Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Apr 29th, 2012  |  syntax: None  |  size: 2.94 KB  |  hits: 18  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Module Module1
  2.     Sub Main()
  3.         Dim image(&H3FF) As Byte
  4.  
  5.         writeFields(image, 0, New IMAGE_DOS_HEADER With {
  6.             .e_magic = conv16("MZ"),
  7.             .e_cblp = &H90,
  8.             .e_cp = 3,
  9.             .e_cparhdr = 4,
  10.             .e_maxalloc = &HFFFF,
  11.             .e_sp = &HB8,
  12.             .e_lfarlc = &H40,
  13.             .e_lfanew = &H80})
  14.         write8(image, &H40, &HB8, 1, &H4C, &HCD, &H21)
  15.  
  16.         Dim peh = New IMAGE_NT_HEADERS32 With {
  17.             .Signature = conv32("PE")}
  18.         With peh.FileHeader
  19.             .Machine = &H14C
  20.             .NumberOfSections = 2
  21.             .SizeOfOptionalHeader = &HE0
  22.             .Characteristics = &H102
  23.         End With
  24.         With peh.OptionalHeader
  25.             .Magic = &H10B
  26.             .MajorLinkerVersion = 10
  27.             .SizeOfCode = &H200
  28.             .AddressOfEntryPoint = &H1000
  29.             .BaseOfCode = &H1000
  30.             .BaseOfData = &H2000
  31.             .ImageBase = &H400000
  32.             .SectionAlignment = &H1000
  33.             .FileAlignment = &H200
  34.             .MajorOperatingSystemVersion = 5
  35.             .MinorOperatingSystemVersion = 1
  36.             .MajorSubsystemVersion = 5
  37.             .MinorSubsystemVersion = 1
  38.             .SizeOfImage = &H3000
  39.             .SizeOfHeaders = &H200
  40.             .Subsystem = 2
  41.             .DllCharacteristics = &H8500
  42.             .SizeOfStackReserve = &H100000
  43.             .SizeOfStackCommit = &H1000
  44.             .SizeOfHeapReserve = &H100000
  45.             .SizeOfHeapCommit = &H1000
  46.             .NumberOfRvaAndSizes = 16
  47.         End With
  48.  
  49.         Dim text = New IMAGE_SECTION_HEADER With {
  50.             .Name = getBytes(".text", 8),
  51.             .VirtualSize = 1,
  52.             .VirtualAddress = &H1000,
  53.             .SizeOfRawData = &H200,
  54.             .PointerToRawData = &H200,
  55.             .Characteristics = &H60000020}
  56.         writeFields(image, &H178, text)
  57.  
  58.         write8(image, &H200, &HC3)
  59.  
  60.         Dim idata_rva = &H2000
  61.         Dim dlls = New Dictionary(Of String, String())
  62.         dlls("test1.dll") = {"func1a", "func1b"}
  63.         dlls("test2.dll") = {"func2a", "func2b"}
  64.         Dim idata = CreateIData(idata_rva, dlls)
  65.  
  66.         Dim idatalen = idata.Length
  67.         ReDim Preserve idata(Align(idata.Length, peh.OptionalHeader.FileAlignment) - 1)
  68.         With peh.OptionalHeader.DataDirectory(1)
  69.             .VirtualAddress = idata_rva
  70.             .Size = Align(idata.Length, peh.OptionalHeader.SectionAlignment)
  71.         End With
  72.         writeFields(image, &H1A0, New IMAGE_SECTION_HEADER With {
  73.             .Name = getBytes(".idata", 8),
  74.             .VirtualSize = idatalen,
  75.             .VirtualAddress = idata_rva,
  76.             .SizeOfRawData = idata.Length,
  77.             .PointerToRawData = &H400,
  78.             .Characteristics = &HC0300040})
  79.  
  80.         writeFields(image, &H80, peh)
  81.  
  82.         Using fs = New IO.FileStream("output.exe", IO.FileMode.Create)
  83.             fs.Write(image, 0, image.Length)
  84.             fs.Write(idata, 0, idata.Length)
  85.         End Using
  86.     End Sub
  87. End Module
create a new version of this paste RAW Paste Data