放下代码 PE文件变形之初步 移动PE头

程序代码

.386

.model flat,stdcall
option casemap:none
include windows. inc
include user32. inc
include kernel32. inc
include gdi32. inc
includelib gdi32.lib
includelib user32.lib
includelib kernel32.lib
Message  proto :DWORD
movfile proto  :dword,:dword,:dword
IsPeFile proto :dword
MovPeHead proto :dword,:dword,:dword
.data
     
     szFileName db " E:\stu1\stu2\bin\Debug\main.exe ", 0
     szEorro    db " file open fail ", 0
     szCaption  db " PEêμÑé ", 0
     szsuccesful db " successful! ", 0
     szpe    db " this is a pe file ", 0
     szPeMovNo  db " Îļt2»Dèòaòƶˉ ", 0
     szNoPe     db " this is not PE file ", 0
.data?
     hFileHanld dword ?
     szbuff  dword 4096 dup (?)
     szreadnum dword ?
     szbuff1    IMAGE_DOS_HEADER <>
     dwPeRav    dword ?
     
.code
      start:
            
            invoke CreateFile,offset szFileName,GENERIC_READ or GENERIC_WRITE,NULL,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
            .IF eax==INVALID_HANDLE_VALUE
                invoke MessageBox,NULL,offset szEorro,offset szCaption,MB_OK
                invoke ExitProcess,NULL
            .endif
            
             mov hFileHanld ,eax
            invoke ReadFile,hFileHanld,offset szbuff, 0400h,offset szreadnum,NULL
            invoke IsPeFile,offset szbuff
            .if eax== 0
                invoke MessageBox,NULL,szNoPe,NULL,MB_OK
                jmp over
            .endif
             mov dwPeRav,eax
            invoke MovPeHead,offset szbuff,0ch,dwPeRav
            
            invoke SetFilePointer,hFileHanld, 0, 0,FILE_BEGIN
            invoke WriteFile,hFileHanld,offset szbuff,400h,NULL,NULL
            
            
            
          over:  
            invoke ExitProcess,NULL
           Message proc lpstring:dword
               
               invoke MessageBox,NULL,lpstring,offset szCaption,MB_OK
                ret

           Message endp
          movfile proc   dst:dword, src:dword, sizelen:dword
              
               mov edi,dst
               mov esi,src
               mov ecx,sizelen
          next:    movsb
               mov byte ptr [esi- 1], 0
              loop next
               ret

          movfile endp
          IsPeFile proc lpbuff:dword
               mov esi,lpbuff
               mov eax, 0
              assume esi : ptr IMAGE_DOS_HEADER
              .IF [esi].e_magic== " ZM "
                   mov esi,[esi].e_lfanew
                   add esi,lpbuff
                  .if word ptr [esi]== " EP "
                      invoke Message ,offset szpe
                      sub esi,lpbuff
                      mov eax,esi
                  .endif
                 
              .endif
         
              assume esi : nothing   
               ret

          IsPeFile endp
         
         MovPeHead proc lpDosHead :dword,dwPosition : DWORD,dwPeRav1 :dword
             mov eax,dwPeRav1
             .if dwPosition==eax
                 invoke MessageBox,NULL,offset szPeMovNo,NULL,MB_OK
                  ret
             .endif
               mov esi,lpDosHead
               push esi
              assume esi:ptr IMAGE_DOS_HEADER
               mov esi,[esi].e_lfanew
               add esi,lpDosHead
              assume esi:nothing
              assume esi:ptr IMAGE_NT_HEADERS
               mov  dx,[esi].FileHeader.NumberOfSections
               movzx edx,dx
               mov eax,sizeof(IMAGE_SECTION_HEADER)
               MUL edx
               add eax,sizeof(IMAGE_NT_HEADERS)
              assume esi : nothing
               mov ebx,lpDosHead
               add ebx,dwPosition
              invoke movfile,ebx,esi,eax   
               pop esi
              assume esi : ptr IMAGE_DOS_HEADER
               mov eax,dwPosition
               mov [esi].e_lfanew,eax
              assume esi:nothing
               ret
         MovPeHead endp
     end start