Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <iostream>
- #include <windows.h>
- #include <fstream>
- #include <cstdlib>
- typedef BOOL(WINAPI* PDLL_MAIN)(HMODULE, DWORD, PVOID);
- typedef struct _PE_FILE {
- PIMAGE_DOS_HEADER dos_header;
- PIMAGE_NT_HEADERS pe_header;
- PIMAGE_SECTION_HEADER section_header;
- }PE_FILE, *PPE_FILE;
- typedef struct _DLL_LOADER {
- PPE_FILE pe_file;
- PVOID image;
- }DLL_LOADER;
- DWORD WINAPI LoadDLL(DLL_LOADER dll_loader) {
- PIMAGE_BASE_RELOCATION base_relocation = (PIMAGE_BASE_RELOCATION)((LPBYTE)dll_loader.image + dll_loader.pe_file->pe_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
- PIMAGE_IMPORT_DESCRIPTOR import_descriptor = (PIMAGE_IMPORT_DESCRIPTOR)((LPBYTE)dll_loader.image + dll_loader.pe_file->pe_header->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
- PIMAGE_NT_HEADERS pe_header = (PIMAGE_NT_HEADERS)((LPBYTE)dll_loader.image + dll_loader.pe_file->dos_header->e_lfanew);
- DWORD delta = (DWORD)((LPBYTE)dll_loader.image - dll_loader.pe_file->pe_header->OptionalHeader.ImageBase); //difference
- printf("ImageBase adress is %#x\n", dll_loader.pe_file->pe_header->OptionalHeader.ImageBase);
- printf("Delta for relocation is %#x\n", delta);
- PDWORD ptr;
- while (base_relocation->VirtualAddress) {
- printf("Base relocation %#x\n", base_relocation->VirtualAddress);
- if (base_relocation->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION)) {
- DWORD count = ((base_relocation->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD));
- PWORD list = (PWORD)(base_relocation + 1);
- for (int i = 0; i < count; i++)
- {
- if (list[i])
- {
- ptr = (PDWORD)((LPBYTE)dll_loader.image + (base_relocation->VirtualAddress + (list[i] & 0xFFF)));
- *ptr += delta;
- }
- }
- }
- base_relocation = (PIMAGE_BASE_RELOCATION)((LPBYTE)base_relocation + base_relocation->SizeOfBlock);
- }
- PIMAGE_THUNK_DATA FirstThunk, OrigFirstThunk;
- while (import_descriptor->Characteristics) {
- OrigFirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)dll_loader.image + import_descriptor->OriginalFirstThunk);
- FirstThunk = (PIMAGE_THUNK_DATA)((LPBYTE)dll_loader.image + import_descriptor->FirstThunk);
- HMODULE hModule = LoadLibraryA((LPCSTR)dll_loader.image + import_descriptor->Name);
- if (!hModule) {
- return FALSE;
- }
- while (OrigFirstThunk->u1.AddressOfData) {
- if (OrigFirstThunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) {
- DWORD func = (DWORD)GetProcAddress(hModule, (LPCSTR)(OrigFirstThunk->u1.Ordinal & 0xFFFF));
- if (!func) {
- return false;
- }
- FirstThunk->u1.Function = func;
- }
- else {
- PIMAGE_IMPORT_BY_NAME import_by_name = (PIMAGE_IMPORT_BY_NAME)((LPBYTE)dll_loader.image + OrigFirstThunk->u1.AddressOfData);
- DWORD func = (DWORD)GetProcAddress(hModule, (LPCSTR)import_by_name->Name);
- if (!func) {
- return false;
- }
- FirstThunk->u1.Function = func;
- }
- OrigFirstThunk++;
- FirstThunk++;
- }
- import_descriptor++;
- }
- if (dll_loader.pe_file->pe_header->OptionalHeader.AddressOfEntryPoint) {
- PDLL_MAIN entry_point = (PDLL_MAIN)((LPBYTE)dll_loader.image + pe_header->OptionalHeader.AddressOfEntryPoint);
- return entry_point((HMODULE)dll_loader.image, DLL_PROCESS_ATTACH, NULL);
- }
- return TRUE;
- }
- PE_FILE ParsePE(char* buffer) {
- PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)buffer;
- PIMAGE_NT_HEADERS pe_header = (PIMAGE_NT_HEADERS)(buffer + dos_header->e_lfanew);
- PIMAGE_SECTION_HEADER section_header = (PIMAGE_SECTION_HEADER)(buffer + dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS));
- PE_FILE pe_file;
- pe_file.dos_header = dos_header;
- pe_file.pe_header = pe_header;
- pe_file.section_header = section_header;
- return pe_file;
- }
- bool IsValidPE(PE_FILE pe_file) {
- if (pe_file.dos_header->e_magic != IMAGE_DOS_SIGNATURE) {
- return false;
- }
- if (pe_file.pe_header->Signature != IMAGE_NT_SIGNATURE) {
- return false;
- }
- if (!(pe_file.pe_header->FileHeader.Characteristics & IMAGE_FILE_DLL)) {
- return false;
- }
- return true;
- }
- int main() {
- std::ifstream file(/*path*/, std::ios::binary);
- if (!file.is_open()) {
- return EXIT_FAILURE;
- }
- file.seekg(0, file.end);
- int size = file.tellg();
- file.seekg(0, file.beg);
- char* buffer = (char*)malloc(sizeof(char) * size);
- file.read(buffer, size);
- file.close();
- if (!buffer) {
- return EXIT_FAILURE;
- }
- PE_FILE pe_file = ParsePE(buffer);
- if (!IsValidPE(pe_file)) {
- return EXIT_FAILURE;
- }
- PVOID image = VirtualAlloc(NULL,
- pe_file.pe_header->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
- if (!image) {
- return EXIT_FAILURE;
- }
- if (!memcpy(image, buffer, pe_file.pe_header->OptionalHeader.SizeOfHeaders)) {
- return EXIT_FAILURE;
- }
- for (int i = 0; i < pe_file.pe_header->FileHeader.NumberOfSections; i++) {
- memcpy((LPBYTE)image + pe_file.section_header[i].VirtualAddress,
- (LPBYTE)buffer + pe_file.section_header[i].PointerToRawData,
- pe_file.section_header[i].SizeOfRawData);
- }
- printf("Dll write at %#x\n", image);
- printf("EntryPoint at %#x\n", (LPBYTE)image + pe_file.pe_header->OptionalHeader.AddressOfEntryPoint);
- DLL_LOADER dll_loader;
- dll_loader.pe_file = &pe_file;
- dll_loader.image = image;
- if (!LoadDLL(dll_loader)) {
- return EXIT_FAILURE;
- }
- return EXIT_SUCCESS;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement