Guest SkyHigh Posted July 15, 2013 Share Posted July 15, 2013 based upon the code from yesterday i want to make a new section to a 64 bit file in example notepad.exe windows 7 64 bit.but for a reason the section is added but it cant execute the file. maybe you people does know why not? bool AddSection(LPWSTR lpFileName, char* sectionName, LPBYTE lpSection, DWORD dwSectionSize) { // Read the original file HANDLE hOriginalFile = CreateFile(lpFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hOriginalFile == INVALID_HANDLE_VALUE) return false; DWORD dwFileSize = GetFileSize(hOriginalFile, NULL); if (dwFileSize == INVALID_FILE_SIZE) { CloseHandle(hOriginalFile); return false; } LPBYTE lpBuffer = (LPBYTE)malloc(dwFileSize); DWORD dwNumberOfBytesRead = 0; ReadFile(hOriginalFile, lpBuffer, dwFileSize, &dwNumberOfBytesRead, NULL); PIMAGE_DOS_HEADER pImageDosHeader = (PIMAGE_DOS_HEADER)lpBuffer; if (pImageDosHeader->e_magic != IMAGE_DOS_SIGNATURE) return false; PIMAGE_NT_HEADERS pImageNtHeaders = (PIMAGE_NT_HEADERS)(lpBuffer + pImageDosHeader->e_lfanew); if (pImageNtHeaders->Signature != IMAGE_NT_SIGNATURE) return false; PIMAGE_SECTION_HEADER pImageSectionHeader = IMAGE_FIRST_SECTION(pImageNtHeaders); // Verify if there is space for the new section header if (pImageNtHeaders->OptionalHeader.SizeOfHeaders - (pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER))) < 0) { free(lpBuffer); CloseHandle(hOriginalFile); return false; } // Read the original fields of headers DWORD originalSizeOfImage = pImageNtHeaders->OptionalHeader.SizeOfImage; DWORD originalSizeOfHeaders = pImageNtHeaders->OptionalHeader.SizeOfHeaders; WORD originalNumberOfSections = pImageNtHeaders->FileHeader.NumberOfSections; // Create the new section DWORD pointerToLastSection = 0; DWORD sizeOfLastSection; DWORD virtualAddressOfLastSection; DWORD virtualSizeOfLastSection; for(int i = 0; i != pImageNtHeaders->FileHeader.NumberOfSections; ++i) { if (pointerToLastSection < pImageSectionHeader[i].PointerToRawData) { pointerToLastSection = pImageSectionHeader[i].PointerToRawData; sizeOfLastSection = pImageSectionHeader[i].SizeOfRawData; virtualAddressOfLastSection = pImageSectionHeader[i].VirtualAddress; virtualSizeOfLastSection = pImageSectionHeader[i].Misc.VirtualSize; } } IMAGE_SECTION_HEADER newImageSectionHeader; newImageSectionHeader.Misc.PhysicalAddress = dwSectionSize; newImageSectionHeader.Misc.VirtualSize = dwSectionSize; CopyMemory(&newImageSectionHeader.Name, (void*)sectionName, sizeof(newImageSectionHeader.Name)); newImageSectionHeader.NumberOfLinenumbers = 0; newImageSectionHeader.NumberOfRelocations = 0; newImageSectionHeader.NumberOfLinenumbers = 0; newImageSectionHeader.NumberOfRelocations = 0; newImageSectionHeader.PointerToLinenumbers = 0; newImageSectionHeader.PointerToRawData = CalcAlignedSize(pointerToLastSection + sizeOfLastSection, pImageNtHeaders->OptionalHeader.FileAlignment); newImageSectionHeader.PointerToRelocations = 0; newImageSectionHeader.SizeOfRawData = CalcAlignedSize(dwSectionSize, pImageNtHeaders->OptionalHeader.FileAlignment); newImageSectionHeader.VirtualAddress = CalcAlignedSize(virtualAddressOfLastSection + virtualSizeOfLastSection, pImageNtHeaders->OptionalHeader.SectionAlignment); newImageSectionHeader.Characteristics = IMAGE_SCN_MEM_READ; // Update the headers ++pImageNtHeaders->FileHeader.NumberOfSections; pImageNtHeaders->OptionalHeader.SizeOfHeaders = CalcAlignedSize(pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER)), pImageNtHeaders->OptionalHeader.FileAlignment); DWORD newSizeOfImage = pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (pImageNtHeaders->FileHeader.NumberOfSections*sizeof(IMAGE_SECTION_H EADER)); for (int i = 0; i != originalNumberOfSections; ++i) newSizeOfImage += CalcAlignedSize(pImageSectionHeader[i].Misc.VirtualSize, pImageNtHeaders->OptionalHeader.SectionAlignment); newSizeOfImage += CalcAlignedSize(newImageSectionHeader.Misc.Virtual Size, pImageNtHeaders->OptionalHeader.SectionAlignment); newSizeOfImage = CalcAlignedSize(newSizeOfImage, pImageNtHeaders->OptionalHeader.SectionAlignment); pImageNtHeaders->OptionalHeader.SizeOfImage = newSizeOfImage; pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].Size = 0; pImageNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT].VirtualAddress = 0; // Create the updated file HANDLE hUpdatedFile = CreateFile(L"updated.exe", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, NULL, NULL); if (hUpdatedFile == INVALID_HANDLE_VALUE) { free(lpBuffer); CloseHandle(hOriginalFile); return false; } // Write the original headers DWORD dwNumberOfBytesWritten; WriteFile(hUpdatedFile, lpBuffer, originalSizeOfHeaders, &dwNumberOfBytesWritten, NULL); // Write the new section header SetFilePointer(hUpdatedFile,pImageDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER) + pImageNtHeaders->FileHeader.SizeOfOptionalHeader + (originalNumberOfSections*sizeof(IMAGE_SECTION_HEA DER)), NULL, FILE_BEGIN); WriteFile(hUpdatedFile, (LPVOID)&newImageSectionHeader, sizeof(IMAGE_SECTION_HEADER), &dwNumberOfBytesWritten, NULL); // Read the original sections LPBYTE sectionsData = (LPBYTE)malloc(originalSizeOfImage - originalSizeOfHeaders); SetFilePointer(hOriginalFile, pImageNtHeaders->OptionalHeader.SizeOfHeaders, NULL, FILE_BEGIN); ReadFile(hOriginalFile, sectionsData, originalSizeOfImage - originalSizeOfHeaders, &dwNumberOfBytesRead, NULL); // Write the original sections SetFilePointer(hUpdatedFile, pImageNtHeaders->OptionalHeader.SizeOfHeaders, NULL, FILE_BEGIN); WriteFile(hUpdatedFile, sectionsData, originalSizeOfImage - originalSizeOfHeaders, &dwNumberOfBytesWritten, NULL); free(sectionsData); // Write the new section SetFilePointer(hUpdatedFile, newImageSectionHeader.PointerToRawData, NULL, FILE_BEGIN); WriteFile(hUpdatedFile, lpSection, dwSectionSize, &dwNumberOfBytesWritten, NULL); CloseHandle(hUpdatedFile); free(lpBuffer); CloseHandle(hOriginalFile); return true; } int main() { LPBYTE lpSection = (LPBYTE)"test"; // byte to add into new section DWORD dwSectionSize = 4; AddSection(L"C:\\mspaint.exe", ".new", lpSection, dwSectionSize); } Link to comment
ragdog Posted September 15, 2013 Share Posted September 15, 2013 Hi I have read many Tutorials about add a section why add you a check to "Verify if there is space for the new section header".Now have i look in Goppits code its same why must i add a check for enough room to add a New section? Can any explain me this please. Greets, Link to comment
Aguila Posted September 15, 2013 Share Posted September 15, 2013 (edited) if it doesn't fit, you need to realign the whole file (because you need to expand the headers, and PointerToRawData must be adjusted). Not that difficult though. Edited September 16, 2013 by Aguila Link to comment
ragdog Posted September 21, 2013 Share Posted September 21, 2013 Hi Thanks I understand it as: Check is enough space (Zero bytes) for the new section header OptionalHeader.SizeOfHeaders SizeOfHeaders is the size of all headers + section table. In short, this value is equal to the file size minus the combined size of all sections in the file. If not enough Space must i add enough Zero bytes to the end of File or? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now