Función que saca el EOF extra data hay que pasarle el MZ de un archivo que tenga el formato PE.
proc EOFExtraDataExtract,FHandle
push esi ebx
mov eax,[FHandle]
mov esi,dword[eax+03ch] ;Offset to start of PE header
add esi,eax
movzx ebx, word[esi+06h] ;Number Of Sections
dec ebx
mov eax,28h
mul ebx
add esi,0xf8 ;START OF SECTION TABLE
add esi,eax
mov eax,dword[esi+10h] ;SizeOfRawData
add eax,dword[esi+14h] ;pointerToRawData
pop ebx esi
ret
endp
proc EOFExtraDataExtract,FHandle
push esi ebx
mov eax,[FHandle]
mov esi,dword[eax+03ch] ;Offset to start of PE header
add esi,eax
movzx ebx, word[esi+06h] ;Number Of Sections
dec ebx
mov eax,28h
mul ebx
add esi,0xf8 ;START OF SECTION TABLE
add esi,eax
mov eax,dword[esi+10h] ;SizeOfRawData
add eax,dword[esi+14h] ;pointerToRawData
pop ebx esi
ret
endp
Comments (0)
Publicar un comentario