignment * pOptionalHeader->SectionAlignment + pOptionalHeader->SectionAlignment;
}
*pSecSizeofRawdate = 0x1000;
*pSecPointertoRawData = pLastSection->PointerToRawData + pLastSection->SizeOfRawData;
if (*pSecPointertoRawData % pOptionalHeader->FileAlignment)
{
*pSecPointertoRawData = *pSecPointertoRawData / pOptionalHeader->FileAlignment * pOptionalHeader->FileAlignment + pOptionalHeader->FileAlignment;
}
memset(&pSectionHeader[pPEHeader->NumberOfSections], 0, IMAGE_SIZEOF_SECTION_HEADER);
*pNewBuffer = pNewTempBuffer;//*****
pNewTempBuffer = NULL;
return New_file_size;
}
void storenewbuffer(PVOID pNewbuffer, DWORD new_file_size, char* save_path)
{
FILE* fp2;
fp2 = fopen(save_path, "wb");
if (!fp2) {
printf("写入文件失败!\n");
fclose(fp2);
return;
}
fwrite(pNewbuffer, new_file_size, 1, fp2);
fclose(fp2);
}
void add_new_section()
{
PVOID pFileBuffer = NULL;
PVOID pNewBuffer = NULL;
DWORD file_size = 0;
DWORD new_file_size = 0;
file_size = Read2file(file_path, &pFileBuffer);
new_file_size = CopyImageBufferToNewBuffer(pFileBuffer, &pNewBuffer, file_size);
storenewbuffer(pNewBuffer, new_file_size, save_path);
}
int main(int argc, char* argv[])
{
add_new_section();
getchar();
return 0;
}
PE增加一个节
最新推荐文章于 2023-02-01 16:47:01 发布