Question: an absolutely detailed tutorial on manually Constructing PE files.
Reprint Please Note Copyright: A1Pass http://a1pass.blog.163.com/
I have been learning the PE file structure for a long time and never dared to look down on it. But even so, I still find myself lacking in this aspect, so I thought of creating a complete executable PE file by hand. Durin
Generic PE Toolbox 1.9.6 (XP kernel) by Uepon (Li Peicong)Official website: http://hi.baidu.com/uepon?page=2Version 1.8 forum Posts: http://bbs.wuyou.net/forum.php?mod=viewthreadtid=119749General PE1.9.6 Introduction: HTTP://HI.BAIDU.COM/UEPON/ITEM/CEAFEB322BA148B9633AFFD3General PE V1.9.6 (XP kernel) Original: http://pan.baidu.com/s/1o6Fotx4Tonpe_xp_v1.9.6.exe does not include network card driver 39.8mb,to
Method One, install to this system
This method is to install the General PE Toolbox into the system, restart the computer, the computer selection interface will appear in the "Universal PE Toolbox" option, through this option to enter the WinPE system.
First, prepare
1. General PE Toolbox: You can download the latest General
The program can extract a file name from the command line, or a dialog box is required to select a file that must be a valid PE executable file. If the function messageboxa in the dynamic-link library USER32.dll is used in the program, a new instruction is added to the program to display a message box, and if this function is not used, the file is no longer modified. Because I have a superficial understanding of P
My server system Windows 2003 server, was hacked, changed the password, I can't go in, how to get the password back ah?
Of course, Windows System account password lost, can be cracked. However, if your server is hosted in the computer room, it is estimated that the technician in the engine room will not give you the password, it is usually directly to you ghost recovery system.Today's small set to crack the process of writing a tutorial, if you will, a smile, if you will not, you can have a goo
For low-layer windows programming, API Interception is always an exciting thing. Is it more interesting to use your own code to change the behavior of other programs? In addition, in the process of implementing API Interception, we also have the opportunity to familiarize ourselves with many things that are rarely touched by in the RAD programming environment, such as DLL Remote injection, memory management, and PE file format. Many commercial softwar
I. PE Structure Basics
I have read a lot of PE Structure stuff, or the overall structure, or a lot of ASM code. I am a little uncomfortable looking at cainiao! So write a post on your own and learn PE. Let's first understand a few questions!1: Concepts of several addressesVA: virtual address, that is, the address in the memory!RVA: relative virtual address, equal
PE file structure (1)
Reference
Book: encryption and decryption
Video: Little Turtle decryption series video
EXE and DLL are all PE (portable execute) file structures. PE files use a flat address space. All code and data are merged to form a large structure. Let's take a look at two pictures to get a rough idea of the PE
Http://www.vckbase.com/document/viewdoc? Id = 1335
Detailed description of PE File Format (II)
Author: msdnAuthor: Li Ma (http://home.nuc.edu.cn /~ Titilima)
Pre-defined section
A Windows NT ApplicationProgramTypically, nine predefined segments are available:. Text,. BSS,. RDATA,. Data,. rsrc,. edata,. idata,. pdata, And. debug. Some applications do not need all these segments, and some applications define more segments for their special ne
How to add other software to PE
PE system is generally used only to maintain the system. But in special cases, you may also use it to handle something else that requires running a software in it. But under the PE run Green software (not integrated in PE), most of the cases will be wrong, the hint can not find the xxx
Preface:
The initial shell was developed in infectious virus technology, with the goal of compressing or encrypting the shell. This article mainlyThis section briefly introduces and summarizes the implementation of Win32 PE and Linux elf shelling programs on the X86 platform.The program provides clues, in which the program source code is open-source. If you are interested, you can continue to improve the program.
PS: some of them haven't been touched
Author: msdnAuthor: Li Ma (http://home.nuc.edu.cn /~ Titilima)
Pre-defined section
A Windows NT application typically has nine predefined segments, which are. text ,. BSS ,. RDATA ,. data ,. rsrc ,. edata ,. idata ,. pdata and. debug. Some applications do not need all these segments, and some applications define more segments for their special needs. This approach is similar to code segments and data segments in MS-DOS and Windows 3.1. In fact, the method by which an application defines a uniqu
method of repairing system faults with PE
PE is commonly used in the first aid system, installed in this machine can be very convenient in the event of Windows failure to carry out effective maintenance operations. However, many people do not install PE when the system is normal, until the system has a serious failure can not enter the thought of it. Is there an
VPN technology-P, PE, CE what is P, PE, cempls vpn there are three types of routers, CE router, PE router and P router. The CE router is a client router that provides you with a connection to the PE router. The PE router is the operator's edge router, that is, the Label Edge
PE is commonly used in the first aid system, it is installed in the machine can be easily in the event of Windows failure to carry out effective maintenance operations. However, many people do not install PE when the system is normal, wait until the system has a serious failure to enter when the thought of it. Is there a way to mend it? Here we introduce the steps.
First, the
CFF Explorer View/modify PE file Resources
Using CFF Explorer, you can view and modify the resources of a PE file, you can view the functions that the DLL file can call, and modify the function entry address to achieve the purpose of creating a crash screen. CFF Explorer features a similar depends dependency analysis function/hex Editor/Quick Disassembly, as described in the following figure:
Installing it on this machine makes it easy to maintain an effective maintenance operation in the event of a Windows failure. However, many people do not install PE when the system is normal, until the system has a serious failure can not enter the thought of it. Is there any way to mend it? There is! Here is a detailed description of the steps.
First, the PE please enter the door
As a maintenance system,
PE Desktop Background How to modify
Often use PE words to see is a desktop background, want to change the taste it? The simplest way to modify a PE background image is as follows:
Most of the PE desktop wallpapers are in the op.wim inside the desktop background directory, on two files: Pelogo.jpg and pewallpaper.jpg.
PE start to display the text you are very familiar with, but the Chinese PE start text you have not seen it, follow the following to create their own:
One, the PE system needs to modify the first place:
You need to modify the "Setupldr.bin" file to change "Loading RAMDISK image ..." to "Loading RAMDISK image ..."
Second, the
The remote mountain Maple Pocket PE System Toolbox is a highly integrated compact disc tool system with a separate PE system that supports USB 2.0
/scsi/netcard and other equipment, supporting the Internet, integrated with extremely comprehensive system maintenance tools, such as modify the system administrator password, HDD repair,
File rescue, etc., provide a variety of system security deployment programs
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.