3,882
社区成员
发帖
与我相关
我的任务
分享!!很高的手才可以进的,一个从内存中加载并启动一个exe的问题?
#include <stdio.h>
#include <string.h>
#include <windows.h>
#include <tlhelp32.h>
//#include <psapi.h>
struct PE_Header
{
unsigned long signature;
unsigned short machine;
unsigned short numSections;
unsigned long timeDateStamp;
unsigned long pointerToSymbolTable;
unsigned long numOfSymbols;
unsigned short sizeOfOptionHeader;
unsigned short characteristics;
};
struct PE_ExtHeader
{
unsigned short magic;
unsigned char majorLinkerVersion;
unsigned char minorLinkerVersion;
unsigned long sizeOfCode;
unsigned long sizeOfInitializedData;
unsigned long sizeOfUninitializedData;
unsigned long addressOfEntryPoint;
unsigned long baseOfCode;
unsigned long baseOfData;
unsigned long imageBase;
unsigned long sectionAlignment;
unsigned long fileAlignment;
unsigned short majorOSVersion;
unsigned short minorOSVersion;
unsigned short majorImageVersion;
unsigned short minorImageVersion;
unsigned short majorSubsystemVersion;
unsigned short minorSubsystemVersion;
unsigned long reserved1;
unsigned long sizeOfImage;
unsigned long sizeOfHeaders;
unsigned long checksum;
unsigned short subsystem;
unsigned short DLLCharacteristics;
unsigned long sizeOfStackReserve;
unsigned long sizeOfStackCommit;
unsigned long sizeOfHeapReserve;
unsigned long sizeOfHeapCommit;
unsigned long loaderFlags;
unsigned long numberOfRVAAndSizes;
unsigned long exportTableAddress;
unsigned long exportTableSize;
unsigned long importTableAddress;
unsigned long importTableSize;
unsigned long resourceTableAddress;
unsigned long resourceTableSize;
unsigned long exceptionTableAddress;
unsigned long exceptionTableSize;
unsigned long certFilePointer;
unsigned long certTableSize;
unsigned long relocationTableAddress;
unsigned long relocationTableSize;
unsigned long debugDataAddress;
unsigned long debugDataSize;
unsigned long archDataAddress;
unsigned long archDataSize;
unsigned long globalPtrAddress;
unsigned long globalPtrSize;
unsigned long TLSTableAddress;
unsigned long TLSTableSize;
unsigned long loadConfigTableAddress;
unsigned long loadConfigTableSize;
unsigned long boundImportTableAddress;
unsigned long boundImportTableSize;
unsigned long importAddressTableAddress;
unsigned long importAddressTableSize;
unsigned long delayImportDescAddress;
unsigned long delayImportDescSize;
unsigned long COMHeaderAddress;
unsigned long COMHeaderSize;
unsigned long reserved2;
unsigned long reserved3;
};
struct SectionHeader
{
unsigned char sectionName[8];
unsigned long virtualSize;
unsigned long virtualAddress;
unsigned long sizeOfRawData;
unsigned long pointerToRawData;
unsigned long pointerToRelocations;
unsigned long pointerToLineNumbers;
unsigned short numberOfRelocations;
unsigned short numberOfLineNumbers;
unsigned long characteristics;
};
struct MZHeader
{
unsigned short signature;
unsigned short partPag;
unsigned short pageCnt;
unsigned short reloCnt;
unsigned short hdrSize;
unsigned short minMem;
unsigned short maxMem;
unsigned short reloSS;
unsigned short exeSP;
unsigned short chksum;
unsigned short exeIP;
unsigned short reloCS;
unsigned short tablOff;
unsigned short overlay;
unsigned char reserved[32];
unsigned long offsetToPE;
};
struct ImportDirEntry
{
DWORD importLookupTable;
DWORD timeDateStamp;
DWORD fowarderChain;
DWORD nameRVA;
DWORD importAddressTable;
};
/
WINBASEAPI
LPVOID
WINAPI
VirtualAllocEx(
HANDLE hProcess,
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
#include <string.h>
#include <windows.h>
#include <tlhelp32.h>
//#include <psapi.h>
struct PE_Header
{
unsigned long signature;
unsigned short machine;
unsigned short numSections;
unsigned long timeDateStamp;
unsigned long pointerToSymbolTable;
unsigned long numOfSymbols;
unsigned short sizeOfOptionHeader;
unsigned short characteristics;
};
struct PE_ExtHeader
{
unsigned short magic;
unsigned char majorLinkerVersion;
unsigned char minorLinkerVersion;
unsigned long sizeOfCode;
unsigned long sizeOfInitializedData;
unsigned long sizeOfUninitializedData;
unsigned long addressOfEntryPoint;
unsigned long baseOfCode;
unsigned long baseOfData;
unsigned long imageBase;
unsigned long sectionAlignment;
unsigned long fileAlignment;
unsigned short majorOSVersion;
unsigned short minorOSVersion;
unsigned short majorImageVersion;
unsigned short minorImageVersion;
unsigned short majorSubsystemVersion;
unsigned short minorSubsystemVersion;
unsigned long reserved1;
unsigned long sizeOfImage;
unsigned long sizeOfHeaders;
unsigned long checksum;
unsigned short subsystem;
unsigned short DLLCharacteristics;
unsigned long sizeOfStackReserve;
unsigned long sizeOfStackCommit;
unsigned long sizeOfHeapReserve;
unsigned long sizeOfHeapCommit;
unsigned long loaderFlags;
unsigned long numberOfRVAAndSizes;
unsigned long exportTableAddress;
unsigned long exportTableSize;
unsigned long importTableAddress;
unsigned long importTableSize;
unsigned long resourceTableAddress;
unsigned long resourceTableSize;
unsigned long exceptionTableAddress;
unsigned long exceptionTableSize;
unsigned long certFilePointer;
unsigned long certTableSize;
unsigned long relocationTableAddress;
unsigned long relocationTableSize;
unsigned long debugDataAddress;
unsigned long debugDataSize;
unsigned long archDataAddress;
unsigned long archDataSize;
unsigned long globalPtrAddress;
unsigned long globalPtrSize;
unsigned long TLSTableAddress;
unsigned long TLSTableSize;
unsigned long loadConfigTableAddress;
unsigned long loadConfigTableSize;
unsigned long boundImportTableAddress;
unsigned long boundImportTableSize;
unsigned long importAddressTableAddress;
unsigned long importAddressTableSize;
unsigned long delayImportDescAddress;
unsigned long delayImportDescSize;
unsigned long COMHeaderAddress;
unsigned long COMHeaderSize;
unsigned long reserved2;
unsigned long reserved3;
};
struct SectionHeader
{
unsigned char sectionName[8];
unsigned long virtualSize;
unsigned long virtualAddress;
unsigned long sizeOfRawData;
unsigned long pointerToRawData;
unsigned long pointerToRelocations;
unsigned long pointerToLineNumbers;
unsigned short numberOfRelocations;
unsigned short numberOfLineNumbers;
unsigned long characteristics;
};
struct MZHeader
{
unsigned short signature;
unsigned short partPag;
unsigned short pageCnt;
unsigned short reloCnt;
unsigned short hdrSize;
unsigned short minMem;
unsigned short maxMem;
unsigned short reloSS;
unsigned short exeSP;
unsigned short chksum;
unsigned short exeIP;
unsigned short reloCS;
unsigned short tablOff;
unsigned short overlay;
unsigned char reserved[32];
unsigned long offsetToPE;
};
struct ImportDirEntry
{
DWORD importLookupTable;
DWORD timeDateStamp;
DWORD fowarderChain;
DWORD nameRVA;
DWORD importAddressTable;
};
/
WINBASEAPI
LPVOID
WINAPI
VirtualAllocEx(
HANDLE hProcess,
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flAllocationType,
DWORD flProtect
);
...全文
请发表友善的回复…
发表回复
qian337816953 2011-08-27
- 打赏
- 举报
看的头大~
eye_110_eye 2010-07-24
- 打赏
- 举报
错了,给个改过的机会?!
healer_kx 2010-07-24
- 打赏
- 举报
你这种属于倒分了,账号有被封的可能啊。。。
eye_110_eye 2010-07-23
- 打赏
- 举报
现在发现了一个问题,如果我的exe文件过大的话 我的是个2mb的,那个运行不起来了,就是把那个壳也变大还是不行的!
zhanshen2891 2010-07-23
- 打赏
- 举报
[Quote=引用 38 楼 eye_110_eye 的回复:]
楼主我 基本上已经搞定了,我只是想把我自己写的一个程序 加密 解密完了不想让人看到在硬盘上的东西,也就是不想让人看到我的劳动成果 完了窃取!
这个程序本身就是个小木马病毒,我写完杀毒软件可以拦截的,没什么了不起的,我只是在现在一台没联网的pc上用的。
大家还有没有更好的方法,就是不用这么麻烦的??
这个我已经基本实现了。
[/Quote]
就是想加壳呗
楼主我 基本上已经搞定了,我只是想把我自己写的一个程序 加密 解密完了不想让人看到在硬盘上的东西,也就是不想让人看到我的劳动成果 完了窃取!
这个程序本身就是个小木马病毒,我写完杀毒软件可以拦截的,没什么了不起的,我只是在现在一台没联网的pc上用的。
大家还有没有更好的方法,就是不用这么麻烦的??
这个我已经基本实现了。
[/Quote]
就是想加壳呗
chengzhe 2010-07-23
- 打赏
- 举报
晕死了 缺少提问的技巧
eye_110_eye 2010-07-23
- 打赏
- 举报
哥,那我起个qq.exe吧!马化腾 看到了会不会来找我的?看来你这是个门外汉了!
dadun 2010-07-23
- 打赏
- 举报
yy.exe???
不会要做个带病毒的歪歪,然后盗我的魔兽账号吧???大胆!!!
不会要做个带病毒的歪歪,然后盗我的魔兽账号吧???大胆!!!
ForestDB 2010-07-23
- 打赏
- 举报
帮顶。
wjb_yd 2010-07-23
- 打赏
- 举报
我是很低的手,不小心进来了...
eye_110_eye 2010-07-22
- 打赏
- 举报
楼主我 基本上已经搞定了,我只是想把我自己写的一个程序 加密 解密完了不想让人看到在硬盘上的东西,也就是不想让人看到我的劳动成果 完了窃取!
这个程序本身就是个小木马病毒,我写完杀毒软件可以拦截的,没什么了不起的,我只是在现在一台没联网的pc上用的。
大家还有没有更好的方法,就是不用这么麻烦的??
这个我已经基本实现了。
这个程序本身就是个小木马病毒,我写完杀毒软件可以拦截的,没什么了不起的,我只是在现在一台没联网的pc上用的。
大家还有没有更好的方法,就是不用这么麻烦的??
这个我已经基本实现了。
chb1991123 2010-07-22
- 打赏
- 举报
楼主 莫非要过 主动防御?
vincent_1011 2010-07-22
- 打赏
- 举报
MARK一下,需要用的时候直接来拉代码。
coding_hello兄写得不错,不过应该不用创建新宿主吧,直接call entry point就好了
coding_hello兄写得不错,不过应该不用创建新宿主吧,直接call entry point就好了
康斯坦汀 2010-07-22
- 打赏
- 举报
进来看很高的手的。不知道哪位是? 高手留步,高手走好。
duke56 2010-07-22
- 打赏
- 举报
确定要搞这些代码是要有好的PE知识...
DOS头,PE头,输入表等...重载输入表等都得考虑到...
纯属个人YY...
路过此地,到此一游...留个记恋....^_^
DOS头,PE头,输入表等...重载输入表等都得考虑到...
纯属个人YY...
路过此地,到此一游...留个记恋....^_^
九度空间 2010-07-22
- 打赏
- 举报
活生生的乱码
偶是江湖中人 2010-07-22
- 打赏
- 举报
牛X 牛X
eye_110_eye 2010-07-22
- 打赏
- 举报
进来就是高手了!
mskmc_mc 2010-07-22
- 打赏
- 举报
我不是高手,我进来了
GovySky 2010-07-22
- 打赏
- 举报
新手,路过,看看。
加载更多回复(34)
