MessageAdder.rar Pe.h

www.pudn.com > MessageAdder.rar > Pe.h

// Pe.h: interface for the CPe class.
//
//////////////////////////////////////////////////////////////////////

#if !defined(AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_)
#define AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_

#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#include "io.h"
#include "fcntl.h"
#include "sys/stat.h"

typedef struct PE_HEADER_MAP {
DWORD signature;
IMAGE_FILE_HEADER _head;
IMAGE_OPTIONAL_HEADER opt_head;
IMAGE_SECTION_HEADER section_header[6];
} peHeader;

class CPe
{
public:
CPe();
virtual ~CPe();
public:
//计算PE header的开始偏移，保存旧的程序入口地址，计算新的入口地址和计算PE文件的空隙空间
void CalcAddress(const void *base);

//对一个PE文件进行MessageBoxA代码的注入
void ModifyPe(CString strFileName, CString strTitle, CString strMsg);
void WriteFile(CString strFileName, CString strTitle, CString strMsg);

//把新的入口地址写入PE程序原来的入口地址处，使PE加载器载入程序时先跳到MessageBoxA处
BOOL WriteNewEntry(int ret, long offset, DWORD dwAddress);
/*把MessageBoxA的机器代码写入到PE文件中。这个函数现实的对话框的标题和现实内容长度不固定。
先计算MessageBoxA函数的地址和函数的返回值，把新生成的的代码写入PE程序*/
BOOL WriteMessageBox(int ret, long offset, CString strCap, CString strTxt);

//把一个DWORD变量值转换成一个字符串，同时颠倒顺序，按照Little-endian方式
CString StrOfWord(DWORD dwAddress);
public:
DWORD dwSpace;
DWORD dwEntryAddress;
DWORD dwEntryWrite;
DWORD dwProvRAV;
DWORD dwOldEntryAddress;
DWORD dwNewEntryAddress;
DWORD dwCodeOffset;
DWORD dwPeAddress;
DWORD dwFlagAddress;
DWORD dwVirtSize;
DWORD dwPhysAddress;
DWORD dwPhysSize;
DWORD dwMessageBoxAadaddress;

};

#endif // !defined(AFX_PE_H__21346F8C_4391_4415_9D60_1382045CAD96__INCLUDED_)