榪欏彲浠ヨ妭鐪佸緢澶氭椂闂淬備絾鏄紝鐢變簬鏄皟鐢?VS IDE 鏉ョ紪璇戠殑錛屼竴涓甫鏈夎繎鐧句釜 Project 鐨?Solution 緙栬瘧璧鋒潵騫朵笉蹇紝闇瑕佷竴鍒頒袱鍒嗛挓銆傝繖璁╂垜鏈変簡鍙﹁緹韞婂緞鐨勫康澶淬?/p>
浣曚笉鑷繁鏉モ滅紪璇戔濈敓鎴?DLL 鍛紵
涓嶉敊錛屽悗鏉ユ垜灝卞線榪欎釜鏂瑰悜鐞㈢(浜嗐備箣鍓嶆浘鍐欒繃涓涓慨鏀?PE 鏂囦歡鐗堟湰鍙風殑灝忓伐鍏鳳紝鎵浠ョ幇鍦ㄥ浜?PE 鐨勮祫婧愭牸寮忔湁鐐瑰茍涓嶉偅涔堟亹鎯т簡銆備絾鏄紝寰緇嗗鍋氫笅鍘伙紝闂灝辨潵浜嗐傜幇鍦ㄧ綉涓婄殑鍏充簬 PE 鏍煎紡鐨勬枃绔狅紝瀵?NTHeader 瑙i噴寰楀緢璇︾粏錛岃岃祫婧愭寰寰鍙鍒拌祫婧愮洰褰曘佽祫婧愰」錛屽叿浣撳悇欏圭殑瀛樺偍緇撴瀯鍗存病鏈夎緇嗚鏄庝簡銆?/p>
榪欓噷錛屽叧浜?PE 澶寸瓑灝變笉澶氳浜嗭紝璇峰弬鑰冪綉涓婄殑鏂囩珷錛岀壒鍒槸 http://bbs.pediy.com/showthread.php?threadid=21932銆傛湰鏂囧皢鐫鐪間簬璧勬簮孌點?/p>
棣栧厛鏉ョ湅涓涓嬪嚑涓暟鎹粨鏋勶紙榪欎簺鍐呭濂藉鏂囩珷涔熸湁鎻愬強錛夛細
typedef struct _IMAGE_RESOURCE_DIRECTORY {
DWORD Characteristics;
DWORD TimeDateStamp;
WORD MajorVersion;
WORD MinorVersion;
WORD NumberOfNamedEntries;
WORD NumberOfIdEntries;
} IMAGE_RESOURCE_DIRECTORY, *PIMAGE_RESOURCE_DIRECTORY;
榪欐槸璧勬簮鐩綍錛屽叡 16 瀛楄妭錛屽叾涓渶鍚庝袱涓?WORD 鍔犺搗鏉ユ槸绱ц窡鍦ㄥ悗闈㈢殑瀛愰」鐨勬暟鐩?/p>
typedef struct _IMAGE_RESOURCE_DIRECTORY_ENTRY {
union {
struct {
DWORD NameOffset:31;
DWORD NameIsString:1;
};
DWORD Name;
WORD Id;
};
union {
DWORD OffsetToData;
struct {
DWORD OffsetToDirectory:31;
DWORD DataIsDirectory:1;
};
};
} IMAGE_RESOURCE_DIRECTORY_ENTRY, *PIMAGE_RESOURCE_DIRECTORY_ENTRY;
榪欎釜灝辨槸绱ц窡鍦ㄧ洰褰曞悗闈㈢殑璧勬簮鐩綍欏癸紝鍏?8 瀛楄妭銆傚叾涓涓涓垚鍛樹負鏁版嵁鎴愬憳錛屾渶楂樹綅 1 琛ㄧず鏁版嵁鏄瓧絎︿覆錛屽墿涓?31 浣嶆槸瀛楃涓茬殑鍋忕Щ錛涘惁鍒欏氨鏄暟鍊箋傜浜屼釜鎴愬憳鏈楂樹綅涓?1 琛ㄧず涓嬩竴灞備粛鐒舵槸鐩綍錛屽悗 31 浣嶆寚鍚戝彟涓涓?IMAGE_RESOURCE_DIRECTORY 緇撴瀯錛涘惁鍒欐暣涓垚鍛樻寚鍚戜竴涓?IMAGE_RESOURCE_DATA_ENTRY 緇撴瀯錛堣繖涓┈涓婁細璁插埌錛夈傞渶瑕佹敞鎰忕殑鏄紝榪欓噷鐨勪袱涓?Offset 閮借〃紺轟粠璧勬簮孌靛紑澶村埌鐩爣浣嶇疆鐨勫亸縐匯?/p>
鏈鍚庢潵鐪?IMAGE_RESOURCE_DATA_ENTRY錛?/p>
typedef struct _IMAGE_RESOURCE_DATA_ENTRY {
DWORD OffsetToData;
DWORD Size;
DWORD CodePage;
DWORD Reserved;
} IMAGE_RESOURCE_DATA_ENTRY, *PIMAGE_RESOURCE_DATA_ENTRY;
榪欎釜緇撴瀯鏄祫婧愭暟鎹」錛屼篃灝辨槸璧勬簮鏍戠殑鍙跺瓙錛屽叡 16 瀛楄妭銆傚叾涓涓涓垚鍛?OffsetToData 鎸囧悜鍏蜂綋鐨勬暟鎹紝榪欎釜鍋忕Щ鏄釜 RVA錛岃窡鍓嶉潰涓や釜涓嶄竴鏍楓係ize 琛ㄧず鍏蜂綋鏁版嵁鐨勬誨瓧鑺傛暟銆傚悗涓や釜鎴愬憳鍙互涓?0錛孋odePage 涓嶅緩璁嬌鐢ㄣ?/p>
PE 鏂囦歡涓殑璧勬簮灝辨槸閫氳繃榪欎笁涓粨鏋勮〃紺虹殑錛屽畠浠兘鍦?WinNT.h 涓畾涔夈傞氬父浼氭湁 3 灞傜粨鏋勶紝絎竴灞傝〃紺鴻祫婧愮被鍨嬶紝絎簩灞傝〃紺?ID錛岀涓夊眰鏍囪瘑璇█銆?/p>
浠ヤ笂鎵璇寸殑鏄垜鑳芥煡鍒扮殑璧勬枡閲岃兘澶熸彁鍒扮殑鏈澶х▼搴︾殑鍐呭浜嗐備絾鏄叿浣撶殑鏁版嵁濡備綍瀛樺偍錛屽嵈鍑犱箮娌℃湁鏂囩珷鎻愬強銆備簬鏄紝鑺變簡涓涓ゅぉ鏃墮棿鏉ユ參鎱㈢殑鐪嬨佸姞涓婅瘯楠岋紝鎴戣涓烘垜瀵瑰瓧絎︿覆璧勬簮鐨勬牸寮忓熀鏈竻妤氫簡銆傦紙涓嬮潰鍐呭鏄垜鑷繁鍒嗘瀽寰楀嚭錛屽叾姝g‘鎬ф垜騫朵笉淇濊瘉錛夈?/p>
鎴戜滑鍏堟潵鐪嬩竴涓叿浣撶殑渚嬪瓙銆傝繖鏄竴涓祫婧?DLL錛岀敤 Resource Hacker 鏌ョ湅濡傚浘錛?/p>
鍏惰祫婧愭鏁版嵁濡備笅錛?/p>
鎴戠敤妗旇壊妗嗚搗鏉ョ殑鏄祫婧愮洰褰曪紝鐢ㄧ矇鑹叉璧鋒潵鐨勬槸璧勬簮鐩綍欏癸紝鐢ㄦ祬緇胯壊妗嗚搗鏉ョ殑鏄祫婧愭暟鎹」銆?/p>
鍏堢湅絎竴琛岋紝榪欐槸絎竴灞傜洰褰曪紝鏈鍚庝袱涓?WORD 鏄?0x0000 鍜?0x0001錛岃〃紺哄悗闈⑩滃懡鍚嶁濈殑鐩綍欏規(guī)湁 0 涓紝浣跨敤 ID 鐨勭洰褰曢」鏈?1 涓傜浜岃寮澶寸殑 8 瀛楄妭灝辨槸榪欎釜鐩綍欏癸紝DWORD 0x00000006 琛ㄧず璧勬簮綾誨瀷鏄?6錛屼篃灝辨槸瀛椾覆琛紝鍚庨潰鐨勫湴鍧鏄?0x80000018錛屾渶楂樹綅涓?1錛岃〃紺烘寚鍚戠殑浠嶇劧鏄竴涓洰褰曪紝鍏跺亸縐繪槸 0x00000018錛屼篃灝辨槸 0218h 澶勩?/p>
0218h 澶勮繖涓祫婧愮洰褰曟槸絎簩灞備簡銆傛渶鍚庝粛鐒舵槸 0 鍜?1錛屼簬鏄垜浠潵鐪?0228h 澶勭殑鐩綍欏廣傜涓涓?DWORD 鏄?1錛岃繖涓窡 ID 鏈夊叧錛岀◢鍊欒璁恒備粬鐨勭浜屼釜 DWORD 鏄?0x80000030錛屼粛鐒舵寚鍚戠洰褰曘?/p>
0230 澶勭殑鐩綍鏄涓夊眰鐩綍銆傛敞鎰忓埌鏈鍚庢槸 0 鍜?2錛屼笅闈㈠皢鏈夎繛緇袱涓洰褰曢」銆傜涓涓洰褰曢」鍊間負 0x00000409錛?033錛岃嫳璇?緹庡浗)錛夛紝鍋忕Щ鍦板潃 0x00000050錛屾渶楂樹綅 0錛岃〃紺烘寚鍚戠殑鏄暟鎹」錛岃屼笉鏄洰褰曚簡銆傜浜屼釜鐩綍欏瑰間負 0x00000804錛?052錛屼腑鏂?涓浗)錛夛紝鍋忕Щ鍦板潃 0x0000009C銆?/p>
榪欎笁灞傜粨鏋勫拰 Resource Hacker 涓樉紺虹殑鏄竴涓瀵瑰簲鐨勩?/p>
鎴戜滑鍏堟潵鐪嬭嫳璇殑閭d釜鏁版嵁欏癸紝OffsetToData 鏄?0x00001060錛圧VA錛夛紝Size 鏄?0x0000003C銆傝繖涓?DLL 鏂囦歡鐨勮祫婧愭鐨?VirtualAddress 鏄?1000h錛?060h-1000h+200h = 260h錛屾垜浠潵鐪?260h 澶勶紙鍏跺疄灝辨槸绱ф帴鐫鐨勫湴鏂癸級銆傛垜絎竴嬈$湅榪欐鏁版嵁鐨勬椂鍊欎篃寰堝鎬紝涓轟粈涔堝墠闈㈢┖浜?2 涓瓧鑺傦紝鍚庨潰鏈夊鍑哄ソ澶氬瓧鑺傘備簬鏄垜鏀瑰畠鐨?ID錛岃瘯浜嗗ソ浜涙錛岀粓浜庢壘鍒拌寰嬩簡銆傝祫婧愮洰褰曠浜屽眰鐨?ID錛堜笅鏂囩О ResID錛夊拰鏈緇堢殑瀛楃涓?ID錛堜笅鏂囩О StrID錛夋湁榪欎箞涓涓搴斿叧緋伙細ResID = StrID / 16 + 1銆係trID 0 鍒?15 鎵瀵瑰簲鐨?ResID 閮芥槸 1錛?StrID 16 鍒?31 瀵瑰簲 ResID 2錛屸︹︺傚弽榪囨潵璇達紝璧勬簮鐩綍涓殑 ResID 涓嶈兘瀹屽叏琛ㄨ揪 StrID 鐨勪俊鎭傛墍浠ワ紝鍦?260h 寮濮嬬殑 3Ch 涓瓧鑺傜殑鏁版嵁鍧楅噷錛屽叾瀹炶瀛樺偍 16 涓瓧絎︿覆錛屽叾 StrID 鍒嗗埆鏄?0錛?錛?錛屸︹︼紝15銆傝繖 16 涓瓧絎︿覆鏄繛緇瓨鍌ㄧ殑錛岀粨鏋勬槸錛氬瓧絎︿覆闀垮害錛圵ORD錛?瀛楃涓插唴瀹癸紙涓嶅惈緇撴潫絎?0錛夈傞偅浜涚┖浣嶅氨鐢變竴涓?WORD 0 鏉ュ~鍏咃紙涔熷彲鐞嗚В涓洪暱搴︿負 0 鐨勫瓧絎︿覆錛夈傛垜鍦ㄥ浘涓敤綰㈣鑹茬殑绔栫嚎鍒掑嚭浜嗚繖 16 涓瓧絎︿覆鐨勭晫闄愩傚悗闈㈤偅涓腑鏂囩殑涔熸槸濡傛錛屽氨涓嶉噸澶嶈浜嗐?/p>
鍒扮幇鍦ㄤ負姝紝瀵逛簬瀛椾覆琛ㄧ殑緇撴瀯錛屽簲璇ヨ宸笉澶氭竻妤氫簡銆備簬鏄嬁紼嬪簭鍘葷敓鎴愪技涔庝笉鏄毦浜嬩簡錛屼笉榪囪娉ㄦ剰鐨勬槸錛岀洰褰曢」蹇呴』绱ц窡鍦ㄧ洰褰曞悗闈紝鐩綍欏規(guī)寚鍚戠殑浣嶇疆鍙互闅忔剰銆?/p>
浜嬪疄涓婁笂闈㈣繖涓?DLL 鏄垜鐢ㄧ▼搴忕敓鎴愮殑銆傛垜鐜板湪鍋氬埌浜嗕粠鍐呴儴鏁版嵁緇撴瀯鍒拌祫婧?DLL 榪欎釜榪囩▼鐨勫疄鐜般傚鏋滆繖涔熷彲浠ヨ縐頒負鈥滅紪璇戔濈殑璇濓紝鐜板湪鏄疄鐜頒簡鍚庣銆傝嚦浜庡墠绔紝鎴戣繕娌℃兂濂藉師濮嬭祫婧愭牸寮忋傝鎯寵榪欎釜宸ュ叿鏈夌偣鐢ㄥ錛屽師濮嬭祫婧愭牸寮忓繀欏昏錛?銆佽凍澶熺畝鍗曪紙鑷沖皯姣?RC 鏂囦歡綆鍗曪級錛屽茍涓旂淮鎶ゆ柟渚匡紱2銆佽凍澶熷瓨鍌ㄥ璇█瀛楃涓層傝繖鏂歸潰鎴戝笇鏈涘ぇ瀹惰兘緇欐垜涓浜涘緩璁?/p>
褰撶劧錛屾湰鏂囩殑涓昏鍐呭榪樻槸璁ㄨ瀛椾覆琛ㄧ殑鏍煎紡錛岃繖涓凡緇忚瀹屼簡錛屾墍浠ワ紝over~ bow~
]]>