When a section is added to PE HEader in that way, it works in win 9x but not in win2k. why is that so?


//=================================================================================
HANDLE hFile;
DWORD dwFSize,dwTmp;
HANDLE hMap;
char* cMap;
//=================================================================================
PIMAGE_DOS_HEADER pDos;
PIMAGE_NT_HEADERS pPE;
PIMAGE_SECTION_HEADER pSec,pNewSec;
//=================================================================================
DWORD PEAlign(DWORD dwTarNum,DWORD dwAlignTo)
{
DWORD dwRes=dwTarNum%dwAlignTo;
DWORD dwSol=dwTarNum/dwAlignTo;
if(dwRes==0)
{
return dwTarNum;
}else{
return (dwSol+1)*dwAlignTo;
}
}
//=================================================================================
int APIENTRY WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCmdLine,int nCmdShow)
{
DWORD dwHeaderS= 0xFFFFFFFF;
//Dosyam?z? A?al?m :)))
hFile=CreateFile("calc.exe",GENERIC_READ|GENERIC_WRITE,0,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if((DWORD)hFile==0xFFFFFFFF)
{
MessageBox(0,"Calc.exe Not Found!!!","XXX",MB_ICONERROR);
return 1;
}
dwFSize=GetFileSize(hFile,0);
dwFSize=dwFSize+0x1500;
hMap=CreateFileMapping(hFile,0,PAGE_READWRITE ,0,dwFSize,0);
cMap=(char*)MapViewOfFile(hMap,FILE_MAP_ALL_ACCESS,0,0,dwFSize);


pDos=(PIMAGE_DOS_HEADER)cMap;
pPE=(PIMAGE_NT_HEADERS)((DWORD)cMap+pDos->e_lfanew);
pSec=(PIMAGE_SECTION_HEADER)((DWORD)pPE+sizeof(IMAGE_NT_HEADERS));

for(int i=1;i<pPE->FileHeader.NumberOfSections;i++)
{
++pSec;
if(strcmpi((char*)pSec->Name,"TestSec")==0)
{
MessageBox(0,"Opppsss","XXX",MB_ICONERROR);
goto extsys;
}
}

pNewSec=pSec;
++pNewSec;
ZeroMemory(pNewSec,sizeof(IMAGE_SECTION_HEADER));
pNewSec->VirtualAddress=PEAlign(pSec->VirtualAddress+pSec->Misc.VirtualSize,pPE->OptionalHeader.SectionAlignment);
pNewSec->Misc.VirtualSize=0x2000;
pNewSec->Characteristics=0xE00000E0;
pNewSec->PointerToRawData=PEAlign(pSec->SizeOfRawData +pSec->PointerToRawData,pPE->OptionalHeader.FileAlignment);
pNewSec->SizeOfRawData=0xA46;
memcpy(pNewSec->Name,"TestSec",7);
ZeroMemory((void*)((DWORD)cMap+pNewSec->PointerToRawData),0xA46);

//PE Headerdaki de?i?iklikler yap?l?yor.
pPE->FileHeader.NumberOfSections=pPE->FileHeader.NumberOfSections+1;
pPE->OptionalHeader.SizeOfImage=pNewSec->VirtualAddress+pNewSec->Misc.VirtualSize;
pSec=(PIMAGE_SECTION_HEADER)((DWORD)pPE+sizeof(IMAGE_NT_HEADERS));

FlushViewOfFile((void*)cMap,dwFSize);
SetFilePointer(hFile,pNewSec->PointerToRawData+0xA46,0,FILE_BEGIN);
SetEndOfFile(hFile);
MessageBox(0,"All Done","XXX",0);
extsys:
UnmapViewOfFile((void*)cMap);
CloseHandle(hMap);
CloseHandle(hFile);
return 0;

}

Bulunam?yor=Not Found
Posted on 2003-08-29 19:30:44 by Criminal2