void Convert(std::string pe_file_name, std::string xky_file_name) { //Creamos el fichero PE PEFile pe_file(pe_file_name); //Testear que exista una seccion ".module" if(!pe_file.GetSectionHeaderByName(MODULE_SECTION_NAME)) throw std::string(".module section doesn't exists"); //Creamos el fichero linkado XFile xky_file(CalculateXkyFileSize(&pe_file, XKY_SECTION_ALIGNMENT, XKY_HEADER_ALIGNMENT)); //Volcamos la cabecera DumpHeader(&xky_file, &pe_file, XKY_HEADER_ALIGNMENT); //Volcamos por este orden: // .import // .data // .code // .export DumpSection(&xky_file, &pe_file, IMPORT_SECTION_NAME, XKY_SECTION_ALIGNMENT); DumpSection(&xky_file, &pe_file, DATA_SECTION_NAME, XKY_SECTION_ALIGNMENT); DumpSection(&xky_file, &pe_file, CODE_SECTION_NAME, XKY_SECTION_ALIGNMENT); DumpSection(&xky_file, &pe_file, EXPORT_SECTION_NAME, XKY_SECTION_ALIGNMENT); //Volcamos las relocs // xky_module_header->relocs_section.offset = xky_file_write_pointer; // xky_module_header->relocs_section.size = xky_file_size - xky_file_write_pointer; DumpRelocs(&xky_file, &pe_file, XKY_SECTION_ALIGNMENT); //Volcamos a disco if(!xky_file.FlushToDisk(xky_file_name)) throw std::string("Cant open dump disk file: ") + xky_file_name; }
void DumpSections() { for(unsigned i = 0; i < Sections.Size(); i++) { DumpSection(i, &Sections[i]); } }
static void DumpSections(IDiaSession *session) { HRESULT hr; IDiaEnumTables * enumTables = NULL; IDiaTable * secTable = NULL; hr = session->getEnumTables(&enumTables); if (S_OK != hr) return; AddReportSepLine(); g_report.Append("Sections:\n"); VARIANT vIndex; vIndex.vt = VT_BSTR; vIndex.bstrVal = SysAllocString(L"Sections"); hr = enumTables->Item(vIndex, &secTable); if (S_OK != hr) goto Exit; LONG count; secTable->get_Count(&count); IDiaSectionContrib *item; ULONG numFetched; for (;;) { hr = secTable->Next(1,(IUnknown **)&item, &numFetched); if (FAILED(hr) || (numFetched != 1)) break; DumpSection(item); item->Release(); } Exit: UnkReleaseSafe(secTable); SysFreeStringSafe(vIndex.bstrVal); UnkReleaseSafe(enumTables); }
DWORD CAppProtector::RVAToFileOffset(PIMAGE_NT_HEADERS pNtHdr, DWORD rva, unsigned int nNumberOfSections) { HANDLE hFile=CreateFile(szMyFileName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,(HANDLE)0); HANDLE hFileMapping=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL); PVOID pMemoryMappedFileBase=(PCHAR)MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0); if(pMemoryMappedFileBase==0) { //Error CloseHandle(hFileMapping); hFileMapping=0; CloseHandle(hFile); hFile=INVALID_HANDLE_VALUE; return ((DWORD)-1); } PIMAGE_SECTION_HEADER pSectHdr=IMAGE_FIRST_SECTION(pNtHdr); DWORD cbMaxOnDisk=0,startSectRVA=0,endSectRVA=0,dwResult=(DWORD)-1; for(unsigned i=0;i<nNumberOfSections;i++,pSectHdr++) { cbMaxOnDisk=min(pSectHdr->Misc.VirtualSize,pSectHdr->SizeOfRawData); startSectRVA=pSectHdr->VirtualAddress; endSectRVA=startSectRVA + cbMaxOnDisk; if((rva>=startSectRVA)&&(rva<endSectRVA)) dwResult=pSectHdr->PointerToRawData+(rva-startSectRVA); } CloseHandle(hFileMapping); CloseHandle(hFile); if(dwResult<0) MessageBox(NULL,"Error calculating file offset (what type of PE file is this ?)","Error",MB_OK|MB_ICONQUESTION); unsigned int nNumberOfBytesToRead=((pSectHdr-nNumberOfSections)->Misc.VirtualSize-(rva-(pSectHdr-nNumberOfSections)->VirtualAddress));//We will be reading (rva-start of section) bytes after start of .text offset. We are reading VirtualSize bytes of data because that's really the size of actual code before padding it up by the linker if(DumpSection(dwResult,nNumberOfBytesToRead,rva)) MessageBox(NULL,"Your application has been AppSecured","Done !",MB_OK|MB_ICONINFORMATION);; return dwResult; }