/* We may need padding between various parts of the allocated memory. Given a size of memory, this returns the amount of memory which should be allocated in order to allow for alignment of the following object. I don't know how portable this stuff is, but it seems to work for me at the moment. It would be real nice if I knew more about this! // Note: this function is now obsolete (along with CalcAlignment) // because the calculations are done statically, for greater speed. */ size_t wxDebugContext::GetPadding (const size_t size) { size_t pad = size % CalcAlignment (); return (pad) ? sizeof(wxMarkerType) - pad : 0; }
LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) { switch (message) /* handle the messages */ { case WM_COMMAND: { switch(LOWORD(wParam)) { case BUTTON1:{ // OPEN A PE FILE OPENFILENAME ofn; char szFileName[MAX_PATH] = ""; SendDlgItemMessage(hwnd,BUTTON5, BN_CLICKED, (WPARAM)hBtn5,(LPARAM) hwnd); ZeroMemory(&ofn, sizeof(ofn)); ofn.lStructSize = sizeof(ofn); ofn.hwndOwner = hwnd; ofn.lpstrFilter = "Executables (*.exe)\0*.exe\0Dll (*.dll)\0*.dll\0"; ofn.lpstrFile = szFileName; ofn.nMaxFile = MAX_PATH; ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY; ofn.lpstrDefExt = ""; if(GetOpenFileName(&ofn)){ SetDlgItemText(hwnd,EDIT1,szFileName); } }break; case BUTTON2:{ // READS INFORMATIONF FROM PE HEADER remove("import.txt"); remove("export.txt"); char txt[5024], txt1[2056], txt2[2056], txt3[2056], txt4[2056], txt5[2056]; txt[0] = txt1[0] = txt2[0] = txt3[0] = txt4[0] = txt5[0] = '\0'; int len = GetWindowTextLength (GetDlgItem (hwnd, EDIT1)); GetDlgItemText(hwnd,EDIT1,FileName, len + 1); hFile = CreateFile(FileName, GENERIC_READ, FILE_SHARE_READ, 0,OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile == INVALID_HANDLE_VALUE){ MessageBoxA(NULL,"Cannot Open the File","Error",MB_OK);break; } FileSize = GetFileSize(hFile, NULL); BaseAddress = (BYTE *) malloc(FileSize); if (!ReadFile(hFile, BaseAddress, FileSize, &BR, NULL)){ free(BaseAddress); CloseHandle(hFile); break; } ImageDosHeader = (IMAGE_DOS_HEADER *) BaseAddress; ImageOptionalHeader = (_IMAGE_OPTIONAL_HEADER *) BaseAddress; if (ImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE) // checks the DOS SIGNATURE, if not equals to (MZ) then stops { MessageBoxA(NULL,"Invalid Dos Header","Error",MB_OK); free(BaseAddress); CloseHandle(hFile); break; } ImageNtHeaders = (IMAGE_NT_HEADERS *) (ImageDosHeader->e_lfanew + (DWORD) ImageDosHeader); if (ImageNtHeaders->Signature != IMAGE_NT_SIGNATURE) // checks the PE header, if not equals to NT signature stops { MessageBoxA(NULL,"Invalid PE Signature","Error",MB_OK); free(BaseAddress); CloseHandle(hFile); break; } // takes the address of first section ImageSectionHeader = IMAGE_FIRST_SECTION(ImageNtHeaders); // shows the section table for (x = 0; x < ImageNtHeaders->FileHeader.NumberOfSections; x++) { memcpy(SectionName, ImageSectionHeader[x].Name,IMAGE_SIZEOF_SHORT_NAME); long lSize; char * buffer; size_t result; _ultoa(ImageSectionHeader[x].VirtualAddress,txt1,16); _ultoa(ImageSectionHeader[x].Misc.VirtualSize,txt2,16); _ultoa(ImageSectionHeader[x].PointerToRawData,txt3,16); _ultoa(ImageSectionHeader[x].SizeOfRawData,txt4,16); _ultoa(ImageSectionHeader[x].Characteristics,txt5,16); strcat(txt, "Section Name: "); strcat(txt, SectionName); strcat(txt , "\r\n"); strcat(txt, "Virtual Address: "); strcat(txt, txt1); strcat(txt , "\r\n"); strcat(txt, "Virtual Size: "); strcat(txt, txt2); strcat(txt , "\r\n"); strcat(txt, "Raw Address: "); strcat(txt, txt3); strcat(txt , "\r\n"); strcat(txt, "Raw Size: "); strcat(txt, txt4); strcat(txt , "\r\n"); strcat(txt, "Characteristics: "); strcat(txt, txt5); strcat(txt , "\r\n\r\n"); SetDlgItemText(hwnd,EDIT2,txt); } /* VARIABLES USED TO STORE AND SHOW INFORMATIONS */ char Img[LENGTH],Img1[LENGTH]; char AeP[LENGTH],AeP1[LENGTH]; char BoC[LENGTH],BoC1[LENGTH]; char BoD[LENGTH],BoD1[LENGTH]; char Sa[LENGTH] ,Sa1[LENGTH]; char Fa[LENGTH] ,Fa1[LENGTH]; char Ss[LENGTH] ,Ss1[LENGTH]; char SoC[LENGTH],SoC1[LENGTH]; char SiD[LENGTH],SiD1[LENGTH]; char SuD[LENGTH],SuD1[LENGTH]; char Em[LENGTH] ,Em1[LENGTH]; char Sgn[LENGTH],Sgn1[LENGTH]; Img[0], Img1[0], AeP[0], AeP1[0], BoC[0], BoC1[0], BoD[0], BoD1[0], Sa[0] , Sa1[0] , Fa[0], Fa1[0] = '\0'; Ss[0] , Ss1[0] , SoC[0], SoC1[0], SiD[0], SiD1[0], SuD[0], SuD1[0], Em[0] , Em1[0] , Sgn[0], Sgn1[0] = '\0'; for (int i = 0; i < LENGTH; i++){ Img[i] = '\0'; AeP[i] = '\0'; BoC[i] = '\0'; BoD[i] = '\0'; Sa[i] = '\0'; Fa[i] = '\0'; Ss[i] = '\0'; SoC[i] = '\0'; SiD[i] = '\0'; SuD[i] = '\0'; Em[i] = '\0'; Sgn[i] = '\0'; } //STORES VALUES DWORD ImageBase = ImageNtHeaders->OptionalHeader.ImageBase; DWORD AddressOfEntryPoint = ImageNtHeaders->OptionalHeader.AddressOfEntryPoint; DWORD BaseOfCode = ImageNtHeaders->OptionalHeader.BaseOfCode; DWORD BaseOfData = ImageNtHeaders->OptionalHeader.BaseOfData; DWORD SectionAlignment = ImageNtHeaders->OptionalHeader.SectionAlignment; DWORD FileAlignment = ImageNtHeaders->OptionalHeader.FileAlignment; DWORD Subsystem = ImageNtHeaders->OptionalHeader.Subsystem; DWORD SizeOfCode = ImageNtHeaders->OptionalHeader.SizeOfCode; DWORD SizeOfInitializedData = ImageNtHeaders->OptionalHeader.SizeOfInitializedData; DWORD SizeOfUnitializedData = ImageNtHeaders->OptionalHeader.SizeOfUninitializedData; DWORD EMagic = ImageDosHeader->e_magic; DWORD Signature = ImageNtHeaders->Signature; /* CONVERT DWORD TO HEX ==> I REALLY LOVE THIS FUNCTION :P*/ _ultoa(ImageBase,Img1,16); _ultoa(AddressOfEntryPoint,AeP1,16); _ultoa(BaseOfCode,BoC1,16); _ultoa(BaseOfData,BoD1,16); _ultoa(SectionAlignment,Sa1,16); _ultoa(FileAlignment,Fa1,16); _ultoa(Subsystem,Ss1,16); _ultoa(SizeOfCode,SoC1,16); _ultoa(SizeOfInitializedData,SiD1,16); _ultoa(SizeOfUnitializedData,SuD1,16); _ultoa(EMagic,Em1,16); _ultoa(Signature,Sgn1,16); strcat(Img,"ImageBase: 0x"); strcat(Img, Img1); strcat(AeP, "AddressOfEntryPoint: 0x"); strcat(AeP, AeP1); strcat(BoC, "BaseOfCode: 0x"); strcat(BoC, BoC1); strcat(BoD, "BaseOfData: 0x"); strcat(BoD, BoD1); strcat(Sa, "SectionAlignment: 0x"); strcat(Sa, Sa1); strcat(Fa, "FileAlignment: 0x"); strcat(Fa, Fa1); strcat(Ss, "Subsystem: 0x"); strcat(Ss, Ss1); strcat(SoC, "SizeOfCode: 0x"); strcat(SoC, SoC1); strcat(SiD, "SizeOfInitializedData: 0x"); strcat(SiD, SiD1); strcat(SuD, "SizeOfUnitializedData: 0x"); strcat(SuD, SuD1); strcat(Em, "EMagic Signature: 0x"); strcat(Em, Em1); strcat(Sgn, "PE Signature: 0x"); strcat(Sgn, Sgn1); SetDlgItemText(hwnd,LABEL5, Img); SetDlgItemText(hwnd,LABEL6, AeP); SetDlgItemText(hwnd,LABEL7, BoC); SetDlgItemText(hwnd,LABEL8, BoD); SetDlgItemText(hwnd,LABEL9, Sa); SetDlgItemText(hwnd,LABEL10,Fa); SetDlgItemText(hwnd,LABEL11,Ss); SetDlgItemText(hwnd,LABEL12,SoC); SetDlgItemText(hwnd,LABEL13,SiD); SetDlgItemText(hwnd,LABEL14,SuD); SetDlgItemText(hwnd,LABEL15,Em); SetDlgItemText(hwnd,LABEL16,Sgn); /* INFORMATION */ /* LOGS FROM IMPORT TABLE */ f = fopen("import.txt","wa"); IT_Offset = RvaToOffset(ImageNtHeaders,ImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress); ImageImportDescr = (IMAGE_IMPORT_DESCRIPTOR *) (IT_Offset + (DWORD) BaseAddress); x = 0; // counter used under while (ImageImportDescr[x].FirstThunk != 0) // analyzes all descriptors { Name = (char *) (RvaToOffset(ImageNtHeaders, ImageImportDescr[x].Name) + (DWORD) BaseAddress); fprintf(f,"\nModule Name: %s\r\nFunctions:\r\n", Name); // selects the array to analyze Thunks = (DWORD *) (RvaToOffset(ImageNtHeaders, ImageImportDescr[x].OriginalFirstThunk != 0 ? ImageImportDescr[x].OriginalFirstThunk : ImageImportDescr[x].FirstThunk) + (DWORD) BaseAddress); y = 0; // another counter // browse into internal functions of the analyzed file while (Thunks[y] != 0) { //imports if (Thunks[y] & IMAGE_ORDINAL_FLAG) { fprintf(f,"Ordinal: %08X\r\n", (Thunks[y] - IMAGE_ORDINAL_FLAG)); y++; continue; } ImgName = (IMAGE_IMPORT_BY_NAME *) (RvaToOffset(ImageNtHeaders, Thunks[y]) + (DWORD) BaseAddress); fprintf(f,"Name: %s\r\n", &ImgName->Name); y++; } x++; } fflush(f); fclose(f); std::ifstream of("import.txt"); char *s; char sf[LENGTH*50],sf1[LENGTH*50]; sf[0], sf1[0] = '\0'; while (of) { of.getline(sf,1000); strcat(sf1,sf); strcat(sf1,"\r\n"); } SetDlgItemText(hwnd,EDIT3,sf1); of.close(); remove("import.txt"); /* IMPORT TABLE */ /* LOGS FROM EXPORT TABLE */ ET_Offset = RvaToOffset(ImageNtHeaders,ImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); ImageExportDir = (IMAGE_EXPORT_DIRECTORY *) (ET_Offset +(DWORD) BaseAddress); Name = (char *) (RvaToOffset(ImageNtHeaders,ImageExportDir->Name) + (DWORD) BaseAddress); Functions = (DWORD *) (RvaToOffset(ImageNtHeaders, ImageExportDir->AddressOfFunctions) + (DWORD) BaseAddress); Names = (DWORD *) (RvaToOffset(ImageNtHeaders, ImageExportDir->AddressOfNames) + (DWORD) BaseAddress); NameOrds = (WORD *) (RvaToOffset(ImageNtHeaders, ImageExportDir->AddressOfNameOrdinals) + (DWORD) BaseAddress); // enums and shows functions for (x = 0; x < ImageExportDir->NumberOfFunctions; x++) { // controllo se l'EP e' 0 // se si' allora passa alla prossima funzione if (Functions[x] == 0)continue; printf("\nOrd: %04X\nEP: %08X\n", (x + ImageExportDir->Base), Functions[x]); f=fopen("export.txt","a"); if (f != NULL) { fprintf(f,"\nOrd: %04X\nEP: %08X\n", (x + ImageExportDir->Base), Functions[x] ); fflush(f); } // if the function has also a name I show it for (y = 0; y < ImageExportDir->NumberOfNames; y++) { if (NameOrds[y] == x) { FName = (char *) (RvaToOffset(ImageNtHeaders, Names[y]) + (DWORD) BaseAddress); printf("Name: %s\n", FName); if (f != NULL) { fprintf(f,"Name: %s\n", FName); fflush(f); fclose(f); } break; } } } std::ifstream of1("export.txt"); char sf2[LENGTH*80],sf3[LENGTH*80]; sf2[0], sf3[0] = '\0'; while (of1) { of1.getline(sf2,1000); strcat(sf3,sf2); strcat(sf3,"\r\n"); } SetDlgItemText(hwnd,EDIT4,sf3); of1.close(); remove("export.txt"); /* EXPORT TABLE */ free(BaseAddress); CloseHandle(hFile); }break; // end case BUTTON2 case BUTTON3:{PostQuitMessage (0);break;} case BUTTON4:{ HANDLE hFile; BYTE *BaseAddress; WORD nSection; DWORD FileSize, BRW, NameSize, Size; char Dim[MAX_PATH], Sect[MAX_PATH]; int len, lent; IMAGE_DOS_HEADER *ImageDosHeader; IMAGE_NT_HEADERS *ImageNtHeaders; IMAGE_SECTION_HEADER *ImageSectionHeader; len = GetWindowTextLength (GetDlgItem (hwnd, EDIT6)); GetDlgItemText(hwnd,EDIT6,Dim, len + 1); lent = GetWindowTextLength (GetDlgItem (hwnd, EDIT5)); GetDlgItemText(hwnd,EDIT5,Sect, lent + 1); Size = atoi(Dim); if (Size > 0 && lent > 0) { hFile = CreateFile(FileName, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); if (hFile == INVALID_HANDLE_VALUE) { printf("Cannot Open the File\n"); return -1; } FileSize = GetFileSize(hFile, NULL); BaseAddress = (BYTE *) malloc(FileSize); if (!ReadFile(hFile, BaseAddress, FileSize, &BRW, NULL)) { free(BaseAddress); CloseHandle(hFile); return -1; } ImageDosHeader = (IMAGE_DOS_HEADER *) BaseAddress; ImageOptionalHeader = (_IMAGE_OPTIONAL_HEADER *) BaseAddress; if (ImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE) // checks the DOS SIGNATURE, if not equals to (MZ) then stops { MessageBoxA(NULL,"Invalid Dos Header","Error",MB_OK); free(BaseAddress); CloseHandle(hFile); break; } ImageNtHeaders = (IMAGE_NT_HEADERS *) (ImageDosHeader->e_lfanew + (DWORD) ImageDosHeader); if (ImageNtHeaders->Signature != IMAGE_NT_SIGNATURE) // checks the PE header, if not equals to NT signature stops { MessageBoxA(NULL,"Invalid PE Signature","Error",MB_OK); free(BaseAddress); CloseHandle(hFile); break; } // prende le dimensioni printf("Creating New Section...\n"); nSection = ImageNtHeaders->FileHeader.NumberOfSections; ImageNtHeaders->FileHeader.NumberOfSections++; ImageSectionHeader = IMAGE_FIRST_SECTION(ImageNtHeaders); ImageNtHeaders->OptionalHeader.SizeOfImage += CalcAlignment(ImageNtHeaders->OptionalHeader.SectionAlignment, Size); ZeroMemory(&ImageSectionHeader[nSection], IMAGE_SIZEOF_SECTION_HEADER); if (strlen(Sect) <= IMAGE_SIZEOF_SHORT_NAME) { NameSize = strlen(Sect); } else { NameSize = IMAGE_SIZEOF_SHORT_NAME; } memcpy(&ImageSectionHeader[nSection].Name, Sect, NameSize); // calcola il Virtual Address della nuova sezione ImageSectionHeader[nSection].VirtualAddress = CalcAlignment(ImageNtHeaders->OptionalHeader.SectionAlignment, (ImageSectionHeader[nSection - 1].VirtualAddress + ImageSectionHeader[nSection - 1].Misc.VirtualSize)); ImageSectionHeader[nSection].Misc.VirtualSize = Size; if (ImageSectionHeader[nSection - 1].SizeOfRawData % ImageNtHeaders->OptionalHeader.FileAlignment) { // se la sezione prima di quella che vogliamo creare noi non � allineata lo faccio ImageSectionHeader[nSection - 1].SizeOfRawData = CalcAlignment(ImageNtHeaders->OptionalHeader.FileAlignment, ImageSectionHeader[nSection - 1].SizeOfRawData); SetFilePointer(hFile,(ImageSectionHeader[nSection - 1].PointerToRawData + ImageSectionHeader[nSection - 1].SizeOfRawData), NULL, FILE_BEGIN); SetEndOfFile(hFile); } ImageSectionHeader[nSection].PointerToRawData = GetFileSize(hFile, NULL); ImageSectionHeader[nSection].SizeOfRawData = CalcAlignment(ImageNtHeaders->OptionalHeader.FileAlignment, Size); ImageSectionHeader[nSection].Characteristics = IMAGE_SCN_MEM_READ; SetFilePointer(hFile, ImageSectionHeader[nSection].SizeOfRawData,NULL, FILE_END); SetEndOfFile(hFile); // salvo le modifiche SetFilePointer(hFile, 0, NULL, FILE_BEGIN); WriteFile(hFile, BaseAddress, FileSize, &BRW, NULL); MessageBox(NULL,"The section has been successfully added!","Info",MB_OK); free(BaseAddress); CloseHandle(hFile); } else { MessageBox(NULL,"The section was not added correctly!","Error",MB_OK); } }break; // fine button 4 case BUTTON5: { MessageBoxA(NULL,"Program created by Zyrel aka Marco Lagalla.\nVisit us on: <a href="http://www.unfair-gamers.com" target="_blank">http://www.unfair-gamers.com</a>!\nThanks to Ntoskrnl <img src="images/smilies1/wink1.gif" style="vertical-align: middle;" border="0" alt="Wink" title="Wink" />","Credits and Disclaimer",MB_OK); }break; case BUTTON6: { ShellExecute(NULL,"open","http://www.unfair-gamers.com/forum/index.php",NULL,NULL,SW_HIDE); }break; default:{break;} // DEFAUL CONTROLLI }break;} // FINE WM_COMMAND case WM_DESTROY: { PostQuitMessage (0); }break; /* send a WM_QUIT to the message queue */ default: /* for messages that we don't deal with */ return DefWindowProc (hwnd, message, wParam, lParam); case WM_CTLCOLORSTATIC: { SetTextColor((HDC)hLabel2,RGB(141,149,155)); } } return 0; }