关于PE可执行文件的修改
作者 佚名技术
来源 程序设计
浏览
发布时间 2012-06-30
| mp; retf=_write(ret,waddress,4); //°?D?μ?è??úμ??·D′è????t if(retf==-1) { printf("error write: %d\n",GetLastError()); return; } retf=_lseek(ret,(long)entrywrite,SEEK_SET); if(retf==-1) { printf("error seek\n"); return; } retf=_write(ret,writeline,18); if(retf==-1) { printf("error write: %d\n",GetLastError()); return; } //°?writelineD′è??ò??????3?μ????? retf=_lseek(ret,(long)entrywrite+9,SEEK_SET); //?ü??MessageBoxoˉêyμ??·£??üμ??t????′ú???úwriteline[10]′| if(retf==-1) { printf("error seek\n"); return; } address=MessageBoxAadaddress-(progRAV+newentryaddress+9+4); //??D?????MessageBoxoˉêyμ?μ??·£?MessageBoxoˉêyμ??-μ??·??è¥3ìDòμ?×°??μ??·?óé?D?μ?è??úμ??·?ó9£¨?üμ??t????′ú???à????ò?£??óé?4£¨μ??·3¤?è£? tmp=address>>24; waddress[3]=tmp; tmp=address<<8; tmp=tmp>>24; waddress[2]=tmp; tmp=address<<16; tmp=tmp>>24; waddress[1]=tmp; tmp=address<<24; tmp=tmp>>24; waddress[0]=tmp; retf=_write(ret,waddress,4); //D′è???D?????μ?MessageBoxμ??· if(retf==-1) { printf("error write: %d\n",GetLastError()); return; } retf=_lseek(ret,(long)entrywrite+14,SEEK_SET); //?ü??·μ??μ??·£?ó?jpm·μ???-3ìDòè??úμ??·£????üμ??t????′ú???úwriteline[15]′| if(retf==-1) { printf("error seek\n"); return; } address=0-(newentryaddress-oldentryaddress+4+15); //·μ??μ??·????μ?·?·¨ê?D?μ?è??úμ??·??è¥à?μ?è??úμ??·?ó4£¨μ??·3¤?è£??ó15£¨?t????′ú???à????ò?£?oóè?·′ tmp=address>>24; waddress[3]=tmp; tmp=address<<8; tmp=tmp>>24; waddress[2]=tmp; tmp=address<<16; tmp=tmp>>24; waddress[1]=tmp; tmp=address<<24; tmp=tmp>>24; waddress[0]=tmp; retf=_write(ret,waddress,4); //D′è?·μ??μ??· if(retf==-1) { printf("error write: %d\n",GetLastError()); return; } _close(ret); printf("\nall done...\n"); return; } //end óéóú?úPE??ê?μ????t?D£??ùóDμ?μ??·??ê1ó?RVAμ??·£??ùò?ò?D?oˉêyμ÷ó?oí·μ??μ??·??òa?-1y????2??éò?μ?μ?£?ò?é?ê??ò?úêμ?ù?Dμ?D?μ?£?è?1???óD?üo?μ?°ì·¨£???D?μ??£í????ü?????ò?£ |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
你可能对下面的文章感兴趣
上一篇: 隐藏任意进程、目录/文件、注册表、端口下一篇: 用拷贝钩子实现对文件夹的监控
关于关于PE可执行文件的修改的所有评论
