[原创]萌新从反射注入学习pe文件加载的记录 | 宜武汇-ag真人国际厅网站

// 解析pe,并计算offset

pimage_data_directory pddbasereloc = &pntheaders->optionalheader.datadirectory[image_directory_entry_basereloc];

pimage_base_relocation pbaserelocation;

ulong_ptr offset = (ulong_ptr)pnewdosheader - (ulong_ptr)pntheaders->optionalheader.imagebase;

 

if (pddbasereloc->size) {

    dword size = pddbasereloc->size;

    pbaserelocation = (pimage_base_relocation)((dword)pnewdosheader pddbasereloc->virtualaddress);

 

    // 遍历重定位表结构体

    while (size && pbaserelocation->sizeofblock) {

 

        dword va = (dword)pnewdosheader pbaserelocation->virtualaddress;

        dword num = (pbaserelocation->sizeofblock - sizeof(image_base_relocation)) / sizeof(image_reloc); // 计算reloc[]大小

        pimage_reloc reloc = (pimage_reloc)((dword)pbaserelocation sizeof(image_base_relocation));

 

        // 遍历reloc[],根据重定位类型重定位

        while (num--) {

            dword type = reloc->type;

            if (type == image_rel_based_high) {

                *(word*)(va reloc->offset) = hiword(offset);

            }

            else if (type == image_rel_based_low) {

                *(word*)(va reloc->offset) = loword(offset);

            }

            else if (type == image_rel_based_highlow) {

                *(dword*)(va reloc->offset) = (dword)offset;

            }

 

        }

 

        size -= pbaserelocation->sizeofblock;

        pbaserelocation = (pimage_base_relocation)((dword)pbaserelocation pbaserelocation->sizeofblock);

    }

原文链接:https://bbs.kanxue.com/thread-266929.htm

网络摘文,本文作者:15h,如若转载,请注明出处:https://www.15cov.cn/2023/08/27/原创萌新从反射注入学习pe文件加载的记录/

发表评论

邮箱地址不会被公开。 必填项已用*标注

网站地图