重定位表修复测试

直接更改文件的ImageBase，进行的测试

void testUseReloc(LPSTR lpszFile)
{
	LPVOID pFileBuffer = NULL;
	pFileBuffer= ReadPEFile(lpszFile);
	if(!pFileBuffer)
	{
		printf("文件读取失败\n");
		return;
	}

	PIMAGE_DOS_HEADER pDosHeader = NULL;
	PIMAGE_NT_HEADERS pNTHeader = NULL;
	PIMAGE_FILE_HEADER pPEHeader = NULL;
	PIMAGE_OPTIONAL_HEADER32 pOptionHeader = NULL;
	PIMAGE_SECTION_HEADER pSectionHeader = NULL;
	PIMAGE_DATA_DIRECTORY DataDirectory=NULL;
	PIMAGE_SECTION_HEADER pSectionHeader_LAST = NULL;

	//Header信息
	pDosHeader = (PIMAGE_DOS_HEADER)pFileBuffer;
	pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)pFileBuffer+pDosHeader->e_lfanew);
	pPEHeader = (PIMAGE_FILE_HEADER)(((DWORD)pNTHeader)+4);
	pOptionHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pPEHeader+IMAGE_SIZEOF_FILE_HEADER);
	pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)pOptionHeader+pPEHeader->SizeOfOptionalHeader);
	pSectionHeader_LAST = (PIMAGE_SECTION_HEADER)((DWORD)pSectionHeader+(pPEHeader->NumberOfSections-1)*40);
	//定位Directory_Data;
	DataDirectory = pOptionHeader->DataDirectory;
	
	//重定位表

	printf("IMAGE_DIRECTORY_ENTRY_BASERELOC: Address: %x ,Size: %x \n",DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress,
		DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size);

	//DWORD RVAToFileOffset(LPVOID pFileBuffer,DWORD dwRva)
	DWORD FoA = RVAToFileOffset(pFileBuffer,0x2df10);
	
	DWORD BaseReloc_Directory_Address = DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
	DWORD BaseReloc_Directory_Size = DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
	FoA = RVAToFileOffset(pFileBuffer,BaseReloc_Directory_Address);
	

	//定位到第一个重定位块
	PIMAGE_BASE_RELOCATION pRelocData = (PIMAGE_BASE_RELOCATION)((DWORD)pFileBuffer + FoA);
	
	//输出所有的标信息
	while(pRelocData->VirtualAddress||pRelocData->SizeOfBlock)
	{
		DWORD RelocVirtualAddress = pRelocData->VirtualAddress;
		DWORD RelocSize = pRelocData->SizeOfBlock;

		printf("VirtualSize: %x ,Size: %x , Number: %x  \n",RelocVirtualAddress,RelocSize,(RelocSize-8)/2);
		
		int k = (RelocSize-8)/2;
		PWORD pMyRelocAddress = NULL;
		pMyRelocAddress = (PWORD)((DWORD)pRelocData+8);
		
		for(int i=0;i<k;i++)
		{
			printf("第%x个 : 标志 : %x 偏移 : %x\n",i+1,pMyRelocAddress[i]&0xF000,RelocVirtualAddress+(pMyRelocAddress[i]&0x0FFF));
			//依次进行修改
			DWORD changeRVA = RelocVirtualAddress+(pMyRelocAddress[i]&0x0FFF);
			DWORD changeFoa = RVAToFileOffset(pFileBuffer,changeRVA);

			printf("changeRVA:%x   changeFoa: %x \n",changeRVA,changeFoa);

			if((pMyRelocAddress[i]&0xF000) == 0x3000)
			{
				//修改数据:
				PDWORD myAddress = (PDWORD)((DWORD)pFileBuffer + changeFoa);
				printf("myAddress: %x\n",*myAddress);
				*myAddress = *myAddress - 0x10000000 + 0x20000000;
				printf("change :myAddress: %x\n",*myAddress);
			}
		}
		pRelocData = (PIMAGE_BASE_RELOCATION)((DWORD)pRelocData + RelocSize);
	}

	//写出dll
	//确定大小
	LPVOID pFileBuffer_Start = pFileBuffer;
	DWORD FileSize = pSectionHeader_LAST->PointerToRawData + pSectionHeader_LAST->SizeOfRawData;	
	WirteToFile(pFileBuffer,FileSize,"C://changeDll.dll");

}