www.pudn.com > MessageAdder.rar > Pe.h

// Pe.h: interface for the CPe class. 
// 
////////////////////////////////////////////////////////////////////// 
 
#if !defined(AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_) 
#define AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_ 
 
#if _MSC_VER > 1000 
#pragma once 
#endif // _MSC_VER > 1000 
#include "io.h" 
#include "fcntl.h" 
#include "sys/stat.h" 
 
typedef struct PE_HEADER_MAP { 
	DWORD signature; 
	IMAGE_FILE_HEADER _head; 
	IMAGE_OPTIONAL_HEADER opt_head; 
	IMAGE_SECTION_HEADER section_header[6]; 
} peHeader; 
 
class CPe   
{ 
public: 
	CPe(); 
	virtual ~CPe(); 
public: 
	//计算PE header的开始偏移，保存旧的程序入口地址，计算新的入口地址和计算PE文件的空隙空间 
	void CalcAddress(const void *base); 
	 
	//对一个PE文件进行MessageBoxA代码的注入 
	void ModifyPe(CString strFileName, CString strTitle, CString strMsg); 
	void WriteFile(CString strFileName, CString strTitle, CString strMsg); 
 
	//把新的入口地址写入PE程序原来的入口地址处，使PE加载器载入程序时先跳到MessageBoxA处 
	BOOL WriteNewEntry(int ret, long offset, DWORD dwAddress); 
	/*把MessageBoxA的机器代码写入到PE文件中。这个函数现实的对话框的标题和现实内容长度不固定。 
	先计算MessageBoxA函数的地址和函数的返回值，把新生成的的代码写入PE程序*/ 
	BOOL WriteMessageBox(int ret, long offset, CString strCap, CString strTxt); 
 
	//把一个DWORD变量值转换成一个字符串，同时颠倒顺序，按照Little-endian方式 
	CString StrOfWord(DWORD dwAddress); 
public: 
	DWORD dwSpace; 
	DWORD dwEntryAddress; 
	DWORD dwEntryWrite; 
	DWORD dwProvRAV; 
	DWORD dwOldEntryAddress; 
	DWORD dwNewEntryAddress; 
	DWORD dwCodeOffset; 
	DWORD dwPeAddress; 
	DWORD dwFlagAddress; 
	DWORD dwVirtSize; 
	DWORD dwPhysAddress; 
	DWORD dwPhysSize; 
	DWORD dwMessageBoxAadaddress; 
 
}; 
 
#endif // !defined(AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_)