Jump to content
Nytro

[C++] Remove Base Relocations

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[C++] Remove Base Relocations

Author: steve10120

// steve10120@ic0de.org

#include <Windows.h>

BOOL FileToMem(LPSTR szFilePath, LPVOID &pBuffer, DWORD &dwSize)
{
    BOOL bResult = FALSE;
    HANDLE hFile;
    DWORD dwRead;

    hFile = CreateFileA(szFilePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, 0);
    if (hFile != INVALID_HANDLE_VALUE)
    {
        dwSize = GetFileSize(hFile, NULL);
        if (dwSize > 0)
        {
            pBuffer = VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_READWRITE);
            if (pBuffer != NULL)
            {
                SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
                ReadFile(hFile, pBuffer, dwSize, &dwRead, NULL);
                if (dwRead == dwSize)
                    bResult = TRUE;
            }
        }
        CloseHandle(hFile);
    }
    return bResult;
}

DWORD Align(DWORD dwValue, DWORD dwAlignment)
{
    DWORD dwResult = dwValue;

    if (dwAlignment > 0)
    {
        if ((dwValue % dwAlignment) > 0)
            dwResult = (dwValue + dwAlignment) - (dwValue % dwAlignment);
    }
    return dwResult;
}

BOOL RemoveBaseRelocations(LPSTR szFilePath, LPSTR szDestPath)
{
    BOOL bResult = FALSE;
    HANDLE hFile;
    LPVOID pFile;
    DWORD dwFileSize;
    DWORD dwWritten;
    PIMAGE_DOS_HEADER IDH;
    PIMAGE_NT_HEADERS INH;
    IMAGE_SECTION_HEADER TempISH;
    IMAGE_SECTION_HEADER DeltaISH;
    PIMAGE_SECTION_HEADER ISH;
    WORD wRelocIndex;
    WORD i;

    if (FileToMem(szFilePath, pFile, dwFileSize))
    {
        IDH = PIMAGE_DOS_HEADER(pFile);
        if (IDH->e_magic == IMAGE_DOS_SIGNATURE)
        {
            INH = PIMAGE_NT_HEADERS(DWORD(pFile) + IDH->e_lfanew);
            if (INH->Signature == IMAGE_NT_SIGNATURE)
            {
                if (INH->OptionalHeader.DataDirectory[5].VirtualAddress > 0)
                {
                    for (i = 0; i < INH->FileHeader.NumberOfSections; i++)
                    {
                        RtlMoveMemory(&TempISH, LPVOID(DWORD(pFile) + IDH->e_lfanew + 4 + sizeof(IMAGE_FILE_HEADER) + INH->FileHeader.SizeOfOptionalHeader + (i * 40)), 40);
                        if (TempISH.VirtualAddress == INH->OptionalHeader.DataDirectory[5].VirtualAddress)
                        {
                            wRelocIndex = i;
                            break;
                        }
                    }

                    ISH = PIMAGE_SECTION_HEADER(IMAGE_FIRST_SECTION(INH));
                    for (i = 0; i < INH->FileHeader.NumberOfSections; i++)
                    {
                        if (i > wRelocIndex)
                            RtlMoveMemory(LPVOID(DWORD(ISH) - 40), ISH, 40);
                        ISH++;
                    }
                    RtlZeroMemory(LPVOID(DWORD(ISH) - 40), 40);

                    INH->OptionalHeader.DataDirectory[5].VirtualAddress = 0;
                    INH->OptionalHeader.DataDirectory[5].Size = 0;

                    hFile = CreateFileA(szDestPath, GENERIC_WRITE, FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0, 0);
                    if (hFile != INVALID_HANDLE_VALUE)
                    {
                        SetFilePointer(hFile, 0, NULL, FILE_BEGIN);
                        WriteFile(hFile, pFile, INH->OptionalHeader.SizeOfHeaders, &dwWritten, NULL);

                        ISH = PIMAGE_SECTION_HEADER(IMAGE_FIRST_SECTION(INH));
                        for (i = 0; i < INH->FileHeader.NumberOfSections; i++)
                        {
                            if (ISH->SizeOfRawData > 0)
                            {
                                SetFilePointer(hFile, 0, NULL, FILE_END);
                                WriteFile(hFile, LPVOID(DWORD(pFile) + ISH->PointerToRawData), ISH->SizeOfRawData, &dwWritten, NULL);
                            }
                            ISH++;
                        }

                        INH->FileHeader.NumberOfSections -= 1;
                        wRelocIndex -= 1;
                        ISH = PIMAGE_SECTION_HEADER(IMAGE_FIRST_SECTION(INH));
                        for (i = 0; i < INH->FileHeader.NumberOfSections; i++)
                        {
                            if (i > wRelocIndex)
                            {
                                ISH->PointerToRawData -= Align(TempISH.SizeOfRawData, INH->OptionalHeader.FileAlignment);
                                SetFilePointer(hFile, IDH->e_lfanew + 4 + sizeof(IMAGE_FILE_HEADER) + INH->FileHeader.SizeOfOptionalHeader + (i * 40), NULL, FILE_BEGIN);
                                WriteFile(hFile, ISH, 40, &dwWritten, NULL);
                            }

                            if ((i == wRelocIndex) & ((wRelocIndex + 1) < INH->FileHeader.NumberOfSections))
                            {
                                RtlMoveMemory(&DeltaISH, LPVOID(DWORD(pFile) + IDH->e_lfanew + 4 + sizeof(IMAGE_FILE_HEADER) + INH->FileHeader.SizeOfOptionalHeader + ((i + 1) * 40)), 40);
                                ISH->Misc.VirtualSize = DeltaISH.VirtualAddress - ISH->VirtualAddress;
                                SetFilePointer(hFile, IDH->e_lfanew + 4 + sizeof(IMAGE_FILE_HEADER) + INH->FileHeader.SizeOfOptionalHeader + (i * 40), NULL, FILE_BEGIN);
                                WriteFile(hFile, ISH, 40, &dwWritten, NULL);
                            }
                            ISH++;
                        }

                        ISH--;
                        INH->OptionalHeader.SizeOfImage = ISH->VirtualAddress + ISH->Misc.VirtualSize;
                        INH->FileHeader.Characteristics = INH->FileHeader.Characteristics | IMAGE_FILE_RELOCS_STRIPPED;

                        SetFilePointer(hFile, IDH->e_lfanew, NULL, FILE_BEGIN);
                        WriteFile(hFile, INH, 4 + sizeof(IMAGE_FILE_HEADER) + INH->FileHeader.SizeOfOptionalHeader, &dwWritten, NULL); 

                        CloseHandle(hFile);
                        bResult = TRUE;
                    }
                }
            }
        }
        VirtualFree(pFile, 0, MEM_RELEASE);
    }
    return bResult;
}

Sursa: ic0de.org

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...