尝试往pe.data区写数据

if (!CopyFile(lpccpPath, newFileName, FALSE))
        {
            eLogA(“**CopyFile failed..error: %d.!n”,GetLastError());
            continue;
        }

        //改写PE区段头部.data 数据
        HANDLE hFile = CreateFile(newFileName, GENERIC_READ|GENERIC_WRITE,
            FILE_SHARE_READ|FILE_SHARE_WRITE,
            NULL,
            OPEN_EXISTING,
            NULL,
            NULL);

        if (INVALID_HANDLE_VALUE != hFile)
        {
            HANDLE hMapping=CreateFileMapping(hFile,NULL, PAGE_READWRITE,0,0,NULL);
            if (!hMapping)
            {
                DWORD derror = GetLastError();
                CloseHandle(hFile);
                return;
            }
            // 把文件头映象存入BasePointer.
            void *pBasePointer = NULL;
            if (!(pBasePointer = MapViewOfFile(hMapping,FILE_MAP_ALL_ACCESS, 0, 0, 0)))
            {
                CloseHandle(hMapping);
                CloseHandle(hFile);
                return;
            }
            // 得到相关地址.去修改
            ModifyPESection(hFile,pBasePointer);

            UnmapViewOfFile(pBasePointer);
            CloseHandle(hMapping);
            CloseHandle(hFile);

        }

=====================

// 修改pe文件的区段头部内容
void Util::Process::ModifyPESection(HANDLE hFile,LPVOID lpBuffer)
{
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)(LPBYTE)lpBuffer;
    PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)((LPBYTE)lpBuffer + pDosHeader->e_lfanew);

    //获得可选头部地址
    DWORD dwAddrOfOptionalHeader=(DWORD)&pNtHeader->OptionalHeader;
    //获得区块信息
    PIMAGE_SECTION_HEADER pSectionHeader=(PIMAGE_SECTION_HEADER)
        (dwAddrOfOptionalHeader+pNtHeader->FileHeader.SizeOfOptionalHeader);

    //获取信息所用到的两个结构体指针
    PIMAGE_FILE_HEADER pFileHeader = &(pNtHeader->FileHeader);

    //获取区段个数
    DWORD dwSectionNum = pFileHeader->NumberOfSections;
    DWORD dwTmp=0;
    for (DWORD i = 0; i     {
        CHAR* pdata = (CHAR*)pSectionHeader->Name;
        if (strcmp(pdata,”.data”) == 0)
        {
            //设置文件当前指针
            SetFilePointer(hFile,pSectionHeader->PointerToRawData,0,FILE_BEGIN);//在磁盘文件中的偏移

            DWORD dwDataSizeOfRawData=pSectionHeader->SizeOfRawData; //该块在磁盘中所占多少个字节数
            BYTE* ptmp=new BYTE[dwDataSizeOfRawData];
            memset(ptmp,0,dwDataSizeOfRawData);
            for(int j=0;j             {
                //ReadFile(hFile,&tmp,1,&dwTmp,NULL);
                ptmp[j]= (BYTE)(rand()%256);
                //SetFilePointer(hFile,-1,NULL,FILE_CURRENT);
            }
            WriteFile(hFile,ptmp,dwDataSizeOfRawData,&dwTmp,NULL);
            delete []ptmp;
            break;
        }
        pSectionHeader++;
    }
}

———-

乱写会破坏文件， 被杀毒软件 病毒的…