PE 合并节
前言:这将近半年准备大二专升本考试,在前几天终于考完了,不管好还是坏,等下个月初出成绩吧,自己现在就开始先复习知识点先
2021.5.20 反馈下 湖州学院-计科
先开始复习的是PE,在PE的学习中忘记了写PE的合并节,所以这里重新写下
void MerageSection(PVOID pFileBuffer,PDWORD OldBufferSize,PVOID* pNewBuffer){ PIMAGE_DOS_HEADER pImageDosHeader = NULL; PIMAGE_FILE_HEADER pImageFileHeader = NULL; PIMAGE_OPTIONAL_HEADER32 pImageOptionalHeader = NULL; PIMAGE_SECTION_HEADER pImageSectionHeaderGroup = NULL; PIMAGE_SECTION_HEADER NewSec = NULL; DWORD dwSectionAlignmentSizeOfHeaders = 0; DWORD dwMaxSizeOfRawDataOrVirtualSize = 0; int i = 0; *pNewBuffer = (PVOID)malloc(*OldBufferSize); memset(*pNewBuffer, *OldBufferSize, 0); memcpy(*pNewBuffer, pFileBuffer, *OldBufferSize); pImageDosHeader = (PIMAGE_DOS_HEADER)*pNewBuffer; pImageFileHeader = (PIMAGE_FILE_HEADER)((DWORD)pImageDosHeader + pImageDosHeader->e_lfanew + 4); pImageOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)((DWORD)pImageFileHeader + sizeof(IMAGE_FILE_HEADER)); pImageSectionHeaderGroup = (PIMAGE_SECTION_HEADER)((DWORD)pImageOptionalHeader + pImageFileHeader->SizeOfOptionalHeader); /* 1、拉伸到内存 2、将第一个节的内存大小、文件大小改成一样 Max = SizeOfRawData>VirtualSize?SizeOfRawData:VirtualSize SizeOfRawData = VirtualSize = 最后一个节的VirtualAddress + Max - SizeOfHeaders内存对齐后的大小 3、将第一个节的属性改为包含所有节的属性 4、修改节的数量为1 */ dwSectionAlignmentSizeOfHeaders = ((pImageOptionalHeader->SizeOfHeaders%pImageOptionalHeader->SectionAlignment)+1)*pImageOptionalHeader->SectionAlignment; dwMaxSizeOfRawDataOrVirtualSize = pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].SizeOfRawData > pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].Misc.VirtualSize ? pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].SizeOfRawData : pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].Misc.VirtualSize; printf("%x\n", dwMaxSizeOfRawDataOrVirtualSize); printf("%x\n", pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].VirtualAddress + dwMaxSizeOfRawDataOrVirtualSize - dwSectionAlignmentSizeOfHeaders); pImageSectionHeaderGroup[0].SizeOfRawData = pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].VirtualAddress + dwMaxSizeOfRawDataOrVirtualSize - dwSectionAlignmentSizeOfHeaders; pImageSectionHeaderGroup[0].Misc.VirtualSize = pImageSectionHeaderGroup[pImageFileHeader->NumberOfSections-1].VirtualAddress + dwMaxSizeOfRawDataOrVirtualSize - dwSectionAlignmentSizeOfHeaders; for(i=1;i<pImageFileHeader->NumberOfSections;i++){ pImageSectionHeaderGroup[0].Characteristics |= pImageSectionHeaderGroup[i].Characteristics; } pImageFileHeader->NumberOfSections = 1; }
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY