验证中...
8月18日(周六)成都源创会火热报名中,四位一线行业大牛与你面对面,探讨区块链技术热潮下的冷思考。
语言: C++
最后更新于 2017-07-27 18:58
walk_through_reloc.cpp
原始数据 复制代码
auto walk_through_reloc = [](PVOID imagebase,DWORD_PTR fix_offset)
{
struct alignas(2) _IMAGE_RELOCATE_
{
WORD offset : 12;
WORD type : 4;
};
ULONG RelocSize = 0;
auto nt_header = ntdll::RtlImageNtHeader(imagebase);
auto reloc_header = ntdll::RtlImageDirectoryEntryToData(imagebase, TRUE,
IMAGE_DIRECTORY_ENTRY_BASERELOC,
&RelocSize
);
if (reloc_header)
{
auto reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>(reloc_header);
while ((reloc->VirtualAddress+reloc->SizeOfBlock)!=0)
{
int nNumberOfReloc = (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD);
auto relocblock = reinterpret_cast<_IMAGE_RELOCATE_*>((PBYTE)reloc + sizeof(IMAGE_BASE_RELOCATION));
for (auto i=0;i<nNumberOfReloc;i++)
{
auto _block = relocblock[i];
auto fix_address = (PBYTE)imagebase + reloc->VirtualAddress;
switch (_block.type)
{
case LIEF::PE::IMAGE_REL_BASED_DIR64:
*((UINT_PTR*)(fix_address + _block.offset)) += fix_offset;
break;
case LIEF::PE::IMAGE_REL_BASED_HIGHLOW:
*((DWORD*)(fix_address + _block.offset)) += (DWORD)fix_offset;
break;
case LIEF::PE::IMAGE_REL_BASED_HIGH:
*((WORD*)(fix_address + _block.offset)) += HIWORD(fix_offset);
break;
case LIEF::PE::IMAGE_REL_BASED_LOW:
*((WORD*)(fix_address + _block.offset)) += LOWORD(fix_offset);
break;
case LIEF::PE::IMAGE_REL_BASED_ABSOLUTE:
break;
default:
break;
}
}
reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>((PBYTE)reloc + reloc->SizeOfBlock);
}
}
};

评论列表( 0 )

你可以在登录后,发表评论