Advertisement
Guest User

Untitled

a guest
Mar 27th, 2017
44
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 3.21 KB | None | 0 0
  1. using System;
  2. using System.Collections.Generic;
  3. using System.Linq;
  4. using System.Runtime.InteropServices;
  5. using System.Text;
  6. using System.Threading.Tasks;
  7. using System.Diagnostics;
  8.  
  9. unsafe class PE_Mapper_
  10. {
  11.     public Definitions._IMAGE_DOS_HEADER IMAGE_DOS_HEADER = new Definitions._IMAGE_DOS_HEADER();
  12.     private int IMAGE_DOS_HEADER_SIZE = sizeof(Definitions._IMAGE_DOS_HEADER);
  13.     private IntPtr pIMAGE_DOS_HEADER = IntPtr.Zero;
  14.  
  15.     public Definitions._IMAGE_FILE_HEADER IMAGE_FILE_HEADER = new Definitions._IMAGE_FILE_HEADER();
  16.     private int IMAGE_FILE_HEADER_SIZE = sizeof(Definitions._IMAGE_FILE_HEADER);
  17.     private IntPtr pIMAGE_FILE_HEADER = IntPtr.Zero;
  18.  
  19.     public Definitions._IMAGE_OPTIONAL_HEADER IMAGE_OPTIONAL_HEADER = new Definitions._IMAGE_OPTIONAL_HEADER();
  20.     private int IMAGE_OPTIONAL_HEADER_SIZE = Marshal.SizeOf(typeof(Definitions._IMAGE_OPTIONAL_HEADER));//96;//Default size of optional header
  21.     private IntPtr pIMAGE_OPTIONAL_HEADER = IntPtr.Zero;
  22.  
  23.     public PE_Mapper_(ref byte[] bytes)
  24.     {
  25.         MapPE(ref bytes);
  26.     }
  27.  
  28.     public void MapPE(ref byte[] bytes)
  29.     {
  30.         if (!IsValidDosHeader(ref bytes))
  31.             throw new Exception("Invalid DOS Header");
  32.  
  33.         pIMAGE_DOS_HEADER = cMemory.Pointer.PointerOf(ref IMAGE_DOS_HEADER);
  34.         pIMAGE_FILE_HEADER = cMemory.Pointer.PointerOf(ref IMAGE_FILE_HEADER);
  35.         pIMAGE_OPTIONAL_HEADER = cMemory.Pointer.PointerOf(ref IMAGE_OPTIONAL_HEADER);
  36.  
  37.         for (int i = 0; i < IMAGE_DOS_HEADER_SIZE; i++)
  38.             *(byte*)(pIMAGE_DOS_HEADER + i) = bytes[i];
  39.  
  40.         if (!IsValidPeHeader(ref bytes, IMAGE_DOS_HEADER.e_lfanew))
  41.             throw new Exception("Invalid PE header");
  42.  
  43.         IMAGE_DOS_HEADER.e_lfanew += 4;//To account for the signiture. Not the best idea directly adding to this though
  44.  
  45.         uint startRead = IMAGE_DOS_HEADER.e_lfanew;
  46.         uint readSize = startRead + (uint)IMAGE_FILE_HEADER_SIZE;
  47.  
  48.         for (int i = 0; startRead < readSize; i++, startRead++)
  49.             *(byte*)(pIMAGE_FILE_HEADER + i) = bytes[startRead];
  50.  
  51.         #region Optional Header
  52.         byte[] optionalHeader = new byte[IMAGE_FILE_HEADER.SizeOfOptionalHeader];
  53.  
  54.         for (uint i = 0, tempReadSize = readSize; i < IMAGE_FILE_HEADER.SizeOfOptionalHeader; i++, tempReadSize++)
  55.             optionalHeader[i] = bytes[tempReadSize];
  56.  
  57.         IMAGE_OPTIONAL_HEADER = (Definitions._IMAGE_OPTIONAL_HEADER)Marshal.PtrToStructure(cMemory.Pointer.GetUnmanagedPointerAndAllocate(optionalHeader), typeof(Definitions._IMAGE_OPTIONAL_HEADER));
  58.  
  59.         #region OLD
  60.         //for (int i = 0; i <= IMAGE_FILE_HEADER.SizeOfOptionalHeader; i++, readSize++)
  61.         //    *(byte*)(pIMAGE_OPTIONAL_HEADER + i) = bytes[readSize];
  62.         #endregion
  63.         #endregion
  64.     }
  65.  
  66.     #region Functions
  67.     private static bool IsValidDosHeader(ref byte[] peHeader, uint offset = 0)
  68.     {
  69.         return (peHeader[offset + 0] == 'M' && peHeader[offset + 1] == 'Z');
  70.     }
  71.  
  72.     private static bool IsValidPeHeader(ref byte[] peHeader, uint offset = 0)
  73.     {
  74.         return ((peHeader[offset + 0] == 'P') && (peHeader[offset + 1] == 'E') && (peHeader[offset + 2] == 0x00) && (peHeader[offset + 3] == 0x00));
  75.     }
  76.     #endregion
  77. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement