1-8手动和编程添加节

手动和编程添加节

增加节的步骤：

增加节表项
修正文件的映像长度
修正一个节的数量
增加文件的节数据
- IMAGE_OPTIONAL_HEADER.SizeOfImage
- IMAGE_FILE_HEADER.NumberOfSections

#include <winnt.h>
#include <Windows.h>
#include <stdlib.h>
//创建文件映射内核对象
HANDLE hMap = CreateFileMapping (hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
//将文件映射入内存
LPVOID lpBase = MapViemOfFile(hMap,FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
PIMAGE_DOS_HEADER pImgDosHdr = (PIMAGE_DOS_HEADER)lpBase;
PIMAGE_NT_HEADERS32 pImgNtHdr = (PIMAGE_NT_HEADERS32)((DWORD)lpBase + (DWORD)pImgDosHdr->e_lfanew);
PIMAGE_SECTION_HEADER pImgSecHdr = IMAGE_FIRST_SECTION(pImgNtHdr);
//获取节的数量
WORD wNum = pImgNtHdr->FileHeader.NumberOfSections;
//节的大小
DWORD dwSize = pImgNtHdr->OptionalHeader.FileAlignment;
//构造一个节
PIMAGE_SECTION_HEADER pImgNewSec = (PIMAGE_SECTION_HEADER)((DWORD)pImgSecHdr + wNum *sizeof(IMAGE_SECTION_HEADER));

strcpy((char*)pImgSecHdr->Name,".new");
pImgNewSec->Misc.VirtualSize = pImgNtHdr->OptionalHeader.SectionAlignment;
pImgNewSec->VirtualAddress = pImgSecHdr[wNum - 1].VirtualAddress + pImgSecHdr[wNum - 1].SizeOfRawData;
pImgNewSec->SizeOfRavData = dwSize;
pImgNewSec->PointerToRawData = pImgSecHdr[wNum - 1].PointerToRawData + pImgSecHdr[wNum - 1].SizeOfRawData;
pImgNewSec->Characteristics = 0xE0000040;
//修正节的数量
pImgNtHdr->OptionalHeader.NumberOfSecions+=1;
//修正映像大小
pImgNtHdr->OptionalHeader.SizeOfImage += pImgNtHdr->OptionalHeader.SectionAilgnment;
//释放文件映射
UnmapVievOfFile(lpBase);
//关闭文件映射内核对象
CloseHandle(hMap);
//关闭文件
CloseHandle(hFile);

发布于 2023-03-13