将值写入PE文件
[英]Write a value into PE file
问题描述
I want to try the following: 
我想尝试以下方法:
I have a C# program which takes a file as input and calculate MD5 algorithm for these five MD5. 我有一个C#程序,它将文件作为输入并为这五个MD5计算MD5算法。 My algorithm has a unique value for each file; 我的算法对每个文件都有唯一的值; this value is a 128 bit value, so I want to use this technique to protect my programs by saving the output value of md5 algorithm into a my PE file (let's say the value is X). 这个值是一个128位的值,所以我想使用此技术通过将md5算法的输出值保存到我的PE文件中来保护我的程序(假设值为X)。 The PE will calculate the MD5 value again (for itself) (let's say the value is Y) and then compare X with Y. If it's the same value it's ok and run; PE将再次(自己)计算MD5值(假设值为Y),然后将X与Y进行比较。如果相同,则可以运行; else, it'll exit. 否则,它将退出。
My Question is: how do I write my Value into the PE file? 我的问题是:如何将我的价值写入PE文件? Important notice : my algorithm has been written with C# so I want a way to write into PE file using C# language. 重要提示:我的算法已使用C#编写,因此我想使用C#语言写入PE文件。
3 个解决方案
解决方案1
4 2009-11-22 22:43:50
One option is to simply append your value to the end of the file. 一种选择是简单地将您的值附加到文件末尾。 Windows is quite happy for arbitrary data to be appended to executables - it's how self-extracting zip files work, for example. Windows非常乐意将任意数据附加到可执行文件中-例如,这就是自解压zip文件的工作方式。
Edit in response to Hany's comment: It works for me, using cmd.exe as an example: 编辑以回应Hany的评论:以cmd.exe为例,它对我有用:
C:\WINDOWS\system32>copy con rjh
This is a test!
^Z
1 file(s) copied.
C:\WINDOWS\system32>copy /b cmd.exe + rjh cmdrjh.exe
cmd.exe
rjh
1 file(s) copied.
C:\WINDOWS\system32>od -cv cmdrjh.exe | tail -4
1367760 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
1370000 T h i s i s a t e s t ! \r
1370020 \n
1370021
C:\WINDOWS\system32>cmdrjh
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
(You did do the file operations in binary mode, didn't you?) (您确实以二进制模式执行文件操作,不是吗?)
解决方案2
4 2009-11-22 23:08:15
Create an empty string resource data that is embedded and is at the end of the code/data segment, work out the offset where to write in the value into that empty spot where the resource location is. 创建一个嵌入的空字符串资源数据,该数据位于代码/数据段的末尾,计算出将值写入该资源位置所在的空白位置的偏移量。
But then again, what's the point in protecting your programs by yourself...? 但是话又说回来,保护自己的程序有什么意义呢?
I wouldn't go down that route, instead employ a commercial protection scheme for PE files (Native C/C++ code/libraries and .NET)...for instance, .NET executables which are a PE file also, and they are easily reversed engineered (think of reflector)...Look at a lot of these so called warez where the protection schemes were cracked and serial numbers used...What do you think? 我不会走这条路,而是对PE文件(本机C / C ++代码/库和.NET)采用商业保护方案……例如,.NET可执行文件也是PE文件,它们很容易逆向工程(想想反射器)...看很多所谓的warez,其中保护方案被破解并使用了序列号...您怎么看? If you still insist on doing it yourself, then the first paragraph above in my answer should help you. 如果您仍然坚持自己做,那么上面我回答的第一段应该会对您有所帮助。
My 2 cents thought here... Best regards and Good luck in your protection scheme, Tom. 我的2美分就在这里...最好的问候,祝您好运,汤姆。
解决方案3
0 2009-12-17 03:46:12
You can use Alternate Data Streams . 您可以使用备用数据流 。 . 。 . 。 where you can open and write to filename like filename.exe:md5sig so that md5sig is the namespace of the signature. 您可以在其中打开并写入文件名,如filename.exe:md5sig,以便md5sig是签名的名称空间。 The original file (residing in the unamed default namespace) and its data are left alone. 原始文件(位于未修改的默认名称空间中)及其数据将保留下来。 TheEruditeTroglodyte 翡翠变色龙
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.