博客详细介绍了如何在C语言中修复PE文件的filebuffer、imagebuffer和newbuffer问题,确保文件能正常执行。通过分析globle.h文件头和具体代码段globle.cpp,博主展示了在petools.cpp中的最终执行解决方案。
globle.h文件头
// globle.h: interface for the globle class.
//
//
#if !defined(AFX_GLOBLE_H__3D77A66B_EE77_4B6B_997F_15924F62332B__INCLUDED_)
#define AFX_GLOBLE_H__3D77A66B_EE77_4B6B_997F_15924F62332B__INCLUDED_
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
class globle
{
public:
globle();
virtual ~globle();
};
#include <windows.h>
#include <stdio.h>
//#define FILEPATH_IN "C:\\WINDOWS\\system32\\kernel32.dll"
//#define FilePath_In "C:\\cntfpe\\notepad.exe"
#define FilePath_In "C:\\cntfpe\\ipmsg.exe"
//#define FilePath_Out "C:\\cntfpe\\notepadnewpes.exe"
#define FilePath_Out "C:\\cntfpe\\ipmsgnewpes.exe"
#define MessageBoxAddr 0x77E5425F
#define ShellCodeLength 0x12
extern BYTE ShellCode[];
DWORD ReadPEFile(IN LPSTR lpszFile,OUT LPVOID* pFileBuffer);
DWORD CopyFileBufferToImageBuffer(IN LPVOID pFileBuffer,OUT LPVOID* pImageBuffer);
DWORD CopyImageBufferToNewBuffer(IN LPVOID pImageBuffer,OUT LPVOID* pNewBuffer);
BOOL MemeryTOFile(IN LPVOID pMemBuffer,IN size_t size,OUT LPSTR lpszFile);
//DWORD RvaToFileOffset(IN LPVOID pFileBuffer,IN DWORD dwRva);
void Fun();
#endif // !defined(AFX_GLOBLE_H__3D77A66B_EE77_4B6B_997F_15924F62332B__INCLUDED_)
##具体代码部分globle.cpp
// globle.cpp: implementation of the globle class.
//
//
#include "stdafx.h"
#include "globle.h"
#include <string.h>
#include <windows.h>
#include <stdlib.h>
/*#include <tchar.h>
#include <iostream>
#include <stdio.h>
*/
//
// Construction/Destruction
//
// globle.cpp: implementation of the globle class.
//
//
// Globle Varible
BYTE ShellCode[] =
{
0x6A,00,0x6A,00,0x6A,00,0x6A,00,
0xE8,00,00,00,00,
0xE9,00,00,00,00
};
//
// Construction/Destruction
//
//ExeFile->FileBuffer 返回值为计算所得文件大小
DWORD ReadPEFile(IN LPSTR lpszFile, OUT LPVOID* pFileBuffer)
{
FILE* pFile = NULL;
DWORD fileSize = 0;
LPVOID pTempFileBuffer = NULL;
//Open The Files
pFile = fopen(lpszFile,"rb");
if (!pFile)
最低0.47元/天 解锁文章
扫一扫
1679
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
