//扩大节
    DWORD ExpendSection(PVOID ImageBuffer, PVOID* NewImageBuffer, DWORD Expend_Size) {
        PIMAGE_DOS_HEADER PDos_Header = NULL;
        PIMAGE_NT_HEADERS PNT_Header = NULL;
        PIMAGE_FILE_HEADER PFile_Header = NULL;
        PIMAGE_OPTIONAL_HEADER POptional_Header = NULL;
        PIMAGE_SECTION_HEADER PSection = NULL;
        if (!ImageBuffer) {
            printf("ImageBufferToFileBuffer:文件无效！\n");
            return 0;
        }
        if (*((PWORD)ImageBuffer) != IMAGE_DOS_SIGNATURE) {
            printf("ImageBufferToFileBuffer:不含MZ标识，不是可执行文件!\n");
            return 0;
        }
        PDos_Header = (PIMAGE_DOS_HEADER)(DWORD)ImageBuffer;
        if (*((PDWORD)((DWORD)ImageBuffer + PDos_Header->e_lfanew)) != IMAGE_NT_SIGNATURE) {
            printf("ImageBufferToFileBuffer:不含PE标识\n");
            return 0;
        }
        PFile_Header = (PIMAGE_FILE_HEADER)((DWORD)ImageBuffer + PDos_Header->e_lfanew + 0x4);
        POptional_Header = (PIMAGE_OPTIONAL_HEADER)((DWORD)ImageBuffer + PDos_Header->e_lfanew + 0x18);
        PSection = (PIMAGE_SECTION_HEADER)((DWORD)POptional_Header + PFile_Header->SizeOfOptionalHeader);
        PVOID TemImageBuffer = malloc(POptional_Header->SizeOfImage + Expend_Size);//分配新的空间
        memcpy(TemImageBuffer, ImageBuffer, POptional_Header->SizeOfImage);
        if (!TemImageBuffer) {
            printf("ExpendSection:分配空间失败！\n");
            return 0;
        }//判断新空间分配是否成功
        PDos_Header = (PIMAGE_DOS_HEADER)(DWORD)TemImageBuffer;//赋值
        PFile_Header = (PIMAGE_FILE_HEADER)((DWORD)TemImageBuffer + PDos_Header->e_lfanew + 0x4);
        POptional_Header = (PIMAGE_OPTIONAL_HEADER)((DWORD)TemImageBuffer + PDos_Header->e_lfanew + 0x18);
        PSection = (PIMAGE_SECTION_HEADER)((DWORD)POptional_Header + PFile_Header->SizeOfOptionalHeader);
        PIMAGE_SECTION_HEADER LastSection = PSection + PFile_Header->NumberOfSections - 1;//找到最后一个节表
        DWORD n = 0;
        LastSection->Misc.VirtualSize > LastSection->SizeOfRawData ? n = LastSection->Misc.VirtualSize + Expend_Size :
            n = LastSection->SizeOfRawData + Expend_Size;//取最后一个节表的SizeOfRawData或者VirtualSize，并且加上扩大的大小
        LastSection->Misc.VirtualSize = n;//扩大VirtualSize和SizeOfRawData
        LastSection->SizeOfRawData = n;
        POptional_Header->SizeOfImage += Expend_Size;//SizeOfImage加上扩大的大小
        *NewImageBuffer = TemImageBuffer;
        TemImageBuffer = NULL;
        free(TemImageBuffer);
        return POptional_Header->SizeOfImage;
        }
    //内存对齐函数
    DWORD Alignment(DWORD alignment_value, DWORD addend)
    {
        DWORD address = 0;
        int n = 0;
        if (addend / alignment_value)
        {
            if (addend % alignment_value)
            {
                n = addend / alignment_value + 1;
            }
            else
            {
                n = addend / alignment_value;
            }
        }
        else
        {
            if (addend)
                n = 1;
            else
                n = 0;
        }
        address += n * alignment_value;
        return address;
        }
    //合并节函数
    DWORD MergeSection(PVOID ImageBuffer, PVOID* NewImageBuffer) {
        PIMAGE_DOS_HEADER PDos_Header = NULL;
        PIMAGE_NT_HEADERS PNT_Header = NULL;
        PIMAGE_FILE_HEADER PFile_Header = NULL;
        PIMAGE_OPTIONAL_HEADER POptional_Header = NULL;
        PIMAGE_SECTION_HEADER PSection = NULL;
        if (!ImageBuffer) {
            printf("ImageBufferToFileBuffer:文件无效！\n");
            return 0;
        }
        if (*((PWORD)ImageBuffer) != IMAGE_DOS_SIGNATURE) {
            printf("ImageBufferToFileBuffer:不含MZ标识，不是可执行文件!\n");
            return 0;
        }
        PDos_Header = (PIMAGE_DOS_HEADER)(DWORD)ImageBuffer;
        if (*((PDWORD)((DWORD)ImageBuffer + PDos_Header->e_lfanew)) != IMAGE_NT_SIGNATURE) {
            printf("ImageBufferToFileBuffer:不含PE标识\n");
            return 0;
        }
        PFile_Header = (PIMAGE_FILE_HEADER)((DWORD)ImageBuffer + PDos_Header->e_lfanew + 0x4);
        POptional_Header = (PIMAGE_OPTIONAL_HEADER)((DWORD)ImageBuffer + PDos_Header->e_lfanew + 0x18);
        PSection = (PIMAGE_SECTION_HEADER)((DWORD)POptional_Header + PFile_Header->SizeOfOptionalHeader);
        PIMAGE_SECTION_HEADER LastSection = PSection + PFile_Header->NumberOfSections - 1;
        DWORD Max = LastSection->SizeOfRawData > LastSection->Misc.VirtualSize ? LastSection->SizeOfRawData 
            : LastSection->Misc.VirtualSize;//取最后一个节的VirtualSize或者SizeOfRawData
        //SizeOfHeaders内存对齐
        POptional_Header->SizeOfHeaders = Alignment(POptional_Header->SizeOfHeaders, POptional_Header->SectionAlignment);
        //新节大小
        DWORD New_Size = LastSection->VirtualAddress + Max - POptional_Header->SizeOfHeaders;
        //memcpy(PVOID((DWORD)ImageBuffer + PSection->SizeOfRawData), PVOID((DWORD)ImageBuffer + PSection->SizeOfRawData), New_Size);
        //memcpy(PVOID((DWORD)ImageBuffer + PSection->Misc.VirtualSize), PVOID((DWORD)ImageBuffer + PSection->Misc.VirtualSize), New_Size);
        PSection->SizeOfRawData = New_Size;//SizeOfRawData和VirtualSize等于新节大小
        PSection->Misc.VirtualSize = New_Size;
        PSection->Characteristics = 0xE2000060;
        PFile_Header->NumberOfSections = 1;
        *NewImageBuffer = ImageBuffer;
        ImageBuffer = NULL;
        return POptional_Header->SizeOfImage;

        }