新增节&将导出表移动到新节

新增节
1.先判断是否有空间增加一个节表，满足sizeOfHeaders >= sectionTable[last] + 0x28*3
2.malloc(fileSize+newSectionSize);memset(0);memcpy(newfileBuffer,fileBuffer,fileSize)
3.将代码节表拷贝一份到最后一个节表后边。修改新节的文件和内存的sie&address（根据原来的最后一个节计算偏移）。
移动导出表
1.先移动函数地址表到新节->移动名称序号表->移动名称表->移动名称->移动导出表->最后修复dataDir.

void* removeExportTable(void* fileBuffer){
    //获取导出表
	PE pe = resolvePE(fileBuffer);
	int ReTableRVA = pe.dataDir[0].value;
	int ReTableFOA = VA2FA(fileBuffer, ReTableRVA);
	PIMAGE_EXPORT_DIRECTORY pImage_export_Dir =(PIMAGE_EXPORT_DIRECTORY)((int)fileBuffer + ReTableFOA);
    //找到函数地址表
	int AddressOfFunctionsInFileBuffer = VA2FA(fileBuffer, pImage_export_Dir->AddressOfFunctions) + (int)fileBuffer;
    //定义一个游标,用来记录目标地址
	BYTE* cursor = (BYTE*)((int)fileBuffer + (pe.sectionTable[pe.NumberOfSections.value - 1].PointerToRawData.value));
	int RVACursor;
	memcpy((void*)cursor, (void*)AddressOfFunctionsInFileBuffer, pImage_export_Dir->NumberOfFunctions * 4);
    //修改导出表中函数地址表的地址,这是RVA,目标地址是新增的那个节在内存中的偏移即VirtualAddress
	pImage_export_Dir->AddressOfFunctions = pe.sectionTable[pe.NumberOfSections.value - 1].VirtualAddress.value;
    //移动游标
	cursor += pImage_export_Dir->NumberOfFunctions * 4;
    //复制函数序号表
	int AddressOfNameOrdinalsInFileBuffer = VA2FA(fileBuffer, pImage_export_Dir->AddressOfNameOrdinals) + (int)fileBuffer;
	memcpy((void*)cursor, (void*)AddressOfNameOrdinalsInFileBuffer, pImage_export_Dir->NumberOfNames * 2);
	pImage_export_Dir->AddressOfNameOrdinals = (pe.sectionTable[pe.NumberOfSections.value - 1].VirtualAddress.value) + pImage_export_Dir->NumberOfFunctions * 4;
	cursor += pImage_export_Dir->NumberOfNames * 2;

	//移动函数名称表
	int AddressOfNamesInFileBuffer = VA2FA(fileBuffer, pImage_export_Dir->AddressOfNames) + (int)fileBuffer;
	memcpy((void*)cursor, (void*)AddressOfNamesInFileBuffer, pImage_export_Dir->NumberOfNames * 4);
	pImage_export_Dir->AddressOfNames = (pe.sectionTable[pe.NumberOfSections.value - 1].VirtualAddress.value) + pImage_export_Dir->NumberOfFunctions * 4 + pImage_export_Dir->NumberOfNames * 2;
	//记录函数名称表新的地址
	int* AddressOfNamesOfNewInFileBufer = (int*)cursor;
	cursor += pImage_export_Dir->NumberOfNames * 4;
    //这个游标是用来记录RVA的
	RVACursor = (int)(pe.sectionTable[pe.NumberOfSections.value - 1].VirtualAddress.value) + pImage_export_Dir->NumberOfFunctions * 4 + pImage_export_Dir->NumberOfNames * 2 + pImage_export_Dir->NumberOfNames * 4;
	//TODO 移动函数名称并修正函数名称表中的RVA
	char* tmp;
	for (size_t i = 0; i < pImage_export_Dir->NumberOfNames; i++)
	{
		tmp = (char*)(*((int*)AddressOfNamesInFileBuffer + i));
		tmp = (char*)( VA2FA(fileBuffer, (int)tmp) + (int)fileBuffer);
		strcpy((char*)cursor, tmp);
		AddressOfNamesOfNewInFileBufer += i;

		*AddressOfNamesOfNewInFileBufer = (int)RVACursor;//修改名称地址表中的RVA指向新的名称地址
		RVACursor += (strlen(tmp) + 1);
		cursor += (strlen(tmp)+1);
	}

	pImage_export_Dir;
    //复制导出表
	memcpy(cursor, (void*)pImage_export_Dir, 40);
    
	*(int*)((int)fileBuffer + pe.dataDir[0].address) = RVACursor;
	RVACursor += 40;
	cursor += 40;

	return fileBuffer;
}