Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

addsection

By: a guest on Sep 2nd, 2012  |  syntax: C#  |  size: 10.17 KB  |  views: 27  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. using System;
  2. using System.IO;
  3. using System.Text;
  4. using System.Runtime.InteropServices;
  5.  
  6. {
  7.  
  8.     class AddSection
  9.     {
  10.         public bool AddSection(string sFilePath, string sSectionName, uint lSectionSize, uint lCharacteristics)
  11.         {
  12.             IMAGE_DOS_HEADER DHD = new IMAGE_DOS_HEADER();
  13.             IMAGE_NT_HEADERS NHD = new IMAGE_NT_HEADERS();
  14.             IMAGE_SECTION_HEADER[] SHD = new IMAGE_SECTION_HEADER[1];
  15.  
  16.             int iPointer = 0;
  17.             byte[] fBytes = new byte[0];
  18.             byte[] bName = new byte[8];
  19.             GCHandle gHandle;
  20.  
  21.             try
  22.             {
  23.                 BinaryReader bReader = new BinaryReader(new FileStream(sFilePath, FileMode.Open, FileAccess.Read));
  24.                 fBytes = bReader.ReadBytes((int)bReader.BaseStream.Length);
  25.                 bReader.Close();
  26.             }
  27.             catch { }
  28.  
  29.             if (fBytes.Length <= 0) { return false; }
  30.  
  31.             gHandle = GCHandle.Alloc(fBytes, GCHandleType.Pinned);
  32.             iPointer = gHandle.AddrOfPinnedObject().ToInt32();
  33.             DHD = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(new IntPtr(iPointer), typeof(IMAGE_DOS_HEADER));
  34.             NHD = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(new IntPtr(iPointer + DHD.e_lfanew), typeof(IMAGE_NT_HEADERS));
  35.             if (NHD.Signature != 17744 || DHD.e_magic != 23117) { return false; }
  36.  
  37.             Array.Resize(ref SHD, NHD.FileHeader.NumberOfSections);
  38.             int x = DHD.e_lfanew + 248;
  39.  
  40.             for (int a = 0; a <= NHD.FileHeader.NumberOfSections - 1; a++)
  41.             {
  42.                 SHD[a] = (IMAGE_SECTION_HEADER)Marshal.PtrToStructure(new IntPtr(iPointer + x), typeof(IMAGE_SECTION_HEADER));
  43.                 x = x + 40;
  44.             }
  45.  
  46.             gHandle.Free();
  47.  
  48.             NHD.FileHeader.NumberOfSections++;
  49.             Array.Resize(ref SHD, NHD.FileHeader.NumberOfSections);
  50.  
  51.             if (sSectionName.Length > 8) { sSectionName = sSectionName.Substring(0, 8); }
  52.             Array.Copy(Encoding.Default.GetBytes(sSectionName), 0, bName, 0, Encoding.Default.GetBytes(sSectionName).Length);
  53.  
  54.             SHD[NHD.FileHeader.NumberOfSections - 1].Name = bName;
  55.             SHD[NHD.FileHeader.NumberOfSections - 1].Characteristics = lCharacteristics;
  56.             SHD[NHD.FileHeader.NumberOfSections - 1].PointerToRawData = Convert.ToUInt32(Align(getLastSectionRaw(SHD), NHD.OptionalHeader.FileAlignment));
  57.             SHD[NHD.FileHeader.NumberOfSections - 1].SizeOfRawData = Convert.ToUInt32(Align(lSectionSize, NHD.OptionalHeader.FileAlignment));
  58.             SHD[NHD.FileHeader.NumberOfSections - 1].VirtualAddress = Convert.ToUInt32(Align(getLastSectionVirtual(SHD), NHD.OptionalHeader.SectionAlignment));
  59.             SHD[NHD.FileHeader.NumberOfSections - 1].VirtualSize = Convert.ToUInt32(Align(lSectionSize, NHD.OptionalHeader.SectionAlignment));
  60.  
  61.             NHD.OptionalHeader.DataDirectory[12].VirtualAddress = 0;
  62.             NHD.OptionalHeader.DataDirectory[12].Size = 0;
  63.             NHD.OptionalHeader.SizeOfImage = NHD.OptionalHeader.SizeOfImage + SHD[NHD.FileHeader.NumberOfSections - 1].VirtualSize;
  64.  
  65.             byte[] bNHD = getBytes_(NHD);
  66.             byte[] bSHD = getBytes_(SHD[NHD.FileHeader.NumberOfSections - 1]);
  67.             byte[] bClear = Encoding.Default.GetBytes(Convert.ToChar(0x00).ToString());
  68.  
  69.             if (fBytes.Length - (DHD.e_lfanew + bNHD.Length) <= 0) { Array.Resize(ref fBytes, (int)(fBytes.Length + bNHD.Length)); }
  70.             Array.Copy(bNHD, 0, fBytes, DHD.e_lfanew, bNHD.Length);
  71.  
  72.             if (fBytes.Length - (x + bSHD.Length) <= 0) { Array.Resize(ref fBytes, (int)(fBytes.Length + bSHD.Length)); }
  73.             Array.Copy(bSHD, 0, fBytes, x, bSHD.Length);
  74.  
  75.             if (fBytes.Length - (SHD[NHD.FileHeader.NumberOfSections - 1].PointerToRawData + SHD[NHD.FileHeader.NumberOfSections - 1].SizeOfRawData + (bClear.Length * 4)) <= 0)
  76.                 { Array.Resize(ref fBytes, (int)(fBytes.Length + ((SHD[NHD.FileHeader.NumberOfSections - 1].PointerToRawData + SHD[NHD.FileHeader.NumberOfSections - 1].SizeOfRawData + (bClear.Length)) - fBytes.Length))); }
  77.             Array.Copy(bClear, 0, fBytes, (SHD[NHD.FileHeader.NumberOfSections - 1].PointerToRawData + SHD[NHD.FileHeader.NumberOfSections - 1].SizeOfRawData), bClear.Length);
  78.  
  79.             try
  80.             {
  81.                 BinaryWriter bWriter = new BinaryWriter(new FileStream(sFilePath, FileMode.Open));
  82.                 bWriter.Write(fBytes);
  83.                 bWriter.Flush();
  84.                 bWriter.Close();
  85.             }
  86.             catch { return false; }
  87.  
  88.             return true;
  89.         }
  90.  
  91.         private byte[] getBytes_(object oObject)
  92.         {
  93.             int iSize = Marshal.SizeOf(oObject);
  94.             IntPtr ipBuffer = Marshal.AllocHGlobal(iSize);
  95.             Marshal.StructureToPtr(oObject, ipBuffer, false);
  96.             byte[] bData = new byte[iSize];
  97.             Marshal.Copy(ipBuffer, bData, 0, iSize);
  98.             Marshal.FreeHGlobal(ipBuffer);
  99.             return bData;
  100.         }
  101.  
  102.         private long Align(long dwValue, long dwAlign)
  103.         {
  104.             if (dwAlign != 0)
  105.             {
  106.                 if ((dwValue % dwAlign) != 0)
  107.                 {
  108.                     return (dwValue + dwAlign) - (dwValue % dwAlign);
  109.                 }
  110.                 else { return dwValue; }
  111.             }
  112.             else { return dwValue; }
  113.         }
  114.  
  115.         private long getLastSectionRaw(IMAGE_SECTION_HEADER[] Sections)
  116.         {
  117.             long lRet = 0;
  118.  
  119.             for (int i = 0; i <= Sections.Length - 1; i++)
  120.             {
  121.                 if (Sections[i].SizeOfRawData + Sections[i].PointerToRawData > lRet)
  122.                 {
  123.                     lRet = Sections[i].SizeOfRawData + Sections[i].PointerToRawData;
  124.                 }
  125.             }
  126.  
  127.             return lRet;
  128.         }
  129.  
  130.         private long getLastSectionVirtual(IMAGE_SECTION_HEADER[] Sections)
  131.         {
  132.             long lRet = 0;
  133.  
  134.             for (int i = 0; i <= Sections.Length - 1; i++)
  135.             {
  136.                 if (Sections[i].VirtualSize + Sections[i].VirtualAddress > lRet)
  137.                 {
  138.                     lRet = Sections[i].VirtualSize + Sections[i].VirtualAddress;
  139.                 }
  140.             }
  141.  
  142.             return lRet;
  143.         }
  144.  
  145.         //Structures
  146.         [StructLayout(LayoutKind.Sequential)]
  147.         private struct IMAGE_DOS_HEADER
  148.         {
  149.             public UInt16 e_magic;
  150.             public UInt16 e_cblp;
  151.             public UInt16 e_cp;
  152.             public UInt16 e_crlc;
  153.             public UInt16 e_cparhdr;
  154.             public UInt16 e_minalloc;
  155.             public UInt16 e_maxalloc;
  156.             public UInt16 e_ss;
  157.             public UInt16 e_sp;
  158.             public UInt16 e_csum;
  159.             public UInt16 e_ip;
  160.             public UInt16 e_cs;
  161.             public UInt16 e_lfarlc;
  162.             public UInt16 e_ovno;
  163.             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
  164.             public UInt16[] e_res1;
  165.             public UInt16 e_oemid;
  166.             public UInt16 e_oeminfo;
  167.             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
  168.             public UInt16[] e_res2;
  169.             public Int32 e_lfanew;
  170.         }
  171.  
  172.         [StructLayout(LayoutKind.Sequential)]
  173.         private struct IMAGE_NT_HEADERS
  174.         {
  175.             public UInt32 Signature;
  176.             public IMAGE_FILE_HEADER FileHeader;
  177.             public IMAGE_OPTIONAL_HEADER32 OptionalHeader;
  178.         }
  179.  
  180.         [StructLayout(LayoutKind.Sequential)]
  181.         private struct IMAGE_FILE_HEADER
  182.         {
  183.             public UInt16 Machine;
  184.             public UInt16 NumberOfSections;
  185.             public UInt32 TimeDateStamp;
  186.             public UInt32 PointerToSymbolTable;
  187.             public UInt32 NumberOfSymbols;
  188.             public UInt16 SizeOfOptionalHeader;
  189.             public UInt16 Characteristics;
  190.         }
  191.  
  192.         [StructLayout(LayoutKind.Sequential)]
  193.         private struct IMAGE_OPTIONAL_HEADER32
  194.         {
  195.             public UInt16 Magic;
  196.             public Byte MajorLinkerVersion;
  197.             public Byte MinorLinkerVersion;
  198.             public UInt32 SizeOfCode;
  199.             public UInt32 SizeOfInitializedData;
  200.             public UInt32 SizeOfUninitializedData;
  201.             public UInt32 AddressOfEntryPoint;
  202.             public UInt32 BaseOfCode;
  203.             public UInt32 BaseOfData;
  204.             public UInt32 ImageBase;
  205.             public UInt32 SectionAlignment;
  206.             public UInt32 FileAlignment;
  207.             public UInt16 MajorOperatingSystemVersion;
  208.             public UInt16 MinorOperatingSystemVersion;
  209.             public UInt16 MajorImageVersion;
  210.             public UInt16 MinorImageVersion;
  211.             public UInt16 MajorSubsystemVersion;
  212.             public UInt16 MinorSubsystemVersion;
  213.             public UInt32 Win32VersionValue;
  214.             public UInt32 SizeOfImage;
  215.             public UInt32 SizeOfHeaders;
  216.             public UInt32 CheckSum;
  217.             public UInt16 Subsystem;
  218.             public UInt16 DllCharacteristics;
  219.             public UInt32 SizeOfStackReserve;
  220.             public UInt32 SizeOfStackCommit;
  221.             public UInt32 SizeOfHeapReserve;
  222.             public UInt32 SizeOfHeapCommit;
  223.             public UInt32 LoaderFlags;
  224.             public UInt32 NumberOfRvaAndSizes;
  225.             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
  226.             public IMAGE_DATA_DIRECTORY[] DataDirectory;
  227.         }
  228.  
  229.         [StructLayout(LayoutKind.Sequential)]
  230.         private struct IMAGE_DATA_DIRECTORY
  231.         {
  232.             public UInt32 VirtualAddress;
  233.             public UInt32 Size;
  234.         }
  235.  
  236.         [StructLayout(LayoutKind.Sequential)]
  237.         private struct IMAGE_SECTION_HEADER
  238.         {
  239.             [MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
  240.             public byte[] Name;
  241.             public uint VirtualSize;
  242.             public uint VirtualAddress;
  243.             public uint SizeOfRawData;
  244.             public uint PointerToRawData;
  245.             public uint PointerToRelocations;
  246.             public uint PointerToLinenumbers;
  247.             public short NumberOfRelocations;
  248.             public short NumberOfLinenumbers;
  249.             public uint Characteristics;
  250.         }
  251.     }
  252. }