标题:放下代码,修改节点之初步,修改后不影响文件的执行,意味着可以给文件添加 ...
只看楼主
zhu224039
Rank: 8Rank: 8
等 级:贵宾
威 望:17
帖 子:862
专家分:792
注 册:2012-7-29
结帖率:59.52%
 问题点数:0 回复次数:1 
放下代码,修改节点之初步,修改后不影响文件的执行,意味着可以给文件添加数据,而不影响程序
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include gdi32.inc
includelib gdi32.lib
includelib user32.lib
includelib kernel32.lib
Message  proto :DWORD
movfile proto  :dword,:dword,:dword
IsPeFile proto :dword
MovPeHead proto :dword,:dword,:dword
AddSection proto :dword
.data
     
     szFileName db "E:\stu1\stu2\bin\Debug\main.exe",0
.data?
     hFilehanld dword ?
     szBuff  dword 4096 dup (?)
     szreadnum dword ?
     szbuff1    IMAGE_DOS_HEADER <>
     dwPeRav    dword ?
     szname     db "l456"
.code
     start:
            
            invoke CreateFile,offset szFileName,GENERIC_READ or GENERIC_WRITE,NULL,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
            .IF eax==INVALID_HANDLE_VALUE
                invoke MessageBox,NULL,offset szFileName,NULL,MB_OK
                invoke ExitProcess,NULL
            .endif
            mov hFilehanld ,eax
            invoke ReadFile,hFilehanld,offset szBuff,4096,NULL,NULL
            invoke AddSection,offset szBuff
            invoke SetFilePointer,hFilehanld,0,0,FILE_BEGIN
            invoke WriteFile,hFilehanld,offset szBuff,4096,NULL,NULL
            invoke ExitProcess,NULL
           
           Message proc lpstring:dword
               
               invoke MessageBox,NULL,lpstring,NULL,MB_OK
               ret

           Message endp
           AddSection proc lpDosHead:dword
               mov ebx,lpDosHead
               assume ebx:ptr IMAGE_DOS_HEADER
               mov ebx,[ebx].e_lfanew
               add ebx,lpDosHead
               assume ebx :nothing
               assume ebx:ptr IMAGE_NT_HEADERS
               XOR  EAX,EAX
               mov ax,[ebx].FileHeader.NumberOfSections
               inc [ebx].FileHeader.NumberOfSections
               add [ebx].OptionalHeader.SizeOfImage,1000h
               sub  eax,1
               add  ebx,sizeof IMAGE_NT_HEADERS
               mov  edx,sizeof IMAGE_SECTION_HEADER
               mul  edx
               add  ebx,eax
               assume ebx:nothing
               assume ebx:ptr IMAGE_SECTION_HEADER
               
               
               mov eax,1000h
        
               add  eax,[ebx].VirtualAddress
               push eax
               mov  eax,[ebx].PointerToRawData
               add  eax,[ebx].SizeOfRawData
               push eax
               add  ebx,sizeof IMAGE_SECTION_HEADER
               mov  dword ptr [ebx].Name1, 7845h
               mov  [ebx].Misc.VirtualSize,1000H
               pop  [ebx].PointerToRawData
               pop  [ebx].VirtualAddress
               mov  [ebx].SizeOfRawData,500h
               mov  [ebx].PointerToRelocations,0
               mov  [ebx].NumberOfLinenumbers,0
               mov  [ebx].Characteristics,0
               assume ebx:nothing
               ret

           AddSection endp
         
            
            
     end start

[ 本帖最后由 zhu224039 于 2014-3-16 15:22 编辑 ]
搜索更多相关主题的帖子: include option 影响 
2014-03-16 13:57
hu9jj
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
来 自:红土地
等 级:贵宾
威 望:396
帖 子:11713
专家分:43267
注 册:2006-5-13
得分:0 
可以携带恶意代码?

活到老,学到老! http://www. E-mail:hu-jj@
2014-03-17 15:55



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-428594-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.423547 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved