ndardInformation);
if(status<0){
DbgPrint("ZwQueryInformationFile File failed...%08x..",status);
return ;
}
buf= ExAllocatePool(0, NumberOfBytes.AllocationSize.LowPart);
if(buf==NULL)
{
DbgPrint("ExAllocatePoolWIThTag failed");
return ;
}
ZwReadFile(Handle, 0, 0, 0, &IoStatusBlock, buf,NumberOfBytes.AllocationSize.LowPart, 0, 0);
PE=(ULONG)buf;
for(i=0;i<0x1000;i++){
if(!_stricmp((const char*)PE,"pe"))
break;
PE++;
}
DbgPrint("PE Header 0x%x 0x%.2x 0x%.2x",PE, *(UCHAR*)(PE),*(UCHAR*)((ULONG)PE+1));
opthead = *(unsigned short *)(PE + 20); //SizeofOptionalHeader
DbgPrint("SizeofOptionalHeader - 0x%x",opthead );
inIT = opthead + PE + 24;
initpointer=inIT;
Length = 0;
while (_stricmp((const char*)init,"inIT"))
{
inITpointer += 40;
secnum = *(DWORD *)(PE + 6);
++Length;
if ( Length >= secnum )
break;
init = inITpointer;
}
init = inITpointer;
if ( Length == *(DWORD *)(PE+ 6) )
DbgPrint("No found INIT seg\r\n");
else
{
rawpointer = *(DWORD *)(inIT + 20);
rawsize = *(DWORD *)(inIT + 16);
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>
|
