{
Author: xIkUg
Email:
[email protected]
HOMEPAGE:
http://www.xp-program.com
Description: ?PE?????VC7.0???
}
unit uMain;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Label1: TLabel;
edFName: TEdit;
Button1: TButton;
Label2: TLabel;
edOEP: TEdit;
Button2: TButton;
Button3: TButton;
Button4: TButton;
Button5: TButton;
OpenDialog1: TOpenDialog;
procedure Button5Click(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
FImageBase: DWORD;
public
{ Public declarations }
end;
THEAD = array [0..63] of Byte;
var
Form1: TForm1;
const
MYSECTION = 'xIkUg';
JMPOFF = 43;
//???HEAD.asm????????
OEPCODE: THEAD = ($55, $8B, $EC, $6A, $FF, $68, $2A, $2C, $0A, $00, $68, $38,
$90, $0D, $00, $64, $A1, $00, $00, $00, $00, $50, $64, $89,
$25, $00, $00, $00, $00, $58, $64, $A3, $00, $00, $00, $00,
$58, $58, $58, $58, $8B, $E8, $B8, $00, $10, $40, $00, $FF,
$E0, $90, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00);
procedure AddSection(FName: string); //????Section,??OEPCode???
implementation
{$R *.dfm}
procedure TForm1.Button5Click(Sender: TObject);
begin
Close;
end;
procedure TForm1.Button4Click(Sender: TObject);
begin
MessageBox(Handle, 'Author: xIkUg' + #10#13 +
'Email:
[email protected]' + #10#13 +
'HOMEPAGE:
http://www.xp-program.com',
'About', MB_OK);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
if OpenDialog1.Execute then
begin
edFName.Text := OpenDialog1.FileName;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
DOSHEADER: IMAGE_DOS_HEADER;
PEHEADER: IMAGE_NT_HEADERS;
fs: TFileStream;
begin
fs := TFileStream.Create(edFName.Text, fmOpenReadWrite + fmShareDenyWrite);
try
fs.Seek(0, soFromBeginning);
fs.Read(DOSHEADER, SizeOf(DOSHEADER));
fs.Seek(DOSHEADER._lfanew, soFromBeginning);
fs.Read(PEHEADER, SizeOf(PEHEADER));
FImageBase := PEHEADER.OptionalHeader.ImageBase;
edOEP.Text := IntToHex(PEHEADER.OptionalHeader.AddressOfEntryPoint, 8);
finally
fs.Free;
end;
end;
procedure AddSection(FName: string);
var
DOSHEADER: IMAGE_DOS_HEADER;
PEHEADER: IMAGE_NT_HEADERS;
SectionHeader: IMAGE_SECTION_HEADER;
MySectionHeader: IMAGE_SECTION_HEADER;
fs: TFileStream;
AddressOfEntryPoint: DWORD;
begin
fs := TFileStream.Create(FName, fmOpenReadWrite + fmShareDenyWrite);
try
fs.Seek(0, soFromBeginning);
fs.Read(DOSHEADER, SizeOf(DOSHEADER));
fs.Seek(DOSHEADER._lfanew, soFromBeginning);
fs.Read(PEHEADER, SizeOf(PEHEADER));
fs.Seek(SizeOf(SectionHeader) *
(PEHEADER.FileHeader.NumberOfSections - 1), soFromCurrent);
fs.Read(SectionHeader, SizeOf(IMAGE_SECTION_HEADER));
MySectionHeader.Name[0] := Ord('x');
MySectionHeader.Name[1] := Ord('I');
MySectionHeader.Name[2] := Ord('k');
MySectionHeader.Name[3] := Ord('U');
MySectionHeader.Name[4] := Ord('g');
MySectionHeader.Name[5] := 0;
MySectionHeader.Name[6] := 0;
MySectionHeader.Name[7] := 0;
MySectionHeader.VirtualAddress := PEHEADER.OptionalHeader.SizeOfImage;
MySectionHeader.Misc.VirtualSize := $200;
MySectionHeader.SizeOfRawData := (MySectionHeader.VirtualAddress div
PEHEADER.OptionalHeader.FileAlignment + 1) *
PEHEADER.OptionalHeader.FileAlignment - PEHEADER.OptionalHeader.SizeOfImage;
MySectionHeader.PointerToRawData :=
SectionHeader.SizeOfRawData + SectionHeader.PointerToRawData;
MySectionHeader.Characteristics := $e0000020;
Inc(PEHEADER.FileHeader.NumberOfSections);
fs.Write(MySectionHeader, SizeOf(MySectionHeader));
fs.Seek(DOSHEADER._lfanew, soFromBeginning);
AddressOfEntryPoint := PEHEADER.OptionalHeader.AddressOfEntryPoint;
PEHEADER.OptionalHeader.AddressOfEntryPoint :=
MySectionHeader.VirtualAddress;
PEHEADER.OptionalHeader.MajorLinkerVersion := 7;
PEHEADER.OptionalHeader.MinorLinkerVersion := 0;
AddressOfEntryPoint := AddressOfEntryPoint + PEHEADER.OptionalHeader.ImageBase;
asm
PUSHAD
LEA eax, OEPCODE
ADD eax, JMPOFF
MOV edx, AddressOfEntryPoint
MOV DWORD ptr [eax], edx
POPAD
end;
PEHEADER.OptionalHeader.SizeOfImage :=
PEHEADER.OptionalHeader.SizeOfImage + MySectionHeader.Misc.VirtualSize;
fs.Write(PEHEADER, SizeOf(PEHEADER));
fs.Seek(fs.Size, soFromBeginning);
fs.Write(OEPCODE, MySectionHeader.Misc.VirtualSize)
finally
fs.Free;
end;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
//??
if Trim(edFName.Text) = '' then
begin
MessageDlg('???????????', mtError, [mbOK], 0);
Exit;
end;
//?????????,?????,?????
if Trim(edOEP.Text) = '' then
begin
MessageDlg('?????????', mtError, [mbOK], 0);
Exit;
end;
AddSection(edFName.Text); //??
MessageDlg('????!', mtInformation, [mbOK], 0);
end;
end.
Head.asm??????:
.386
.MODEL FLAT,STDCALL
.code
main:
assume fs:nothing
push ebp
mov ebp,esp
push -1
push 666666
push 888888
mov eax,fs:[0]
push eax
mov fs:[0],esp
pop eax
mov fs:[0],eax
pop eax
pop eax
pop eax
pop eax
mov ebp,eax
mov eax, 00401000H
jmp eax
end main