4. LPBYTE zu struct

LPBYTE zu struct

  • ?

    hi,

    erstmal hoffe ich das ich in der richtigen Section geposted habe, wenn nicht sry und danke fürs verschieben.

    Also der Sachverhalt ist folgender:

    Ich bin dabei einen Simplen Cracking Schutz zu schreiben, dieser hat das PE File in den Resourcen gespeichert. Ich bin so Weit, dass die Datei in einem LPBYTE ist.

    Nun möchte ich gerne denn PE Header auslesen. Dieser Aufbau des PE Headers ist in einem struct bei mir vorhanden, wie bekomme ich nun die Daten von dem LPBYTE in meinen struct?

    mfg BockBier

    PS: fals jemand Rechtschreibfehler oder Gramatikfehler finden sollte, möchte ich mich dafür entschuldigen, und bitten sie nicht weiter zu beachten.

    PPS: hier einmal die struct´s die ich meine:

    struct PE_Header 
{
	unsigned long signature;
	unsigned short machine;
	unsigned short numSections;
	unsigned long timeDateStamp;
	unsigned long pointerToSymbolTable;
	unsigned long numOfSymbols;
	unsigned short sizeOfOptionHeader;
	unsigned short characteristics;
};

struct PE_ExtHeader
{
	unsigned short magic;
	unsigned char majorLinkerVersion;
	unsigned char minorLinkerVersion;
	unsigned long sizeOfCode;
	unsigned long sizeOfInitializedData;
	unsigned long sizeOfUninitializedData;
	unsigned long addressOfEntryPoint;
	unsigned long baseOfCode;
	unsigned long baseOfData;
	unsigned long imageBase;
	unsigned long sectionAlignment;
	unsigned long fileAlignment;
	unsigned short majorOSVersion;
	unsigned short minorOSVersion;
	unsigned short majorImageVersion;
	unsigned short minorImageVersion;
	unsigned short majorSubsystemVersion;
	unsigned short minorSubsystemVersion;
	unsigned long reserved1;
	unsigned long sizeOfImage;
	unsigned long sizeOfHeaders;
	unsigned long checksum;
	unsigned short subsystem;
	unsigned short DLLCharacteristics;
	unsigned long sizeOfStackReserve;
	unsigned long sizeOfStackCommit;
	unsigned long sizeOfHeapReserve;
	unsigned long sizeOfHeapCommit;
	unsigned long loaderFlags;
	unsigned long numberOfRVAAndSizes;
	unsigned long exportTableAddress;
	unsigned long exportTableSize;
	unsigned long importTableAddress;
	unsigned long importTableSize;
	unsigned long resourceTableAddress;
	unsigned long resourceTableSize;
	unsigned long exceptionTableAddress;
	unsigned long exceptionTableSize;
	unsigned long certFilePointer;
	unsigned long certTableSize;
	unsigned long relocationTableAddress;
	unsigned long relocationTableSize;
	unsigned long debugDataAddress;
	unsigned long debugDataSize;
	unsigned long archDataAddress;
	unsigned long archDataSize;
	unsigned long globalPtrAddress;
	unsigned long globalPtrSize;
	unsigned long TLSTableAddress;
	unsigned long TLSTableSize;
	unsigned long loadConfigTableAddress;
	unsigned long loadConfigTableSize;
	unsigned long boundImportTableAddress;
	unsigned long boundImportTableSize;
	unsigned long importAddressTableAddress;
	unsigned long importAddressTableSize;
	unsigned long delayImportDescAddress;
	unsigned long delayImportDescSize;
	unsigned long COMHeaderAddress;
	unsigned long COMHeaderSize;
	unsigned long reserved2;
	unsigned long reserved3;
};

struct SectionHeader
{
	unsigned char sectionName[8];
	unsigned long virtualSize;
	unsigned long virtualAddress;
	unsigned long sizeOfRawData;
	unsigned long pointerToRawData;
	unsigned long pointerToRelocations;
	unsigned long pointerToLineNumbers;
	unsigned short numberOfRelocations;
	unsigned short numberOfLineNumbers;
	unsigned long characteristics;
};

struct MZHeader
{
	unsigned short signature;
	unsigned short partPag;
	unsigned short pageCnt;
	unsigned short reloCnt;
	unsigned short hdrSize;
	unsigned short minMem;
	unsigned short maxMem;
	unsigned short reloSS;
	unsigned short exeSP;
	unsigned short chksum;
	unsigned short exeIP;
	unsigned short reloCS;
	unsigned short tablOff;
	unsigned short overlay;
	unsigned char reserved[32];
	unsigned long offsetToPE;
};
    0
  • ?

    1. sind diese datenstrukturen schon in winnt.h deklariert also musst du sie nicht neu erfinden.

    2. sry aber wenn du nicht verstanden hast was LPBYTE ist, dann ist das rumpantschen mit PE dateien für dich sicher nicht das richtige! du hast die datei im speicher und hast'n pointer drauf. was ist überhaupt das prob? ich versteh dich nicht.

    LPBYTE lpLameNess = BLA;
...
	PIMAGE_NT_HEADERS lpNTHdr = (PIMAGE_NT_HEADERS)(lpBase + ((PIMAGE_DOS_HEADER)
		lpBase)->e_lfanew)
etc.

    orz orz orz

    0
  • ?

    @ascda du nutzt den zeiger garnicht, bzw hast den falschen genommen.

    @topic: einfach reincasten:

    PE_Header *header = reinterpret_cast<PE_Header *>(lpbyte);
    0
Anmelden zum Antworten