Delphi : Analyze PE file headers?】的更多相关文章

Delphi : Analyze PE file headers?

Analyze PE file headers? { You'll need a OpenDialog to open a Exe-File and a Memo to show the file informations } { Man braucht einen OpenDialog um eine Exe-Datei zu öffnen und ein Memo, um die Informationen anzuzeigen. } procedure DumpDOSHeader(cons…

PE File.

Figure 1 - PE File The CLR header stores information to indicate that the PE file is a .NET executable and the CLR data section contains metadata and Microsoft Intermediate Language (MSIL, or IL for short) code. Every common language runtime–complian…

Make the PE file consistent when code not changed

参考:http://www.mouseos.com/assembly/06.html 参考:http://www.cnblogs.com/tk091/archive/2012/04/18/2456174.html typedef struct CV_INFO_PDB70{    DWORD CvSignature;    GUID Guid;    DWORD Age;    //BYTE PdbFileName[];    char PdbFilePath[MAX_PATH];} CV_INF…

Inject shellcode into PE file

先声明这是不免杀的,只是演示. 哔哩哔哩视频 新增节 一般能实现特定功能的shellcode的长度都比较长,可以分到几个节上的空白区,但是这样麻烦啊,或者把最后一个节扩大,但是最后一个节一般没有执行的属性.所以选择新增一个节表. 修改添加节表 先判断一下最后一个节表后面有没有够40个字节新增一个节表的结构体,正常的都够. 把第一个节表拷贝写到最后一个节表的后面,因为第一个节表的属性默认是可执行的,可以省了后面的修改. 节表是复制过来的所以还要修改很多东西,先获取一下文件对齐和内存对齐. Sect…

PE Header and Export Table for Delphi

Malware Analysis Tutorial 8: PE Header and Export Table 2. Background Information of PE HeaderAny binary executable file (no matter on Unix or Windows) has to include a header to describe its structure: e.g., the base address of its code section, dat…

dnSpy PE format ( Portable Executable File Format)

Portable Executable File Format PE Format  微软官方的 What is a .PE file in the .NET framework? [closed] The PE file you are talking about is the "Portable Executable" format. Almost every EXE and DLL on the Windows platform is formatted in PE format…

《Peering Inside the PE: A Tour of the Win32 Portable Executable File Format》阅读笔记二

Common Sections The .text section is where all general-purpose code emitted by the compiler or assembler ends up. Since PE files run in 32-bit mode and aren't restricted to 16-bit segments, there's no reason to break the code from separate source fil…

[microsoft]PE和COFF文件格式

前言 我们知道,vs的C/C++编译工具把每一个编译单元(一个.c或.cpp源文件)编译成一个对象文件(.obj文件):然后用链接器把这些对象文件组合一个单个文件(.exe文件),称为可移植的可执行文件(portable executable简称为可执行文件).强调portable说明是not architecture specific. PE.COFF文件结构: 1.PE header:MS‐DOS stub, the PE signature, the COFF file header, a…

Load PE from memory(反取证)(未完)

  Article 1:Loading Win32/64 DLLs "manually" without LoadLibrary() The most important steps of DLL loading are: Mapping or loading the DLL into memory. Relocating offsets in the DLL using the relocating table of the DLL (if present). Resolving t…

Delphi DLL制作和加载 Static, Dynamic, Delayed 以及 Shared-Memory Manager

一 Dll的制作一般分为以下几步:1 在一个DLL工程里写一个过程或函数2 写一个Exports关键字,在其下写过程的名称.不用写参数和调用后缀.二 参数传递1 参数类型最好与window C++的参数类型一致.不要用DELPHI的数据类型.2 最好有返回值[即使是一个过程],来报出调用成功或失败,或状态.成功或失败的返回值最好为1[成功]或0[失败].一句话,与windows c++兼容.3 用stdcall声明后缀.4 最好大小写敏感.5 无须用far调用后缀,那只是为了与windows 1…