// ai_anti_malware.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。 // #include "head.h" auto getPeInfo(std::string inputFilePath) -> std::shared_ptr { auto sampleInfo = std::make_shared(); sampleInfo->inputFilePath = "E:\\对战平台\\CrowAntiCheat\\CrowAntiCheat\\client\\Console_" "Test\\Release\\Console_Test.exe"; sampleInfo->peBuffer = peconv::load_pe_module((const char*)sampleInfo->inputFilePath.c_str(), sampleInfo->peSize, false, false); sampleInfo->ntHead64 = peconv::get_nt_hdrs64((BYTE*)sampleInfo->peBuffer); sampleInfo->ntHead32 = peconv::get_nt_hdrs32((BYTE*)sampleInfo->peBuffer); sampleInfo->isX64 = peconv::is64bit((BYTE*)sampleInfo->peBuffer); sampleInfo->RecImageBase = sampleInfo->isX64 ? (DWORD64)sampleInfo->ntHead64->OptionalHeader.ImageBase : (DWORD)sampleInfo->ntHead32->OptionalHeader.ImageBase; sampleInfo->isRelocated = peconv::relocate_module( (BYTE*)sampleInfo->peBuffer, sampleInfo->peSize, sampleInfo->RecImageBase); sampleInfo->entryPoint = sampleInfo->isX64 ? sampleInfo->ntHead64->OptionalHeader.AddressOfEntryPoint : sampleInfo->ntHead32->OptionalHeader.AddressOfEntryPoint; sampleInfo->imageEnd = sampleInfo->RecImageBase + (sampleInfo->isX64 ? sampleInfo->ntHead64->OptionalHeader.SizeOfImage : sampleInfo->ntHead32->OptionalHeader.SizeOfImage); return sampleInfo; } int main() { auto sampleInfo = getPeInfo( "E:\\对战平台\\CrowAntiCheat\\CrowAntiCheat\\client\\Console_" "Test\\Release\\Console_Test.exe"); printf("input new file %s \n", sampleInfo->inputFilePath); printf("is x64: %d\n", sampleInfo->isX64); printf("is relocated: %d\n", sampleInfo->isRelocated); printf("RecImageBase: %llx\n", sampleInfo->RecImageBase); auto sandbox = std::make_shared(); sandbox->InitEnv(sampleInfo); sandbox->Run(); system("pause"); return 0; }