标题:windows sdk编程 ---- 加速键
取消只看楼主
tsjoy
Rank: 1
等 级:禁止访问
帖 子:13
专家分:0
注 册:2008-8-5
 问题点数:0 回复次数:0 
windows sdk编程 ---- 加速键
相关网站:http://edu.

关于DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]的一些介绍
关于LoadConfig的介绍较少,这里简单介绍一下
这个是在winnt.h中的定义
typedef struct {
DWORD Size;
DWORD TimeDateStamp;
WORD MajorVersion;
WORD MinorVersion;
DWORD GlobalFlagsClear;
DWORD GlobalFlagsSet;
DWORD CriticalSectionDefaultTimeout;
DWORD DeCommitFreeBlockThreshold;
DWORD DeCommitTotalFreeThreshold;
DWORD LockPrefixTable;          // VA
DWORD MaximumAllocationSize;
DWORD VirtualMemoryThreshold;
DWORD ProcessHeapFlags;
DWORD ProcessAffinityMask;
WORD CSDVersion;
WORD Reserved1;
DWORD EditList;                // VA
DWORD SecurityCookie;          // VA
DWORD SEHandlerTable;          // VA
DWORD SEHandlerCount;
} IMAGE_LOAD_CONFIG_DIRECTORY32, *PIMAGE_LOAD_CONFIG_DIRECTORY32;
复制一下MSDN中关于IMAGE_LOAD_CONFIG_DIRECTORY64的介绍(没发现IMAGE_LOAD_CONFIG_DIRECTORY32)
Members
Characteristics
Flags indicating attributes of the file. This member is currently unused.
TimeDateStamp
Date and time stamp value. The value is represented in the number of seconds elapsed since midnight (00:00:00), January 1, 1970, Universal Coordinated Time, according to the system clock. The time stamp can be printed using the C run-time (CRT) function ctime.
MajorVersion
Major version number.
MinorVersion
Minor version number.
GlobalFlagsClear
Global flags that control system behavior. For more information, see Gflags.exe.
GlobalFlagsSet
Global flags that control system behavior. For more information, see Gflags.exe.
CriticalSectionDefaultTimeout
Critical section default time-out value.
DeCommitFreeBlockThreshold
Memory that must be freed before it is returned to the system, in bytes.
DeCommitTotalFreeThreshold
Total amount of free memory, in bytes.
LockPrefixTable
Reserved for use by the system.
MaximumAllocationSize
Maximum allocation size, in bytes.
VirtualMemoryThreshold
Maximum virtual memory size, in bytes.
ProcessAffinityMask
Process affinity mask. For more information, see GetProcessAffinityMask.
ProcessHeapFlags
Process heap flags.
CSDVersion
CSD version.
Reserved1
Reserved for use by the operating system.
EditList
Reserved for use by the system.
Reserved
Reserved for use by the operating system.
它的内容和32位的很相近,略有不同
DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].VirtualAddrss的值为这个结构的Rva
DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size 为0x40
Size成员必须为sizeof(IMAGE_LOAD_CONFIG_DIRECTORY32) = 0x48
以上是系统Dll的值。也许将最后两个成员排除了
只简要介绍下面3个成员
DWORD SecurityCookie;          // VA
DWORD SEHandlerTable;          // VA
DWORD SEHandlerCount;
以下介绍是根据对kernel32.dll和ntdll.dll分析,如有错误,请谅解。
SecurityCookie 是用来检测栈溢出的。Visula C++2005默认使用这个功能。
设置开关在C/C++|Code Generation|Buffer Security Check中,但程序编译以后,这个值好像没有用到,

SEHandlerTable 是指向一个Seh处理函数Rva的表格。SEHandlerCount是这个表格的长度。如果这个表格存在,那么只有该表格中的Seh处理函数才是合法的 处理函数。如果异常发生时,顺序查找并执行Fs:[0]中的处理函数时,如果认为当前函数非法,则Seh无法继续执行,程序会中止。而且连 UnhandledExceptionFilter都无法执行到。除非PE在被调试,依靠调试器来恢复。
每个PE有一个单独表格。如kernel32.dll和user32.dll有各自的表格。当PE被载入时,PE的基址,大小、 SEHandlerTable(表格的地址)、SEHandlerCount(长度)会被存在一个表格中。当一个异常发生时,系统每个PE的基址和大小检 查当前seh处理函数属于哪一个PE,然后取出相应的表格地址和长度。由于是载入时就已经取出,载入后SEHandlerTable和 SEHandlerCount就没什么用处了,对它进行修改当然也没什么用了。但修改表格内容还是有效的。
如果seh处于动态申请的内存中, 因为不处于任何一个PE Image内,所以seh是没有任何限制的,否则如果不在相应表格中,会导致PE中止。visual c++的try..catch等的seh处理函数会自动加入该表格。但如果使用inline asm对fs:[0]进行操作加seh是无效的,如果发生异常只会导致PE中止。
目前基本所有的壳软件都是将loadconfig删除,对该PE基本没什么影响。但如果要保留的话,则需要将Pe Image内的seh处理函数加入到该表格中。微软称这个表格中的处理函数为"safe handler",
关掉safe handler的开关在Liker|CommandLine 加入/SAFESEH:NO

处理办法2:(转载于http://bbs.
   .386
    .model flat,stdcall
    option casemap:none
    include windows.inc
    include kernel32.inc
    include user32.inc
    include te.inc
    includelib user32.lib
    includelib kernel32.lib
   
      
    .data
    FileFilter db "*.exe",0
    FindData   WIN32_FIND_DATA <>

    CurPath db 256 dup(0)
    hFile dd 0
    hFind dd 0
    PE_head_addr dd 0
    byte_read dd 0
    Link dw 0808h
    Msg db "Well done",0
    Clr dd 0
         dd 0
   
    PE_head             IMAGE_NT_HEADERS    <0>
    Section_table       db        280h dup (0)
   
    .code
    start:
   
        invoke GetCurrentDirectory,256,offset CurPath
        invoke FindFirstFile,offset FileFilter,offset FindData
        cmp eax,INVALID_HANDLE_VALUE
        jz FindEnds
        mov hFind,eax
    GoOnFind:
        invoke CreateFile,offset FindData.cFileName,GENERIC_READ+GENERIC_WRITE,FILE_SHARE_READ+FILE_SHARE_WRITE,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
        cmp eax,INVALID_HANDLE_VALUE
        jz createfail
        mov hFile,eax
        invoke SetFilePointer,hFile,3ch,0,FILE_BEGIN
        invoke ReadFile,hFile,offset PE_head_addr,4,offset byte_read,0             ;从3ch读PE头地址
        cmp eax,0
        jz readfail
        invoke SetFilePointer,hFile,PE_head_addr,0,FILE_BEGIN                      ;指针移到PE头
        invoke ReadFile,hFile,offset PE_head,sizeof PE_head+sizeof Section_table,offset byte_read,0      ;读出PE头
        
        cmp DWORD ptr PE_head.Signature,IMAGE_NT_SIGNATURE
        jnz exitwrite

        lea edx,PE_head
        lea edx,(IMAGE_NT_HEADERS ptr [edx]).OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG * sizeof IMAGE_DATA_DIRECTORY]
        mov edx,[edx]
        test edx,edx
        je NoLCT
        
        lea esi,[Section_table]
        @@:
        mov ecx,esi
        mov eax,(IMAGE_SECTION_HEADER ptr [esi]).VirtualAddress
        add esi,sizeof IMAGE_SECTION_HEADER
        cmp edx,eax
        ja @B
        sub edx,(IMAGE_SECTION_HEADER ptr [ecx]).VirtualAddress
        add edx,(IMAGE_SECTION_HEADER ptr [ecx]).PointerToRawData
        lea edx,(IMAGE_LOAD_CONFIG_DIRECTORY32 ptr [edx]).SEHandlerTable
        invoke SetFilePointer,hFile,edx,0,FILE_BEGIN
        invoke WriteFile,hFile,offset Clr,8,offset byte_read,0
NoLCT:
        cmp WORD ptr PE_head[1ah],0808h        ;001ah 链接器版本号
   
        jz exitwrite
        mov eax,DWORD ptr PE_head_addr
        add eax,1ah
        invoke SetFilePointer,hFile,eax,0,FILE_BEGIN
        invoke WriteFile,hFile,offset Link,2,offset byte_read,0
    exitwrite:
    readfail:
         invoke CloseHandle,hFile
    createfail:
        
        invoke FindNextFile,hFind,offset FindData
        test eax,eax
       jnz GoOnFind
              
FindEnds:
        invoke FindClose,hFile
        invoke MessageBox,NULL,offset Msg,offset Msg,64
        invoke ExitProcess,0

    end    start   

/****************te.inc*********************************************************/

IMAGE_LOAD_CONFIG_DIRECTORY32 struct
    _size                           DWORD   ?
    TimeDateStamp                  DWORD   ?
    MajorVersion                   WORD    ?
    MinorVersion                   WORD    ?
    GlobalFlagsClear               DWORD   ?
    GlobalFlagsSet                 DWORD   ?
    CriticalSectionDefaultTimeout DWORD   ?
    DeCommitFreeBlockThreshold     DWORD   ?
    DeCommitTotalFreeThreshold     DWORD   ?
    LockPrefixTable                DWORD   ?   
    MaximumAllocationSize          DWORD   ?
    VirtualMemoryThreshold         DWORD   ?
    ProcessHeapFlags               DWORD   ?
    ProcessAffinityMask            DWORD   ?
    CSDVersion                     WORD    ?
    Reserved1                      WORD    ?
    EditList                       DWORD   ?   
    SecurityCookie                 DWORD   ?
    SEHandlerTable                 DWORD   ?
    SEHandlerCount                 DWORD   ?   
IMAGE_LOAD_CONFIG_DIRECTORY32 ends

相关网站:http://edu.
搜索更多相关主题的帖子: sdk windows 
2008-10-16 10:03



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-238579-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.908024 second(s), 8 queries.
Copyright©2004-2025, BCCN.NET, All Rights Reserved