Jump to content
Tuts 4 You

64 bit sections

Guest SkyHigh

By Guest SkyHigh
in Programming and Coding

Recommended Posts

Guest SkyHigh

Guest SkyHigh

Posted
Posted

based upon the code from yesterday i want to make a new section to a 64 bit file in example notepad.exe windows 7 64 bit.


but for a reason the section is added but it cant execute the file. maybe you people does know why not?




bool AddSection(LPWSTR lpFileName, char* sectionName, LPBYTE lpSection, DWORD dwSectionSize)

{

// Read the original file

HANDLE hOriginalFile = CreateFile(lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

if (hOriginalFile == INVALID_HANDLE_VALUE)

return false;
DWORD dwFileSize = GetFileSize(hOriginalFile, NULL);

if (dwFileSize == INVALID_FILE_SIZE)

{

CloseHandle(hOriginalFile);

return false;

}
LPBYTE lpBuffer = (LPBYTE)malloc(dwFileSize);
DWORD dwNumberOfBytesRead = 0;

ReadFile(hOriginalFile, lpBuffer, dwFileSize, &dwNumberOfBytesRead, NULL);
PIMAGE_DOS_HEADER pImageDosHeader = (PIMAGE_DOS_HEADER)lpBuffer;

if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE)

return false;
PIMAGE_NT_HEADERS pImageNtHeaders = (PIMAGE_NT_HEADERS)(lpBuffer + pImageDosHeader->e_lfanew);

if (pImageNtHeaders->Signature != IMAGE_NT_SIGNATURE)

return false;
PIMAGE_SECTION_HEADER pImageSectionHeader = IMAGE_FIRST_SECTION(pImageNtHeaders);
// Verify if there is space for the new section header

if (pImageNtHeaders->OptionalHeader.SizeOfHeaders - (pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER))) < 0)

{

free(lpBuffer);

CloseHandle(hOriginalFile);

return false;

}
// Read the original fields of headers

DWORD originalSizeOfImage = pImageNtHeaders->OptionalHeader.SizeOfImage;

DWORD originalSizeOfHeaders = pImageNtHeaders->OptionalHeader.SizeOfHeaders;

WORD originalNumberOfSections = pImageNtHeaders->FileHeader.NumberOfSections;
// Create the new section

DWORD pointerToLastSection = 0;

DWORD sizeOfLastSection;

DWORD virtualAddressOfLastSection;

DWORD virtualSizeOfLastSection;

for(int i = 0; i != pImageNtHeaders->FileHeader.NumberOfSections; ++i)

{

if (pointerToLastSection < pImageSectionHeader[i].PointerToRawData)

{

pointerToLastSection = pImageSectionHeader[i].PointerToRawData;

sizeOfLastSection = pImageSectionHeader[i].SizeOfRawData;

virtualAddressOfLastSection = pImageSectionHeader[i].VirtualAddress;

virtualSizeOfLastSection = pImageSectionHeader[i].Misc.VirtualSize;

}

}

IMAGE_SECTION_HEADER newImageSectionHeader;

newImageSectionHeader.Misc.PhysicalAddress = dwSectionSize;

newImageSectionHeader.Misc.VirtualSize = dwSectionSize;

CopyMemory(&newImageSectionHeader.Name, (void*)sectionName, sizeof(newImageSectionHeader.Name));

newImageSectionHeader.NumberOfLinenumbers = 0;

newImageSectionHeader.NumberOfRelocations = 0;

newImageSectionHeader.NumberOfLinenumbers = 0;

newImageSectionHeader.NumberOfRelocations = 0;

newImageSectionHeader.PointerToLinenumbers = 0;

newImageSectionHeader.PointerToRawData = CalcAlignedSize(pointerToLastSection + sizeOfLastSection, pImageNtHeaders->OptionalHeader.FileAlignment);

newImageSectionHeader.PointerToRelocations = 0;

newImageSectionHeader.SizeOfRawData = CalcAlignedSize(dwSectionSize, pImageNtHeaders->OptionalHeader.FileAlignment);

newImageSectionHeader.VirtualAddress = CalcAlignedSize(virtualAddressOfLastSection + virtualSizeOfLastSection, pImageNtHeaders->OptionalHeader.SectionAlignment);

newImageSectionHeader.Characteristics = IMAGE_SCN_MEM_READ;
// Update the headers 

++pImageNtHeaders->FileHeader.NumberOfSections;

pImageNtHeaders->OptionalHeader.SizeOfHeaders = CalcAlignedSize(pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER)), pImageNtHeaders->OptionalHeader.FileAlignment);

DWORD newSizeOfImage = pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER));

for (int i = 0; i != originalNumberOfSections; ++i)

newSizeOfImage += CalcAlignedSize(pImageSectionHeader[i].Misc.VirtualSize, pImageNtHeaders->OptionalHeader.SectionAlignment);

newSizeOfImage += CalcAlignedSize(newImageSectionHeader.Misc.Virtual Size, pImageNtHeaders->OptionalHeader.SectionAlignment);

newSizeOfImage = CalcAlignedSize(newSizeOfImage, pImageNtHeaders->OptionalHeader.SectionAlignment);

pImageNtHeaders->OptionalHeader.SizeOfImage = newSizeOfImage;
pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0;

pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0;
// Create the updated file 

HANDLE hUpdatedFile = CreateFile(L"updated.exe", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, NULL, NULL);

if (hUpdatedFile == INVALID_HANDLE_VALUE)

{

free(lpBuffer); 

CloseHandle(hOriginalFile);

return false;

}
// Write the original headers 

DWORD dwNumberOfBytesWritten;

WriteFile(hUpdatedFile, lpBuffer, originalSizeOfHeaders, &dwNumberOfBytesWritten, NULL);
// Write the new section header

SetFilePointer(hUpdatedFile,pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (originalNumberOfSections*sizeof(IMAGE_SECTION_HEA DER)), NULL, FILE_BEGIN);

WriteFile(hUpdatedFile, (LPVOID)&newImageSectionHeader, sizeof(IMAGE_SECTION_HEADER), &dwNumberOfBytesWritten, NULL);
// Read the original sections

LPBYTE sectionsData = (LPBYTE)malloc(originalSizeOfImage - originalSizeOfHeaders);

SetFilePointer(hOriginalFile, pImageNtHeaders->OptionalHeader.SizeOfHeaders, NULL, FILE_BEGIN); 

ReadFile(hOriginalFile, sectionsData, originalSizeOfImage - originalSizeOfHeaders, &dwNumberOfBytesRead, NULL);
// Write the original sections

SetFilePointer(hUpdatedFile, pImageNtHeaders->OptionalHeader.SizeOfHeaders, NULL, FILE_BEGIN);

WriteFile(hUpdatedFile, sectionsData, originalSizeOfImage - originalSizeOfHeaders, &dwNumberOfBytesWritten, NULL);
free(sectionsData);
// Write the new section 

SetFilePointer(hUpdatedFile, newImageSectionHeader.PointerToRawData, NULL, FILE_BEGIN); 

WriteFile(hUpdatedFile, lpSection, dwSectionSize, &dwNumberOfBytesWritten, NULL);
CloseHandle(hUpdatedFile);
free(lpBuffer); 

CloseHandle(hOriginalFile);
return true;

}



int main()

{

LPBYTE lpSection = (LPBYTE)"test"; // byte to add into new section

DWORD dwSectionSize = 4;
AddSection(L"C:\\mspaint.exe", ".new", lpSection, dwSectionSize);

}

  • 2 months later...
ragdog

ragdog

Posted
Posted

Hi


 


I have read many Tutorials about add a section why add you a check to "Verify if there is space for the new section header".


Now have i look in Goppits code its same why must i add a check for enough room to add a New section?


 


Can any explain me this please.


 


Greets,


Aguila

Aguila

Posted
Posted (edited)

if it doesn't fit, you need to realign the whole file (because you need to expand the headers, and PointerToRawData must be adjusted). Not that difficult though.


Edited by Aguila
ragdog

ragdog

Posted
Posted

Hi


 


Thanks


 


I understand it as:


 


Check is enough space  (Zero bytes) for the new section header


 


OptionalHeader.SizeOfHeaders



 


SizeOfHeaders is the size of all headers + section table. In short, this value is equal to the file size minus the combined size of all sections in the file.



 


 


If  not enough  Space must i add enough  Zero bytes to the end of File or?


Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...