windows - Data i datafeltet af en exe

Indlæg af Hanne Mølgaard Plasc

ProblemJeg sammensatte følgende fire linjer kode i en fil kaldet foo.exe, håber at værdien af ​​den globale variabel 'i' (dvs. 9) ville gå ind i datafeltet af foo.exe


int i = 9;  
int main()
{
}


Så brugte jeg følgende kode for at finde ud af om det virkelig var i .data sektionen af ​​foo.exe, men fandt intet. Kan nogen fortælle mig hvad der gik galt .. ??


#include<iostream>
#include<Windows.h>
#include<stdio.h>
#include<WinNT.h>


int main()
{

HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE\_DOS\_HEADER dosHeader;

hFile = CreateFile(TEXT("foo.exe"), GENERIC\_READ, FILE\_SHARE\_READ, NULL,
          OPEN\_EXISTING, FILE\_ATTRIBUTE\_NORMAL, 0);

if ( hFile == INVALID\_HANDLE\_VALUE )
{
  printf("Couldn't open file with CreateFile()
");
  return 0;
}

hFileMapping = CreateFileMapping(hFile, NULL, PAGE\_READONLY, 0, 0, NULL);
if ( hFileMapping == 0 )
{
  CloseHandle(hFile);
  printf("Couldn't open file mapping with CreateFileMapping()
");
  return 0;
}

lpFileBase = MapViewOfFile(hFileMapping, FILE\_MAP\_READ, 0, 0, 0);
if ( lpFileBase == 0 )
{
  CloseHandle(hFileMapping);
  CloseHandle(hFile);
  printf("Couldn't map view of file with MapViewOfFile()
");
  return 0;
}


PIMAGE\_DOS\_HEADER pimdh;
pimdh = (PIMAGE\_DOS\_HEADER)lpFileBase;

PIMAGE\_NT\_HEADERS pimnth;
pimnth = (PIMAGE\_NT\_HEADERS)((char *)lpFileBase + pimdh->e\_lfanew);

PIMAGE\_SECTION\_HEADER pimsh;
pimsh = (PIMAGE\_SECTION\_HEADER)(pimnth + 1);

PIMAGE\_IMPORT\_DESCRIPTOR pimid;
long delta;

for(int i = 0; i<pimnth->FileHeader.NumberOfSections;i++)
{
  if(!strcmp((char *)pimsh->Name,".data"))
  {
    DWORD base = (DWORD)lpFileBase;
    for(DWORD start = pimsh ->PointerToRawData; start <= (pimsh->PointerToRawData + pimsh->SizeOfRawData); start++)
    {
      if(*((int *)(start + base)) == 9)
      {
        printf("found");
        break;
      }
    }
  }
  pimsh++;
}

}

Bedste reference


Kompilatoren (linker) lagde ikke din variabel i billedfilen, fordi variablen ikke engang er brugt i koden!