测试文件注入代码

主要使用就是PE的知识

用到了前面两天的函数代码,这里直接贴主应用代码


void TestAddCodeInCodeSec(LPSTR lpszFile)
{
	LPVOID pFileBuffer = NULL;
	pFileBuffer= ReadPEFile(lpszFile);
	if(!pFileBuffer)
	{
		printf("文件读取失败\n");
		return;
	}
	
	PIMAGE_DOS_HEADER pDosHeader = NULL;
	PIMAGE_NT_HEADERS pNTHeader = NULL;
	PIMAGE_FILE_HEADER pPEHeader = NULL;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
	
	LPVOID pImageBuffer = CopyFileBufferToImageBuffer(pFileBuffer);

	//Header信息
	pDosHeader = (PIMAGE_DOS_HEADER)pImageBuffer;
	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pImageBuffer+pDosHeader->e_lfanew);
	pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
	pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
	

	//确定添加代码的位置
	//1判断能否添加
	if((pSectionHeader->SizeOfRawData-pSectionHeader->Misc.VirtualSize)<=SHELLCODELENGTH){
		printf("空余字节大小不够添加shellCode\n");
		free(pFileBuffer);
		return;
	}

	//size_t file_size = pSectionHeader->SizeOfRawData-pSectionHeader->Misc.VirtualSize;
	//printf("%x \n",file_size);

	//2代码加的位置
	printf("pImageBuffer: %x\n",pImageBuffer);
	DWORD shellLocation =  pSectionHeader->VirtualAddress + pSectionHeader->Misc.VirtualSize;
	//确定位置
	LPVOID pShellLoc = (LPVOID)((DWORD)pImageBuffer + shellLocation);
	printf("pShellLoc: %x\n",pShellLoc);
	
	//拷贝初始化代码到内存
	memcpy(pShellLoc,shellCode,SHELLCODELENGTH);
	
	//修改E8地址
	DWORD  pE8Content = MESSAGEBOXADDR - (((DWORD)pShellLoc+13 )- ((DWORD)pImageBuffer)+ pOptionHeader->ImageBase);
	*(PDWORD)((DWORD)pShellLoc+9)=pE8Content;

	//修改E9地址
	DWORD pE9Content = (pOptionHeader->AddressOfEntryPoint+pOptionHeader->ImageBase) - (((DWORD)pShellLoc+0x12 )- ((DWORD)pImageBuffer)+ pOptionHeader->ImageBase);
	*(PDWORD)((DWORD)pShellLoc+14)=pE9Content;

	//修改OEP
	pOptionHeader->AddressOfEntryPoint = (DWORD)pShellLoc-(DWORD)pImageBuffer;


	//更改完的ImageBuffer,写出到File中
	MemeryTOFile(pImageBuffer,"C://testShell.exe");


	//释放
	free(pFileBuffer);
	free(pImageBuffer);


	return;



}

原文链接: 测试文件注入代码 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( http://gyarmy.com/post-301.html )

发表评论

0则评论给“测试文件注入代码”