我正在寻找一个命令行程序来向 PE 文件的导入表添加一个条目。 我的目标是从外部 DLL 添加一个新的导入函数到我的 EXE,然后使用 ollydbg 使用代码洞穴插入新代码。新代码将使用新导入的函数。
实际上我已经实现了我的目标,但是为了向我使用的导入表添加一个新条目 Stud_PE ,这是一个 GUI 应用程序,我想自动化这部分过程。
我会考虑以编程方式解决方案,但我担心 PE 结构太复杂,我无法在我的时间范围内学习和探索。此外,如果一个实现已经存在,那么不使用它是一种耻辱。 :-)
最佳答案
找到了正在寻找的东西。
m-PEFile for c++: http://forum.exetools.com/showpost.php?s=17e7516356489bb9dd17e294e147ef96&p=60183&postcount=3
另请查看 python 的 pefile:http://code.google.com/p/pefile/
和 PE/COFF 4J 用于 java:http://pecoff4j.sourceforge.net/
我认为 PE/COFF 4J 的功能有限,但也许您会发现它很有用。
代码:PEFile.h
/*******************************************************************************
******************************** Team AT4RE ********************************
********************************************************************************
******************* PLEASE DON'T CHANGE/REMOVE THIS HEADER *******************
********************************************************************************
** **
** Title: PEFile class. **
** Desc: A handy class to manipulate pe files. **
** Author: MohammadHi [ in4matics at hotmail dot com ] **
** WwW: AT4RE [ http://www.at4re.com ] **
** Date: 2008-01-28 **
** **
********************************************************************************
*******************************************************************************/
/*
[ PE File Format ]
---------------------
| DOS Header |
---------------------
| DOS Stub |
---------------------
| PE Header |
---------------------
| Section Table |
---------------------
| Padding |
---------------------
| Section 1 |
---------------------
| Section 2 |
---------------------
| ... |
---------------------
| Section n |
---------------------*/
//==============================================================================
#pragma once
#pragma pack(1)
//==============================================================================
#include <windows.h>
//==============================================================================
#define MAX_SECTION_COUNT 64
#define SECTION_IMPORT "@.import"
#define SECTION_RESERV "@.reserv"
//==============================================================================
struct PE_DOS_HEADER {
WORD Signature;
WORD LastPageBytes;
WORD NumberOfPages;
WORD Relocations;
WORD HeaderSize;
WORD MinMemory;
WORD MaxMemory;
WORD InitialSS;
WORD InitialSP;
WORD Checksum;
WORD InitialIP;
WORD InitialCS;
WORD RelocTableOffset;
WORD Overlay;
WORD Reserved1[4];
WORD OemId;
WORD OemInfo;
WORD Reserved2[10];
LONG PEHeaderOffset;
};
struct PE_DOS_STUB {
char* RawData;
DWORD Size;
};
struct PE_SECTION_DATA {
DWORD Offset;
char* RawData;
DWORD Size;
};
struct PE_IMPORT_FUNCTION {
char* FunctionName;
int FunctionId;
PE_IMPORT_FUNCTION* Next;
};
struct PE_IMPORT_DLL {
char* DllName;
PE_IMPORT_FUNCTION* Functions;
PE_IMPORT_DLL* Next;
};
//==============================================================================
typedef IMAGE_NT_HEADERS PE_NT_HEADERS;
typedef IMAGE_SECTION_HEADER PE_SECTION_HEADER;
//==============================================================================
class PEFile {
public:
PE_DOS_HEADER dosHeader;
PE_DOS_STUB dosStub;
PE_NT_HEADERS peHeaders;
PE_SECTION_HEADER sectionTable[MAX_SECTION_COUNT];
PE_SECTION_DATA reservedData;
PE_SECTION_DATA sections[MAX_SECTION_COUNT];
PE_IMPORT_DLL importTable;
PE_IMPORT_DLL newImports;
PEFile();
PEFile(char* filePath);
~PEFile();
bool loadFromFile(char* filePath);
bool loadFromMemory(char* memoryAddress);
bool saveToFile(char* filePath);
int addSection(char* name, DWORD size, bool isExecutable);
void addImport(char* dllName, char** functions, int functionCount);
void commit();
private:
char* peMemory;
void init();
bool readFileData(char* filePath);
bool checkValidity();
bool readHeaders();
bool readBody();
bool readImportTable();
bool writePadding(HANDLE fileHandle, long paddingSize);
void unloadFile();
void buildImportTable();
char* buildNewImports(DWORD baseRVA);
DWORD calcNewImportsSize(DWORD &sizeDlls, DWORD &sizeFunctions, DWORD &sizeStrings);
DWORD alignNumber(DWORD number, DWORD alignment);
DWORD rvaToOffset(DWORD rva);
DWORD offsetToRVA(DWORD offset);
void fixReservedData();
void fixHeaders();
void fixSectionTable();
};
//==============================================================================
代码:PEFile.cpp
/*******************************************************************************
******************************** Team AT4RE ********************************
********************************************************************************
******************* PLEASE DON'T CHANGE/REMOVE THIS HEADER *******************
********************************************************************************
** **
** Title: PEFile class. **
** Desc: A handy class to manipulate pe files. **
** Author: MohammadHi [ in4matics at hotmail dot com ] **
** WwW: AT4RE [ http://www.at4re.com ] **
** Date: 2008-01-28 **
** **
********************************************************************************
*******************************************************************************/
#include "PEFile.h"
#include <math.h>
//==============================================================================
#define DEBUG_ENABLED true;
#ifdef DEBUG_ENABLED
#define echo(x) MessageBox(0, x, "DEBUG", MB_ICONERROR);
#define echo2(x, y) { char v[256]; strcpy_s(v, 256, x); strcat_s(v, 256, y); echo(v); }
#define echo3(x, y, z) { char w[256]; strcpy_s(w, 256, x); strcat_s(w, 256, y); echo2(w, z); }
#else
#define echo(x) ;
#define echo2(x, y) ;
#define echo3(x, y, z) ;
#endif
//==============================================================================
PEFile::PEFile() {
init();
}
//==============================================================================
PEFile::PEFile(char* filePath) {
init();
loadFromFile(filePath);
}
//==============================================================================
PEFile::~PEFile() {
unloadFile();
}
//==============================================================================
void PEFile::init() {
peMemory = NULL;
ZeroMemory(&newImports, sizeof(PE_IMPORT_DLL));
}
//==============================================================================
bool PEFile::readFileData(char* filePath) {
// open the file for read
HANDLE fileHandle = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (fileHandle == INVALID_HANDLE_VALUE) {
echo3("Couldn't open file : [", filePath, "]");
return false;
}
// get the file size
DWORD fileSize = GetFileSize(fileHandle, 0);
if (fileSize == 0) {
CloseHandle(fileHandle);
echo3("File size is ZeR0! : [", filePath, "]");
return false;
}
// allocate memory to read the pe file (note that we used VirtualAlloc not GlobalAlloc!)
peMemory = (char*)VirtualAlloc(NULL, fileSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (peMemory == NULL) {
CloseHandle(fileHandle);
echo("Couldn't allocate memory!");
return false;
}
DWORD bytesRead;
// read whole file data
if (!ReadFile(fileHandle, peMemory, fileSize, &bytesRead, NULL) || bytesRead != fileSize) {
CloseHandle(fileHandle);
echo3("Couldn't read file! : [", filePath, "]");
return false;
}
// close the file
CloseHandle(fileHandle);
return true;
}
//==============================================================================
bool PEFile::checkValidity() {
// 'dosHeader.Signature' must be "MZ" && 'peHeaders.Signature' must be "PE\0\0"
if (dosHeader.Signature != IMAGE_DOS_SIGNATURE || peHeaders.Signature != IMAGE_NT_SIGNATURE) {
unloadFile();
echo("Invalid PE file!");
return false;
}
if (peHeaders.FileHeader.NumberOfSections > MAX_SECTION_COUNT) {
unloadFile();
echo("Number of sections > MAX_SECTION_COUNT !");
return false;
}
return true;
}
//==============================================================================
bool PEFile::readHeaders() {
// read dos/pe headers
CopyMemory(&dosHeader, peMemory, sizeof(PE_DOS_HEADER));
dosStub.RawData = peMemory + sizeof(PE_DOS_HEADER);
dosStub.Size = dosHeader.PEHeaderOffset - sizeof(PE_DOS_HEADER);
CopyMemory(&peHeaders, peMemory + dosHeader.PEHeaderOffset, sizeof(PE_NT_HEADERS));
// check validity of the file to ensure that we loaded a "PE File" not another thing!
if (!checkValidity()) {
return false;
}
// read section table
ZeroMemory(sectionTable, sizeof(sectionTable));
CopyMemory(sectionTable, peMemory + dosHeader.PEHeaderOffset + sizeof(PE_NT_HEADERS),
peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER));
return true;
}
//==============================================================================
bool PEFile::readBody() {
// read reserved data
DWORD reservedDataOffset = dosHeader.PEHeaderOffset + sizeof(PE_NT_HEADERS) +
peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER);
reservedData.Offset = reservedDataOffset;
reservedData.RawData = peMemory + reservedDataOffset;
/*reservedData.Size = peHeaders.OptionalHeader.SizeOfHeaders - reservedDataOffset;*/
if (sectionTable[0].PointerToRawData > 0) {
reservedData.Size = sectionTable[0].PointerToRawData - reservedDataOffset;
} else {
reservedData.Size = sectionTable[0].VirtualAddress - reservedDataOffset;
}
// read sections
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
sections[i].Offset = sectionTable[i].PointerToRawData;
sections[i].RawData = peMemory + sectionTable[i].PointerToRawData;
sections[i].Size = sectionTable[i].SizeOfRawData;
}
return true;
}
//==============================================================================
bool PEFile::readImportTable() {
DWORD tableRVA = peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
DWORD tableOffset = rvaToOffset(tableRVA);
if (tableOffset == 0) {
return false;
}
ZeroMemory(&importTable, sizeof(PE_IMPORT_DLL));
IMAGE_IMPORT_DESCRIPTOR* importDesc = (IMAGE_IMPORT_DESCRIPTOR*)(peMemory + tableOffset);
IMAGE_THUNK_DATA* importThunk;
PE_IMPORT_DLL* importDll = &this->importTable;
PE_IMPORT_FUNCTION* importFunction;
while (true) {
importDll->DllName = (char*)(peMemory + rvaToOffset(importDesc->Name));
if (importDesc->OriginalFirstThunk > 0) {
importThunk = (IMAGE_THUNK_DATA*)(peMemory + rvaToOffset(importDesc->OriginalFirstThunk));
} else {
importThunk = (IMAGE_THUNK_DATA*)(peMemory + rvaToOffset(importDesc->FirstThunk));
}
importDll->Functions = new PE_IMPORT_FUNCTION();
ZeroMemory(importDll->Functions, sizeof(PE_IMPORT_FUNCTION));
importFunction = importDll->Functions;
while (true) {
if ((importThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG32) == IMAGE_ORDINAL_FLAG32) {
importFunction->FunctionId = IMAGE_ORDINAL32(importThunk->u1.Ordinal);
} else {
DWORD nameOffset = rvaToOffset(importThunk->u1.AddressOfData);
importFunction->FunctionName = (char*)(peMemory + nameOffset + 2);
}
importThunk = (IMAGE_THUNK_DATA*)((char*)importThunk + sizeof(IMAGE_THUNK_DATA));
if (importThunk->u1.AddressOfData == 0) {
break;
}
importFunction->Next = new PE_IMPORT_FUNCTION();
ZeroMemory(importFunction->Next, sizeof(PE_IMPORT_FUNCTION));
importFunction = importFunction->Next;
}
importDesc = (IMAGE_IMPORT_DESCRIPTOR*)((char*)importDesc + sizeof(IMAGE_IMPORT_DESCRIPTOR));
if (importDesc->Name == 0) {
break;
}
importDll->Next = new PE_IMPORT_DLL();
ZeroMemory(importDll->Next, sizeof(PE_IMPORT_DLL));
importDll = importDll->Next;
}
return true;
}
//==============================================================================
bool PEFile::loadFromFile(char* filePath) {
unloadFile();
return readFileData(filePath) &&
readHeaders() &&
readBody() &&
readImportTable();
}
//==============================================================================
bool PEFile::loadFromMemory(char* memoryAddress) {
unloadFile();
peMemory = memoryAddress;
return readHeaders()/* &&
readBody() &&
readImportTable()*/;
}
//==============================================================================
bool PEFile::saveToFile(char* filePath) {
commit();
buildImportTable();
// create the output file
HANDLE fileHandle = CreateFile(filePath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (fileHandle == INVALID_HANDLE_VALUE) {
echo("Couldn't create file");
return false;
}
DWORD bytesWritten;
WriteFile(fileHandle, &dosHeader, sizeof(PE_DOS_HEADER), &bytesWritten, NULL);
WriteFile(fileHandle, dosStub.RawData, dosStub.Size, &bytesWritten, NULL);
writePadding(fileHandle, dosHeader.PEHeaderOffset - sizeof(PE_DOS_HEADER) - dosStub.Size);
WriteFile(fileHandle, &peHeaders, sizeof(PE_NT_HEADERS), &bytesWritten, NULL);
WriteFile(fileHandle, §ionTable, peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER), &bytesWritten, NULL);
WriteFile(fileHandle, reservedData.RawData, reservedData.Size, &bytesWritten, NULL);
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
writePadding(fileHandle, sectionTable[i].PointerToRawData - GetFileSize(fileHandle, NULL));
WriteFile(fileHandle, sections[i].RawData, sections[i].Size, &bytesWritten, NULL);
}
CloseHandle(fileHandle);
return true;
}
//==============================================================================
bool PEFile::writePadding(HANDLE fileHandle, long paddingSize) {
if (paddingSize <= 0)
return false;
DWORD bytesWritten;
char* padding = new char[paddingSize];
memset(padding, 0, paddingSize);
WriteFile(fileHandle, padding, paddingSize, &bytesWritten, NULL);
delete padding;
return (bytesWritten == paddingSize);
}
//==============================================================================
void PEFile::unloadFile() {
if (peMemory != NULL) {
VirtualFree(peMemory, 0, MEM_RELEASE);
peMemory = NULL;
}
}
//==============================================================================
void PEFile::buildImportTable() {
DWORD sizeDlls = 0;
DWORD sizeFunctions = 0;
DWORD sizeStrings = 0;
DWORD newImportsSize = calcNewImportsSize(sizeDlls, sizeFunctions, sizeStrings);
// we'll move the old dll list to the new import table, so we'll calc its size
DWORD oldImportDllsSize = 0;
PE_IMPORT_DLL* importDll = &this->importTable;
while (importDll != NULL) {
oldImportDllsSize += sizeof(IMAGE_IMPORT_DESCRIPTOR);
importDll = importDll->Next;
}
// add a new section to handle the new import table
int index = addSection(SECTION_IMPORT, oldImportDllsSize + newImportsSize, false);
// copy old import dll list
DWORD oldImportTableRVA = peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
DWORD oldImportTableOffset = rvaToOffset(oldImportTableRVA);
CopyMemory(sections[index].RawData, peMemory + oldImportTableOffset, oldImportDllsSize);
// copy new imports
char* newImportsData = buildNewImports(sectionTable[index].VirtualAddress + oldImportDllsSize);
CopyMemory(sections[index].RawData + oldImportDllsSize, newImportsData, newImportsSize);
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress = sectionTable[index].VirtualAddress;
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = sectionTable[index].SizeOfRawData;
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress = 0;
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size = 0;
}
//==============================================================================
char* PEFile::buildNewImports(DWORD baseRVA) {
commit();
IMAGE_IMPORT_DESCRIPTOR importDesc;
IMAGE_THUNK_DATA importThunk;
PE_IMPORT_DLL* importDll;
PE_IMPORT_FUNCTION* importFunction;
DWORD sizeDlls = 0;
DWORD sizeFunctions = 0;
DWORD sizeStrings = 0;
DWORD newImportsSize = calcNewImportsSize(sizeDlls, sizeFunctions, sizeStrings);
DWORD offsetDlls = 0;
DWORD offsetFunctions = sizeDlls;
DWORD offsetStrings = sizeDlls + 2 * sizeFunctions;
char* buffer = new char[newImportsSize];
ZeroMemory(buffer, newImportsSize);
importDll = &newImports;
while (importDll != NULL) {
ZeroMemory(&importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR));
importDesc.OriginalFirstThunk = baseRVA + offsetFunctions;
importDesc.FirstThunk = baseRVA + offsetFunctions + sizeFunctions;
importDesc.Name = baseRVA + offsetStrings;
CopyMemory(buffer + offsetStrings, importDll->DllName, strlen(importDll->DllName));
offsetStrings += alignNumber((DWORD)strlen(importDll->DllName) + 1, 2);
CopyMemory(buffer + offsetDlls, &importDesc, sizeof(IMAGE_IMPORT_DESCRIPTOR));
offsetDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR);
importFunction = importDll->Functions;
while (importFunction != NULL) {
ZeroMemory(&importThunk, sizeof(IMAGE_THUNK_DATA));
if (importFunction->FunctionId != 0) {
importThunk.u1.Ordinal = importFunction->FunctionId | IMAGE_ORDINAL_FLAG32;
} else {
importThunk.u1.AddressOfData = baseRVA + offsetStrings;
CopyMemory(buffer + offsetStrings + 2, importFunction->FunctionName, strlen(importFunction->FunctionName));
offsetStrings += 2 + alignNumber((DWORD)strlen(importFunction->FunctionName) + 1, 2);
}
CopyMemory(buffer + offsetFunctions, &importThunk, sizeof(IMAGE_THUNK_DATA));
CopyMemory(buffer + offsetFunctions + sizeFunctions, &importThunk, sizeof(IMAGE_THUNK_DATA));
offsetFunctions += sizeof(IMAGE_THUNK_DATA);
importFunction = importFunction->Next;
}
offsetFunctions += sizeof(IMAGE_THUNK_DATA);
importDll = importDll->Next;
}
return buffer;
}
//==============================================================================
DWORD PEFile::calcNewImportsSize(DWORD &sizeDlls, DWORD &sizeFunctions, DWORD &sizeStrings) {
PE_IMPORT_DLL* importDll = &this->newImports;
PE_IMPORT_FUNCTION* importFunction;
// calc added imports size
while (importDll != NULL) {
sizeDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR);
sizeStrings += alignNumber((DWORD)strlen(importDll->DllName) + 1, 2);
importFunction = importDll->Functions;
while (importFunction != NULL) {
sizeFunctions += sizeof(IMAGE_THUNK_DATA);
if (importFunction->FunctionId == 0) {
sizeStrings += 2 + alignNumber((DWORD)strlen(importFunction->FunctionName) + 1, 2);
}
importFunction = importFunction->Next;
}
sizeFunctions += sizeof(IMAGE_THUNK_DATA); // for the terminator thunk data
importDll = importDll->Next;
}
sizeDlls += sizeof(IMAGE_IMPORT_DESCRIPTOR); // for the terminator import descriptor
return sizeDlls + 2 * sizeFunctions + sizeStrings;
}
//==============================================================================
int PEFile::addSection(char* name, DWORD size, bool isExecutable) {
if (peHeaders.FileHeader.NumberOfSections == MAX_SECTION_COUNT) {
return -1;
}
PE_SECTION_DATA &newSection = sections[peHeaders.FileHeader.NumberOfSections];
PE_SECTION_HEADER &newSectionHeader = sectionTable[peHeaders.FileHeader.NumberOfSections];
PE_SECTION_HEADER &lastSectionHeader = sectionTable[peHeaders.FileHeader.NumberOfSections - 1];
DWORD sectionSize = alignNumber(size, peHeaders.OptionalHeader.FileAlignment);
DWORD virtualSize = alignNumber(sectionSize, peHeaders.OptionalHeader.SectionAlignment);
DWORD sectionOffset = alignNumber(lastSectionHeader.PointerToRawData + lastSectionHeader.SizeOfRawData, peHeaders.OptionalHeader.FileAlignment);
DWORD virtualOffset = alignNumber(lastSectionHeader.VirtualAddress + lastSectionHeader.Misc.VirtualSize, peHeaders.OptionalHeader.SectionAlignment);
ZeroMemory(&newSectionHeader, sizeof(IMAGE_SECTION_HEADER));
CopyMemory(newSectionHeader.Name, name, (strlen(name) > 8 ? 8 : strlen(name)));
newSectionHeader.PointerToRawData = sectionOffset;
newSectionHeader.VirtualAddress = virtualOffset;
newSectionHeader.SizeOfRawData = sectionSize;
newSectionHeader.Misc.VirtualSize = virtualSize;
newSectionHeader.Characteristics = //0xC0000040;
IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_CNT_INITIALIZED_DATA;
if (isExecutable) {
newSectionHeader.Characteristics |= IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE;
}
newSection.RawData = (char*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT, sectionSize);
newSection.Size = sectionSize;
peHeaders.FileHeader.NumberOfSections++;
if (reservedData.Size > 0) {
reservedData.Size -= sizeof(IMAGE_SECTION_HEADER);
}
// return new section index
return peHeaders.FileHeader.NumberOfSections - 1;
}
//==============================================================================
void PEFile::addImport(char* dllName, char** functions, int functionCount) {
PE_IMPORT_DLL* importDll = &this->newImports;
PE_IMPORT_FUNCTION* importFunction;
if (newImports.DllName != NULL) {
while (importDll->Next != NULL) {
importDll = importDll->Next;
}
importDll->Next = new PE_IMPORT_DLL();
importDll = importDll->Next;
}
importDll->DllName = dllName;
importDll->Functions = new PE_IMPORT_FUNCTION();
importDll->Next = NULL;
importFunction = importDll->Functions;
importFunction->FunctionName = functions[0];
for (int i = 1; i < functionCount; i++) {
importFunction->Next = new PE_IMPORT_FUNCTION();
importFunction = importFunction->Next;
importFunction->FunctionName = functions[i];
}
importFunction->Next = NULL;
}
//==============================================================================
DWORD PEFile::alignNumber(DWORD number, DWORD alignment) {
return (DWORD)(ceil(number / (alignment + 0.0)) * alignment);
}
//==============================================================================
DWORD PEFile::rvaToOffset(DWORD rva) {
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
if (rva >= sectionTable[i].VirtualAddress &&
rva < sectionTable[i].VirtualAddress + sectionTable[i].Misc.VirtualSize) {
return sectionTable[i].PointerToRawData + (rva - sectionTable[i].VirtualAddress);
}
}
return 0;
}
//==============================================================================
DWORD PEFile::offsetToRVA(DWORD offset) {
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
if (offset >= sectionTable[i].PointerToRawData &&
offset < sectionTable[i].PointerToRawData + sectionTable[i].SizeOfRawData) {
return sectionTable[i].VirtualAddress + (offset - sectionTable[i].PointerToRawData);
}
}
return 0;
}
//==============================================================================
void PEFile::commit() {
fixReservedData();
fixHeaders();
fixSectionTable();
}
//==============================================================================
void PEFile::fixReservedData() {
DWORD dirIndex = 0;
for (dirIndex = 0; dirIndex < peHeaders.OptionalHeader.NumberOfRvaAndSizes; dirIndex++) {
if (peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress > 0 &&
peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress >= reservedData.Offset &&
peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress < reservedData.Size) {
break;
}
}
if (dirIndex == peHeaders.OptionalHeader.NumberOfRvaAndSizes) {
return;
}
int sectionIndex = addSection(SECTION_RESERV, reservedData.Size, false);
CopyMemory(sections[sectionIndex].RawData, reservedData.RawData, reservedData.Size);
for (dirIndex = 0; dirIndex < peHeaders.OptionalHeader.NumberOfRvaAndSizes; dirIndex++) {
if (peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress > 0 &&
peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress >= reservedData.Offset &&
peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress < reservedData.Size) {
peHeaders.OptionalHeader.DataDirectory[dirIndex].VirtualAddress +=
sectionTable[sectionIndex].VirtualAddress - reservedData.Offset;
}
}
reservedData.Size = 0;
}
//==============================================================================
void PEFile::fixHeaders() {
peHeaders.OptionalHeader.SizeOfHeaders = alignNumber(dosHeader.PEHeaderOffset + peHeaders.FileHeader.SizeOfOptionalHeader +
peHeaders.FileHeader.NumberOfSections * sizeof(PE_SECTION_HEADER), peHeaders.OptionalHeader.FileAlignment);
DWORD imageSize = peHeaders.OptionalHeader.SizeOfHeaders;
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
imageSize += alignNumber(sectionTable[i].Misc.VirtualSize, peHeaders.OptionalHeader.SectionAlignment);
}
peHeaders.OptionalHeader.SizeOfImage = alignNumber(imageSize, peHeaders.OptionalHeader.SectionAlignment);
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
peHeaders.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;
}
//==============================================================================
void PEFile::fixSectionTable() {
DWORD offset = peHeaders.OptionalHeader.SizeOfHeaders;
for (int i = 0; i < peHeaders.FileHeader.NumberOfSections; i++) {
sectionTable[i].Characteristics |= IMAGE_SCN_MEM_WRITE;
offset = alignNumber(offset, peHeaders.OptionalHeader.FileAlignment);
sectionTable[i].PointerToRawData = offset;
//sectionTable[i].SizeOfRawData = alignNumber(offset + sectionTable[i].Misc.VirtualSize, peHeaders.OptionalHeader.FileAlignment);
offset += sectionTable[i].SizeOfRawData;
}
}
//==============================================================================
#include "PEFile.h"
int main(int argc, char* argv[]) {
// Open the input file
PEFile pe("1.exe");
// Add "MessageBoxA" & "ShowWindow" functions to the import table
char* functions[] = { "MessageBoxA", "ShowWindow" };
pe.addImport("user32.dll", functions, 2);
// Add a new section named ".at4re" with size "0x1000" byte
pe.addSection(".at4re", 0x1000, false);
// Save the modified file
pe.saveToFile("1+.exe");
}
关于windows - 在PE的导入表中添加一个条目,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13688471/
我需要在客户计算机上运行Ruby应用程序。通常需要几天才能完成(复制大备份文件)。问题是如果启用sleep,它会中断应用程序。否则,计算机将持续运行数周,直到我下次访问为止。有什么方法可以防止执行期间休眠并让Windows在执行后休眠吗?欢迎任何疯狂的想法;-) 最佳答案 Here建议使用SetThreadExecutionStateWinAPI函数,使应用程序能够通知系统它正在使用中,从而防止系统在应用程序运行时进入休眠状态或关闭显示。像这样的东西:require'Win32API'ES_AWAYMODE_REQUIRED=0x0
当我使用Bundler时,是否需要在我的Gemfile中将其列为依赖项?毕竟,我的代码中有些地方需要它。例如,当我进行Bundler设置时:require"bundler/setup" 最佳答案 没有。您可以尝试,但首先您必须用鞋带将自己抬离地面。 关于ruby-我需要将Bundler本身添加到Gemfile中吗?,我们在StackOverflow上找到一个类似的问题: https://stackoverflow.com/questions/4758609/
使用带有Rails插件的vim,您可以创建一个迁移文件,然后一次性打开该文件吗?textmate也可以这样吗? 最佳答案 你可以使用rails.vim然后做类似的事情::Rgeneratemigratonadd_foo_to_bar插件将打开迁移生成的文件,这正是您想要的。我不能代表textmate。 关于ruby-使用VimRails,您可以创建一个新的迁移文件并一次性打开它吗?,我们在StackOverflow上找到一个类似的问题: https://sta
我需要从一个View访问多个模型。以前,我的links_controller仅用于提供以不同方式排序的链接资源。现在我想包括一个部分(我假设)显示按分数排序的顶级用户(@users=User.all.sort_by(&:score))我知道我可以将此代码插入每个链接操作并从View访问它,但这似乎不是“ruby方式”,我将需要在不久的将来访问更多模型。这可能会变得很脏,是否有针对这种情况的任何技术?注意事项:我认为我的应用程序正朝着单一格式和动态页面内容的方向发展,本质上是一个典型的网络应用程序。我知道before_filter但考虑到我希望应用程序进入的方向,这似乎很麻烦。最终从任何
我想要做的是有2个不同的Controller,client和test_client。客户端Controller已经构建,我想创建一个test_clientController,我可以使用它来玩弄客户端的UI并根据需要进行调整。我主要是想绕过我在客户端中内置的验证及其对加载数据的管理Controller的依赖。所以我希望test_clientController加载示例数据集,然后呈现客户端Controller的索引View,以便我可以调整客户端UI。就是这样。我在test_clients索引方法中试过这个:classTestClientdefindexrender:template=>
我有一个ModularSinatra应用程序,我正在尝试将Bootstrap添加到应用程序中。get'/bootstrap/application.css'doless:"bootstrap/bootstrap"end我在views/bootstrap中有所有less文件,包括bootstrap.less。我收到这个错误:Less::ParseErrorat/bootstrap/application.css'reset.less'wasn'tfound.Bootstrap.less的第一行是://CSSReset@import"reset.less";我尝试了所有不同的路径格式,但它
我正在使用Sequel构建一个愿望list系统。我有一个wishlists和itemstable和一个items_wishlists连接表(该名称是续集选择的名称)。items_wishlists表还有一个用于facebookid的额外列(因此我可以存储opengraph操作),这是一个NOTNULL列。我还有Wishlist和Item具有续集many_to_many关联的模型已建立。Wishlist类也有:selectmany_to_many关联的选项设置为select:[:items.*,:items_wishlists__facebook_action_id].有没有一种方法可以
如果您尝试在Ruby中的nil对象上调用方法,则会出现NoMethodError异常并显示消息:"undefinedmethod‘...’fornil:NilClass"然而,有一个tryRails中的方法,如果它被发送到一个nil对象,它只返回nil:require'rubygems'require'active_support/all'nil.try(:nonexisting_method)#noNoMethodErrorexceptionanymore那么try如何在内部工作以防止该异常? 最佳答案 像Ruby中的所有其他对象
关闭。这个问题需要detailsorclarity.它目前不接受答案。想改进这个问题吗?通过editingthispost添加细节并澄清问题.关闭8年前。Improvethisquestion为什么SecureRandom.uuid创建一个唯一的字符串?SecureRandom.uuid#=>"35cb4e30-54e1-49f9-b5ce-4134799eb2c0"SecureRandom.uuid方法创建的字符串从不重复?
我有一个正在构建的应用程序,我需要一个模型来创建另一个模型的实例。我希望每辆车都有4个轮胎。汽车模型classCar轮胎模型classTire但是,在make_tires内部有一个错误,如果我为Tire尝试它,则没有用于创建或新建的activerecord方法。当我检查轮胎时,它没有这些方法。我该如何补救?错误是这样的:未定义的方法'create'forActiveRecord::AttributeMethods::Serialization::Tire::Module我测试了两个环境:测试和开发,它们都因相同的错误而失败。 最佳答案