HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

AutoIT Función Get_EOF [By Pink]

Status
Not open for further replies.
E

Expermicid

Leech
User
Joined
Oct 23, 2011
Messages
285
Reputation
0
Reaction score
255
Points
63
Credits
0
‎13 Years of Service‎
95%
[lenguaje=autoit]#cs -------------------------------------------------------

AutoIt Version: 3.3.8.1

Author..........: Pink

Script Function...: Get_EOF

Uso..............: Get_EOF(Runta Archuivo)

Retorna : "Posicion OEF"

Gracias: EON-Karcrack-The Swash

#ce -------------------------------------------------------

;Ejemplo

$Path="C:\Users\Usuario\Desktop\Anotador.exe"

msgbox(0,"",Get_EOF($Path))

Func Get_EOF($MyFile)

Local $File = FileOpen($MyFile,16)

If @error Then

Msgbox(0,"Error","No se Pudo leer el Archivo")

Endif

Local $FileLen = FileGetSize($MyFile)

Local $Binary = DllStructCreate("byte["& $FileLen &"]")

DllStructSetData($Binary,1,FileRead($File))

FileClose($File)

Local $BinaryPtr = DllStructGetPtr($Binary)

Local Const $I_N_H_Len = 248

Local Const $I_F_H_Len = 20

Local Const $I_O_H_Len = 224

Local Const $I_S_H_Len = 40

Local $IMAGE_DOS_HEADER = DllStructCreate( _

"WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;"& _

"WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;WORD e_cs;WORD e_lfarlc;WORD e_ovno;"& _

"WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];WORD e_lfanew",$BinaryPtr)

If Not DllStructGetData($IMAGE_DOS_HEADER,"e_magic") = 23177 Then

Msgbox(0,"Error","Firma MZ Si Encontrado " )

EndIf

$BinaryPtr += DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")

Local $IMAGE_NT_HEADERS = DllStructCreate( _

"DWORD signature;CHAR ifh["& $I_F_H_Len &"];CHAR ioh["& $I_O_H_Len &"]",$BinaryPtr)

If Not DllStructGetData($IMAGE_NT_HEADERS,"signature") = 17744 Then

Msgbox(0,"Error","Firma PE No Encontrada")

Endif

Local $IMAGE_FILE_HEADER = DllStructCreate( _

"WORD machine;WORD numberofsections;DWORD timedatestamp;DWORD pointertosymboltable;DWORD numberofsymbols;"& _

"WORD SizeOfOptionalHeader;WORD characteristics",DllStructGetPtr($IMAGE_NT_HEADERS,"ifh"))

local $IMAGE_OPT_HEADER = DllStructCreate( _

"WORD magic;BYTE majorlinkerversion;BYTE minorlinkerversion;DWORD sizeofcode;DWORD sizeofinitializeddata;"& _

"DWORD sizeofuninitializeddata;DWORD addressofentrypoint;DWORD baseofcode;DWORD baseofdata;DWORD imagebase;"& _

"DWORD sectionalignment;DWORD filealignment;WORD majoroperatingsystemversion;WORD minoroperatingsystemversion;"& _

"WORD majorimageversion;WORD minorimageversion;WORD majoresubsystemversion;WORD minorsubsystemversion;"& _

"DWORD win32versionvalue;DWORD sizeofimage;DWORD sizeofheaders;DWORD checksum;WORD subsystem;WORD dllcharacteristics;"& _

"DWORD sizeofstackreserve;DWORD sizeofstackcommit;DWORD sizeofheapcommit;DWORD loaderflags;DWORD numberofrvaandsizes;"& _

"DOUBLE datadirectory[16]",DllStructGetPtr($IMAGE_NT_HEADERS,"ioh"))

$BinaryPtr += $I_N_H_Len

$InicioINT=DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew")

$NS=DllStructGetData($IMAGE_FILE_HEADER,'numberofsections')-1

$UTLS=$NS*$I_S_H_Len

$BinaryPtr += $UTLS

Local $IMAGE_SECTION_HEADER = DllStructCreate( _

"CHAR name[8];DWORD virtualsize;DWORD virtualaddress;DWORD sizeofrawdata;DWORD pointertorawdata;DWORD pointertorelocations;"& _

"DWORD pointertolinenumbers;WORD numberofrelocations;WORD numberoflinenumbers;DWORD characteristics",$BinaryPtr)

$RawSize=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "SizeOfRawData")))

$RawOffset=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "PointerToRawData")))

Return $RawSize+$RawOffset

EndFunc[/lenguaje]

Autor: Pink

 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top