程序员经验分享-hwhale

在PE的导入表中添加一个条目

2024-03-30

我正在寻找一个命令行程序来向 PE 文件的导入表添加条目。 我的目标是将一个新的导入函数从外部 DLL 添加到我的 EXE,然后使用 ollydbg 使用代码洞穴插入新代码。新代码将使用新导入的函数。

实际上我已经实现了我的目标,但是要向我使用的导入表添加一个新条目Stud_PE http://www.cgsoftlabs.ro/studpe.html,这是一个 GUI 应用程序,我想自动化这部分过程。

我会考虑以编程方式解决方案,但我担心 PE 结构太复杂,无法在我的时间范围内学习和探索。此外,如果已经存在一个实现,那么不使用它将是一种耻辱。 :-)


找到了正在寻找的东西。

m-PEFile对于 c++:

还请查看pefile对于蟒蛇:http://code.google.com/p/pefile/ http://code.google.com/p/pefile/

And PE/COFF 4J对于java:http://pecoff4j.sourceforge.net/ http://pecoff4j.sourceforge.net/

在我看来,PE/COFF 4J 的功能有限,但也许您会发现它很有帮助。

Code: PEFile.h 

/*******************************************************************************
********************************   Team AT4RE   ********************************
********************************************************************************
*******************  PLEASE DON'T CHANGE/REMOVE THIS HEADER  *******************
********************************************************************************
**                                                                            **
**  Title:      PEFile class.                                                 **
**  Desc:       A handy class to manipulate pe files.                         **
**  Author:     MohammadHi [ in4matics at hotmail dot com ]                   **
**  WwW:        AT4RE      [ http://www.at4re.com ]                           **
**  Date:       2008-01-28                                                    **
**                                                                            **
********************************************************************************
*******************************************************************************/

/*
[  PE File Format   ]
---------------------
|    DOS Header     |
---------------------
|     DOS Stub      |
---------------------
|     PE Header     |
---------------------
|   Section Table   |
---------------------
|      Padding      |
---------------------
|     Section 1     |
---------------------
|     Section 2     |
---------------------
|        ...        |
---------------------
|     Section n     |
---------------------*/

//==============================================================================
#pragma once
#pragma pack(1)
//==============================================================================
#include <windows.h>
//==============================================================================
#define MAX_SECTION_COUNT       64
#define SECTION_IMPORT          "@.import"
#define SECTION_RESERV          "@.reserv"
//==============================================================================
struct PE_DOS_HEADER {
    WORD   Signature;
    WORD   LastPageBytes;
    WORD   NumberOfPages;
    WORD   Relocations;
    WORD   HeaderSize;
    WORD   MinMemory;
    WORD   MaxMemory;
    WORD   InitialSS;
    WORD   InitialSP;
    WORD   Checksum;
    WORD   InitialIP;
    WORD   InitialCS;
    WORD   RelocTableOffset;
    WORD   Overlay;
    WORD   Reserved1[4];
    WORD   OemId;
    WORD   OemInfo;
    WORD   Reserved2[10];
    LONG   PEHeaderOffset;
};
struct PE_DOS_STUB {
    char*   RawData;
    DWORD   Size;
};
struct PE_SECTION_DATA {
    DWORD   Offset;
    char*   RawData;
    DWORD   Size;
};
struct PE_IMPORT_FUNCTION {
    char*               FunctionName;
    int                 FunctionId;
    PE_IMPORT_FUNCTION* Next;
};
struct PE_IMPORT_DLL {
    char*               DllName;
    PE_IMPORT_FUNCTION* Functions;
    PE_IMPORT_DLL*  Next;
};
//==============================================================================
typedef IMAGE_NT_HEADERS PE_NT_HEADERS;
typedef IMAGE_SECTION_HEADER PE_SECTION_HEADER;
//==============================================================================
class PEFile {
public:
    PE_DOS_HEADER       dosHeader;
    PE_DOS_STUB         dosStub;
    PE_NT_HEADERS       peHeaders;
    PE_SECTION_HEADER   sectionTable[MAX_SECTION_COUNT];
    PE_SECTION_DATA     reservedData;
    PE_SECTION_DATA     sections[MAX_SECTION_COUNT];
    PE_IMPORT_DLL       importTable;
    PE_IMPORT_DLL       newImports;

    PEFile();
    PEFile(char* filePath);
    ~PEFile();
    bool                loadFromFile(char* filePath);
    bool                loadFromMemory(char* memoryAddress);
    bool                saveToFile(char* filePath);
    int                 addSection(char* name, DWORD size, bool isExecutable);
    void                addImport(char* dllName, char** functions, int functionCount);
    void                commit();

private:
    char*               peMemory;

    void                init();
    bool                readFileData(char* filePath);
    bool                checkValidity();
    bool                readHeaders();
    bool                readBody();
    bool                readImportTable();
    bool                writePadding(HANDLE fileHandle, long paddingSize);
    void                unloadFile();

    void                buildImportTable();
    char*               buildNewImports(DWORD baseRVA);
    DWORD               calcNewImportsSize(DWORD &sizeDlls, DWORD &sizeFunctions, DWORD &sizeStrings);

    DWORD               alignNumber(DWORD number, DWORD alignment);
    DWORD               rvaToOffset(DWORD rva);
    DWORD               offsetToRVA(DWORD offset);

    void                fixReservedData();
    void                fixHeaders();
    void                fixSectionTable();

};
//==============================================================================

Code: PEFile.cpp 

/*******************************************************************************
********************************   Team AT4RE   ********************************
********************************************************************************
*******************  PLEASE DON'T CHANGE/REMOVE THIS HEADER  *******************
********************************************************************************
**                                                                            **
**  Title:      PEFile class.                                                 **
**  Desc:       A handy class to manipulate pe files.                         **
**  Author:     MohammadHi [ in4matics at hotmail dot com ]                   **
**  WwW:        AT4RE      [ http://www.at4re.com ]                           **
**  Date:       2008-01-28                                                    **
**                                                                            **
********************************************************************************
*******************************************************************************/

#include "PEFile.h"
#include <math.h>
//==============================================================================
#define DEBUG_ENABLED true;
#ifdef DEBUG_ENABLED
    #define echo(x)         MessageBox(0, x, "DEBUG", MB_ICONERROR);
    #define echo2(x, y)     { char v[256]; strcpy_s(v, 256, x); strcat_s(v, 256, y); echo(v); }
    #define echo3(x, y, z)  { char w[256]; strcpy_s(w, 256, x); strcat_s(w, 256, y); echo2(w, z); }
#else
    #define echo(x) ;
    #define echo2(x, y) ;
    #define echo3(x, y, z) ;
#endif
//==============================================================================
PEFile::PEFile() {
    init();
}
//==============================================================================
PEFile::PEFile(char* filePath) {
    init();
    loadFromFile(filePath);
}
//==============================================================================
PEFile::~PEFile() {
    unloadFile();
}
//==============================================================================
void PEFile::init() {
    peMemory = NULL;
    ZeroMemory(&newImports, sizeof(PE_IMPORT_DLL));
}
//==============================================================================
bool PEFile::readFileData(char* filePath) {
    // open the file for read
    HANDLE fileHandle = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    if (fileHandle == INVALID_HANDLE_VALUE) {
        echo3("Couldn't open file : [", filePath, "]");
        return false;
    }

    // get the file size
    DWORD fileSize = GetFileSize(fileHandle, 0);
    if (fileSize == 0) {
        CloseHandle(fileHandle);
        echo3("File size is ZeR0! : [", filePath, "]");
        return false;
    }

    // allocate memory to read the pe file (note that we used VirtualAlloc not GlobalAlloc!)
    peMemory = (char*)VirtualAlloc(NULL, fileSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if (peMemory == NULL) {
        CloseHandle(fileHandle);
        echo("Couldn't allocate memory!");
        return false;
    }

    DWORD bytesRead;
    // read whole file data
    if (!ReadFile(fileHandle, peMemory, fileSize, &bytesRead, NULL) || bytesRead != fileSize) {
        CloseHandle(fileHandle);
        echo3("Couldn't read file! : [", filePath, "]");
        return false;
    }

    // close the file
    CloseHandle(fileHandle);

    return true;
}
//==============================================================================
bool PEFile::checkValidity() {
    // 'dosHeader.Signature' must be "MZ" && 'peHeaders.Signature' must be "PE\0\0"
    if (dosHeader.Signature != IMAGE_DOS_SIGNATURE || peHeaders.Signature != IMAGE_NT_SIGNATURE) {
        unloadFile();
        echo("Invalid PE file!");
        return false;
    }

    if (peHeaders.FileHeader.NumberOfSections > MAX_SECTION_COUNT) {
        unloadFile();
        echo("Number of sections > MAX_SECTION_COUNT !");
        return false;
    }

    return true;
}
//==============================================================================
bool PEFile::readHeaders() {
    // read dos/pe headers
    CopyMemory(&dosHeader, peMemory, sizeof(PE_DOS_HEADER));
    dosStub.RawData = peMemory + sizeof(PE_DOS_HEADER);
    dosStub.Size = dosHeader.PEHeaderOffset - sizeof(PE_DOS_HEADER);
    CopyMemory(&peHeaders, peMemory + dosHeader.PEHeaderOffset, sizeof(PE_NT_HEADERS));

    // check validity of the file to ensure that we loaded a "PE File" not another thing!
    if (!checkValidity()) {
        return false;
    }

    // read section table
    ZeroMemory(sectionTable, sizeof(sectionTable));
    CopyMemory(sectionTable, peMemory + dosHeader.PEHeaderOffset + sizeof(PE_NT_HEADERS), 
        peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER));

    return true;
}
//==============================================================================
bool PEFile::readBody() {
    // read reserved data
    DWORD reservedDataOffset = dosHeader.PEHeaderOffset + sizeof(PE_NT_HEADERS) + 
        peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER);

    reservedData.Offset = reservedDataOffset;
    reservedData.RawData = peMemory + reservedDataOffset;
    /*reservedData.Size = peHeaders.OptionalHeader.SizeOfHeaders - reservedDataOffset;*/
    if (sectionTable[0].PointerToRawData > 0) {
        reservedData.Size = sectionTable[0].PointerToRawData - reservedDataOffset;
    } else {
        reservedData.Size = sectionTable[0].VirtualAddress - reservedDataOffset;
    }

    // read sections
    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        sections[i].Offset = sectionTable[i].PointerToRawData;
        sections[i].RawData = peMemory + sectionTable[i].PointerToRawData;
        sections[i].Size = sectionTable[i].SizeOfRawData;
    }

    return true;
}
//==============================================================================
bool PEFile::readImportTable() {
    DWORD tableRVA = peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
    DWORD tableOffset = rvaToOffset(tableRVA);
    if (tableOffset == 0) {
        return false;
    }

    ZeroMemory(&importTable, sizeof(PE_IMPORT_DLL));

    IMAGE_IMPORT_DESCRIPTOR* importDesc = (IMAGE_IMPORT_DESCRIPTOR*)(peMemory + tableOffset);
    IMAGE_THUNK_DATA* importThunk;
    PE_IMPORT_DLL* importDll = &this->importTable;
    PE_IMPORT_FUNCTION* importFunction;

    while (true) {
        importDll->DllName = (char*)(peMemory + rvaToOffset(importDesc->Name));
        if (importDesc->OriginalFirstThunk > 0) {
            importThunk = (IMAGE_THUNK_DATA*)(peMemory + rvaToOffset(importDesc->OriginalFirstThunk));
        } else {
            importThunk = (IMAGE_THUNK_DATA*)(peMemory + rvaToOffset(importDesc->FirstThunk));
        }

        importDll->Functions = new PE_IMPORT_FUNCTION();
        ZeroMemory(importDll->Functions, sizeof(PE_IMPORT_FUNCTION));
        importFunction = importDll->Functions;
        while (true) {
            if ((importThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG32) == IMAGE_ORDINAL_FLAG32) {
                importFunction->FunctionId = IMAGE_ORDINAL32(importThunk->u1.Ordinal);
            } else {
                DWORD nameOffset = rvaToOffset(importThunk->u1.AddressOfData);
                importFunction->FunctionName = (char*)(peMemory + nameOffset + 2);
            }

            importThunk = (IMAGE_THUNK_DATA*)((char*)importThunk + sizeof(IMAGE_THUNK_DATA));
            if (importThunk->u1.AddressOfData == 0) {
                break;
            }
            importFunction->Next = new PE_IMPORT_FUNCTION();
            ZeroMemory(importFunction->Next, sizeof(PE_IMPORT_FUNCTION));
            importFunction = importFunction->Next;
        }

        importDesc = (IMAGE_IMPORT_DESCRIPTOR*)((char*)importDesc + sizeof(IMAGE_IMPORT_DESCRIPTOR));
        if (importDesc->Name == 0) {
            break;
        }
        importDll->Next = new PE_IMPORT_DLL();
        ZeroMemory(importDll->Next, sizeof(PE_IMPORT_DLL));
        importDll = importDll->Next;
    }

    return true;
}
//==============================================================================
bool PEFile::loadFromFile(char* filePath) {
    unloadFile();

    return readFileData(filePath) &&
           readHeaders() &&
           readBody() &&
           readImportTable();
}
//==============================================================================
bool PEFile::loadFromMemory(char* memoryAddress) {
    unloadFile();

    peMemory = memoryAddress;

    return readHeaders()/* &&
           readBody() &&
           readImportTable()*/;
}
//==============================================================================
bool PEFile::saveToFile(char* filePath) {
    commit();
    buildImportTable();

    // create the output file
    HANDLE fileHandle = CreateFile(filePath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (fileHandle == INVALID_HANDLE_VALUE) {
        echo("Couldn't create file");
        return false;
    }

    DWORD bytesWritten;

    WriteFile(fileHandle, &dosHeader, sizeof(PE_DOS_HEADER), &bytesWritten, NULL);
    WriteFile(fileHandle, dosStub.RawData, dosStub.Size, &bytesWritten, NULL);
    writePadding(fileHandle, dosHeader.PEHeaderOffset - sizeof(PE_DOS_HEADER) - dosStub.Size);
    WriteFile(fileHandle, &peHeaders, sizeof(PE_NT_HEADERS), &bytesWritten, NULL);
    WriteFile(fileHandle, &sectionTable, peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER), &bytesWritten, NULL);
    WriteFile(fileHandle, reservedData.RawData, reservedData.Size, &bytesWritten, NULL);

    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        writePadding(fileHandle, sectionTable[i].PointerToRawData - GetFileSize(fileHandle, NULL));
        WriteFile(fileHandle, sections[i].RawData, sections[i].Size, &bytesWritten, NULL);
    }

    CloseHandle(fileHandle);

    return true;
}
//==============================================================================
bool PEFile::writePadding(HANDLE fileHandle, long paddingSize) {
    if (paddingSize <= 0)
        return false;

    DWORD bytesWritten;
    char* padding = new char[paddingSize];
    memset(padding, 0, paddingSize);
    WriteFile(fileHandle, padding, paddingSize, &bytesWritten, NULL);
    delete padding;

    return (bytesWritten == paddingSize);
}
//==============================================================================
void PEFile::unloadFile() {
    if (peMemory != NULL) {
        VirtualFree(peMemory, 0, MEM_RELEASE);
        peMemory = NULL;
    }
}
//==============================================================================
void PEFile::buildImportTable() {
    DWORD sizeDlls = 0;
    DWORD sizeFunctions = 0;
    DWORD sizeStrings = 0;
    DWORD newImportsSize = calcNewImportsSize(sizeDlls, sizeFunctions, sizeStrings);

    // we'll move the old dll list to the new import table, so we'll calc its size
    DWORD oldImportDllsSize = 0;
    PE_IMPORT_DLL* importDll = &this->importTable;
    while (importDll != NULL) {
        oldImportDllsSize += sizeof(IMAGE_IMPORT_DESCRIPTOR);
        importDll = importDll->Next;
    }

    // add a new section to handle the new import table
    int index = addSection(SECTION_IMPORT, oldImportDllsSize + newImportsSize, false);

    // copy old import dll list
    DWORD oldImportTableRVA = peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
    DWORD oldImportTableOffset = rvaToOffset(oldImportTableRVA);
    CopyMemory(sections[index].RawData, peMemory + oldImportTableOffset, oldImportDllsSize);

    // copy new imports
    char* newImportsData = buildNewImports(sectionTable[index].VirtualAddress + oldImportDllsSize);
    CopyMemory(sections[index].RawData + oldImportDllsSize, newImportsData, newImportsSize);

    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress = sectionTable[index].VirtualAddress;
    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = sectionTable[index].SizeOfRawData;
    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress = 0;
    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size = 0;
}
//==============================================================================
char* PEFile::buildNewImports(DWORD baseRVA) {
    commit();

    IMAGE_IMPORT_DESCRIPTOR importDesc;
    IMAGE_THUNK_DATA importThunk;
    PE_IMPORT_DLL* importDll;
    PE_IMPORT_FUNCTION* importFunction;

    DWORD sizeDlls = 0;
    DWORD sizeFunctions = 0;
    DWORD sizeStrings = 0;
    DWORD newImportsSize = calcNewImportsSize(sizeDlls, sizeFunctions, sizeStrings);
    DWORD offsetDlls = 0;
    DWORD offsetFunctions = sizeDlls;
    DWORD offsetStrings = sizeDlls + 2 * sizeFunctions;

    char* buffer = new char[newImportsSize];
    ZeroMemory(buffer, newImportsSize);

    importDll = &newImports;
    while (importDll != NULL) {
        ZeroMemory(&importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR));
        importDesc.OriginalFirstThunk = baseRVA + offsetFunctions;
        importDesc.FirstThunk = baseRVA + offsetFunctions + sizeFunctions;
        importDesc.Name = baseRVA + offsetStrings;
        CopyMemory(buffer + offsetStrings, importDll->DllName, strlen(importDll->DllName));     
        offsetStrings += alignNumber((DWORD)strlen(importDll->DllName) + 1, 2);

        CopyMemory(buffer + offsetDlls, &importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR));
        offsetDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR);

        importFunction = importDll->Functions;
        while (importFunction != NULL) {
            ZeroMemory(&importThunk, sizeof(IMAGE_THUNK_DATA));
            if (importFunction->FunctionId != 0) {
                importThunk.u1.Ordinal = importFunction->FunctionId | IMAGE_ORDINAL_FLAG32;
            } else {
                importThunk.u1.AddressOfData = baseRVA + offsetStrings;
                CopyMemory(buffer + offsetStrings + 2, importFunction->FunctionName, strlen(importFunction->FunctionName));     
                offsetStrings += 2 + alignNumber((DWORD)strlen(importFunction->FunctionName) + 1, 2);
            }

            CopyMemory(buffer + offsetFunctions, &importThunk, sizeof(IMAGE_THUNK_DATA));
            CopyMemory(buffer + offsetFunctions + sizeFunctions, &importThunk, sizeof(IMAGE_THUNK_DATA));
            offsetFunctions += sizeof(IMAGE_THUNK_DATA);

            importFunction = importFunction->Next;
        }
        offsetFunctions += sizeof(IMAGE_THUNK_DATA);

        importDll = importDll->Next;
    }

    return buffer;
}
//==============================================================================
DWORD PEFile::calcNewImportsSize(DWORD &sizeDlls, DWORD &sizeFunctions, DWORD &sizeStrings) {
    PE_IMPORT_DLL* importDll = &this->newImports;
    PE_IMPORT_FUNCTION* importFunction;

    // calc added imports size
    while (importDll != NULL) {
        sizeDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR);
        sizeStrings += alignNumber((DWORD)strlen(importDll->DllName) + 1, 2);
        importFunction = importDll->Functions;
        while (importFunction != NULL) {
            sizeFunctions += sizeof(IMAGE_THUNK_DATA);
            if (importFunction->FunctionId == 0) {
                sizeStrings += 2 + alignNumber((DWORD)strlen(importFunction->FunctionName) + 1, 2);
            }
            importFunction = importFunction->Next;
        }
        sizeFunctions += sizeof(IMAGE_THUNK_DATA); // for the terminator thunk data
        importDll = importDll->Next;
    }
    sizeDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR); // for the terminator import descriptor

    return sizeDlls + 2 * sizeFunctions + sizeStrings;
}
//==============================================================================
int PEFile::addSection(char* name, DWORD size, bool isExecutable) {
    if (peHeaders.FileHeader.NumberOfSections == MAX_SECTION_COUNT) {
        return -1;
    }

    PE_SECTION_DATA &newSection = sections[peHeaders.FileHeader.NumberOfSections];
    PE_SECTION_HEADER &newSectionHeader = sectionTable[peHeaders.FileHeader.NumberOfSections];
    PE_SECTION_HEADER &lastSectionHeader = sectionTable[peHeaders.FileHeader.NumberOfSections - 1];

    DWORD sectionSize = alignNumber(size, peHeaders.OptionalHeader.FileAlignment);
    DWORD virtualSize = alignNumber(sectionSize, peHeaders.OptionalHeader.SectionAlignment);

    DWORD sectionOffset = alignNumber(lastSectionHeader.PointerToRawData + lastSectionHeader.SizeOfRawData, peHeaders.OptionalHeader.FileAlignment);
    DWORD virtualOffset = alignNumber(lastSectionHeader.VirtualAddress + lastSectionHeader.Misc.VirtualSize, peHeaders.OptionalHeader.SectionAlignment);

    ZeroMemory(&newSectionHeader, sizeof(IMAGE_SECTION_HEADER));
    CopyMemory(newSectionHeader.Name, name, (strlen(name) > 8 ? 8 : strlen(name)));

    newSectionHeader.PointerToRawData = sectionOffset;
    newSectionHeader.VirtualAddress = virtualOffset;
    newSectionHeader.SizeOfRawData = sectionSize;
    newSectionHeader.Misc.VirtualSize = virtualSize;
    newSectionHeader.Characteristics = //0xC0000040; 
        IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_CNT_INITIALIZED_DATA;

    if (isExecutable) {
        newSectionHeader.Characteristics |= IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE;
    }

    newSection.RawData = (char*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT, sectionSize);
    newSection.Size = sectionSize;

    peHeaders.FileHeader.NumberOfSections++;
    if (reservedData.Size > 0) {
        reservedData.Size -= sizeof(IMAGE_SECTION_HEADER);
    }

    // return new section index
    return peHeaders.FileHeader.NumberOfSections - 1;
}
//==============================================================================
void PEFile::addImport(char* dllName, char** functions, int functionCount) {
    PE_IMPORT_DLL* importDll = &this->newImports;
    PE_IMPORT_FUNCTION* importFunction;

    if (newImports.DllName != NULL) {
        while (importDll->Next != NULL) {
            importDll = importDll->Next;
        }
        importDll->Next = new PE_IMPORT_DLL();
        importDll = importDll->Next;
    }
    importDll->DllName = dllName;
    importDll->Functions = new PE_IMPORT_FUNCTION();
    importDll->Next = NULL;

    importFunction = importDll->Functions;
    importFunction->FunctionName = functions[0];
    for (int i = 1; i < functionCount; i++) {
        importFunction->Next = new PE_IMPORT_FUNCTION();
        importFunction = importFunction->Next;
        importFunction->FunctionName = functions[i];
    }
    importFunction->Next = NULL;
}
//==============================================================================
DWORD PEFile::alignNumber(DWORD number, DWORD alignment) {
    return (DWORD)(ceil(number / (alignment + 0.0)) * alignment);
}
//==============================================================================
DWORD PEFile::rvaToOffset(DWORD rva) {
    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        if (rva >= sectionTable[i].VirtualAddress &&
            rva < sectionTable[i].VirtualAddress + sectionTable[i].Misc.VirtualSize) {
            return sectionTable[i].PointerToRawData + (rva - sectionTable[i].VirtualAddress);
        }
    }
    return 0;
}
//==============================================================================
DWORD PEFile::offsetToRVA(DWORD offset) {
    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        if (offset >= sectionTable[i].PointerToRawData &&
            offset < sectionTable[i].PointerToRawData + sectionTable[i].SizeOfRawData) {
            return sectionTable[i].VirtualAddress + (offset - sectionTable[i].PointerToRawData);
        }
    }
    return 0;
}
//==============================================================================
void PEFile::commit() {
    fixReservedData();
    fixHeaders();
    fixSectionTable();
}
//==============================================================================
void PEFile::fixReservedData() {
    DWORD dirIndex = 0;
    for (dirIndex = 0; dirIndex < peHeaders.OptionalHeader.NumberOfRvaAndSizes; dirIndex++) {
        if (peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress > 0 && 
            peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress >= reservedData.Offset &&
            peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress < reservedData.Size) {
            break;
        }
    }

    if (dirIndex == peHeaders.OptionalHeader.NumberOfRvaAndSizes) {
        return;
    }

    int sectionIndex = addSection(SECTION_RESERV, reservedData.Size, false);
    CopyMemory(sections[sectionIndex].RawData, reservedData.RawData, reservedData.Size);

    for (dirIndex = 0; dirIndex < peHeaders.OptionalHeader.NumberOfRvaAndSizes; dirIndex++) {
        if (peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress > 0 &&
            peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress >= reservedData.Offset &&
            peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress < reservedData.Size) {
            peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress += 
                sectionTable[sectionIndex].VirtualAddress - reservedData.Offset;
        }
    }

    reservedData.Size = 0;
}
//==============================================================================
void PEFile::fixHeaders() {
    peHeaders.OptionalHeader.SizeOfHeaders = alignNumber(dosHeader.PEHeaderOffset + peHeaders.FileHeader.SizeOfOptionalHeader +
        peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER), peHeaders.OptionalHeader.FileAlignment);

    DWORD imageSize = peHeaders.OptionalHeader.SizeOfHeaders;
    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        imageSize += alignNumber(sectionTable[i].Misc.VirtualSize, peHeaders.OptionalHeader.SectionAlignment);
    }
    peHeaders.OptionalHeader.SizeOfImage = alignNumber(imageSize, peHeaders.OptionalHeader.SectionAlignment);

    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
    peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
}
//==============================================================================
void PEFile::fixSectionTable() {
    DWORD offset = peHeaders.OptionalHeader.SizeOfHeaders;
    for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
        sectionTable[i].Characteristics |= IMAGE_SCN_MEM_WRITE;
        offset = alignNumber(offset, peHeaders.OptionalHeader.FileAlignment);
        sectionTable[i].PointerToRawData = offset;
        //sectionTable[i].SizeOfRawData = alignNumber(offset + sectionTable[i].Misc.VirtualSize, peHeaders.OptionalHeader.FileAlignment);
        offset += sectionTable[i].SizeOfRawData;
    }
}
//==============================================================================

#include "PEFile.h"

int main(int argc, char* argv[]) {
    // Open the input file
    PEFile pe("1.exe");

    // Add "MessageBoxA" & "ShowWindow" functions to the import table
    char* functions[] = { "MessageBoxA", "ShowWindow" };
    pe.addImport("user32.dll", functions, 2);

    // Add a new section named ".at4re" with size "0x1000" byte
    pe.addSection(".at4re", 0x1000, false);

    // Save the modified file
    pe.saveToFile("1+.exe");
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

Windows

dll

Automation

portableexecutable

在PE的导入表中添加一个条目 的相关文章

  • 如何以编程方式找出哪台计算机是 Windows 中的域控制器?

    我正在寻找一种方法来确定客户端计算机连接到的给定域的域控制器的名称 IP 地址 在我们公司 我们有很多用于测试的小型网络 其中大多数都有自己的小域 作为示例 其中一个域被命名为 TESTLAB 我有一个 Windows XP 工作站 它是

  • 尝试读取转储时“无法加载符号”

    我的一个应用程序有时会在 Win XP 计算机上导致 BSOD 为了了解更多信息 我加载了生成的 dmp 文件 来自 C Windows Minidump 但在执行此操作时在大部分读数中收到此消息 Symbols can not be lo

  • 通过注册表将上下文菜单项添加到特定扩展

    首先我们要说的是 我使用的是 Windows 10 并且我看过很多有关此主题的帖子 但似乎没有一个适合我 查看这篇文章已经解决了一些问题 但我仍然需要一些帮助 仅针对特定文件类型将菜单项添加到 Windows 上下文菜单 https sta

  • 从 C# 调用非托管 dll。拿2

    我编写了一个 C 程序 它调用一个 C DLL 将命令行参数回显到文件中 当使用 rundll32 命令调用 c 时 它显示命令行参数没有问题 但是当从 c 内部调用它时 它不会显示 我问了这个问题 https stackoverflow

  • 在 powershell 脚本中以不同用户身份本地运行代码块

    这是非常简单的事情 但我就是无法让任何东西发挥作用 我想在特定用户下的 powershell 脚本中运行块代码 关键字是locally我正在使用 powershell 2 0 Invoke Command 似乎需要远程主机 我运行以下命令

  • Windows 版 GitKraken 中的文件名太长

    正如建议的Q22575737 https stackoverflow com a 22575737 6623589 我已经更新了我的注册表并设置了git config system core longpaths true在处理长路径时 问题

  • Jekyll for GitHub Pages 在 Windows 上找不到 rouge

    我刚刚在 Windows 上安装了 Jekyll 我正在尝试使语法突出显示与 rouge 一起使用 我已经设定highlighter rouge在 config yml 上 在文件 posts 2015 08 13 my first pos

  • 如何在 Visual C++ 中宣传 Bonjour 服务

    我试图弄清楚这是否可能 但是通过 Visual C 宣传 Bonjour 服务的最简单方法是什么 您可以使用DNS服务发现客户 dns sd Windows Bonjour 安装程序把它放进去C Windows system32 dns s

  • OSError: [WinError 193] %1 不是有效的 Win32 应用程序,同时使用 CTypes 在 python 中读取自定义 DLL

    我正在尝试编写用 python 封装 C 库的代码 我计划使用 CTypes 来完成此操作 并使用 Visual Studio 来编译我的 DLL 我从一个简单的函数开始 在 Visual Studio 内的标头中添加了以下内容 然后将其构

  • subprocess.Popen('start') 失败

    在 python 中运行此命令将导致 WindowsError 指出找不到指定的文件 FAILS import subprocess subprocess Popen start notepad exe 在命令窗口中 它可以工作 start

  • 如何使用 Excel Interop 获取筛选行的范围?

    我正在为我的项目使用 Excel Interop 程序集 如果我想使用自动过滤器 那么可以使用 sheet UsedRange AutoFilter 1 SheetNames 1 Microsoft Office Interop Excel

  • 在 matlab 代码中使用 dll 文件

    我需要使用 Matlab 中由 dll 文件定义的函数 我有一个例子 那个家伙将 dll 转换为 mexw32 文件 但我知道我是如何做到这一点的 我尝试使用加载库但它没有创建任何文件 我怎样才能做到这一点 loadlibrary http

  • “此应用程序已请求运行时以异常方式终止它”的原因是什么?

    Visual C 运行时抛出一个常见错误 此应用程序已请求运行时以异常方式终止它 请联系应用程序的支持团队以获取更多信息 该错误消息实际上是什么意思mean 让我用一个比喻来准确地解释我的问题 如果我看到一条消息 异常 访问冲突 0xc00

  • dia2dump:CoCreateInstance 失败 - HRESULT = 80040154

    我正在尝试使用 Visual Studio 2017 及其在 Windows 7 x64 上转储 PDB 的签名dia2dump https msdn microsoft com en us library b5ke49f5 aspx 我加

  • (Tcl/Expect) 退出后清屏

    我想在退出我的 半 交互式期望脚本后清除屏幕 在本地计算机上 我可以在脚本中做到这一点吗 这是我尝试过的 但失败了 usr bin expect f set env TERM vt100 spawn ssh Y username domai

  • Boost + Visual Studio 2010 + Windows 平台 SDK 7.1

    有人可以告诉我 bjam 的命令行开关或其他可以使用新的 Windows Platform SDK 7 1 工具链使用 VS2010 进行 boost 编译的东西吗 您可以在普通的视觉工作室项目中设置该选项 默认值是 v100 是平台 7

  • opencv人脸检测示例

    当我在设备上运行应用程序时 应用程序崩溃并显示以下按摩 java lang UnsatisfiedLinkError 无法加载 detector based tracker findLibrary 返回 null 我正在使用 OpenCV

  • 使用 Windows 批处理文件在文本文件中添加新行

    我有一个文本文件 其中有 200 多行 我只想在第 4 行之前添加一个新行 我使用的是 Windows XP 输入前的示例文本文件 header 1 header 2 header 3 details 1 details 2 输出后 hea

  • 哪个版本的 Miniconda 具有适用于 Windows 64 位的 Python 3.6?

    我正在开发一个需要这些深度学习库的项目 keras 和 tensorflow 不幸的是 这些不适用于 Python 3 7 有人可以告诉我一个带有 Python 3 6 的 Miniconda 版本 适用于 Windows 64 位 吗 我

  • Labview 2011 中的 DLL 加载错误

    我在 LabVIEW 中加载 DLL 时遇到了问题 我正在使用 LabVIEW 连接到流量计 为此 制造流量计的公司非常好地为我提供了一个子 VI 库 这些子 VI 中的每一个都调用该公司提供的两个 DLL 库之一中的函数 因此 这些子 V

随机推荐

热门标签