主要使用就是PE的知识
用到了前面两天的函数代码,这里直接贴主应用代码
void TestAddCodeInCodeSec(LPSTR lpszFile)
{
LPVOID pFileBuffer = NULL;
pFileBuffer= ReadPEFile(lpszFile);
if(!pFileBuffer)
{
printf("文件读取失败\n");
return;
}
PIMAGE_DOS_HEADER pDosHeader = NULL;
PIMAGE_NT_HEADERS pNTHeader = NULL;
PIMAGE_FILE_HEADER pPEHeader = NULL;
PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
PIMAGE_SECTION_HEADER pSectionHeader = NULL;
LPVOID pImageBuffer = CopyFileBufferToImageBuffer(pFileBuffer);
//Header信息
pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;
pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pImageBuffer+pDosHeader->e_lfanew);
pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
//确定添加代码的位置
//1判断能否添加
if((pSectionHeader->SizeOfRawData-pSectionHeader->Misc.VirtualSize)<=SHELLCODELENGTH){
printf("空余字节大小不够添加shellCode\n");
free(pFileBuffer);
return;
}
//size_t file_size = pSectionHeader->SizeOfRawData-pSectionHeader->Misc.VirtualSize;
//printf("%x \n",file_size);
//2代码加的位置
printf("pImageBuffer: %x\n",pImageBuffer);
DWORD shellLocation = pSectionHeader->VirtualAddress + pSectionHeader->Misc.VirtualSize;
//确定位置
LPVOID pShellLoc = (LPVOID)((DWORD)pImageBuffer + shellLocation);
printf("pShellLoc: %x\n",pShellLoc);
//拷贝初始化代码到内存
memcpy(pShellLoc,shellCode,SHELLCODELENGTH);
//修改E8地址
DWORD pE8Content = MESSAGEBOXADDR - (((DWORD)pShellLoc+13 )- ((DWORD)pImageBuffer)+ pOptionHeader->ImageBase);
*(PDWORD)((DWORD)pShellLoc+9)=pE8Content;
//修改E9地址
DWORD pE9Content = (pOptionHeader->AddressOfEntryPoint+pOptionHeader->ImageBase) - (((DWORD)pShellLoc+0x12 )- ((DWORD)pImageBuffer)+ pOptionHeader->ImageBase);
*(PDWORD)((DWORD)pShellLoc+14)=pE9Content;
//修改OEP
pOptionHeader->AddressOfEntryPoint = (DWORD)pShellLoc-(DWORD)pImageBuffer;
//更改完的ImageBuffer,写出到File中
MemeryTOFile(pImageBuffer,"C://testShell.exe");
//释放
free(pFileBuffer);
free(pImageBuffer);
return;
}