Gopi Krishna Komanduri wrote:
> Hi,
> I tried to change the value of a constant variable
> whose memory will be in .rdata. But I am unable to do
> it. Could you please go through the following code and
> suggest where I went wrong.
> #include "stdafx.h"
>
>
> int main(int argc, char* argv[])
> {
> char *nm="Krsna";
>
> char * const myname="GopiKomanduri";
> HMODULE hnd=GetModuleHandle(NULL);
> IMAGE_DOS_HEADER *doshdr=(IMAGE_DOS_HEADER *)hnd;
> IMAGE_FILE_HEADER *filehdr=(IMAGE_FILE_HEADER
> *)((BYTE *)hnd+doshdr->e_lfanew+4);
> IMAGE_OPTIONAL_HEADER *opthdr=(IMAGE_OPTIONAL_HEADER
> *)((BYTE *)filehdr+sizeof(IMAGE_FILE_HEADER));
> IMAGE_SECTION_HEADER
> *imgsechdr=(IMAGE_SECTION_HEADER *)((BYTE
> *)opthdr+sizeof(IMAGE_OPTIONAL_HEADER));
> IMAGE_SECTION_HEADER
> *imgsechdr1=(IMAGE_SECTION_HEADER *)((BYTE
> *)opthdr+sizeof(IMAGE_OPTIONAL_HEADER));
> cout<<"The total number of sections present
> are"<<filehdr->NumberOfSections<<endl;
> DWORD dwOld;
> for(int i=0;i<filehdr->NumberOfSections;i++)
> {
> cout<<"The name of"<<i<<"section is
> "<<imgsechdr->Name<<endl;
> cout<<"The characteristics
> is"<<imgsechdr->Characteristics<<endl;
> cout<<"The pointer to RAW data
> is"<<imgsechdr->PointerToRawData<<endl;
> cout<<"The size of RAW data
> is"<<imgsechdr->SizeOfRawData<<endl;
> int *j=(int *)((BYTE
> *)hnd+imgsechdr->PointerToRawData);
> cout<<"The value of i is"<<i<<endl<<"The value of *j
> is"<<*j;
> if(i==1)//(The second section will be .rdada)
> {
> VirtualProtect(imgsechdr
> ,imgsechdr->SizeOfRawData,PAGE_EXECUTE_READWRITE,&dwOld);
>
> myname="Krsna";
> }
> imgsechdr++;
> }
>
>
> return 0;
> }
You've got my attention.
1) What you are doing is dangerous and probably unnecessary. Be
careful how you stomp all over memory.
2) XP Service Pack 2 locks out some functionality to programs that
don't have appropriate privileges. VirtualProtect() may be an affected
function where you need elevated privileges to change the status of
virtual memory. You should be checking to see if VirtualProtect() fails
and act accordingly or you'll cause your application to crash.
3) You are confusing compile-time 'const' with the read/write/execute
bits of pages of virtual memory. The two are completely different
concepts (at least in my head).
4) Your idea of PE sections is not quite correct. The PE File Format
specification clearly declares that named sections are completely
meaningless. That is, you can't rely on a specific named section to
exist let alone be the second section. The only thing you can rely on
is the data directories and their position in IMAGE_OPTIONAL_HEADER and
only THEN can you map what you are after to a section using the mapping
provided by the section descriptions (except you should always check to
make sure a specific data directory even exists - might not always have
16 entries). And even then you might still have to factor in the 'BASE
RELOCATION' table depending on what you are modifying at which point the
code takes a dive into spaghetti-code land.
--
Thomas Hruska
CubicleSoft President
Ph: 517-803-4197
*NEW* VerifyMyPC 2.0
Change tracking and management tool.
Reduce tech. support times from 2 hours to 5 minutes.
Free for personal use, $10 otherwise.
http://www.CubicleSoft.com/VerifyMyPC/
