Click here to Skip to main content
15,860,861 members
Home / Discussions / C / C++ / MFC
   

C / C++ / MFC

 
AnswerRe: Registry REG_BINARY Problem Pin
locoone12-Apr-09 2:53
locoone12-Apr-09 2:53 
GeneralRe: Registry REG_BINARY Problem Pin
CPallini12-Apr-09 9:58
mveCPallini12-Apr-09 9:58 
GeneralRe: Registry REG_BINARY Problem Pin
locoone12-Apr-09 10:46
locoone12-Apr-09 10:46 
GeneralRe: Registry REG_BINARY Problem Pin
CPallini12-Apr-09 11:17
mveCPallini12-Apr-09 11:17 
GeneralRe: Registry REG_BINARY Problem [modified] Pin
locoone12-Apr-09 11:50
locoone12-Apr-09 11:50 
GeneralRe: Registry REG_BINARY Problem Pin
CPallini13-Apr-09 4:46
mveCPallini13-Apr-09 4:46 
GeneralRe: Registry REG_BINARY Problem Pin
locoone13-Apr-09 12:40
locoone13-Apr-09 12:40 
QuestionRemoving the MS-DOS stub from a PE File Pin
iNoble11-Apr-09 8:05
iNoble11-Apr-09 8:05 
i was looking all over the net for that function and i found it in one of the best PE Protectors (yoda's protector)
i tried to strip that function but i cant seem to get it right , it erase alot more than the DOS Stub

if hope some1 can give me some pointers or the solution i would be grateful

IMAGE_DOS_HEADER	image_dos_header;<br />
	IMAGE_NT_HEADERS	image_nt_headers;<br />
    HANDLE hFile,hFMap;<br />
    LPVOID FBase;<br />
	LPBYTE lpFile;<br />
<br />
	DWORD bufFileSize,dwBytesRead,dwBytesWritten;<br />
<br />
    hFile = CreateFile("C:\\test.exe", GENERIC_READ, FILE_SHARE_READ, NULL,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);<br />
        bufFileSize = GetFileSize(hFile, NULL);<br />
		lpFile = new BYTE[bufFileSize];<br />
	ReadFile(hFile, lpFile, bufFileSize, &dwBytesRead, NULL);<br />
	CloseHandle(hFile);<br />
<br />
	hFMap = CreateFileMapping(hFile, NULL, FILE_MAP_ALL_ACCESS, 0, 0, NULL);<br />
    FBase = MapViewOfFile(hFMap, FILE_MAP_ALL_ACCESS, 0, 0, 0);<br />
<br />
	CopyMemory(&image_dos_header,lpFile,sizeof(IMAGE_DOS_HEADER));<br />
	CopyMemory(&image_nt_headers,lpFile + image_dos_header.e_lfanew,sizeof(IMAGE_NT_HEADERS));<br />
<br />
<br />
	image_dos_header.e_cblp		= 0x0040;<br />
	image_dos_header.e_cp		= 0x0001;<br />
	image_dos_header.e_crlc		= 0x0000;<br />
	image_dos_header.e_cparhdr	= 0x0002;<br />
	image_dos_header.e_minalloc	= 0x0004;<br />
	image_dos_header.e_maxalloc	= 0xFFFF;<br />
	image_dos_header.e_ss		= 0x0002;<br />
	image_dos_header.e_sp		= 0x0040;<br />
	image_dos_header.e_csum		= 0x0000;<br />
	image_dos_header.e_ip		= 0x000E;<br />
	image_dos_header.e_cs		= 0x0000;<br />
	image_dos_header.e_lfarlc	= 0x001C;<br />
	image_dos_header.e_ovno		= 0x0000;<br />
	image_dos_header.e_res[0]	= 0x0000;<br />
	image_dos_header.e_res[1]	= 0x0000;<br />
	image_dos_header.e_res[2]	= 0x6957;<br />
	image_dos_header.e_res[3]	= 0x336E;<br />
	image_dos_header.e_oemid	= 0x2032;<br />
	image_dos_header.e_oeminfo	= 0x6E6F;<br />
	image_dos_header.e_res2[0]	= 0x796C;<br />
	image_dos_header.e_res2[1]	= 0x0D21;<br />
	image_dos_header.e_res2[2]	= 0x240A;<br />
	image_dos_header.e_res2[3]	= 0xB40E;<br />
	image_dos_header.e_res2[4]	= 0xBA09;<br />
	image_dos_header.e_res2[5]	= 0x0000;<br />
	image_dos_header.e_res2[6]	= 0xCD1F;<br />
	image_dos_header.e_res2[7]	= 0xB821;<br />
	image_dos_header.e_res2[8]	= 0x4C01;<br />
	image_dos_header.e_res2[9]	= 0x21CD;<br />
	image_dos_header.e_lfanew	= 0x40;<br />
<br />
	//UnmapViewOfFile(FBase);<br />
	FillMemory(lpFile,image_nt_headers.OptionalHeader.SizeOfHeaders,0x10);<br />
<br />
	hFile = CreateFile("C:\\test2.exe",GENERIC_WRITE,0,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);<br />
    WriteFile(hFile, lpFile, bufFileSize, &dwBytesWritten, NULL);<br />
<br />
	CloseHandle(hFile);<br />
	FlushViewOfFile(FBase, 0);<br />
	UnmapViewOfFile(FBase);

AnswerRe: Removing the MS-DOS stub from a PE File Pin
Baltoro11-Apr-09 9:08
Baltoro11-Apr-09 9:08 
GeneralRe: Removing the MS-DOS stub from a PE File [modified] Pin
iNoble11-Apr-09 9:40
iNoble11-Apr-09 9:40 
GeneralRe: Removing the MS-DOS stub from a PE File Pin
Baltoro11-Apr-09 10:21
Baltoro11-Apr-09 10:21 
GeneralRe: Removing the MS-DOS stub from a PE File Pin
iNoble11-Apr-09 13:16
iNoble11-Apr-09 13:16 
AnswerRe: Removing the MS-DOS stub from a PE File Pin
Stephen Hewitt12-Apr-09 6:08
Stephen Hewitt12-Apr-09 6:08 
GeneralRe: Removing the MS-DOS stub from a PE File Pin
iNoble12-Apr-09 11:36
iNoble12-Apr-09 11:36 
GeneralRe: Removing the MS-DOS stub from a PE File Pin
Baltoro13-Apr-09 5:55
Baltoro13-Apr-09 5:55 
Questionneed help.. [modified] Pin
badboyz8911-Apr-09 7:31
badboyz8911-Apr-09 7:31 
AnswerRe: need help.. Pin
CARPETBURNER12-Apr-09 0:06
CARPETBURNER12-Apr-09 0:06 
Questionwho can share the code to intercept iexplore connect send recv closesocket Pin
ernst2002053011-Apr-09 5:19
ernst2002053011-Apr-09 5:19 
AnswerRe: who can share the code to intercept iexplore connect send recv closesocket Pin
Green Fuze11-Apr-09 20:00
Green Fuze11-Apr-09 20:00 
News[ANN] Announcement: NUI C++ multi-platform appllication framework, 3D hardware GUI [modified] Pin
meelooo11-Apr-09 0:17
meelooo11-Apr-09 0:17 
GeneralRe: [ANN] Announcement: NUI C++ multi-platform appllication framework, 3D hardware GUI Pin
Rajesh R Subramanian11-Apr-09 0:20
professionalRajesh R Subramanian11-Apr-09 0:20 
GeneralRe: [ANN] Announcement: NUI C++ multi-platform appllication framework, 3D hardware GUI Pin
meelooo11-Apr-09 0:26
meelooo11-Apr-09 0:26 
GeneralRe: [ANN] Announcement: NUI C++ multi-platform appllication framework, 3D hardware GUI Pin
Rajesh R Subramanian11-Apr-09 0:31
professionalRajesh R Subramanian11-Apr-09 0:31 
QuestionGEt path of msi Pin
p_196010-Apr-09 23:46
p_196010-Apr-09 23:46 
AnswerRe: GEt path of msi Pin
Rajesh R Subramanian10-Apr-09 23:51
professionalRajesh R Subramanian10-Apr-09 23:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.