資源簡介
PE添加shellcode 添加區段 合并區段 擴大區段 獲取信息
代碼片段和文件信息
#include?
#include?
#include?
DWORD?_ReadFile(IN?LPCSTR?lpszFile?OUT?LPVOID*?pFileBuffer)
{
FILE*?pFile?=?NULL;
DWORD?fileSize?=?0;
LPVOID?pTempFileBuffer?=?NULL;
//打開文件
pFile?=?fopen(lpszFile?“rb“);
if?(!pFile)
return?NULL;
//讀取文件大小
fseek(pFile?0?SEEK_END);
fileSize?=?ftell(pFile);
fseek(pFile?0?SEEK_SET);
//分配緩沖區
pTempFileBuffer?=?malloc(fileSize);
if?(!pTempFileBuffer)
{
fclose(pFile);
return?NULL;
}
//將文件數據讀取到緩沖區
size_t?n?=?fread(pTempFileBuffer?fileSize?1?pFile);
if?(!n)
{
free(pTempFileBuffer);
fclose(pFile);
return?NULL;
}
//傳出參數?關閉文件
*pFileBuffer?=?pTempFileBuffer;
fclose(pFile);
return?fileSize;
}
BOOL?NewFileBufferToFile(IN?LPVOID?pNewFileBuffer?IN?DWORD?dwSize?IN?LPCSTR?lpszFile)
{
//新文件指針是否為NULL
if?(pNewFileBuffer?==?NULL)
return?FALSE;
//保存EXE文件
FILE*?pFile?=?fopen(lpszFile?“wb“);
if?(!pFile)
return?FALSE;
DWORD?dwFileSize?=?fwrite(pNewFileBuffer?dwSize?1?pFile);
if?(!dwFileSize)
{
fclose(pFile);
return?FALSE;
}
fclose(pFile);
return?TRUE;
}
//給文件加ShellCode
BOOL?AddShellCodeByFileBuffer(IN?LPVOID?pFileBuffer?IN?DWORD?dwFileSize?IN?DWORD?dwSectionIndex?OUT?LPVOID*?pNewFileBuffer)
{
//獲取MessageBoxA的地址??每一臺機器上都不一樣
HMODULE?hUser32?=?LoadLibraryA(“user32.dll“);
if?(!hUser32)?
return?FALSE;
DWORD?MessageboxAAddress?=?(DWORD)GetProcAddress(hUser32?“MessageBoxA“);
//ShellCode
BYTE?messageBuffer[]?=?“This?Is?a?Test?Message!“;
BYTE?shellCodeBuffer[22]?=?{?0x6A0x00?????//push?0?
???0x6A0x00?????//push?0?
???0xB80x000x000x000x00??//mov?eax[message]
???0x50??????????????????????//push?eax
???0x6A0x00?????????????????//push?0
???0xE80x000x000x000x00
???0xE90x000x000x000x00?};
//文件緩沖區指針是否為NULL
if?(pFileBuffer?==?NULL)
return?FALSE;
//是否含有MZ標志
if?(*((PWORD)pFileBuffer)?!=?IMAGE_DOS_SIGNATURE)
return?FALSE;
//是否找到NT頭
PIMAGE_DOS_HEADER?pDosHeader?=?(PIMAGE_DOS_HEADER)pFileBuffer;
if?(*((PDWORD)((BYTE*)pFileBuffer?+?pDosHeader->e_lfanew))?!=?IMAGE_NT_SIGNATURE)
return?FALSE;
//申請內存并初始化為0
LPVOID?pTempNewFileBuffer?=?calloc(1?dwFileSize);
if?(!pTempNewFileBuffer)
return?FALSE;
//Copy一份新的
memcpy(pTempNewFileBuffer?pFileBuffer?dwFileSize);
//初始化PE結構指針
PIMAGE_NT_HEADERS?pNTHeader?=?(PIMAGE_NT_HEADERS)((BYTE*)pTempNewFileBuffer?+?pDosHeader->e_lfanew); //NT頭指針
PIMAGE_FILE_HEADER?pFileHeader?=?(PIMAGE_FILE_HEADER)((BYTE*)pNTHeader?+?sizeof(DWORD)); //標準PE頭
PIMAGE_OPTIONAL_HEADER?pOptionHeader?=?(PIMAGE_OPTIONAL_HEADER)((BYTE*)pFileHeader?+?IMAGE_SIZEOF_FILE_HEADER);?//可選PE頭
PIMAGE_SECTION_HEADER?pSectionHeader?=?(PIMAGE_SECTION_HEADER)((BYTE*)pOptionHeader?+?pFileHeader->SizeOfOptionalHeader);?//區段表頭
//定位到指定區段
pSectionHeader?+=?dwSectionIndex;
//計算該段空區大小
DWORD?SpaceSize?=?pSectionHeader->SizeOfRawData?-?pSectionHeader->Misc.V?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件???????4522??2020-08-31?09:15??PE_Demo.sln
?????文件??????34756??2020-08-30?17:46??PE_AddSection\Debug\main.obj
?????文件????????279??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.exe.recipe
?????文件????????621??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.log
?????文件????????798??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\CL.command.1.tlog
?????文件??????19928??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\CL.read.1.tlog
?????文件????????588??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\CL.write.1.tlog
?????文件???????1276??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\li
?????文件???????2580??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\li
?????文件????????566??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\li
?????文件????????175??2020-08-30?17:46??PE_AddSection\Debug\PE_AddSection.tlog\PE_AddSection.lastbuildstate
?????文件?????240640??2020-08-30?17:46??PE_AddSection\Debug\vc142.idb
?????文件?????151552??2020-08-30?17:46??PE_AddSection\Debug\vc142.pdb
?????文件??????10259??2020-08-31?09:15??PE_AddSection\main.cpp
?????文件???????7196??2020-08-30?09:04??PE_AddSection\PE_AddSection.vcxproj
?????文件????????966??2020-08-30?09:04??PE_AddSection\PE_AddSection.vcxproj.filters
?????文件????????168??2020-08-30?08:56??PE_AddSection\PE_AddSection.vcxproj.user
?????文件??????32659??2020-08-30?11:25??PE_AddShellCode\Debug\main.obj
?????文件????????281??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.exe.recipe
?????文件???????1697??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.log
?????文件????????798??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\CL.command.1.tlog
?????文件??????19928??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\CL.read.1.tlog
?????文件????????600??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\CL.write.1.tlog
?????文件???????1292??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\li
?????文件???????2826??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\li
?????文件????????582??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\li
?????文件????????175??2020-08-30?11:25??PE_AddShellCode\Debug\PE_AddShellCode.tlog\PE_AddShellCode.lastbuildstate
?????文件?????240640??2020-08-30?11:25??PE_AddShellCode\Debug\vc142.idb
?????文件?????102400??2020-08-30?11:25??PE_AddShellCode\Debug\vc142.pdb
?????文件???????8887??2020-08-30?11:25??PE_AddShellCode\main.c
............此處省略84個文件信息
評論
共有 條評論
川公網安備 51152502000135號