.
Traducelo esta en C (Son solo equivalencias...).
#include <windows.h>
#include <stdio.h>
#define ReadBinary "r+b"
/* Realing PE function
Programmer : The Swash
Thanks to : Thor, Slek
Dedicated : Thor, Psymera, [Zero], Steve10120, Karcrack, Cobein
*/
int PEFileSize(char * fPath);
int AlingNum(int num, int aling);
char * BytesAling(int number);
int main(void)
{
printf("%i ",RealingPE("C:\\hi.exe"));
getchar();
}
int RealingPE(char * FilePath)
{
int OriginalSize = 0;
int ActualSize = 0;
int iEOF = 0, iEOFAlingned = 0, iWrite = 0;
FILE * lpFile;
IMAGE_DOS_HEADER IDH;
IMAGE_NT_HEADERS INH;
IMAGE_SECTION_HEADER ISH;
OriginalSize = PEFileSize(FilePath);
if (OriginalSize != -1)
{
lpFile = fopen(FilePath, ReadBinary);
if (lpFile != NULL)
{
fseek(lpFile,0,SEEK_END);
ActualSize = ftell(lpFile);
if (ActualSize - OriginalSize > 0)
{
rewind(lpFile);
fread(&IDH, sizeof(IDH), 1, lpFile);
fseek(lpFile, IDH.e_lfanew, SEEK_SET);
fread(&INH, sizeof(INH), 1, lpFile);
fseek(lpFile, IDH.e_lfanew + sizeof(INH) + (sizeof(ISH) * (INH.FileHeader.NumberOfSections-1)), SEEK_SET);
fread(&ISH, sizeof(ISH), 1, lpFile);
iEOF = ActualSize - OriginalSize;
iEOFAlingned = AlingNum(iEOF, INH.OptionalHeader.FileAlignment);
if (ISH.VirtualAddress == INH.OptionalHeader.DataDirectory[2].VirtualAddress)
{
ISH.SizeOfRawData += iEOFAlingned;
ISH.Misc.VirtualSize += iEOFAlingned;
INH.OptionalHeader.SizeOfImage += iEOFAlingned;
INH.OptionalHeader.DataDirectory[2].Size += iEOFAlingned;
fseek(lpFile, IDH.e_lfanew, SEEK_SET),
iWrite = fwrite(&INH, 1, sizeof(INH), lpFile);
fseek(lpFile, IDH.e_lfanew + sizeof(INH) + (sizeof(ISH) * (INH.FileHeader.NumberOfSections-1)), SEEK_SET);
iWrite = fwrite(&ISH, 1, sizeof(ISH), lpFile);
if (iEOFAlingned - iEOF > 0)
{
fseek(lpFile, ActualSize, SEEK_SET);
fwrite(BytesAling(iEOFAlingned - iEOF), iEOFAlingned - iEOF, 1, lpFile);
}
fclose(lpFile);
return 0;
}
else
{
ISH.SizeOfRawData += iEOFAlingned;
ISH.Misc.VirtualSize += iEOFAlingned;
INH.OptionalHeader.SizeOfImage += iEOFAlingned;
fseek(lpFile, IDH.e_lfanew, SEEK_SET),
iWrite = fwrite(&INH, 1, sizeof(INH), lpFile);
fseek(lpFile, IDH.e_lfanew + sizeof(INH) + (sizeof(ISH) * (INH.FileHeader.NumberOfSections-1)), SEEK_SET);
fwrite(&ISH, sizeof(ISH), 1, lpFile);
if (iEOFAlingned - iEOF > 0)
{
fseek(lpFile, ActualSize, SEEK_SET);
fwrite(BytesAling(iEOFAlingned - iEOF), iEOFAlingned - iEOF, 1, lpFile);
}
fclose(lpFile);
return 0;
}
}
else
{
return 1;
}
}
else
{
return -1;
}
}
else
{
return -1;
}
}
int PEFileSize(char * fPath)
{
IMAGE_DOS_HEADER IDH;
IMAGE_NT_HEADERS INH;
IMAGE_SECTION_HEADER ISH;
FILE * lpFile;
int sTemp = 0, i;
lpFile = fopen(fPath,ReadBinary);
if (lpFile != NULL)
{
fseek(lpFile, 0, SEEK_SET); // Seek to begin of file
fread(&IDH, sizeof(IDH), 1, lpFile); // Read 64 bytes to IDH struct
if (IDH.e_magic == IMAGE_DOS_SIGNATURE) // If IDH.e_magic = (MZ)
{
fseek(lpFile, IDH.e_lfanew, SEEK_SET); // Seek in file in begin of NT Headers (PE)
fread(&INH, sizeof(INH), 1, lpFile); // Read in structure 248 bytes
if (INH.Signature == IMAGE_NT_SIGNATURE) // If INH.Signature = (PE)
{
for (i = 0; i < INH.FileHeader.NumberOfSections; i++) // go for all sections
{
fseek(lpFile, IDH.e_lfanew + sizeof(INH) + sizeof(ISH)*i, SEEK_SET); // Seek in actual section
fread(&ISH, sizeof(ISH), 1, lpFile); // Read section
sTemp += ISH.SizeOfRawData; // Save sizeofrawdata of section
}
sTemp += INH.OptionalHeader.SizeOfHeaders;
fclose(lpFile);
return sTemp;
}
else
{
return -1;
}
}
else
{
return -1;
}
}
else
{
return -1;
}
}
int AlingNum(int num, int aling)
{
if( (num % aling == 0) || (num < aling) )
{
return aling;
}
else
{
return (num / aling) * aling + aling;
}
}
char * BytesAling(int number)
{
char * sTemp = (char *) malloc(number + 1);
int i;
for (i=0; i<number; i++)
{
sTemp[i] = '\0';
}
return sTemp;
}
Temibles Lunas!¡.
Autor
En línea
