[C/SRC] RealignPE v2
Publicado: 10 Feb 2011, 00:50
Código: Seleccionar todo
/*
-----------------------------------------------------------
- Function: RealignPE v2 -
- Programmer: The Swash -
- Web: http://www.h-sec.org -
- Dedicated: Thor, Psymera, Steve10120, [Zero], Karcrack -
-----------------------------------------------------------
*/
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#define ReadWriteBinary "r+b"
int AlingNum(int num, int aling);
char * BytesAling(int number);
int main(void)
{
printf("%i ",RealignPE("C:\\hi.exe"));
getchar();
}
int RealignPE(char * lpFile)
{
IMAGE_DOS_HEADER IDH;
IMAGE_FILE_HEADER IFH;
IMAGE_OPTIONAL_HEADER IOH;
IMAGE_SECTION_HEADER ISH;
DWORD PESignature = 0;
FILE * lFile;
int OriSize = 0;
int ActSize = 0;
int Alingned = 0;
lFile = fopen(lpFile,ReadWriteBinary);
if (lFile == NULL) {return -1;}
else
{
fread(&IDH, 64, 1, lFile);
fseek(lFile, IDH.e_lfanew , SEEK_SET);
fread(&PESignature, 4, 1, lFile);
if (IDH.e_magic != IMAGE_DOS_SIGNATURE) {fclose (lFile); return -2;}
else
{
if(PESignature != IMAGE_NT_SIGNATURE) {fclose (lFile); return -3;}
else
{
fseek(lFile, IDH.e_lfanew + 4, SEEK_SET);
fread(&IFH, sizeof(IFH), 1, lFile);
fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH), SEEK_SET);
fread(&IOH, IFH.SizeOfOptionalHeader, 1, lFile);
fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH) + IFH.SizeOfOptionalHeader + (sizeof(ISH)*(IFH.NumberOfSections-1)),SEEK_SET);
fread(&ISH, sizeof(ISH), 1, lFile);
fseek(lFile, 0, SEEK_END);
ActSize = ftell(lFile);
OriSize = ISH.PointerToRawData + ISH.SizeOfRawData;
if (ActSize - OriSize > 0)
{
Alingned = AlingNum(ActSize - OriSize, IOH.FileAlignment);
ISH.SizeOfRawData += Alingned;
ISH.Misc.VirtualSize += Alingned;
IOH.SizeOfImage = ISH.Misc.VirtualSize + ISH.VirtualAddress;
IOH.SizeOfInitializedData += Alingned;
if (ISH.VirtualAddress == IOH.DataDirectory[2].VirtualAddress)
{
IOH.DataDirectory[2].Size += Alingned;
}
fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH), SEEK_SET);
fwrite(&IOH, 1, IFH.SizeOfOptionalHeader, lFile);
fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH) + IFH.SizeOfOptionalHeader + (sizeof(ISH)*(IFH.NumberOfSections-1)),SEEK_SET);
fwrite(&ISH, 1, sizeof(ISH), lFile);
if (Alingned - (ActSize - OriSize) > 0)
{
fseek(lFile, ActSize, SEEK_SET);
fwrite(BytesAling(Alingned-(ActSize - OriSize)), 1, Alingned-(ActSize - OriSize), lFile);
}
return 0;
}
else {return 1;}
}
}
}
}
int AlingNum(int num, int aling)
{
if(num % aling == 0)
{ return num; }
else if(num < aling)
{ return aling; }
else { return (num / aling) * aling + aling; }
}
char * BytesAling(int number)
{
char * sTemp = (char *) malloc(number + 1);
int i;
for (i=0; i<number; i++)
{
sTemp[i] = '\0';
}
return sTemp;
}Saludos!