Jump to content
Nytro

[C/SRC] RealignPE v2

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[C/SRC] RealignPE v2

Author: The Swash

/* 
  -----------------------------------------------------------
  - Function: RealignPE v2                                  -
  - Programmer: The Swash                                   -
  - Web: http://www.h-sec.org                               -
  - Dedicated: Thor, Psymera, Steve10120, [Zero], Karcrack  -
  -----------------------------------------------------------
*/

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#define ReadWriteBinary "r+b"

int AlingNum(int num, int aling);
char * BytesAling(int number);

int main(void)
{
    printf("%i ",RealignPE("C:\\hi.exe"));
    getchar();

}

int RealignPE(char * lpFile)
{
    IMAGE_DOS_HEADER IDH;
    IMAGE_FILE_HEADER IFH;
    IMAGE_OPTIONAL_HEADER IOH;
    IMAGE_SECTION_HEADER ISH;

    DWORD PESignature = 0;
    FILE * lFile;
    int OriSize = 0;
    int ActSize = 0;
    int Alingned = 0;

    lFile = fopen(lpFile,ReadWriteBinary);
    if (lFile == NULL) {return -1;}
    else
    {
        fread(&IDH, 64, 1, lFile);
        fseek(lFile, IDH.e_lfanew , SEEK_SET);
        fread(&PESignature, 4, 1, lFile);
        if (IDH.e_magic != IMAGE_DOS_SIGNATURE) {fclose (lFile); return -2;}
        else
        {
            if(PESignature != IMAGE_NT_SIGNATURE) {fclose (lFile); return -3;}
            else
            {

                fseek(lFile, IDH.e_lfanew + 4, SEEK_SET);
                fread(&IFH, sizeof(IFH), 1, lFile);
                fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH), SEEK_SET);
                fread(&IOH, IFH.SizeOfOptionalHeader, 1, lFile);
                fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH) + IFH.SizeOfOptionalHeader + (sizeof(ISH)*(IFH.NumberOfSections-1)),SEEK_SET);
                fread(&ISH, sizeof(ISH), 1, lFile);
                fseek(lFile, 0, SEEK_END);
                ActSize = ftell(lFile);
                OriSize = ISH.PointerToRawData + ISH.SizeOfRawData;
                if (ActSize - OriSize > 0)
                {
                    Alingned = AlingNum(ActSize - OriSize, IOH.FileAlignment);
                    ISH.SizeOfRawData += Alingned;
                    ISH.Misc.VirtualSize += Alingned;
                    IOH.SizeOfImage = ISH.Misc.VirtualSize + ISH.VirtualAddress;
                    IOH.SizeOfInitializedData += Alingned;
                    if (ISH.VirtualAddress == IOH.DataDirectory[2].VirtualAddress)
                    {
                        IOH.DataDirectory[2].Size += Alingned;
                    }
                    fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH), SEEK_SET);
                    fwrite(&IOH, 1, IFH.SizeOfOptionalHeader, lFile);
                    fseek(lFile, IDH.e_lfanew + 4 + sizeof(IFH) + IFH.SizeOfOptionalHeader + (sizeof(ISH)*(IFH.NumberOfSections-1)),SEEK_SET);
                    fwrite(&ISH, 1, sizeof(ISH), lFile);
                    if (Alingned - (ActSize - OriSize) > 0)
                    {
                       fseek(lFile, ActSize, SEEK_SET);
                       fwrite(BytesAling(Alingned-(ActSize - OriSize)), 1, Alingned-(ActSize - OriSize), lFile);
                    }
                    return 0;
                }
                else {return 1;}
            }
        }
    }
}


int AlingNum(int num, int aling)
{
    if(num % aling == 0)
    { return num; }
    else if(num < aling)
    { return aling; }
    else { return (num / aling) * aling + aling; }
}

char * BytesAling(int number)
{
     char * sTemp = (char *) malloc(number + 1);
     int i;
     for (i=0; i<number; i++)
     {
         sTemp[i] = '\0';
     }
     return sTemp;
}

Sursa: ic0de.org

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...