扩大节

思路就是在最后一个节后面添加数据

1.修改 sizeOfImage

2.最后一个节的 文件对气后大小和内存真实大小 ，注意增加的尺寸需要文件对齐

// ExpandSection.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include "PE.h"

int ExpendedSize = 0x1000;

void* expandSection(void* fileBuffer,int size){
	PE pe = resolvePE(fileBuffer);

	int FileAlignment = *(int*)((int)fileBuffer + pe.FileAlignment.address);
	
	if (ExpendedSize % FileAlignment != 0){
		ExpendedSize = ((ExpendedSize / FileAlignment) + 1) * FileAlignment;
	}

	void* newBuffer = malloc(size + ExpendedSize);
	memset(newBuffer, 0x00, size + ExpendedSize);
	memcpy(newBuffer, fileBuffer, size);

	int NumberOfSection = *(short*)((int)fileBuffer + pe.NumberOfSections.address);

	int SizeOfRawData = *(int*)((int)fileBuffer + pe.sectionTable[NumberOfSection - 1].SizeOfRawData.address);
	int SizeOfRawData_new = SizeOfRawData + ExpendedSize;
	memcpy((void*)((int)newBuffer + pe.sectionTable[NumberOfSection - 1].SizeOfRawData.address), (void*)&SizeOfRawData_new, 0x4);

	int VirtualSize = *(int*)((int)fileBuffer + pe.sectionTable[NumberOfSection - 1].VirtualSize.address);
	int VirtualSize_new = SizeOfRawData + ExpendedSize;
	memcpy((void*)((int)newBuffer + pe.sectionTable[NumberOfSection - 1].VirtualSize.address), (void*)&VirtualSize_new, 0x4);

	int SizeOfImage = *(int*)((int)fileBuffer + pe.SizeOfImage.address);
	int SizeOfImage_new = SizeOfImage + ExpendedSize;
	memcpy((void*)((int)newBuffer + pe.SizeOfImage.address), (void*)&SizeOfImage_new, 0x4);

	return newBuffer;
}

int _tmain(int argc, _TCHAR* argv[])
{

	void* fileBuffer = readFile("TargetEXE.exe");
	int size = getFileSize("TargetEXE.exe");
	void* fileBuffer_new = expandSection(fileBuffer,size);

	save2File(fileBuffer_new, getFileSize("TargetEXE.exe")+ExpendedSize,"TargetEXE2.exe");

	return 0;
}

还有新增节**如果尺寸不够，那么新增一个节表需要提升**