Hola, estoy iniciándome en la PE haciendo pequeñas chorraditas,
en una de ellas me he quedado estancando, quiero ver el timedatestamp de un archivo y modificar ese dato,
les adjunto el code: siempre imprime el valor 0, creo que no copia bien en memoria.
Private Const SIZE_NT_HEADERS               As Long = &HF8

Private Type IMAGE_FILE_HEADER
    Machine                     As Integer
    NumberOfSections            As Integer
    TimeDateStamp               As Long
    PointerToSymbolTable        As Long
    NumberOfSymbols             As Long
    SizeOfOptionalHeader        As Integer
    Characteristics             As Integer
End Type

Private Type IMAGE_DATA_DIRECTORY
    VirtualAddress As Long
    Size As Long
End Type

Private Type IMAGE_OPTIONAL_HEADER
        Magic                       As Integer
        MajorLinkerVersion          As Byte
        MinorLinkerVersion          As Byte
        SizeOfCode                  As Long
        SizeOfInitializedData       As Long
        SizeOfUnitializedData       As Long
        AddressOfEntryPoint         As Long
        BaseOfCode                  As Long
        BaseOfData                  As Long
        ImageBase                   As Long
        SectionAlignment            As Long
        FileAlignment               As Long
        MajorOperatingSystemVersion As Integer
        MinorOperatingSystemVersion As Integer
        MajorImageVersion           As Integer
        MinorImageVersion           As Integer
        MajorSubsystemVersion       As Integer
        MinorSubsystemVersion       As Integer
        W32VersionValue             As Long
        SizeOfImage                 As Long
        SizeOfHeaders               As Long
        Checksum                    As Long
        Subsystem                   As Integer
        DllCharacteristics          As Integer
        SizeOfStackReserve          As Long
        SizeOfStackCommit           As Long
        SizeOfHeapReserve           As Long
        SizeOfHeapCommit            As Long
        LoaderFlags                 As Long
        NumberOfRvaAndSizes         As Long
        DataDirectory(0 To 15)      As IMAGE_DATA_DIRECTORY
    End Type
    

Private Type IMAGE_NT_HEADERS
        Signature                   As Long
        FileHeader                  As IMAGE_FILE_HEADER
        OptionalHeader              As IMAGE_OPTIONAL_HEADER
End Type



Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Dest As Any, Src As Any, ByVal L As Long)

Public Function ver_timedatestamp(archivo As String)

    Dim copia_IMAGE_NT_HEADERS As IMAGE_NT_HEADERS
    Dim data() As Byte

    Open archivo For Binary Access Read As #1
    ReDim data(LOF(1))
    Get #1, , data()
    Close
    
    CopyMemory copia_IMAGE_NT_HEADERS, data(0), IMAGE_NT_HEADERS
    
    Debug.Print (copia_IMAGE_NT_HEADERS.FileHeader.TimeDateStamp)
    
End Function
Te faltaban un par de types, yo empleo casi siempre el get pero si usas el copymem el tercer argumento es el tamaño, cosa que se te ha pasado.
Option Explicit
 
    Private Const IMAGE_DOS_SIGNATURE                  As Long = &H5A4D&
    Private Const IMAGE_NT_SIGNATURE                    As Long = &H4550&
    Private Const IMAGE_NT_OPTIONAL_HDR32_MAGIC As Long = &H10B&
    Private Const SIZE_DOS_HEADER                      As Long = &H40
    Private Const SIZE_NT_HEADERS                      As Long = &HF8
    Private Const SIZE_SECTION_HEADER                  As Long = &H28
    Private Type IMAGE_DOS_HEADER
        e_magic                                      As Integer
        e_cblp                                        As Integer
        e_cp                                            As Integer
        e_crlc                                        As Integer
        e_cparhdr                              As Integer
        e_minalloc                            As Integer
        e_maxalloc                            As Integer
        e_ss                                            As Integer
        e_sp                                            As Integer
        e_csum                                        As Integer
        e_ip                                            As Integer
        e_cs                                            As Integer
        e_lfarlc                                As Integer
        e_ovno                                        As Integer
        e_res(0 To 3)                          As Integer
        e_oemid                                      As Integer
        e_oeminfo                              As Integer
        e_res2(0 To 9)                        As Integer
        e_lfanew                                As Long
    End Type
    Private Type IMAGE_FILE_HEADER
        Machine                                      As Integer
        NumberOfSections                As Integer
        TimeDateStamp                          As Long
        PointerToSymbolTable            As Long
        NumberOfSymbols                      As Long
        SizeOfOptionalHeader            As Integer
        Characteristics                      As Integer
    End Type
    Private Type IMAGE_DATA_DIRECTORY
        VirtualAddress                        As Long
        Size                                            As Long
    End Type
    Private Type IMAGE_OPTIONAL_HEADER
        Magic                                          As Integer
        MajorLinkerVersion            As Byte
        MinorLinkerVersion            As Byte
        SizeOfCode                            As Long
        SizeOfInitializedData          As Long
        SizeOfUnitializedData          As Long
        AddressOfEntryPoint          As Long
        BaseOfCode                            As Long
        BaseOfData                            As Long
        ImageBase                              As Long
        SectionAlignment                As Long
        FileAlignment                          As Long
        MajorOperatingSystemVersion As Integer
        MinorOperatingSystemVersion As Integer
        MajorImageVersion              As Integer
        MinorImageVersion              As Integer
        MajorSubsystemVersion          As Integer
        MinorSubsystemVersion          As Integer
        W32VersionValue                      As Long
        SizeOfImage                          As Long
        SizeOfHeaders                          As Long
        CheckSum                                As Long
        Subsystem                              As Integer
        DllCharacteristics            As Integer
        SizeOfStackReserve            As Long
        SizeOfStackCommit              As Long
        SizeOfHeapReserve              As Long
        SizeOfHeapCommit                As Long
        LoaderFlags                          As Long
        NumberOfRvaAndSizes          As Long
        DataDirectory(0 To 15)        As IMAGE_DATA_DIRECTORY
    End Type
    Private Type IMAGE_NT_HEADERS
        Signature                              As Long
        FileHeader                            As IMAGE_FILE_HEADER
        OptionalHeader                        As IMAGE_OPTIONAL_HEADER
    End Type
    Private Type IMAGE_SECTION_HEADER
        SecName                                      As String * 8
        VirtualSize                          As Long
        VirtualAddress                        As Long
        SizeOfRawData                          As Long
        PointerToRawData                As Long
        PointerToRelocations            As Long
        PointerToLinenumbers            As Long
        NumberOfRelocations          As Integer
        NumberOfLinenumbers          As Integer
        Characteristics                      As Long
    End Type
 
 
 
Public Function ver_timedatestamp(archivo As String)
 
    Dim DOSHeader As IMAGE_DOS_HEADER
    Dim NTHeader As IMAGE_NT_HEADERS
 
    Open archivo For Binary As #1
   
    Get #1, , DOSHeader
    Get #1, 1 + DOSHeader.e_lfanew, NTHeader
   
           ' NTHeader.FileHeader.TimeDateStamp = 
           
    'Put #1, 1 + DOSHeader.e_lfanew, NTHeader esto lo guardaría
    Close
   
 
   
End Function
Un hombre con una idea nueva es un loco hasta que la idea triunfa (Marc Twain)
http://darkcompany96.blogspot.com
Responder

Volver a “VB/.NET”