#include<iostream>
#include<malloc.h>
#include<Windows.h>
#pragma warning(disable:4996)
using namespace std;
char insertcode[] = {
0x6A,0x00,
0x6A,0x00,
0x6A,0x00,
0x6A,0x00,
0xE8,0x00,0x00,0x00,0x00,
0xE9,0x00,0x00,0x00,0x00
};
int filelen(FILE* pfile)
{
fseek(pfile, 0, SEEK_END);
int result = ftell(pfile);
rewind(pfile);
return result;
}
int main()
{
FILE* pfile = fopen("C://Users//52511//Desktop//fg.exe", "rb");
FILE* newpfile = fopen("C://Users//52511//Desktop//newfg.exe", "wb");
int length = filelen(pfile);
char* buffer = NULL;
buffer = (char*)malloc(sizeof(char) * length+0x1000);
memset(buffer, 0, length + 0x1000);
fread(buffer, 1, length, pfile);
PIMAGE_DOS_HEADER pDosH = (PIMAGE_DOS_HEADER)(buffer);
PIMAGE_NT_HEADERS pNTH = (PIMAGE_NT_HEADERS)(buffer + pDosH->e_lfanew);
PIMAGE_FILE_HEADER pFH = (PIMAGE_FILE_HEADER)((char*)pNTH + 0x4);
PIMAGE_OPTIONAL_HEADER pOH = (PIMAGE_OPTIONAL_HEADER)((char*)pFH + 0x14);
int opHeaderLen = int(pFH->SizeOfOptionalHeader);
PIMAGE_SECTION_HEADER pSecH = (PIMAGE_SECTION_HEADER)((char*)pOH + opHeaderLen);
int numberOfSection = pFH->NumberOfSections;
//printf("%p\n", MessageBox);
int MessageBoxAddress = 0x7542B000;
int agoSizeOfImage = pOH->SizeOfImage;
pOH->SizeOfImage = pOH->SizeOfImage + 0x1000;
pFH->NumberOfSections = pFH->NumberOfSections + 1;
PVOID pSecName = &pSecH[numberOfSection].Name;
PDWORD pSecMisc = &pSecH[numberOfSection].Misc.VirtualSize;
PDWORD pSecVirtualAddress = &pSecH[numberOfSection].VirtualAddress;
PDWORD pSecSizeOfRawData = &pSecH[numberOfSection].SizeOfRawData;
PDWORD pSecPointToRawData = &pSecH[numberOfSection].PointerToRawData;
PDWORD pSecCharacteristics = &pSecH[numberOfSection].Characteristics;
memcpy(pSecName, ".NewSec", 8);
*pSecMisc = 0x1000;
*pSecVirtualAddress = agoSizeOfImage;
*pSecSizeOfRawData = 0x1000;
*pSecPointToRawData = agoSizeOfImage;
*pSecCharacteristics = pSecH[0].Characteristics;
char* codeBegin = buffer + agoSizeOfImage;
memcpy(codeBegin, insertcode, sizeof(insertcode) / sizeof(char));
//call
DWORD calladder = MessageBoxAddress - (pOH->ImageBase + (DWORD)(codeBegin + 8 + 5) - (DWORD)buffer);
*(PDWORD)(codeBegin + 0x09) = calladder;
//jmp
DWORD jmpadder = pOH->ImageBase + pOH->AddressOfEntryPoint - (pOH->ImageBase + (DWORD)codeBegin + 18 - (DWORD)buffer);
*(PDWORD)(codeBegin + 0x0E) = jmpadder;
//修改oep
pOH->AddressOfEntryPoint = codeBegin - buffer;
fwrite(buffer, 1, length + 0x1000, newpfile);
fclose(pfile);
fclose(newpfile);
free(buffer);
return 0;
}
滴水PE作业添加节并在节中添加代码
最新推荐文章于 2023-03-17 19:49:52 发布