//----------------------------------------------------------------
void CPELibrary::AlignmentSections()
{
int i =0;
for(i=0;i<image_nt_headers->FileHeader.NumberOfSections;i++)
{
image_section_header[i]->VirtualAddress=
PEAlign(image_section_header[i]->VirtualAddress,
image_nt_headers->OptionalHeader.SectionAlignment);
image_section_header[i]->Misc.VirtualSize=
PEAlign(image_section_header[i]->Misc.VirtualSize,
image_nt_headers->OptionalHeader.SectionAlignment);
image_section_header[i]->PointerToRawData=
PEAlign(image_section_header[i]->PointerToRawData,
image_nt_headers->OptionalHeader.FileAlignment);
image_section_header[i]->SizeOfRawData=
PEAlign(image_section_header[i]->SizeOfRawData,
image_nt_headers->OptionalHeader.FileAlignment);
}
image_nt_headers->OptionalHeader.SizeOfImage=image_section_header[i-1]->VirtualAddress+
image_section_header[i-1]->Misc.VirtualSize;
image_nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress=0;
image_nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size=0;
image_nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress=0;
image_nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size=0;
}
//----------------------------------------------------------------
PIMAGE_SECTION_HEADER CPELibrary::AddNewSection(char* szName,DWORD dwSize)
{
DWORD roffset,rsize,voffset,vsize;
int i=image_nt_headers->FileHeader.NumberOfSections;
rsize=PEAlign(dwSize,
image_nt_headers->OptionalHeader.FileAlignment);
vsize=PEAlign(rsize,
image_nt_headers->OptionalHeader.SectionAlignment);
roffset=PEAlign(image_section_header[i-1]->PointerToRawData+image_section_header[i-1]->SizeOfRawData,
image_nt_headers->OptionalHeader.FileAlignment);
voffset=PEAlign(image_section_header[i-1]->VirtualAddress+image_section_header[i-1]->Misc.VirtualSize,
image_nt_headers->OptionalHeader.SectionAlignment);
memset(image_section_header[i],0,(size_t)sizeof(IMAGE_SECTION_HEADER));
image_section_header[i]->PointerToRawData=roffset;
image_section_header[i]->VirtualAddress=voffset;
image_section_header[i]->SizeOfRawData=rsize;
image_section_header[i]->Misc.VirtualSize=vsize;
image_section_header[i]->Characteristics=0xC0000040;
memcpy(image_section_header[i]->Name,szName,(size_t)strlen(szName));
image_section[i]=(char*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT,rsize);
image_nt_headers->FileHeader.NumberOfSections++;
return (PIMAGE_SECTION_HEADER)image_section_header[i];
}
PEStruct getPEFileInformation(char *filename)
{
HANDLE hFile;
PEStruct pRetnStruct;
DWORD dwBytesRead;
hFile = CreateFile(filename,GENERIC_READ, FILE_SHARE_READ,NULL,
OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(!hFile)
return pRetnStruct;
pRetnStruct.fileSize = GetFileSize(hFile,0);
if(!pRetnStruct.fileSize)
return pRetnStruct;
pRetnStruct.fileImage = malloc(pRetnStruct.fileSize);
if(!pRetnStruct.fileImage)
return pRetnStruct;
ReadFile(hFile,pRetnStruct.fileImage,pRetnStruct.fileSize,&dwBytesRead,NULL);
CloseHandle(hFile);
if(!dwBytesRead)
return pRetnStruct;
//copy portions to relevant sections
CopyMemory(&pRetnStruct.image_dos_header,pRetnStruct.fileImage,sizeof(IMAGE_DOS_HEADER));
CopyMemory(&pRetnStruct.image_nt_headers,
((BYTE *)pRetnStruct.fileImage + pRetnStruct.image_dos_header.e_lfanew),sizeof(IMAGE_NT_HEADERS));
//address of first section
pRetnStruct.dwRO_first_section=pRetnStruct.image_dos_header.e_lfanew+sizeof(IMAGE_NT_HEADERS);
pRetnStruct.numOfSecs = pRetnStruct.image_nt_headers.FileHeader.NumberOfSections;
CopyMemory(&pRetnStruct.image_section_header,((BYTE *)pRetnStruct.fileImage + pRetnStruct.dwRO_first_section),
pRetnStruct.numOfSecs*sizeof(IMAGE_SECTION_HEADER));
//now to fill in individual sections (.text .data)
for(int i=0;i < pRetnStruct.numOfSecs;i++)
{
pRetnStruct.image_section[i] =(char *) malloc(PEAlign(pRetnStruct.image_section_header[i].SizeOfRawData,
pRetnStruct.image_nt_headers.OptionalHeader.FileAlignment));
CopyMemory(pRetnStruct.image_section[i],((BYTE *)pRetnStruct.fileImage + pRetnStruct.image_section_header[i].PointerToRawData),
pRetnStruct.image_section_header[i].SizeOfRawData);
}
return pRetnStruct;
}
//================================================================
//----------------------------------------------------------------
void CPELibrary::OpenFile(TCHAR* FileName)
{
DWORD dwBytesRead = 0;
HANDLE hFile= NULL;
DWORD SectionNum;
DWORD i;
DWORD dwRO_first_section;
pMem=NULL;
//----------------------------------------
hFile=CreateFile(FileName,
GENERIC_READ,
FILE_SHARE_WRITE | FILE_SHARE_READ,
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);
if(hFile==INVALID_HANDLE_VALUE)
{
ShowErr(FileErr);
return;
}
dwFileSize=GetFileSize(hFile,0);
if(dwFileSize == 0)
{
CloseHandle(hFile);
ShowErr(FsizeErr);
return;
}
pMem=(char*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT,dwFileSize);
if(pMem == NULL)
{
CloseHandle(hFile);
ShowErr(MemErr);
return;
}
ReadFile(hFile,pMem,dwFileSize,&dwBytesRead,NULL);
CloseHandle(hFile);
//----------------------------------------
memcpy(image_dos_header,pMem,sizeof(IMAGE_DOS_HEADER));
dwDosStubSize=image_dos_header->e_lfanew-sizeof(IMAGE_DOS_HEADER);
dwDosStubOffset=sizeof(IMAGE_DOS_HEADER);
pDosStub=new CHAR[dwDosStubSize];
if((dwDosStubSize&0x80000000)==0x00000000)
{
CopyMemory(pDosStub,pMem+dwDosStubOffset,dwDosStubSize);
}
memcpy(image_nt_headers,
pMem+image_dos_header->e_lfanew,
sizeof(IMAGE_NT_HEADERS));
dwRO_first_section=image_dos_header->e_lfanew+sizeof(IMAGE_NT_HEADERS);
if(image_dos_header->e_magic!=IMAGE_DOS_SIGNATURE)// MZ
{
ShowErr(PEErr);
GlobalFree(pMem);
return;
}
if(image_nt_headers->Signature!=IMAGE_NT_SIGNATURE)// PE00
{
ShowErr(PEErr);
GlobalFree(pMem);
return;
}
//----------------------------------------
SectionNum=image_nt_headers->FileHeader.NumberOfSections;
//----------------------------------------
for( i=0;i<SectionNum;i++)
{
CopyMemory(image_section_header[i],pMem+dwRO_first_section+i*sizeof(IMAGE_SECTION_HEADER),
sizeof(IMAGE_SECTION_HEADER));
}
//----------------------------------------
for(i=0;i<SectionNum;i++)
{
image_section[i]=(char*)GlobalAlloc(GMEM_FIXED | GMEM_ZEROINIT,
PEAlign(image_section_header[i]->SizeOfRawData,
image_nt_headers->OptionalHeader.FileAlignment));
CopyMemory(image_section[i],
pMem+image_section_header[i]->PointerToRawData,
image_section_header[i]->SizeOfRawData);
}
//----------------------------------------
GlobalFree(pMem);
}
BOOL CopyPEFileToMem(LPCSTR lpszFilename)
{
HANDLE hFile;
PBYTE pMem;
DWORD dwBytesRead;
int i;
DWORD dwSecOff;
PIMAGE_NT_HEADERS pMemNtHeaders;
PIMAGE_SECTION_HEADER pMemSecHeaders;
hFile = CreateFile(lpszFilename, GENERIC_READ,
FILE_SHARE_READ, NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (hFile == INVALID_HANDLE_VALUE) {
printf("[E]: Open file (%s) failed.\n", lpszFilename);
return FALSE;
}
dwFileSize = GetFileSize(hFile, 0);
printf("[I]: Open file (%s) ok, with size of 0x%08x.\n", lpszFilename, dwFileSize);
pMem = (PBYTE)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, dwFileSize);
if(pMem == NULL) {
printf("[E]: HeapAlloc failed (with the size of 0x%08x).\n", dwFileSize);
CloseHandle(hFile);
return FALSE;
}
ReadFile(hFile, pMem, dwFileSize, &dwBytesRead, NULL);
CloseHandle(hFile);
// Copy DOS Header
pDosHeader = (PIMAGE_DOS_HEADER)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(IMAGE_DOS_HEADER));
if(pDosHeader == NULL) {
printf("[E]: HeapAlloc failed for DOS_HEADER\n");
CloseHandle(hFile);
return FALSE;
}
CopyMemory(pDosHeader, pMem, sizeof(IMAGE_DOS_HEADER));
// Copy DOS Stub Code
dwDosStubSize = pDosHeader->e_lfanew - sizeof(IMAGE_DOS_HEADER);
dwDosStubOffset = sizeof(IMAGE_DOS_HEADER);
pDosStub = HeapAlloc(hHeap, HEAP_ZERO_MEMORY, dwDosStubSize);
if ((dwDosStubSize & 0x80000000) == 0x00000000)
{
CopyMemory(pDosStub, (const void *)(pMem + dwDosStubOffset), dwDosStubSize);
}
// Copy NT HEADERS
pMemNtHeaders = (PIMAGE_NT_HEADERS)(pMem + pDosHeader->e_lfanew);
pNtHeaders = (PIMAGE_NT_HEADERS)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, sizeof(IMAGE_NT_HEADERS));
if(pNtHeaders == NULL) {
printf("[E]: HeapAlloc failed for NT_HEADERS\n");
CloseHandle(hFile);
return FALSE;
}
CopyMemory(pNtHeaders, pMemNtHeaders, sizeof(IMAGE_NT_HEADERS));
pOptHeader = &(pNtHeaders->OptionalHeader);
pFileHeader = &(pNtHeaders->FileHeader);
// Copy SectionTable
pMemSecHeaders = (PIMAGE_SECTION_HEADER) ((DWORD)pMemNtHeaders + sizeof(IMAGE_NT_HEADERS));
wSecNum = pFileHeader->NumberOfSections;
pSecHeaders = (PIMAGE_SECTION_HEADER)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, wSecNum * sizeof(IMAGE_SECTION_HEADER));
if(pSecHeaders == NULL) {
printf("[E]: HeapAlloc failed for SEC_HEADERS\n");
CloseHandle(hFile);
return FALSE;
}
CopyMemory(pSecHeaders, pMemSecHeaders, wSecNum * sizeof(IMAGE_SECTION_HEADER));
for(i = 0; i < wSecNum; i++) {
pSecHeader[i] = (PIMAGE_SECTION_HEADER)
((DWORD)pSecHeaders + i * sizeof(IMAGE_SECTION_HEADER));
}
// Copy Section
for(i = 0; i < wSecNum; i++) {
dwSecOff = (DWORD)(pMem + pSecHeader[i]->PointerToRawData);
dwSecSize[i] = PEAlign(pSecHeader[i]->SizeOfRawData, pOptHeader->FileAlignment);
pSecData[i] = (PBYTE)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, dwSecSize[i]);
if (pSecData[i] == NULL) {
printf("[E]: HeapAlloc failed for the section of %d\n", i);
CloseHandle(hFile);
return FALSE;
}
CopyMemory(pSecData[i], (PVOID)dwSecOff, dwSecSize[i]);
}
HeapFree(hHeap, 0, pMem);
printf("[I]: Load PE from file (%s) ok\n", lpszFilename);
return TRUE;
}