该程序主要是利用PE文件对齐,进行数据隐藏和提取,如果对您有帮助请点一个赞,那方面写的不好的请直接评论批评,我一定会尽最大努力改正
PE隐藏
#include<stdio.h>
#include<Windows.h>
#include <stdlib.h>
int main()
{
HANDLE hfile = CreateFileA(
"C:\\Users\\486\\Desktop\\WP\\magic.exe",//文件路径
GENERIC_ALL,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
DWORD fileSize = GetFileSize(hfile, NULL);
char* fileBuff;
fileBuff = (char*)malloc((size_t)fileSize);
BOOL flag = FALSE;
flag = ReadFile(hfile, fileBuff, fileSize, NULL, NULL);
if (flag)
printf("文件读取成功\n");
else
printf("文件读取失败\n");
PIMAGE_DOS_HEADER pDosHeaders = (PIMAGE_DOS_HEADER)fileBuff;//PE DOS头
PIMAGE_NT_HEADERS NTHead = (PIMAGE_NT_HEADERS)((DWORD)fileBuff + pDosHeaders->e_lfanew);//PE NT头
PIMAGE_FILE_HEADER PEHead = &NTHead->FileHeader;//PE头
PIMAGE_OPTIONAL_HEADER PEOptionalHeader = &NTHead->OptionalHeader;//PE可选头
PIMAGE_SECTION_HEADER PEZone = IMAGE_FIRST_SECTION(NTHead);//PE 节表头
for (int i = 0; i < PEHead->NumberOfSections; i++) {
char name[9];
memcpy_s(name, 9, PEZone->Name, 8);
printf("区段名称:%s\t", name);
printf("可以隐藏的数据大小:%d字节\n", PEZone->SizeOfRawData - PEZone->Misc.VirtualSize);
PEZone++;
}
int num;
printf("请输入你要隐藏在第几个节:");
scanf("%d", &num);
PEZone = IMAGE_FIRST_SECTION(NTHead);
for (int i = 0; i < num; i++) {
if (i == num - 1) {
char name[9];
memcpy_s(name, 9, PEZone->Name, 8);
printf("区段名称:%s\t", name);
printf("可以隐藏的数据大小:%d字节\n", PEZone->SizeOfRawData - PEZone->Misc.VirtualSize);
}
else
PEZone++;
}
char a = getchar();
char data[1000] = { 0 };
printf("请输入您要隐藏的数据:");
gets(data);
if(strlen(data) > PEZone->SizeOfRawData - PEZone->Misc.VirtualSize){
printf("隐藏的数据太长\n");
return 0;
}
DWORD yincang_data = SetFilePointer(hfile, PEZone->PointerToRawData + PEZone->SizeOfRawData - (PEZone->SizeOfRawData - PEZone->Misc.VirtualSize),NULL,0);
DWORD yinD = 0;
BOOL yin = WriteFile(hfile,data,sizeof(PEZone->Misc.VirtualSize),&yinD,NULL);
if(yin)
perror("数据隐藏成功");
else
perror("数据隐藏失败");
DWORD yi;
if(PEHead->SizeOfOptionalHeader == 0xE0)
yi = 0x8;
else
yi = 0x18;
DWORD pianyi = SetFilePointer(hfile,(pDosHeaders->e_lfanew + sizeof(IMAGE_NT_HEADERS) + sizeof(IMAGE_SECTION_HEADER) * (num - 1) + yi),NULL,0);
DWORD VirtualSize = (DWORD)(PEZone->Misc.VirtualSize + (DWORD)strlen(data));
DWORD dwWrited = 0;
BOOL Write = WriteFile(hfile,&VirtualSize,sizeof(PEZone->Misc.VirtualSize),&dwWrited,NULL);
return 0;
}
PE提取
#include<stdio.h>
#include<Windows.h>
#include <stdlib.h>
int main()
{
HANDLE hfile = CreateFileA(
"C:\\Users\\486\\Desktop\\WP\\magic.exe",//文件路径
GENERIC_ALL,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
0);
DWORD fileSize = GetFileSize(hfile, NULL);
char* fileBuff;
fileBuff = (char*)malloc((size_t)fileSize);
BOOL flag = FALSE;
flag = ReadFile(hfile, fileBuff, fileSize, NULL, NULL);
PIMAGE_DOS_HEADER pDosHeaders = (PIMAGE_DOS_HEADER)fileBuff;//PE DOS头
PIMAGE_NT_HEADERS NTHead = (PIMAGE_NT_HEADERS)((DWORD)fileBuff + pDosHeaders->e_lfanew);//PE NT头
PIMAGE_FILE_HEADER PEHead = &NTHead->FileHeader;//PE头
PIMAGE_OPTIONAL_HEADER PEOptionalHeader = &NTHead->OptionalHeader;//PE可选头
PIMAGE_SECTION_HEADER PEZone = IMAGE_FIRST_SECTION(NTHead);//PE 节表头
for (int i = 0; i < PEHead->NumberOfSections; i++) {
char name[9];
memcpy_s(name, 9, PEZone->Name, 8);
printf("区段名称:%s\n", name);
PEZone++;
}
int num,len;
printf("请输入你要提取在第几个节和提取的长度:");
scanf("%d%d", &num,&len);
PEZone = IMAGE_FIRST_SECTION(NTHead);
for (int i = 0; i < num; i++) {
if (i == num - 1) {
char name[9];
memcpy_s(name, 9, PEZone->Name, 8);
printf("区段名称:%s\t提取长度:%d\n", name,len);
}
else
PEZone++;
}
HANDLE Tfile = CreateFileA(
"C:\\Users\\486\\Desktop\\WP\\123.txt",//文件路径
GENERIC_ALL,
FILE_SHARE_READ,
NULL,
OPEN_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
0);
char* TfileBuff;
TfileBuff = (char*)malloc(sizeof(char)*len);
BOOL Tflag = FALSE;
DWORD tiqu_data = SetFilePointer(hfile, PEZone->PointerToRawData + PEZone->SizeOfRawData - (PEZone->SizeOfRawData - PEZone->Misc.VirtualSize) - len,NULL,0);
Tflag = ReadFile(hfile, TfileBuff,len, NULL, NULL);
if (Tflag)
printf("文件读取成功\n");
else
printf("文件读取失败\n");
DWORD dwWrited = 0;
BOOL Write = WriteFile(Tfile,TfileBuff,len,&dwWrited,NULL);
if(Write)
perror("文件写入成功");
else
perror("文件写入失败");
return 0;
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
