Description: PE可执行文件的镶入式程序的编写方法及示例(镶入式后门程序&原程序) 由于Microsoft公司的Windows系统是当前大部分个人电脑所使用的操作系统 主要包括win95,98,me,nt4,2000,xp等,而这些系统所使用的可执行文件的格式基 本上是PE结构的。这里的可执行文件的镶入式程序就是针对PE结构的可执行文件。 这里先简单说一下PE文件框架结构: DOS MZ header DOS stub//在不支持 PE文件格式的操作系统中它将简单显示一个错误提示 PE header//含了许多PE装载器用到的重要信息 Section table//每个Section的信息 Section 1 Section 2 Section 3.... 由于SectionAlignment 块对齐的原因每个Section之间都会产生很多空间, 镶入式程序的代码可以放在Section之间的空位上,比较方便的方法是把代码放在 最后一个Section的末尾,然后更改Misc.VirtualSize和SizeOfRawData这两个位 于Section table的IMAGE_SECTION_HEADER结构数组的成员。如果代码十分的长, 有时候会造成镶入的代码无法被完全加载而产生错误,这时需要更改SizeOfImage 在IMAGE_NT_HEADERS 结构中。 在不同的WINDOWS版本中api调用地址也有不同,为了解决这个问题可以更改引 入表让加载器-PE executable files embedded into the formal process of the preparation methods and examples (Insert-in procedures for the back door Platform: |
Size: 78848 |
Author: |
Hits:
Description: 一份PE文件修改的VC源码,可查看PE文件的大量信息和修改部分文件信息,可查看进程加载的模块。-a PE files VC source, PE document can be found on the vast amount of information and documents to amend some information can be found on the module loading process. Platform: |
Size: 51200 |
Author:吴志明 |
Hits:
Description: 这是使我最受益的学习PE文件的代码。让我终生受益!-This is my greatest benefit of learning PE document code. Allow me to enjoy the benefits! Platform: |
Size: 129024 |
Author:王明心 |
Hits:
Description: OEP是每个PE文件读取时的起始地址,该程序给出两种方法来读取OEP,一种是直接从PE文件读取;另一种是将PE映射到内存中来读取。-OEP each PE file read at the opening address, the program gives two ways to read OEP. A PE is directly from the document read. Another is to PE Maps memory to read. Platform: |
Size: 32768 |
Author:byron |
Hits:
Description: I think this the first time every one can look at a PE crypter source
in top level language such VC++.
So as I promised ... if some one sent me one nice compress source I would
publish my source.
I dedicate this source to all people who involve in this field.
I hope it helps someone.
Have good days
ashkbiz
Check: yodap.cjb.net Platform: |
Size: 49152 |
Author:李泉 |
Hits:
Description: 一般的为PE文件新增一个节的代码都是汇编代码,但是这是一个VC写的为PE文件新增一个节的代码,代码注释详尽!-General for the PE file add a section of the code are compiled code, but this is a VC for the PE file written in a new section of the code, the code detailed notes! Platform: |
Size: 3016704 |
Author:郭事业 |
Hits:
Description: 这个例子主要是介绍pe相关知识的
有了它,pe对于你来说是小菜一碟了-This example is mainly related knowledge pe Introduction With it, pe for you is a piece of cake Platform: |
Size: 4353024 |
Author:谢黎鹏 |
Hits:
Description: PE文件分析实现了 dll导入到出函数的察看,PE文件分析实现了 dll导入到出函数的察看.-Analysis of PE files into a dll a function of View, PE Analysis of the realization of the dll file into a function of View. Platform: |
Size: 5120 |
Author:方老 |
Hits:
Description: 基于visual c++的 可以获取pe文件的oep,即每个exe或dll文件加载的起始地址。-Based on visual c++ Can obtain pe documents oep, that is, each exe or dll file to load the starting address. Platform: |
Size: 31744 |
Author:李乐 |
Hits:
Description: PE文件分析,源代码为VC6.0版本和Delphi7.0版本。参考价值很大。-PE document analysis, the source code for VC6.0 version and Delphi7.0 version. Great reference value. Platform: |
Size: 228352 |
Author:齐欢乐 |
Hits:
Description: 利用C++和内嵌汇编将一段代码添加到EXE文件的开头,提示用户是否真要运行这个EXE文件。演示了如何操作PE文件头部。-The use of C++ And embedded compilation will be added to a section of code at the beginning of EXE files, prompts the user really want to run the EXE file. Demonstrated how to operate the head PE file. Platform: |
Size: 28672 |
Author:张立人 |
Hits:
Description: VB制作的加壳工具只是修改了PE文件头.很轻松的就可以脱掉了.声明本人所上传代码如果没有特别声明都是来自VBGOOD论坛-VB Tools加壳produced only modify the PE file header. Very easily can be off. Statement From my code if there is no special statement from VBGOOD Forum Platform: |
Size: 9216 |
Author:残影 |
Hits:
Description: 可以查看PE结构信息.包括节区表,导入表和导出表.是学习PE结构的好东西.-PE can view the structure of information. Including the Festival District Table, Import Table and Export Table. PE are studying the structure of good things. Platform: |
Size: 56320 |
Author:禁区 |
Hits:
Description: Mem Copier This source code of my old program to copying memory image it saves copied image to file so ye you can dump raw pe image using it-Mem Copier This is source code of my old program to copying memory image it saves copied image to file so ye you can dump raw pe image using it Platform: |
Size: 3704832 |
Author:croner |
Hits:
Description: 为PE添加数字签名VC6代码
数字签名添加-For the PE to add a digital signature VC6 code to add a digital signature Platform: |
Size: 34816 |
Author:kyo |
Hits: