In Windows 9x, NT, and 2000, All executable files are based on a new file format portable Executable File designed by Microsoft.
Format(Portable execution body), that is, PE format. In some cases, we need to modify these executable files. The following text attempts to describe the PE file format and modify the PE format file in detail.
1.
CVE-2014-6271 Bash Security Vulnerability mac OS X 10.9 repair process, cve-2014-6271bash# DetectionOpen the command line and enter the following content:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the following is returned, upgrade as soon as possible.
vulnerable this is a test
# Upgrade
Check the current version. Mine is 3.2.51 (1)
bash -version
Download
Turn: http://hi.baidu.com/cqulwq/blog/item/2be170d6dbb03d2906088b26.html
We all know that in Windows 9x, NT, and 2000, All executable files are based on a new file format portable designed by Microsoft.Executable FileFormat (portable execution body), that is, PE format. In some cases, we need to modify these executable files. The following text attempts to describe the PE file format in detail andModify.
1, positioning standard PE headDos stub length is not fixed, so DOS header is not a fixed-size data structure. The DOS head is located in the starting position of the PE, and the position of the standard PE head after the DOS head is e_lfanew by the field.The value of the E_lfanew field is a relative offset, and the base address of the DOS MZ header is required f
Author: little heartPrevious: http://www.bkjia.com/Article/201202/118214.htmlThere are many structures in the PE file, but in fact, more than half of these structures tell the loader how to load its PE. Normal PE files are always strictly filled with their internal structures, but there are also a small number of deformation
V. Section Table)
The section table is a structure array next to the PE Header. The number of members of this array is determined by the value of the numberofsections field in the file header (image_file_header) structure. The member structure of the table is also named image_section_header (40 bytes ). Its structure definition:
Typedef struct _ image_section_header {Byte name [image_sizeof_short_name];Union {DWORD physicaladdress;DWORD virtualsize;}
V. Section Table)The section table is a structure array next to the PE Header. The number of members of this array is determined by the value of the numberofsections field in the file header (image_file_header) structure. The member structure of the table is also named image_section_header (40 bytes ). Its structure definition:Typedef struct _ image_section_header {Byte name [image_sizeof_short_name];Union {DWORD physicaladdress;DWORD virtualsize;} MI
Text/tU niuyuan
We all know that in Windows 9x, NT, and 2000, all Executable files are based on a new Microsoft-designed File Format (Portable Executable File Format), that is, the PE Format. In some cases, we need to modify these executable files. The following text attempts to describe the PE file format and modify the PE format file in detail.
PE means portable executable (portable execution body ). It is the execution body file format of the Win32 environment. Some of its features inherit from the Unix coff (Common Object File Format) file format. "Portable executable" means that the file format is cross-Win32: Even if windows runs on a non-Intel CPU, the PE Loader on any Win32 platform can recognize and use this file format. Of course, there mu
At present, PE routers are widely used. They are one type of VPN routers. So I have studied the explanations and principles of PE routers and will share them with you here, I hope it will be useful to you. VPNVirtual Private Network (VPNVirtual Private Network) is a virtual Private Network based on public networks. It uses tunneling, encryption, and other technologies to provide users with a sense of direct
a separate thread. After the virus obtains control, it creates the corresponding search and infection thread, and gives the master ready-to-use control to the original program.
Modify and infect PE files
Now that you have been able to search for all files in disk and network shared files and want to implement parasitic operations, the next step is to infect the searched PE files. An important consideration
Document directory
1.3.1 hosting PE files
Text/Xuan Hun
Intermediate Language
In the. NET Framework, the basic structure of public languages uses Cls to bind different languages. By requiring different languages to at least implement the CTS contained in CLs, the public language infrastructure allows different languages to use the. NET Framework. Therefore. in the. NET Framework, all languages (C #, VB. net, effil. net) is finally converted to a
All-finger medicine (SH000991)-2018-10-18, current value: 22.8575, average: 36.88, median: 36.27655, currently close to the lowest level of history. All-finger medicine (SH000991) history P/E ratio PE detailsEnvironmental protection (SH000827)-2018-10-18, current value: 16.0137, average: 28.73, median: 27.53245, currently close to the lowest level of history. Certificate of Environmental Protection (SH000827) of the history of
Generic PE Toolbox 1.9.6 (XP kernel) by Uepon (Li Peicong)Official website: http://hi.baidu.com/uepon?page=2Version 1.8 forum Posts: http://bbs.wuyou.net/forum.php?mod=viewthreadtid=119749General PE1.9.6 Introduction: HTTP://HI.BAIDU.COM/UEPON/ITEM/CEAFEB322BA148B9633AFFD3General PE V1.9.6 (XP kernel) Original: http://pan.baidu.com/s/1o6Fotx4Tonpe_xp_v1.9.6.exe does not include network card driver 39.8mb,to
Question: an absolutely detailed tutorial on manually Constructing PE files.
Reprint Please Note Copyright: A1Pass http://a1pass.blog.163.com/
I have been learning the PE file structure for a long time and never dared to look down on it. But even so, I still find myself lacking in this aspect, so I thought of creating a complete executable PE file by hand. Durin
I. PE Structure Basics
I have read a lot of PE Structure stuff, or the overall structure, or a lot of ASM code. I am a little uncomfortable looking at cainiao! So write a post on your own and learn PE. Let's first understand a few questions!1: Concepts of several addressesVA: virtual address, that is, the address in the memory!RVA: relative virtual address, equal
For low-layer windows programming, API Interception is always an exciting thing. Is it more interesting to use your own code to change the behavior of other programs? In addition, in the process of implementing API Interception, we also have the opportunity to familiarize ourselves with many things that are rarely touched by in the RAD programming environment, such as DLL Remote injection, memory management, and PE file format. Many commercial softwar
PE file structure (1)
Reference
Book: encryption and decryption
Video: Little Turtle decryption series video
EXE and DLL are all PE (portable execute) file structures. PE files use a flat address space. All code and data are merged to form a large structure. Let's take a look at two pictures to get a rough idea of the PE
Http://www.vckbase.com/document/viewdoc? Id = 1335
Detailed description of PE File Format (II)
Author: msdnAuthor: Li Ma (http://home.nuc.edu.cn /~ Titilima)
Pre-defined section
A Windows NT ApplicationProgramTypically, nine predefined segments are available:. Text,. BSS,. RDATA,. Data,. rsrc,. edata,. idata,. pdata, And. debug. Some applications do not need all these segments, and some applications define more segments for their special ne
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.