|
|
本帖最后由 Met32 于 2020-11-4 10:42 编辑
代码如下,, FileToImage函数 当执行到for循环遍历copy节表的内容.....就报错了 求各位师傅帮忙看一下问题所在~~
顺便问一下 有没有PE方面的书籍 (PE权威指南看不懂~~ 汇编太水了)
- // 代码节空白添加.cpp : Defines the entry point for the console application.
- //
- #include "stdafx.h"
- #include <windows.h>
- #include <stdlib.h>
- int FileBuffers(PVOID* FileBuffer){//传入的FileBuffer
- LPVOID PtempBuffer;
- FILE* f = fopen("C:\\Users\\Administrator\\Desktop\\PETool 1.0.0.5.exe","rb");
- if(!f)
- {
- printf("文件打开失败\n");
- return 0;
- }
- fseek(f,0,SEEK_END);
- int file_size = ftell(f);
- fseek(f,0,SEEK_SET);
- PtempBuffer = malloc(file_size);
- if(!PtempBuffer){
- printf("malloc分配失败");
- return 0;
- }
- size_t n = fread(PtempBuffer,file_size,1,f);
- if(!n){
- printf("内存分配失败");
- return 0;
- }
- *FileBuffer = PtempBuffer;
- PtempBuffer = NULL;
- fclose(f);
- return file_size;
- }
- int FileToImage(PVOID Filebuffer,PVOID* Imagebuffer){
- //PE头信息
- PIMAGE_DOS_HEADER pDosHeader = NULL;
- PIMAGE_NT_HEADERS pNTHeader = NULL;
- PIMAGE_FILE_HEADER pPEHeader =NULL;
- PIMAGE_OPTIONAL_HEADER PoptionHeader = NULL;
- PIMAGE_SECTION_HEADER pSectionHeader = NULL;
-
- PVOID pTempImagebuffer = NULL; //临时的imagebuffer
- if(!Filebuffer){
- printf("读到内存的Filebuffer失效\n");
- return 0;
- }
- if(*((PWORD)Filebuffer) != IMAGE_DOS_SIGNATURE){
- printf("不含MZ标志,不是EXE文件\n");
- return 0;
- }
- pDosHeader = (PIMAGE_DOS_HEADER)Filebuffer; //强制结构体类型转换pDosHeader
- pNTHeader = (PIMAGE_NT_HEADERS)((DWORD)Filebuffer+pDosHeader->e_lfanew);//NT头开始的地方
- if(*((PWORD)((DWORD)Filebuffer+pDosHeader->e_lfanew)) != IMAGE_NT_SIGNATURE){//判断PE标识
- printf("不是有效的PE标识\n");
- }
- pPEHeader = (PIMAGE_FILE_HEADER)((DWORD)pNTHeader+4);//PE标准头开始
- PoptionHeader = (PIMAGE_OPTIONAL_HEADER)((DWORD)pPEHeader+0X18);//PE可选头开始 IMAGE_SIZEOF_FILE_HEADER
- pSectionHeader = (PIMAGE_SECTION_HEADER)((DWORD)PoptionHeader+pPEHeader->SizeOfOptionalHeader);//PE节表开始
- //分配动态内存
- pTempImagebuffer = malloc(PoptionHeader->SizeOfImage);
- if(!pTempImagebuffer){
- printf("pTempImagebuffer为NULL");
- return 0;
- }
- //为临时的imagebuffer初始化
- memset(pTempImagebuffer,0,PoptionHeader->SizeOfImage);
- //copy头部
- memcpy(pTempImagebuffer,pDosHeader,PoptionHeader->SizeOfHeaders);
- //创建一个临时的PE节表
- PIMAGE_SECTION_HEADER pTempSectionHeader = pSectionHeader;
- for(DWORD i=0;i<pPEHeader->NumberOfSections;i++,pTempSectionHeader++){
- //copy节从Filebuffer到临时的imagebuffer
- //断点到这里有问题 各位师傅求解决
- memcpy((void*)((DWORD)pTempImagebuffer+pTempSectionHeader->VirtualAddress)
- ,(void*)((DWORD)Filebuffer+pTempSectionHeader->PointerToRawData)
- ,pTempSectionHeader->SizeOfRawData);
- }
- *Imagebuffer = pTempImagebuffer;
- pTempImagebuffer = NULL;
- return PoptionHeader->SizeOfImage;
- }
- int main(int argc, char* argv[])
- {
- PVOID FileBuffer;
- PVOID ImageBuffer;
- int x = FileBuffers(&FileBuffer);
- printf("FileBuffer分配大小为:%d个字节\n",x);
- int y = FileToImage(FileBuffer,&ImageBuffer);
- printf("大小为%d\n",y);
- return 0;
- }
本帖最后由 xiao14116 于 2020-11-4 19:36 编辑
刚才调试了下,直接原因是因为你申请的内存空间不够,所以出错了
memcpy(pTempImagebuffer,pDosHeader,PoptionHeader->SizeOfHeaders);
PoptionHeader->SizeOfHeaders的值远远大于你申请的内存空间
|
上一篇: CBCGPGridCtrl 控件下一篇: 怎么快速看懂一个项目
|
/2 
发表于 2020-11-4 10:39:08
发表于 2020-11-4 19:35:20
楼主