Add files via upload

kyle-go · web-flow · commit 29750da8b472 · 2021-03-12T15:23:59.000+08:00
diff --git a/append_signed_pe.cpp b/append_signed_pe.cpp
@@ -0,0 +1,188 @@
+﻿// test.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
+//
+
+#include <windows.h>
+#include <stdio.h>
+#include <string>
+#include "imagehlp.h"
+#pragma comment(lib, "Imagehlp.lib")
+
+
+// 追加的内容
+BOOL AppendSignExeData(const std::wstring& f, const std::string& data) {
+	HANDLE fileHandle = CreateFileW(f.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+	if (fileHandle == INVALID_HANDLE_VALUE) {
+		return 0;
+	}
+
+	HANDLE mapHandle = CreateFileMapping(fileHandle, NULL, PAGE_READWRITE, 0, 0, NULL);
+	if (mapHandle == NULL) {
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	LPBYTE lpBaseAddress = (LPBYTE)MapViewOfFile(mapHandle, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
+	if (lpBaseAddress == NULL) {
+		CloseHandle(mapHandle);
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	PIMAGE_DOS_HEADER dosHead = (PIMAGE_DOS_HEADER)lpBaseAddress;
+	PIMAGE_NT_HEADERS32 ntHead = (PIMAGE_NT_HEADERS32)(lpBaseAddress + dosHead->e_lfanew);
+	PIMAGE_NT_HEADERS64 ntHead64 = (PIMAGE_NT_HEADERS64)(lpBaseAddress + dosHead->e_lfanew);
+	if (dosHead->e_magic != IMAGE_DOS_SIGNATURE || ntHead->Signature != IMAGE_NT_SIGNATURE) {
+		UnmapViewOfFile(lpBaseAddress);
+		CloseHandle(mapHandle);
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	// 判断是否是x64
+	BOOL isX64 = (ntHead->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC);
+	PIMAGE_DATA_DIRECTORY idd = NULL;
+	if (isX64) {
+		idd = &ntHead64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
+	}
+	else {
+		idd = &ntHead->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_SECURITY];
+	}
+	if (idd->Size == 0 || idd->VirtualAddress == 0) {
+		UnmapViewOfFile(lpBaseAddress);
+		CloseHandle(mapHandle);
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	DWORD writeSize = (DWORD)(data.size() + 7) / 8 * 8;
+
+	// 修改Security.Size
+	idd->Size += writeSize + 8;
+
+	UnmapViewOfFile(lpBaseAddress);
+	CloseHandle(mapHandle);
+
+	SetFilePointer(fileHandle, 0, 0, FILE_END);
+	DWORD size = 0;
+	WriteFile(fileHandle, (LPCVOID)data.c_str(), (DWORD)data.length(), &size, NULL);
+	if (size != data.length()) {
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	// 补上多余的几个
+	if (writeSize > data.size()) {
+		for (DWORD i = 0; i < writeSize - data.size(); i++) {
+			size = 0;
+			WriteFile(fileHandle, "\0", 1, &size, NULL);
+			if (size != 1) {
+				CloseHandle(fileHandle);
+				return 0;
+			}
+		}
+	}
+
+	size = 0;
+	UINT64 len = (UINT64)data.size();
+	WriteFile(fileHandle, (LPCVOID)&len, 8, &size, NULL);
+	if (size != 8) {
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	// 修改校验和（因为有些杀软会将校验和不对的程序报毒）
+	mapHandle = CreateFileMapping(fileHandle, NULL, PAGE_READWRITE, 0, 0, NULL);
+	if (mapHandle == NULL) {
+		CloseHandle(fileHandle);
+		return 0;
+	}
+	lpBaseAddress = (LPBYTE)MapViewOfFile(mapHandle, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, 0);
+	if (lpBaseAddress == NULL) {
+		CloseHandle(mapHandle);
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	DWORD file_len = GetFileSize(fileHandle, NULL);
+	if (file_len == INVALID_FILE_SIZE) {
+		UnmapViewOfFile(lpBaseAddress);
+		CloseHandle(mapHandle);
+		CloseHandle(fileHandle);
+		return 0;
+	}
+
+	// 这个PIMAGE_NT_HEADERS设计的非常巧妙，无论是32还是64，CheckSum的偏移是一样的，所以这个代码不需要改，都兼容
+	DWORD oldCheckSum, newCheckSum;
+	PIMAGE_NT_HEADERS peHeader = CheckSumMappedFile((PVOID)lpBaseAddress, file_len, &oldCheckSum, &newCheckSum);
+	peHeader->OptionalHeader.CheckSum = newCheckSum;
+
+	UnmapViewOfFile(lpBaseAddress);
+	CloseHandle(mapHandle);
+	CloseHandle(fileHandle);
+	return TRUE;
+}
+
+// 成功返回追加内容，失败返回空字符串
+std::string ReadSignExeData(const std::wstring& f) {
+	HANDLE fileHandle = CreateFileW(f.c_str(), GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
+	if (fileHandle == INVALID_HANDLE_VALUE) {
+		return "";
+	}
+	DWORD ret = SetFilePointer(fileHandle, -8, 0, FILE_END);
+	if (ret == INVALID_SET_FILE_POINTER) {
+		CloseHandle(fileHandle);
+		return "";
+	}
+
+	UINT64 len = 0;
+	DWORD size = 0;
+	ReadFile(fileHandle, &len, 8, &size, NULL);
+	if (size != 8) {
+		CloseHandle(fileHandle);
+		return "";
+	}
+
+	// 若是大于200MB, 当作出错处理
+	if (len > 1024 * 1024 * 200) {
+		CloseHandle(fileHandle);
+		return "";
+	}
+
+	LONG readSize = (LONG)(len + 7) / 8 * 8;
+	ret = SetFilePointer(fileHandle, -(readSize + 8), 0, FILE_END);
+	if (ret == INVALID_SET_FILE_POINTER) {
+		CloseHandle(fileHandle);
+		return "";
+	}
+
+	size = 0;
+	std::string result;
+	result.resize((size_t)len);
+	ReadFile(fileHandle, (LPVOID)result.c_str(), (DWORD)len, &size, NULL);
+	CloseHandle(fileHandle);
+
+	if (size != len) {
+		return "";
+	}
+	return result;
+}
+
+int main()
+{
+	std::string data = "hello,world---";
+	BOOL xxx = AppendSignExeData(L"D:\\pe.exe", data);
+	if (xxx) {
+		auto read_data = ReadSignExeData(L"D:\\pe.exe");
+		if (read_data != data) {
+			printf("ERROR!!!\r\n");
+		}
+		else {
+			printf("OK!!!\r\n");
+		}
+	}
+	else {
+		printf("ERROR!!!\r\n");
+	}
+
+	return 0;
+}
diff --git a/append_signed_pe.vcxproj b/append_signed_pe.vcxproj
@@ -0,0 +1,160 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{E9D2FF6C-8321-4005-80FC-A280DBD505D5}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>append_signed_pe</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0.19041.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v140_xp</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v141</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>ntdll.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="append_signed_pe.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
