메모장 입니다2
C Source] Text 섹션 주소 찾기 본문
#include <stdio.h>
#include <Windows.h>
void main()
{
HMODULE hMod;
DWORD imageBase, sectionHeaderStart;
WORD optionalSize;
PBYTE pAddr;
// hMod, pAddr = ImageBase of calc.exe
// = VA to MZ signature (IMAGE_DOS_HEADER)
hMod = GetModuleHandle(NULL);
pAddr = (PBYTE)hMod;
imageBase = (DWORD)pAddr;
printf("ImageBase:%x\n", imageBase);
// pAddr =IMAGE_NT_HEADERS
pAddr += *((DWORD*)&pAddr[0x3C]);
optionalSize = *((DWORD*)&pAddr[0x14]);
printf("optionalSize:%x\n", optionalSize);
sectionHeaderStart = (DWORD)pAddr + (DWORD)0x18 + (DWORD)optionalSize;
printf("sectionHeaderStart:%s \n", sectionHeaderStart);
while (0!=strncmp((char*)sectionHeaderStart, ".text", strlen((char*)sectionHeaderStart)))
{
//sectionHeaderStart = NextSection Start Address
sectionHeaderStart += (DWORD)0x28;
}
printf("sectionHeaderStart:%s \n", sectionHeaderStart);
DWORD textSectionRVA;
textSectionRVA = *(DWORD*)(sectionHeaderStart + (DWORD)0xC);
printf("textSectionRVA=%x \n", textSectionRVA);
DWORD textSectionSize;
textSectionSize = *(DWORD*)(sectionHeaderStart + (DWORD)0x8);
printf("textSectionSize=%x \n", textSectionSize);
DWORD textSectionStart;
textSectionStart = imageBase + textSectionRVA;
printf("textSectionStart=%x \n", textSectionStart);
DWORD textSectionEnd;
textSectionEnd = textSectionStart + textSectionSize;
printf("textSectionEnd=%x \n", textSectionEnd);
}
'Study > 리버싱' 카테고리의 다른 글
| Windows] Debug Blocker - 이론 (0) | 2017.08.08 |
|---|---|
| 악성코드 종류 (0) | 2017.08.08 |
| Windows] 서비스 (0) | 2017.08.08 |
| 세그먼트/플래그 레지스터 (0) | 2017.08.08 |
| Windows] SEH (0) | 2017.08.08 |