1.問題描述:
2.**實現:
#include#include#include#define test 1
dword toloaderpe(lpstr file_path, pvoid* pfilebuffer);
bool memorytofile(pvoid pmembuffer, dword size, lpstr lpszfile);
dword alignment(dword alignment_value, dword addend, dword address);
dword testenlargesection(pvoid* pfilebuffer, pvoid* penlargersection);
char file_path = "c:\\users\\njupt\\desktop\\ipmsg2007.exe";
char write_enlargersec_file_path = "d:\\lib\\cp_enlargersec_xx.exe";
//返回pe檔案大小
dword toloaderpe(lpstr file_path, pvoid* pfilebuffer)
fseek(pfile, 0, seek_end);
filesize = ftell(pfile);
printf("filebuffer: %#x\n", filesize);
fseek(pfile, 0, seek_set);
pfilebuffertemp = malloc(filesize);
if (!pfilebuffertemp)
dword n = fread(pfilebuffertemp, filesize, 1, pfile);
if (!n)
*pfilebuffer = pfilebuffertemp;
pfilebuffertemp = null;
fclose(pfile);
return filesize;
}bool memorytofile(pvoid pmembuffer, dword size, lpstr lpszfile)
fclose(fp);
printf("store file success!\n");
return 1;
}dword alignment(dword alignment_value, dword addend, dword address)
else
}else
address += n * alignment_value;
return address;
}dword testenlargesection(pvoid* pfilebuffer, pvoid* penlargersection)
memset(penlargersectiontemp, 0, enlargersectotal);
memcpy(penlargersectiontemp, *pfilebuffer, ret_loc2);
pimage_dos_header pdosheader = null;
pimage_nt_headers pntheader = null;
pimage_file_header ppeheader = null;
pimage_optional_header32 poptionheader = null;
pimage_section_header psectionheader = null;
if (!penlargersectiontemp)
//判斷是否是有效的mz標誌
if (*((pword)penlargersectiontemp) != image_dos_signature)
pdosheader = (pimage_dos_header)penlargersectiontemp;
//判斷是否是有效的pe標誌
if (*((pdword)((dword)penlargersectiontemp + pdosheader->e_lfanew)) != image_nt_signature)
pntheader = (pimage_nt_headers)((dword)penlargersectiontemp + pdosheader->e_lfanew);
ppeheader = (pimage_file_header)(((dword)pntheader) + 4);
poptionheader = (pimage_optional_header32)((dword)ppeheader + image_sizeof_file_header);
psectionheader = (pimage_section_header)((dword)poptionheader + ppeheader->sizeofoptionalheader);
//遍歷到最後乙個節表
pimage_section_header psectionheadertemp = psectionheader;
for (dword i = 0; i < ppeheader->numberofsections; i++, psectionheadertemp++)
dword max = (psectionheadertemp->sizeofrawdata > psectionheadertemp->misc.virtualsize ? psectionheadertemp->sizeofrawdata : psectionheadertemp->misc.virtualsize);
psectionheadertemp->sizeofrawdata = max + 0x1000;
psectionheadertemp->misc.virtualsize = max + 0x1000;
poptionheader->sizeofimage = alignment(poptionheader->sectionalignment, psectionheadertemp->misc.virtualsize, poptionheader->sizeofimage);
size_t ret_loc4 = memorytofile(penlargersectiontemp, poptionheader->sizeofimage, write_enlargersec_file_path);
if (!ret_loc4)
*penlargersection = penlargersectiontemp; //暫存的資料傳給引數後釋放
//free(penlargersectiontemp);
penlargersectiontemp = null;
return enlargersectotal;
}void operate()
int main()
乙個簡單的逆向
首先執行程式觀察程式的提示資訊 可以看到程式首先 乙個字串提示 隨便輸乙個 出現另乙個字串u r wrong 然後 od引導程式,字串查詢 看到提示的字串,單擊進入f2 下段點,執行程式,斷在 單步 跟下來 讀取字元函式getch 隨便輸入乙個假碼,eax 的值正是輸入的假碼ascii的碼,可以看出...
原創 手寫乙個PE檔案
手寫乙個pe檔案,首先要對pe檔案有乙個基本的了解。這裡使用的工具是hex workshop6.5。一 開始為乙個結構體,我們來看一下 typedef struct image dos header image dos header,pimage dos header 首先e magic應為0x5a...
按行逆向複製乙個檔案
這是乙個面試題,要求把類似下面的乙個檔案 a.txt 的行逆向複製到另乙個檔案 anew.txt 如下,a.txt begin ab cdef end anew.txt end fe dcba begin 下面是我寫的程式,利用了遞迴演算法。演算法描述在 後面 c program include i...