亲自修改pe病毒加强版,感染后的文件可取代母体,上一个版本的只是在感染文件的最后添加一个节,让它入口点为这个节的代码newentry,但是感染后的病毒文件不能继续感染其他文件(也就是代替母体),这次通过在host感染节找到kenerl32.dll里面的api,实现母体一样的功能,也就是它也能感染,就是把这个感染节添加到目标感染文件,并对其修改入口点,.....也就是连环感染,附上代码,已调试成功

本人写的PE病毒,MASM语言,供大家研究之用,切勿用于非法用途 基本上,看懂了,就已经是会写,看不懂的,还是不会写,哈哈 请大家密切留意有关此源代码更为详细的资料

钢丝网骨架复合塑料PE管施工工艺设计流程.doc

“PE+上市公司”并购基金运作之金融学研究-以中南文化传媒基金并购千易志诚为例.docx

数据库信息 查看PE文件的pdb信息的简单工具。

超强查壳脱壳工具汉化 release history - 3.31 :: pfft. fixed always-on-top/minimise-to-tray registry entries. :: pfft. fixed bogus "virus infection" in pe-scan.exe. thanks to everyone@exetools. - 3.30 :: added unpackers for petite (all versions), wwpack (all versions), exe32pack (all versions), def 1.0, ep 0.1 & 0.2, exe-bundle 1.31, ezip 1.0, neolite 2.00, pcpec alpha preview, pc-shrink 0.29b/0.45b/0.70b/0.71b, pe-diminisher 0.1, pe-mangle 1.0, pencrypt 1.0, pe-nightmare 1.3, pe-pack 0.99 & 1.0, pklite 1.1 [11], shrinker 3.4, spec b2 & b3, stone's pe-encryptor 1.0 & 1.13, winkript 1.0, vg-shrink 0.14 :: added oep tracing for upx, wwpack, petite.. and some others i can't remember. ;p :: totally reworked the aspack unpacking routines; should be more compatible with any "mutated" loaders. thanks to everyone who tested their files for me. =) :: added TLS rebuilding for unpacked files. :: added an options dialog, also minimise-to-system-tray and always-on-top. :: added some signatures - armadillo, fsg, upx, pebundle.. etc.. :: finally got around to writing a .hlp file. :: changed the peHeader offset-value to a dword. =D :: fixed bug with drag'n'drop.. thanks qwerton. :: updated shrinker 3.4, ep 1.0, petite 1.3 and aspack 2.1 signatures for more compatibility. :: fixed bug with pep rva calculation to handle a pep located _before_ the first section. :: fixed minor bugs with ep, def and nfo website information. fucking string searches. heh. =| - 3.13 :: finally fixed the win2k shell bug. thanks Athlon for your help. =) as it turns out, WinNT had the same problem.. - :: known bug; the shellExtention still doesn't work on win2k. i'm out of ideas.. but i'll be able to diagnose the problem as soon as i have win2k installed. - 3.12 :: implemented generic pe-compact unpacker for all versions. :: fixed major bug with the pecompact unpacker; it erased bytes at the rva where the signature bytes _used_ to be. 8/ :: added support for .sys and .cpl pe's. :: added dragNDrop

怎么样获得PE文件中重要数据结构？ 从 DOS header 定位到 PE header 从 optional header 读取 data directory 的地址。 IMAGE_DATA_DIRECTORY 结构尺寸乘上找寻结构的索引号: 寻import symbols的位置信息，必须用IMAGE_DATA_DIRECTORY 结构尺寸(8 bytes)乘上1（import symbols在data directory中的索引号）。 将上面的结果加上data directory地址，就得到包含所查询数据结构信息的 IMAGE_DATA_DIRECTORY 结构项。

巨强悍的ASProtect脱壳机：ASProtect unpacker by PE_Kill巨强悍的ASProtect脱壳机：ASProtect unpacker by PE_Kill

PE制作工具

PENM（“PE 网络管理器”）是一个小型实用程序，用于在 Windows PE 中安装和管理不同的网络设置。 它主要用于“WinBuilder”项目，如“LiveXP”、“Win7PE”、“Win8.1SE”、“Win10PE_SE”、“Win10XPE”等。该实用程序是在 BSD 许可类型和 AutoIt3-EULA 下开发的。