只申请一块sizeofimage的内存能否实现PE文件的拉伸
不能,别试了,浪费时间.
从最后一个节复制,
也会被覆盖
BOOL StrechFileBuffer(__in char* m_fileName, __inout char** LPImageBuffer)
{FILE* file = (fopen(m_fileName, "rb"));if (file == NULL){printf("error :%d", GetLastError());return FALSE;}// 从文件头跳转到偏移0x3C位置if (fseek(file, 0x3C, SEEK_SET) != 0) {perror("fseek failed");fclose(file);return FALSE;}//读到e_lfannew的值LONG e_lfannew = 0;if (fread(&e_lfannew, sizeof(LONG), 1, file) != 1) {perror("fread failed");fclose(file);return FALSE;}//从文件开始跳到可选头的imagebase的位置 fseek(file, e_lfannew+sizeof(DWORD)+sizeof(IMAGE_FILE_HEADER)+0x38, SEEK_SET);DWORD sizeofimage = 0;fread(&sizeofimage, sizeof(DWORD), 1, file);//根据imagebase申请拉伸后的内存char* buffer = malloc(sizeofimage);if (buffer == NULL){perror("malloc failed");fclose(file);return FALSE;}memset(buffer, 0, sizeofimage);fseek(file, 0, SEEK_END);//到文件尾部DWORD fileSize = ftell(file);//获得文件的大小fseek(file, 0, SEEK_SET);//返回文件头部fread(buffer, 1, fileSize, file);//将文件读取到内存中fclose(file);//*已经将PE文件写到内存中了.但是需要分开拷贝,从最后的节开始拷贝数据*///看看是多少位的程序WORD magic = *(WORD*)(buffer + e_lfannew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER));//得到文件头,为了获取节区的数量,和可选头的大小,便于定位到节表中PIMAGE_FILE_HEADER pFileHeader = (PIMAGE_FILE_HEADER)(buffer + e_lfannew + sizeof(DWORD));//跳到最后一个节区信息结构列表WORD NumberOfSections = pFileHeader->NumberOfSections;PIMAGE_SECTION_HEADER PLastSectionTable = (char*)pFileHeader +sizeof(IMAGE_FILE_HEADER)+ (pFileHeader->SizeOfOptionalHeader) + ((NumberOfSections -1) * sizeof(IMAGE_SECTION_HEADER));//if (magic == 0X10B)//{// //这是32位的程序//}//else //{// //这是64位的程序//}//循环// 从最后一个节区开始向前拷贝for (size_t i = pFileHeader->NumberOfSections; i > 0; i--) {size_t index = i - 1; // 计算索引(从0开始)PIMAGE_SECTION_HEADER currentSection = &PLastSectionTable[index]; // 获取当前节区的指针// 从文件中获取源地址和目标地址char* src = buffer + currentSection->PointerToRawData; // 文件中的数据char* dest = buffer + currentSection->VirtualAddress; // 内存中的目标地址// 计算拷贝的大小size_t sizeToCopy = currentSection->SizeOfRawData > currentSection->Misc.VirtualSize? currentSection->SizeOfRawData: currentSection->Misc.VirtualSize;// 拷贝数据memmove(dest, src, sizeToCopy);//内存被覆盖了}