.
Traducelo esta en C (Son solo equivalencias...).
#include <windows.h>
#include <stdio.h>
#define ReadBinary "r+b"
/* Realing PE function
Programmer : The Swash
Thanks to : Thor, Slek
Dedicated : Thor, Psymera, [Zero], Steve10120, Karcrack, Cobein
*/
int PEFileSize(char * fPath);
int AlingNum(int num, int aling);
char * BytesAling(int number);
int main(void)
{
printf("%i ",RealingPE
("C:\\hi.exe"));
}
int RealingPE(char * FilePath)
{
int OriginalSize = 0;
int ActualSize = 0;
int iEOF = 0, iEOFAlingned = 0, iWrite = 0;
FILE * lpFile;
IMAGE_DOS_HEADER IDH;
IMAGE_NT_HEADERS INH;
IMAGE_SECTION_HEADER ISH;
OriginalSize = PEFileSize(FilePath);
if (OriginalSize != -1)
{
lpFile
= fopen(FilePath
, ReadBinary
); if (lpFile != NULL)
{
fseek(lpFile
,0,SEEK_END
); ActualSize
= ftell(lpFile
); if (ActualSize - OriginalSize > 0)
{
fread(&IDH
, sizeof(IDH
), 1, lpFile
); fseek(lpFile
, IDH.
e_lfanew, SEEK_SET
); fread(&INH
, sizeof(INH
), 1, lpFile
); fseek(lpFile
, IDH.
e_lfanew + sizeof(INH
) + (sizeof(ISH
) * (INH.
FileHeader.
NumberOfSections-1)), SEEK_SET
); fread(&ISH
, sizeof(ISH
), 1, lpFile
); iEOF = ActualSize - OriginalSize;
iEOFAlingned = AlingNum(iEOF, INH.OptionalHeader.FileAlignment);
if (ISH.VirtualAddress == INH.OptionalHeader.DataDirectory[2].VirtualAddress)
{
ISH.SizeOfRawData += iEOFAlingned;
ISH.Misc.VirtualSize += iEOFAlingned;
INH.OptionalHeader.SizeOfImage += iEOFAlingned;
INH.OptionalHeader.DataDirectory[2].Size += iEOFAlingned;
fseek(lpFile
, IDH.
e_lfanew, SEEK_SET
), iWrite
= fwrite(&INH
, 1, sizeof(INH
), lpFile
); fseek(lpFile
, IDH.
e_lfanew + sizeof(INH
) + (sizeof(ISH
) * (INH.
FileHeader.
NumberOfSections-1)), SEEK_SET
); iWrite
= fwrite(&ISH
, 1, sizeof(ISH
), lpFile
); if (iEOFAlingned - iEOF > 0)
{
fseek(lpFile
, ActualSize
, SEEK_SET
); fwrite(BytesAling
(iEOFAlingned
- iEOF
), iEOFAlingned
- iEOF
, 1, lpFile
); }
return 0;
}
else
{
ISH.SizeOfRawData += iEOFAlingned;
ISH.Misc.VirtualSize += iEOFAlingned;
INH.OptionalHeader.SizeOfImage += iEOFAlingned;
fseek(lpFile
, IDH.
e_lfanew, SEEK_SET
), iWrite
= fwrite(&INH
, 1, sizeof(INH
), lpFile
); fseek(lpFile
, IDH.
e_lfanew + sizeof(INH
) + (sizeof(ISH
) * (INH.
FileHeader.
NumberOfSections-1)), SEEK_SET
); fwrite(&ISH
, sizeof(ISH
), 1, lpFile
); if (iEOFAlingned - iEOF > 0)
{
fseek(lpFile
, ActualSize
, SEEK_SET
); fwrite(BytesAling
(iEOFAlingned
- iEOF
), iEOFAlingned
- iEOF
, 1, lpFile
); }
return 0;
}
}
else
{
return 1;
}
}
else
{
return -1;
}
}
else
{
return -1;
}
}
int PEFileSize(char * fPath)
{
IMAGE_DOS_HEADER IDH;
IMAGE_NT_HEADERS INH;
IMAGE_SECTION_HEADER ISH;
FILE * lpFile;
int sTemp = 0, i;
lpFile
= fopen(fPath
,ReadBinary
); if (lpFile != NULL)
{
fseek(lpFile
, 0, SEEK_SET
); // Seek to begin of file fread(&IDH
, sizeof(IDH
), 1, lpFile
); // Read 64 bytes to IDH struct if (IDH.e_magic == IMAGE_DOS_SIGNATURE) // If IDH.e_magic = (MZ)
{
fseek(lpFile
, IDH.
e_lfanew, SEEK_SET
); // Seek in file in begin of NT Headers (PE) fread(&INH
, sizeof(INH
), 1, lpFile
); // Read in structure 248 bytes if (INH.Signature == IMAGE_NT_SIGNATURE) // If INH.Signature = (PE)
{
for (i = 0; i < INH.FileHeader.NumberOfSections; i++) // go for all sections
{
fseek(lpFile
, IDH.
e_lfanew + sizeof(INH
) + sizeof(ISH
)*i
, SEEK_SET
); // Seek in actual section fread(&ISH
, sizeof(ISH
), 1, lpFile
); // Read section sTemp += ISH.SizeOfRawData; // Save sizeofrawdata of section
}
sTemp += INH.OptionalHeader.SizeOfHeaders;
return sTemp;
}
else
{
return -1;
}
}
else
{
return -1;
}
}
else
{
return -1;
}
}
int AlingNum(int num, int aling)
{
if( (num % aling == 0) || (num < aling) )
{
return aling;
}
else
{
return (num / aling) * aling + aling;
}
}
char * BytesAling(int number)
{
char * sTemp
= (char *) malloc(number
+ 1); int i;
for (i=0; i<number; i++)
{
sTemp[i] = '\0';
}
return sTemp;
}
Temibles Lunas!¡.
Autor
En línea
