2. Tech
  3. Adjust the checksum of the PE file

Adjust the checksum of the PE file

xiaoxiao2021-03-06  40

#include #include

Void Calcchecksum (Char * szpefile); __ inline void Printusage (Void);

INT Main (int Argc, char * argv []) {if (argc! = 2) {printusage (); return 0;}

Calcchecksum (Argv [1]);

Return 0;}

/ *

Routine Description:

Calculates a new checksum for the pe image by calling imagehlp.dll

Arguments:

Szpefile - PE File Name

Return Value:

Void

- * / voidcalcchecksum (char * szpefile) {dword dwheadersum = 0; dWord dwchecksum = 0; handle hfile; dword cb; image_dos_header doshdr; image_nt_headers nthdr;

// // Open the file and calculate the CheckSum // if (MapFileAndCheckSum (szPeFile, & dwHeaderSum, & dwCheckSum) = CHECKSUM_SUCCESS!) {Printf ( "Failed to open specified PE file / n!"); Return;} hFile = CreateFile ( szPeFile, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (hFile == INVALID_HANDLE_VALUE) {printf ( "Failed to open specified PE file / n!"); return;}

/// seek to the beginning //// setfilepointer (HFile, 0, 0, File_Begin);

/// read in the dos header // IF ((ReadFile (Hfile, & Doshdr, SizeOf (Doshdr), & Cb, 0) == false || (CB! = SizeOf (DOSHDR))) {Printf ("failed) To read dos header! / n "); CloseHandle (HFILE); Return;}

/// seek the pe header // if (Doshdr.e_magic! = Image_dos_signature) || (setfilepointer (hfile, doshdr.e_lfanew, 0, file_begin) == -1L)) {Printf ("Failed to Read Nt Header ! / n "); CloseHandle; Return;} ///}} /// t ((! Readfile (HFile, & nthdr, Sizeof (NTHDR), & CB, 0)) || (CB! = SizeOf (NTHDR)) {Printf ("Failed to Read NT Header! / N"); CloseHandle (HFILE); Return;}

////////Ww (nthdr.signature! = Image_nt_signature) {printf ("The File is not a valid pe file! / N"); CloseHandle (HFILE); Return;}

// // Check if the PE file's checksum need adjusted // if (ntHdr.OptionalHeader.CheckSum == dwCheckSum) {printf ( "The PE file CheckSum need not to be adjusted / n"); CloseHandle (hFile); return }

/// seek the pe header // IF (set, doshdr.e_lfanew, 0, file_begin) == -1L) {Printf ("failed to locate peeader! / N"); CloseHandle (HFILE); Return }

Printf ("Old Checksum = 0x% 08X / N", nthdr.optionalHeader.Checksum); Printf ("New Checksum = 0x% 08x / N", dwchecksum);

///Modify the checksum // nthdr.optionalHeader.Checksum = dwchecksum; if (! Writefile (HFile, & nthdr, sizeof (nthdr), & cb, null) {Printf ("Failed to Adjust Checksum! / N"); } Eluse {printf ("Adjust Checksum SuccessFully! / N");

CloseHandle (HFILE); RETURN;}

转载请注明原文地址:https://www.9cbs.com/read-55395.html

9cbs

New Post(0)