.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include gdi32.inc
includelib gdi32.lib
includelib user32.lib
includelib kernel32.lib
Message  proto :DWORD
movfile proto  :dword,:dword,:dword
IsPeFile proto :dword
MovPeHead proto :dword,:dword,:dword
AddSection proto :dword
.data
     
     szFileName db "E:\stu1\stu2\bin\Debug\main.exe",0
.data?
     hFilehanld dword ?
     szBuff  dword 4096 dup (?)
     szreadnum dword ?
     szbuff1    IMAGE_DOS_HEADER <>
     dwPeRav    dword ?
     szname     db "l456"
.code
     start:
            
            invoke CreateFile,offset szFileName,GENERIC_READ or GENERIC_WRITE,NULL,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL
            .IF eax==INVALID_HANDLE_VALUE
                invoke MessageBox,NULL,offset szFileName,NULL,MB_OK
                invoke ExitProcess,NULL
            .endif
            mov hFilehanld ,eax
            invoke ReadFile,hFilehanld,offset szBuff,4096,NULL,NULL
            invoke AddSection,offset szBuff
            invoke SetFilePointer,hFilehanld,0,0,FILE_BEGIN
            invoke WriteFile,hFilehanld,offset szBuff,4096,NULL,NULL
            invoke ExitProcess,NULL
           
           Message proc lpstring:dword
               
               invoke MessageBox,NULL,lpstring,NULL,MB_OK
               ret

           Message endp
           AddSection proc lpDosHead:dword
               mov ebx,lpDosHead
               assume ebx:ptr IMAGE_DOS_HEADER
               mov ebx,[ebx].e_lfanew
               add ebx,lpDosHead
               assume ebx :nothing
               assume ebx:ptr IMAGE_NT_HEADERS
               XOR  EAX,EAX
               mov ax,[ebx].FileHeader.NumberOfSections
               inc [ebx].FileHeader.NumberOfSections
               add [ebx].OptionalHeader.SizeOfImage,1000h
               sub  eax,1
               add  ebx,sizeof IMAGE_NT_HEADERS
               mov  edx,sizeof IMAGE_SECTION_HEADER
               mul  edx
               add  ebx,eax
               assume ebx:nothing
               assume ebx:ptr IMAGE_SECTION_HEADER
               
               
               mov eax,1000h
        
               add  eax,[ebx].VirtualAddress
               push eax
               mov  eax,[ebx].PointerToRawData
               add  eax,[ebx].SizeOfRawData
               push eax
               add  ebx,sizeof IMAGE_SECTION_HEADER
               mov  dword ptr [ebx].Name1, 7845h
               mov  [ebx].Misc.VirtualSize,1000H
               pop  [ebx].PointerToRawData
               pop  [ebx].VirtualAddress
               mov  [ebx].SizeOfRawData,500h
               mov  [ebx].PointerToRelocations,0
               mov  [ebx].NumberOfLinenumbers,0
               mov  [ebx].Characteristics,0
               assume ebx:nothing
               ret

           AddSection endp
         
            
            
     end start

[ 本帖最后由 zhu224039 于 2014-3-16 15:22 编辑 ]

可以携带恶意代码?