When adding a start dialog box for a PE File

When the current PE file is started by modifying the content of the target PE file, a dialog box is displayed. The content and title of the dialog box are specified by the user.

Click to generate the qq_box.exe file in the qq.exedirectory. Double-click "run". The message box is displayed. Click "OK" to start running QQ. This mainly involves file ing, virtual address space, and PE file format. To enable PE files to implement this function, we insert a code before the PE file entry code to pop up the message box, in the pop-up dialog box, jump to the original entry code. Insert the code and the required data (message box title and content, MessageBox's IDD, etc.) into a new block. The general process is as follows: click OK> verify user input --> load and map the target PE file --> Generate new area block data --> generate the new area block header --> Create a new file image --> copy the original all content in the PE image --> Add a new block header and data in the new file image --> modify necessary fields (directory table address, code entry, number of blocks, and image size) 1. Generate new area block data: because we want to add an input table (user32.dll, used to use MessageBox), we put the original IDD and new Idd (user32.dll) in the new area block, in this way, no Overwrite will occur when adding data. New Area blocks mainly include: IDD, dllname, funname, boxtitle, boxcontent, newentrycode: The new input table named "user32.dll" funname "messageboxa" boxtitle and boxcontent is inserted in the new user32.dll input table consisting of the original IDD. new entry code, the Code ends with JMP oldaddressofentry. New data storage: The target PE file mainly includes three new data types: the first part of the new block and the original data of the new block. As mentioned above, place the source data in the new block, while the new block header is placed directly after the original block table (the starting address of the original block data after the block table needs to be aligned, generally, the alignment unit is 512 bytes for one slice, which is specified by filealignment of optionalheader. In this way, it is not easy to conflict with the new block header that is placed 40 bytes later. The original data of the new block is placed at the end of the PE file (the virtual address of the original data can be specified by sizeofimage, the file offset can be specified by calculating the file size ). 3. Address space conversion: three address spaces are involved: disk files, target PE file address space, and current process address space. You need to read and write data with caution, so it is easy to read and write data illegally in the memory. By ing the disk file to the current process for modification, the PE file on the disk is the same as the PE file mapped to the process, but there is an additional ing base address. When modifying PE file data through the file offset address, you can modify it by ing the base address + pointertorawdata (File offset. When modifying PE file data through a virtual address, you can use imagervatova to convert the addresses in the PE file address space to the corresponding addresses in the process address space. Imagervatova is provided by Microsoft. It can be converted by PE file offset to center-to-center conversion. It can also be implemented by itself to provide a deeper understanding of the address space. Then, we will implement it. By referring to the instance code in "step by step in Windows programming", we will create a cpeinfo class for the basic data and operations of the PE file to implement simple encapsulation, the new area block header can be directly handed over for maintenance. Cpeinfo mainly implements file ing, maintains the block header, and stores basic data of PE files. In the Main Dialog Box class, it uses gensecdata to generate new block data, you can use a cpeinfo member to obtain the basic information of the PE file and modify it according to the preceding process. Code: http://download.csdn.net/detail/wudaijun/5151933