Home > Others

PE merger section of PE Knowledge Review

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

PE review PE merger section I. INTRODUCTION

According to the previous lecture. We have added a section for PE. and attributes the mates in each member. For example, the number of header record sections. We're going to change this number when we add a section.

So now we're going to merge a section. Above, we explain the example.

We used to talk about how PE expands a section. The merge section is similar to the expansion section. Only one is enlarged. One is the merger.

The steps to merge the sections.

1. Change the number of File header section table

2. Modify the properties in the Section table

Section. Sizeofrawdata the size after which the data is aligned.

3. Modify the size of the PE image in the expansion header Sizeofimage

4. The merged section is filled with 0.

Second, the actual combat merge a section 1. Modify the number of section tables in the file header

Why the changes should not be said more. Now that we're merging. Then the festival will be one less. then nature is modified.

There are 8 tables in the original section. We can change it to 7.

2. Modify the section. Sizeofrawdata the size of the data after the section is aligned.

 

We put the last AAAA festival. Merge into the previous section. rsrc.

. rsrc. Sizeofrawdata =. File Alignment (rsrc. Sizeofrawdata + AAA. The size of the section data)

Modify this property to modify it according to the above formula. The original section data size. Plus the data size of the section to be merged. Keep it in the file.

For example:

  

The size of the original section data is 0x600. The size of the AAAA section data is 0x1000. Then modify the. Rsrc.sizeofrawdata to 0x1600.

The last section table is populated with 0.

3. Modify the PE image size of the expansion head. Sizeofimage

We added a new section to the last lecture. So the image size is 0x1e000. So now you need to modify it. The 0x1000 data size is merged. Then 0x1d000 can be changed.

4. Test procedures

The program can be run directly. Then the memory look at the section expansion position has no section data for our merge section.

The 0x41c000 location in memory. Is the section expansion position. We did not merge before. And there is no data for our FFFF to populate. After merging. The data has been successfully merged.

It is also equivalent to expanding the section.

  

 

PE merger section of PE Knowledge Review

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pe pr pe domain pe enhancement hive pe cve pe pe vrtx dell pe r710

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More