13 Years of Service
95%
[lenguaje=autoit]#cs -------------------------------------------------------
AutoIt Version: 3.3.8.1
Author..........: Pink
Script Function...: ENDLastI_S_H()
Uso..............: ENDLastI_S_H(Filepath)
Retorna..........: Posicion Donde termina la ultima Sección de IMAGE_SECTION_HEADER
#ce -------------------------------------------------------
;Ejemplo
local $myfile="C:\Users\Usuario\Desktop\Anotador.exe"
msgbox(0,"",ENDLastI_S_H($myfile))
Func ENDLastI_S_H($file)
Const $l_fanew=60
Const $PEsize=4
Const $I_F_H=20
const $SizeS =40
local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE
local $Size_O_H ;izeOfOptionalHeader
local $NofS ;NumberOfSections
local $fin_I_S_H ;IMAGE_SECTION_HEADER
;leyendo archivo y cargando buffer
$hfile=fileopen($file)
$binary=fileread($hfile,1000)
;offset Entrada IMAGE_NT_HEADERS firma PE
$LFvalue=binarymid($binary,$l_fanew+1,4)
$LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0)))
;NumberOfSections
$NofS=$LFvalue+$PEsize+2
$NofS=BinaryMid($binary,($NofS+1),2)
$NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0)))
;Tamaño SizeOfOptionalHeader
$Size_O_H=$LFvalue+$PEsize+16
$Size_O_H=BinaryMid($binary,($Size_O_H+1),2)
$Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0)))
$fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS)
return $fin_I_S_H
fileclose($hfile);close
EndFunc
;Funcion OLE "Orden Little Endian"
Func OLE($Var)
Local $len=stringlen($Var)/2
local $Array[$len+1]
local $Char
local $A=1
local $Result
for $i= 1 to $len
$Char=stringmid($Var,$A,2)
$A+=2
$Array[$i]=$Char
next
for $x = $len to 1 Step -1
$Result&=$Array[$x]
Next
Return $Result
EndFunc [/lenguaje]
Autor: Pink
AutoIt Version: 3.3.8.1
Author..........: Pink
Script Function...: ENDLastI_S_H()
Uso..............: ENDLastI_S_H(Filepath)
Retorna..........: Posicion Donde termina la ultima Sección de IMAGE_SECTION_HEADER
#ce -------------------------------------------------------
;Ejemplo
local $myfile="C:\Users\Usuario\Desktop\Anotador.exe"
msgbox(0,"",ENDLastI_S_H($myfile))
Func ENDLastI_S_H($file)
Const $l_fanew=60
Const $PEsize=4
Const $I_F_H=20
const $SizeS =40
local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE
local $Size_O_H ;izeOfOptionalHeader
local $NofS ;NumberOfSections
local $fin_I_S_H ;IMAGE_SECTION_HEADER
;leyendo archivo y cargando buffer
$hfile=fileopen($file)
$binary=fileread($hfile,1000)
;offset Entrada IMAGE_NT_HEADERS firma PE
$LFvalue=binarymid($binary,$l_fanew+1,4)
$LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0)))
;NumberOfSections
$NofS=$LFvalue+$PEsize+2
$NofS=BinaryMid($binary,($NofS+1),2)
$NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0)))
;Tamaño SizeOfOptionalHeader
$Size_O_H=$LFvalue+$PEsize+16
$Size_O_H=BinaryMid($binary,($Size_O_H+1),2)
$Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0)))
$fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS)
return $fin_I_S_H
fileclose($hfile);close
EndFunc
;Funcion OLE "Orden Little Endian"
Func OLE($Var)
Local $len=stringlen($Var)/2
local $Array[$len+1]
local $Char
local $A=1
local $Result
for $i= 1 to $len
$Char=stringmid($Var,$A,2)
$A+=2
$Array[$i]=$Char
next
for $x = $len to 1 Step -1
$Result&=$Array[$x]
Next
Return $Result
EndFunc [/lenguaje]
Autor: Pink
Last edited by a moderator: