Created
April 20, 2021 03:35
-
-
Save 3ts75/ac546b9d0a10408f9b2254aa35ac18d6 to your computer and use it in GitHub Desktop.
非想定解
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <iostream> | |
| #include <string> | |
| using namespace std; | |
| #define ull ULONGLONG | |
| BYTE before[] = "\x9D\xCB\x1E\xA7\x65\xED\x5F\x4D\x01\xD6\x49\x4A\x55\xBD\xD7\x83\x52\x07\x30\x40"; | |
| BYTE after[] = "\x8d\x93\x13\x8a\x43\xb6\x59\x4d\x41\x80\x1b\x53\x02\x86\xf2\xed\x55\x55\x78\x59\x8b\x77\x35\x17\x56"; | |
| void ResourceInfo(PIMAGE_RESOURCE_DIRECTORY& resource_base, DWORD& resource_virtual_address, PIMAGE_RESOURCE_DIRECTORY& resource_directory) { | |
| PIMAGE_RESOURCE_DIRECTORY_ENTRY resource_entry{ (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ull)resource_directory + sizeof(*resource_directory)) }; | |
| for (int i = 0; i < (resource_directory->NumberOfNamedEntries + resource_directory->NumberOfIdEntries); ++i) { | |
| if (resource_entry[i].DataIsDirectory) { | |
| PIMAGE_RESOURCE_DIRECTORY resource = (PIMAGE_RESOURCE_DIRECTORY)((ull)resource_base + resource_entry[i].OffsetToDirectory); | |
| ResourceInfo(resource_base, resource_virtual_address, resource); | |
| } | |
| else { | |
| PIMAGE_RESOURCE_DATA_ENTRY data_entry = (PIMAGE_RESOURCE_DATA_ENTRY)((ull)resource_base + resource_entry[i].OffsetToDirectory); | |
| char* change_address{ (char*)((ull)resource_base + data_entry->OffsetToData - resource_virtual_address) }; | |
| if (strcmp(change_address, (const char*)before) == 0) { | |
| data_entry->Size = sizeof(after) - 1; | |
| memcpy(change_address, after, sizeof(after)); | |
| } | |
| } | |
| } | |
| } | |
| int main(int argc, char* argv[]) { | |
| string path{ "<file path>" }; | |
| HANDLE file_handle{ CreateFileA(path.c_str(), GENERIC_READ | GENERIC_WRITE, NULL, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL) }; | |
| LARGE_INTEGER size; | |
| GetFileSizeEx(file_handle, &size); | |
| LPVOID allocate{ VirtualAlloc(NULL, size.QuadPart, MEM_COMMIT, PAGE_READWRITE) }; | |
| ReadFile(file_handle, allocate, size.QuadPart, NULL, NULL); | |
| string resource_name{ ".rsrc" }; | |
| PIMAGE_DOS_HEADER dos_header{ (PIMAGE_DOS_HEADER)allocate }; | |
| PIMAGE_NT_HEADERS nt_headers{ (PIMAGE_NT_HEADERS)((ull)dos_header + dos_header->e_lfanew) }; | |
| PIMAGE_SECTION_HEADER section_header{ (PIMAGE_SECTION_HEADER)((ull)nt_headers + sizeof(*nt_headers)) }; | |
| for (int i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) { | |
| if (strcmp((const char*)section_header[i].Name, resource_name.c_str()) == 0) { | |
| PIMAGE_RESOURCE_DIRECTORY resource_directory{ (PIMAGE_RESOURCE_DIRECTORY)((ull)dos_header + section_header[i].PointerToRawData) }; | |
| PIMAGE_RESOURCE_DIRECTORY_ENTRY resource_entry{ (PIMAGE_RESOURCE_DIRECTORY_ENTRY)((ull)resource_directory + sizeof(*resource_directory)) }; | |
| DWORD resource_virtual_address{ section_header[i].VirtualAddress }; | |
| ResourceInfo(resource_directory, resource_virtual_address, resource_directory); | |
| break; | |
| } | |
| } | |
| SetFilePointer(file_handle, 0, nullptr, FILE_BEGIN); | |
| WriteFile(file_handle, (LPCVOID)allocate, size.QuadPart, nullptr, NULL); | |
| if (file_handle) | |
| CloseHandle(file_handle); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment