📄 unit1.cpp.~2~
字号:
//---------------------------------------------------------------------------
#include <vcl.h>
#pragma hdrstop
#include <windows.h>
#include <stdio.h>
#include "Unit1.h"
//---------------------------------------------------------------------------
#pragma package(smart_init)
#pragma resource "*.dfm"
TForm1 *Form1;
//---------------------------------------------------------------------------
__fastcall TForm1::TForm1(TComponent* Owner)
: TForm(Owner)
{
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button1Click(TObject *Sender)
{
if (OpenFile->Execute())
{
Edit1->Text=OpenFile->FileName;
}
}
//---------------------------------------------------------------------------
void TForm1::addAsm(AnsiString FileName)
{
BYTE Me1[46]={
0x6A,0xFA,0x6A,0x06,0x6A,0x06,0x64,0xA1,0x00,0x00,0x00,
0x00,0x50,0x64,0x89,0x25,0x00,0x00,0x00,0x00,0x83,0xEC,
0x68,0x53,0x56,0x57,0x58,0x58,0x58,0x83,0xC4,0x68,0x58,
0x64,0xA3,0x00,0x00,0x00,0x00,0x58,0x58,0x58,0x8B,0xE8,
0x6A,0x00
};
BYTE Me2[46]={
0x33,0xC0,0x33,0xC0,0x6A,0x00,0x64,0x89,0x25,0x00,0x00,
0x00,0x00,0x90,0x90,0x90,0x90,0x90,0x83,0xE8,0x30,0x55,
0x5D,0x83,0xC0,0x30,0x6A,0x00,0x6A,0x00,0x64,0xA3,0x00,
0x00,0x00,0x00,0x64,0xFF,0x35,0x00,0x00,0x00,0x00,0x90,
0x6A,0x00
};
BYTE Me3[23]={
0x50,0x33,0xC9,0x5F,0x3B,0xC8,0x1B,0xC0,0xF7,0xD8,0x68,
0x00,0x01,0x00,0x00,0x42,0x4A,0x6A,0x00,0x6A,0x02,0x33,
0xC9
};
BYTE Me4[32]={
0x6A,0x00,0x6A,0x00,0x6A,0x00,0x6A,0x00,0x8B,0xEC,0x81,
0xC4,0xDC,0xFE,0xFF,0xFF,0x89,0x85,0xDC,0xFE,0xFF,0xFF,
0x90,0x8B,0x5D,0x08,0x56,0x8B,0x7D,0x10,0x85,0xF6
};
AnsiString NewFile=FileName+".bak";
CopyFile(FileName.c_str(),NewFile.c_str(),FALSE);
DWORD Voffset=0,Vsize=0,MyOffset=0;
IMAGE_DOS_HEADER DosHeader;
IMAGE_NT_HEADERS32 ExeHeader;
int NumOfSections;
FILE *fp;
fp=fopen(FileName.c_str(),"rb+");
fseek(fp,0,SEEK_SET);
fread(&DosHeader,sizeof(DosHeader),1,fp);
if (DosHeader.e_magic!=IMAGE_DOS_SIGNATURE)
{
ShowMessage("不是有效的MZ文件");
return ;
}
fseek(fp,DosHeader.e_lfanew,SEEK_SET);
fread(&ExeHeader,sizeof(ExeHeader),1,fp);
if (ExeHeader.Signature!=IMAGE_NT_SIGNATURE)
{
ShowMessage("不是有效的PE文件");
return ;
}
int oep=ExeHeader.OptionalHeader.AddressOfEntryPoint; //保存oep.....
int NumSection = ExeHeader.FileHeader.NumberOfSections; //获得节的数量
fseek(fp,(DosHeader.e_lfanew+sizeof(ExeHeader.Signature)+sizeof(ExeHeader.FileHeader)+(ExeHeader.FileHeader.SizeOfOptionalHeader)),SEEK_SET); //来到节表位置
IMAGE_SECTION_HEADER OLD_SECTION;
for (int i = 0; i < NumSection; i++)
{
fread(&OLD_SECTION,sizeof(IMAGE_SECTION_HEADER),1,fp);
} //嘿嘿来到最后一个节表的位置,节表其实是一个数组成员,包含每个节的属性对应的偏移量等
Voffset=OLD_SECTION.VirtualAddress;
Vsize=OLD_SECTION.Misc.VirtualSize;
while (MyOffset<Voffset+Vsize)//没有办法,只有求出最大的offset..
{
MyOffset+=0x1000;
}
IMAGE_SECTION_HEADER iMageNewSection;// 声明结构
memset(&iMageNewSection,0,sizeof(iMageNewSection)); //用0填充iMageNewSection结构
memcpy((char*)iMageNewSection.Name,".fish",strlen(".fish"));//给新节的名字赋值
iMageNewSection.VirtualAddress=MyOffset;//设置新节的RVA地址,也就是最后一个节表的最后位置
iMageNewSection.Misc.VirtualSize=0x1000; //设置节的长度
iMageNewSection.PointerToRawData=OLD_SECTION.PointerToRawData+OLD_SECTION.SizeOfRawData;//设置新节的文件偏移量
iMageNewSection.SizeOfRawData=0x200; //设置节的物理长度
iMageNewSection.Characteristics=0xE0000020;//设置节的属性
fseek(fp,DosHeader.e_lfanew+sizeof(IMAGE_NT_HEADERS)+NumSection*sizeof(IMAGE_SECTION_HEADER),SEEK_SET); //来到新节的位置
fwrite(&iMageNewSection,sizeof(IMAGE_SECTION_HEADER),1,fp);//写入一个节
ExeHeader.FileHeader.NumberOfSections++;//增加一节
ExeHeader.OptionalHeader.SizeOfImage=iMageNewSection.VirtualAddress+0x1000;
ExeHeader.OptionalHeader.AddressOfEntryPoint=iMageNewSection.VirtualAddress+6; //修改OEP
ExeHeader.OptionalHeader.MajorLinkerVersion=6;
ExeHeader.OptionalHeader.MinorLinkerVersion=0;
fseek(fp,DosHeader.e_lfanew,SEEK_SET); //来到PE头
fwrite(&ExeHeader,sizeof(IMAGE_NT_HEADERS32),1,fp);//写入ExeHeader,使上面的操作生效
fseek(fp,iMageNewSection.PointerToRawData,SEEK_SET);
for (int i = 0; i <0x200; i++) {
fputc(0,fp);
}
fseek(fp,iMageNewSection.PointerToRawData+6,SEEK_SET);
if (RadioButton1->Checked==true) {
fwrite(&Me1,sizeof(Me1),1,fp);
BYTE jmp=0xE9;
fwrite(&jmp,sizeof(jmp),1,fp);
DWORD newoep=oep-(iMageNewSection.VirtualAddress+sizeof(Me1))-11;
fwrite(&newoep,4,1,fp);
}
if (RadioButton2->Checked==true) {
fwrite(&Me2,sizeof(Me2),1,fp);
BYTE jmp=0xE9;
fwrite(&jmp,sizeof(jmp),1,fp);
DWORD newoep=oep-(iMageNewSection.VirtualAddress+sizeof(Me2))-11;
fwrite(&newoep,4,1,fp);
}
if (RadioButton3->Checked==true) {
fwrite(&Me3,sizeof(Me3),1,fp);
BYTE jmp=0xE9;
fwrite(&jmp,sizeof(jmp),1,fp);
DWORD newoep=oep-(iMageNewSection.VirtualAddress+sizeof(Me3))-11;
fwrite(&newoep,4,1,fp);
}
if (RadioButton4->Checked==true) {
fwrite(&Me4,sizeof(Me4),1,fp);
BYTE jmp=0xE9;
fwrite(&jmp,sizeof(jmp),1,fp);
DWORD newoep=oep-(iMageNewSection.VirtualAddress+sizeof(Me4))-11;
fwrite(&newoep,4,1,fp);
}
fclose(fp);
MessageBox(NULL,"加花指令完成,谢谢使用...by:Xfish","提示",MB_OK + MB_ICONEXCLAMATION);
}
//---------------------------------------------------
void __fastcall TForm1::Button3Click(TObject *Sender)
{
Application->Terminate();
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Button2Click(TObject *Sender)
{
if (Edit1->Text=="") {
MessageBox(0,"请选择需要加花的文件....","提示",MB_OK);
}
else
{
addAsm(Edit1->Text);
}
}
//---------------------------------------------------------------------------
void __fastcall TForm1::Label3Click(TObject *Sender)
{
ShellExecute(0,"open","http://www.hacker.com.cn",NULL,NULL,SW_SHOW);
}
//---------------------------------------------------------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -