Expermicid Posted August 11, 2012 Share Posted August 11, 2012 (edited) [lenguaje=autoit]#cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Author..........: Pink Script Function...: Get_EOF Uso..............: Get_EOF(Runta Archuivo) Retorna : "Posicion OEF" Gracias: EON-Karcrack-The Swash #ce ------------------------------------------------------- ;Ejemplo $Path="C:\Users\Usuario\Desktop\Anotador.exe" msgbox(0,"",Get_EOF($Path)) Func Get_EOF($MyFile) Local $File = FileOpen($MyFile,16) If @error Then Msgbox(0,"Error","No se Pudo leer el Archivo") Endif Local $FileLen = FileGetSize($MyFile) Local $Binary = DllStructCreate("byte["& $FileLen &"]") DllStructSetData($Binary,1,FileRead($File)) FileClose($File) Local $BinaryPtr = DllStructGetPtr($Binary) Local Const $I_N_H_Len = 248 Local Const $I_F_H_Len = 20 Local Const $I_O_H_Len = 224 Local Const $I_S_H_Len = 40 Local $IMAGE_DOS_HEADER = DllStructCreate( _ "WORD e_magic;WORD e_cblp;WORD e_cp;WORD e_crlc;WORD e_cparhdr;WORD e_minalloc;WORD e_maxalloc;"& _ "WORD e_ss;WORD e_sp;WORD e_csum;WORD e_ip;WORD e_cs;WORD e_lfarlc;WORD e_ovno;"& _ "WORD e_res[4];WORD e_oemid;WORD e_oeminfo;WORD e_res2[10];WORD e_lfanew",$BinaryPtr) If Not DllStructGetData($IMAGE_DOS_HEADER,"e_magic") = 23177 Then Msgbox(0,"Error","Firma MZ Si Encontrado " ) EndIf $BinaryPtr += DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew") Local $IMAGE_NT_HEADERS = DllStructCreate( _ "DWORD signature;CHAR ifh["& $I_F_H_Len &"];CHAR ioh["& $I_O_H_Len &"]",$BinaryPtr) If Not DllStructGetData($IMAGE_NT_HEADERS,"signature") = 17744 Then Msgbox(0,"Error","Firma PE No Encontrada") Endif Local $IMAGE_FILE_HEADER = DllStructCreate( _ "WORD machine;WORD numberofsections;DWORD timedatestamp;DWORD pointertosymboltable;DWORD numberofsymbols;"& _ "WORD SizeOfOptionalHeader;WORD characteristics",DllStructGetPtr($IMAGE_NT_HEADERS,"ifh")) local $IMAGE_OPT_HEADER = DllStructCreate( _ "WORD magic;BYTE majorlinkerversion;BYTE minorlinkerversion;DWORD sizeofcode;DWORD sizeofinitializeddata;"& _ "DWORD sizeofuninitializeddata;DWORD addressofentrypoint;DWORD baseofcode;DWORD baseofdata;DWORD imagebase;"& _ "DWORD sectionalignment;DWORD filealignment;WORD majoroperatingsystemversion;WORD minoroperatingsystemversion;"& _ "WORD majorimageversion;WORD minorimageversion;WORD majoresubsystemversion;WORD minorsubsystemversion;"& _ "DWORD win32versionvalue;DWORD sizeofimage;DWORD sizeofheaders;DWORD checksum;WORD subsystem;WORD dllcharacteristics;"& _ "DWORD sizeofstackreserve;DWORD sizeofstackcommit;DWORD sizeofheapcommit;DWORD loaderflags;DWORD numberofrvaandsizes;"& _ "DOUBLE datadirectory[16]",DllStructGetPtr($IMAGE_NT_HEADERS,"ioh")) $BinaryPtr += $I_N_H_Len $InicioINT=DllStructGetData($IMAGE_DOS_HEADER,"e_lfanew") $NS=DllStructGetData($IMAGE_FILE_HEADER,'numberofsections')-1 $UTLS=$NS*$I_S_H_Len $BinaryPtr += $UTLS Local $IMAGE_SECTION_HEADER = DllStructCreate( _ "CHAR name[8];DWORD virtualsize;DWORD virtualaddress;DWORD sizeofrawdata;DWORD pointertorawdata;DWORD pointertorelocations;"& _ "DWORD pointertolinenumbers;WORD numberofrelocations;WORD numberoflinenumbers;DWORD characteristics",$BinaryPtr) $RawSize=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "SizeOfRawData"))) $RawOffset=dec(Hex(DllStructGetData($IMAGE_SECTION_HEADER, "PointerToRawData"))) Return $RawSize+$RawOffset EndFunc[/lenguaje] Autor: Pink Edited February 16, 2014 by Expermicid Link to comment Share on other sites More sharing options...
Recommended Posts