void Convert(std::string pe_file_name, std::string xky_file_name)
{
//Creamos el fichero PE
PEFile pe_file(pe_file_name);
//Testear que exista una seccion ".module"
if(!pe_file.GetSectionHeaderByName(MODULE_SECTION_NAME))
throw std::string(".module section doesn't exists");
//Creamos el fichero linkado
XFile xky_file(CalculateXkyFileSize(&pe_file, XKY_SECTION_ALIGNMENT, XKY_HEADER_ALIGNMENT));
//Volcamos la cabecera
DumpHeader(&xky_file, &pe_file, XKY_HEADER_ALIGNMENT);
//Volcamos por este orden:
// .import
// .data
// .code
// .export
DumpSection(&xky_file, &pe_file, IMPORT_SECTION_NAME, XKY_SECTION_ALIGNMENT);
DumpSection(&xky_file, &pe_file, DATA_SECTION_NAME, XKY_SECTION_ALIGNMENT);
DumpSection(&xky_file, &pe_file, CODE_SECTION_NAME, XKY_SECTION_ALIGNMENT);
DumpSection(&xky_file, &pe_file, EXPORT_SECTION_NAME, XKY_SECTION_ALIGNMENT);
//Volcamos las relocs
// xky_module_header->relocs_section.offset = xky_file_write_pointer;
// xky_module_header->relocs_section.size = xky_file_size - xky_file_write_pointer;
DumpRelocs(&xky_file, &pe_file, XKY_SECTION_ALIGNMENT);
//Volcamos a disco
if(!xky_file.FlushToDisk(xky_file_name))
throw std::string("Cant open dump disk file: ") + xky_file_name;
}
void DumpSections()
{
for(unsigned i = 0; i < Sections.Size(); i++)
{
DumpSection(i, &Sections[i]);
}
}
static void DumpSections(IDiaSession *session)
{
HRESULT hr;
IDiaEnumTables * enumTables = NULL;
IDiaTable * secTable = NULL;
hr = session->getEnumTables(&enumTables);
if (S_OK != hr)
return;
AddReportSepLine();
g_report.Append("Sections:\n");
VARIANT vIndex;
vIndex.vt = VT_BSTR;
vIndex.bstrVal = SysAllocString(L"Sections");
hr = enumTables->Item(vIndex, &secTable);
if (S_OK != hr)
goto Exit;
LONG count;
secTable->get_Count(&count);
IDiaSectionContrib *item;
ULONG numFetched;
for (;;)
{
hr = secTable->Next(1,(IUnknown **)&item, &numFetched);
if (FAILED(hr) || (numFetched != 1))
break;
DumpSection(item);
item->Release();
}
Exit:
UnkReleaseSafe(secTable);
SysFreeStringSafe(vIndex.bstrVal);
UnkReleaseSafe(enumTables);
}
DWORD CAppProtector::RVAToFileOffset(PIMAGE_NT_HEADERS pNtHdr, DWORD rva, unsigned int nNumberOfSections)
{
HANDLE hFile=CreateFile(szMyFileName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,(HANDLE)0);
HANDLE hFileMapping=CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
PVOID pMemoryMappedFileBase=(PCHAR)MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0);
if(pMemoryMappedFileBase==0)
{
//Error
CloseHandle(hFileMapping);
hFileMapping=0;
CloseHandle(hFile);
hFile=INVALID_HANDLE_VALUE;
return ((DWORD)-1);
}
PIMAGE_SECTION_HEADER pSectHdr=IMAGE_FIRST_SECTION(pNtHdr);
DWORD cbMaxOnDisk=0,startSectRVA=0,endSectRVA=0,dwResult=(DWORD)-1;
for(unsigned i=0;i<nNumberOfSections;i++,pSectHdr++)
{
cbMaxOnDisk=min(pSectHdr->Misc.VirtualSize,pSectHdr->SizeOfRawData);
startSectRVA=pSectHdr->VirtualAddress;
endSectRVA=startSectRVA + cbMaxOnDisk;
if((rva>=startSectRVA)&&(rva<endSectRVA)) dwResult=pSectHdr->PointerToRawData+(rva-startSectRVA);
}
CloseHandle(hFileMapping);
CloseHandle(hFile);
if(dwResult<0) MessageBox(NULL,"Error calculating file offset (what type of PE file is this ?)","Error",MB_OK|MB_ICONQUESTION);
unsigned int nNumberOfBytesToRead=((pSectHdr-nNumberOfSections)->Misc.VirtualSize-(rva-(pSectHdr-nNumberOfSections)->VirtualAddress));//We will be reading (rva-start of section) bytes after start of .text offset. We are reading VirtualSize bytes of data because that's really the size of actual code before padding it up by the linker
if(DumpSection(dwResult,nNumberOfBytesToRead,rva)) MessageBox(NULL,"Your application has been AppSecured","Done !",MB_OK|MB_ICONINFORMATION);;
return dwResult;
}
