Expermicid Posted August 29, 2012 Share Posted August 29, 2012 (edited) [lenguaje=autoit]#cs ------------------------------------------------------- AutoIt Version: 3.3.8.1 Author..........: Pink Script Function...: ENDLastI_S_H() Uso..............: ENDLastI_S_H(Filepath) Retorna..........: Posicion Donde termina la ultima Sección de IMAGE_SECTION_HEADER #ce ------------------------------------------------------- ;Ejemplo local $myfile="C:\Users\Usuario\Desktop\Anotador.exe" msgbox(0,"",ENDLastI_S_H($myfile)) Func ENDLastI_S_H($file) Const $l_fanew=60 Const $PEsize=4 Const $I_F_H=20 const $SizeS =40 local $LFvalue ;offset Entrada IMAGE_NT_HEADERS firma PE local $Size_O_H ;izeOfOptionalHeader local $NofS ;NumberOfSections local $fin_I_S_H ;IMAGE_SECTION_HEADER ;leyendo archivo y cargando buffer $hfile=fileopen($file) $binary=fileread($hfile,1000) ;offset Entrada IMAGE_NT_HEADERS firma PE $LFvalue=binarymid($binary,$l_fanew+1,4) $LFvalue=Dec(OLE(Stringreplace($LFvalue,"0x","",1,0))) ;NumberOfSections $NofS=$LFvalue+$PEsize+2 $NofS=BinaryMid($binary,($NofS+1),2) $NofS=Dec(OLE(Stringreplace($NofS,"0x","",1,0))) ;Tamaño SizeOfOptionalHeader $Size_O_H=$LFvalue+$PEsize+16 $Size_O_H=BinaryMid($binary,($Size_O_H+1),2) $Size_O_H=dec(OLE(StringReplace($Size_O_H,"0x","",1,0))) $fin_I_S_H=($LFvalue+$PEsize+$I_F_H+$Size_O_H)+($NofS*$SizeS) return $fin_I_S_H fileclose($hfile);close EndFunc ;Funcion OLE "Orden Little Endian" Func OLE($Var) Local $len=stringlen($Var)/2 local $Array[$len+1] local $Char local $A=1 local $Result for $i= 1 to $len $Char=stringmid($Var,$A,2) $A+=2 $Array[$i]=$Char next for $x = $len to 1 Step -1 $Result&=$Array[$x] Next Return $Result EndFunc [/lenguaje] Autor: Pink Edited February 16, 2014 by Expermicid Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
Recommended Posts