-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathEmbeddingCode.cpp
153 lines (111 loc) · 6.29 KB
/
EmbeddingCode.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#include "pch.h"
#include "EmbeddingCode.h"
DWORD align(DWORD size, DWORD align, DWORD addr) {
if (!(size % align))
return addr + size;
return addr + (size / align + 1) * align;
}
std::vector<DWORD> writeNewSection(char*& programData, int& dataSize, DWORD uniqueIdentifyer, const char* nameOfSection, DWORD charicteristecs, std::vector<stringReferenceClass>& stringsToEmbed) {
PIMAGE_DOS_HEADER pDosHeader_setup = (PIMAGE_DOS_HEADER)programData;
PIMAGE_OPTIONAL_HEADER OH_setup = (PIMAGE_OPTIONAL_HEADER)(programData + pDosHeader_setup->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER));
// get size of new section and extend size appropriately
int sizeOfNewSection = 20;
std::vector<DWORD> addressesOfStrings;
for (auto& string : stringsToEmbed) {
if (string.changedString == L"")
continue;
sizeOfNewSection += (string.changedString.size()+1);
};
sizeOfNewSection = align(sizeOfNewSection, OH_setup->FileAlignment, 0);
char* newProgramData = new char[dataSize+sizeOfNewSection]();
memcpy(newProgramData,programData, dataSize);
delete[] programData;
programData = newProgramData;
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)programData;
PIMAGE_FILE_HEADER FH = (PIMAGE_FILE_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD));
PIMAGE_OPTIONAL_HEADER OH = (PIMAGE_OPTIONAL_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER));
PIMAGE_SECTION_HEADER SH = (PIMAGE_SECTION_HEADER)(programData + pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS));
// write new section's header into data
ZeroMemory(&SH[FH->NumberOfSections], sizeof(IMAGE_SECTION_HEADER));
CopyMemory(&SH[FH->NumberOfSections].Name, nameOfSection, 8);
SH[FH->NumberOfSections].Misc.VirtualSize = align(sizeOfNewSection, OH->SectionAlignment, 0);
SH[FH->NumberOfSections].VirtualAddress = align(SH[FH->NumberOfSections - 1].Misc.VirtualSize, OH->SectionAlignment, SH[FH->NumberOfSections - 1].VirtualAddress);
// compiler makes theses section header values all zero later on without warning or reason so have to save the value for use
DWORD savedRVA = SH[FH->NumberOfSections].VirtualAddress;
SH[FH->NumberOfSections].SizeOfRawData = align(sizeOfNewSection, OH->FileAlignment, 0);
SH[FH->NumberOfSections].PointerToRawData = dataSize;
SH[FH->NumberOfSections].Characteristics = charicteristecs;
OH->SizeOfImage = SH[FH->NumberOfSections].VirtualAddress + SH[FH->NumberOfSections].Misc.VirtualSize;
FH->NumberOfSections += 1;
// write data into new sections data
for (int i = 0; i < 4; i++) {
newProgramData[(dataSize)+i] = (uniqueIdentifyer >> (i * 8));
}
DWORD currentMemLoc = 10 + dataSize;
for (auto& string : stringsToEmbed) {
if (string.changedString == L"")
continue;
for (int i = 0; i < string.changedString.size(); i++) {
if (string.originWasWchar)
programData[currentMemLoc + (i*2)] = string.changedString[i];
else
programData[currentMemLoc + i] = string.changedString[i];
if (i == 0)
string.changedStringAddress = getVirtualAddressFromPyisical(currentMemLoc, dataSize, OH->ImageBase, savedRVA);
}
currentMemLoc += (string.changedString.size() + 2);
if (string.originWasWchar)
currentMemLoc += string.changedString.size();
};
dataSize += sizeOfNewSection;
return addressesOfStrings;
}
void deleateLastSection(char*& programData, int& dataSize) {
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)programData;
PIMAGE_FILE_HEADER FH = (PIMAGE_FILE_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD));
PIMAGE_OPTIONAL_HEADER OH = (PIMAGE_OPTIONAL_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER));
PIMAGE_SECTION_HEADER SH = (PIMAGE_SECTION_HEADER)(programData + pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS));
int lastSecIndex = FH->NumberOfSections - 1;
OH->SizeOfImage -= SH[lastSecIndex].Misc.VirtualSize;
FH->NumberOfSections -= 1;
int sizeOfNewFile = dataSize - SH[lastSecIndex].SizeOfRawData;
int saved_e_lfanew = pDosHeader->e_lfanew;
char* newProgData = new char[sizeOfNewFile];
memcpy(newProgData, programData, sizeOfNewFile);
delete[] programData;
programData = newProgData;
dataSize = sizeOfNewFile;
void* addressOfLastSectionHeader = (programData + saved_e_lfanew + sizeof(IMAGE_NT_HEADERS)) + (lastSecIndex * sizeof(IMAGE_SECTION_HEADER));
ZeroMemory(addressOfLastSectionHeader, sizeof(IMAGE_SECTION_HEADER));
}
// function to find position of unique identifyer
std::pair<int,int> findPosOfUniqIdentity(char*& programData,DWORD uniqueIdentifyer){
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)programData;
PIMAGE_FILE_HEADER FH = (PIMAGE_FILE_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD));
// PIMAGE_OPTIONAL_HEADER OH = (PIMAGE_OPTIONAL_HEADER)(programData + pDosHeader->e_lfanew + sizeof(DWORD) + sizeof(IMAGE_FILE_HEADER));
PIMAGE_SECTION_HEADER SH = (PIMAGE_SECTION_HEADER)(programData + pDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS));
int foundPos = -1;
int numOfSections = FH->NumberOfSections;
for (int i = 0; i < numOfSections; i++) {
int startOfSectionHeader = SH[i].PointerToRawData;
int numCorrect = 0;
for (int j = 0; j < 4; j++) {
if (programData[(startOfSectionHeader)+j] == (char)(uniqueIdentifyer >> (j * 8)))
numCorrect++;
}
if (numCorrect != 4)
continue;
foundPos = i;
}
return std::make_pair(foundPos,numOfSections);
}
bool openSectionHeader(char*& programData, int& dataSize, DWORD uniqueIdentifyer, const char* nameOfSection, DWORD charicteristecs, std::vector<stringReferenceClass>& stringsToEmbed) {
std::pair<int,int> posData = findPosOfUniqIdentity(programData,uniqueIdentifyer);
if(posData.first == posData.second - 1){// if the section with the uniqie id is the last section
deleateLastSection(programData, dataSize);
writeNewSection(programData, dataSize, uniqueIdentifyer, nameOfSection, charicteristecs, stringsToEmbed);
}
else if (posData.first == -1)
writeNewSection(programData, dataSize, uniqueIdentifyer, nameOfSection, charicteristecs, stringsToEmbed);
return 0;
}