API tools faq
paste
Advertisement
krot

new PE section

krot
Aug 25th, 2016
284
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 4.48 KB | None | 0 0
raw download clone embed print report
  1. #include <stdio.h>
  2. #include <windows.h>
  3.  
  4. DWORD align(DWORD size, DWORD align, DWORD addr){
  5.     if (!(size % align))
  6.         return addr + size;
  7.     return addr + (size / align + 1) * align;
  8. }
  9.  
  10. bool AddSection(char *filepath, char *sectionName, DWORD sizeOfSection){
  11.     HANDLE file = CreateFile(filepath, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  12.     if (file == INVALID_HANDLE_VALUE)
  13.         return false;
  14.     DWORD fileSize = GetFileSize(file, NULL);
  15.     //so we know how much buffer to allocate
  16.     BYTE *pByte = new BYTE[fileSize];
  17.     DWORD dw;
  18.     //lets read the entire file,so we can use the PE information
  19.     ReadFile(file, pByte, fileSize, &dw, NULL);
  20.  
  21.     PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)pByte;
  22.     if (dos->e_magic != IMAGE_DOS_SIGNATURE)
  23.         return false; //invalid PE
  24.     PIMAGE_FILE_HEADER FH = (PIMAGE_FILE_HEADER)(pByte + dos->e_lfanew + sizeof(DWORD));
  25.     PIMAGE_OPTIONAL_HEADER OH = (PIMAGE_OPTIONAL_HEADER)(pByte + dos->e_lfanew + sizeof(DWORD)+sizeof(IMAGE_FILE_HEADER));
  26.     PIMAGE_SECTION_HEADER SH = (PIMAGE_SECTION_HEADER)(pByte + dos->e_lfanew + sizeof(IMAGE_NT_HEADERS));
  27.  
  28.     ZeroMemory(&SH[FH->NumberOfSections], sizeof(IMAGE_SECTION_HEADER));
  29.     CopyMemory(&SH[FH->NumberOfSections].Name, sectionName, 8);
  30.     //We use 8 bytes for section name,cause it is the maximum allowed section name size
  31.  
  32.     //lets insert all the required information about our new PE section
  33.     SH[FH->NumberOfSections].Misc.VirtualSize = align(sizeOfSection, OH->SectionAlignment, 0);
  34.     SH[FH->NumberOfSections].VirtualAddress = align(SH[FH->NumberOfSections - 1].Misc.VirtualSize, OH->SectionAlignment, SH[FH->NumberOfSections - 1].VirtualAddress);
  35.     SH[FH->NumberOfSections].SizeOfRawData = align(sizeOfSection, OH->FileAlignment, 0);
  36.     SH[FH->NumberOfSections].PointerToRawData = align(SH[FH->NumberOfSections - 1].SizeOfRawData, OH->FileAlignment, SH[FH->NumberOfSections - 1].PointerToRawData);
  37.     SH[FH->NumberOfSections].Characteristics = 0xE00000E0;
  38.     /*
  39.         0xE00000E0 = IMAGE_SCN_MEM_WRITE |
  40.                      IMAGE_SCN_CNT_CODE  |
  41.                      IMAGE_SCN_CNT_UNINITIALIZED_DATA  |
  42.                      IMAGE_SCN_MEM_EXECUTE |
  43.                      IMAGE_SCN_CNT_INITIALIZED_DATA |
  44.                      IMAGE_SCN_MEM_READ
  45.     */
  46.     SetFilePointer(file, SH[FH->NumberOfSections].PointerToRawData + SH[FH->NumberOfSections].SizeOfRawData, NULL, FILE_BEGIN);
  47.     //end the file right here,on the last section + it's own size
  48.     SetEndOfFile(file);
  49.     //now lets change the size of the image,to correspond to our modifications
  50.     //by adding a new section,the image size is bigger now
  51.     OH->SizeOfImage = SH[FH->NumberOfSections].VirtualAddress + SH[FH->NumberOfSections].Misc.VirtualSize;
  52.     //and we added a new section,so we change the NOS too
  53.     FH->NumberOfSections += 1;
  54.     SetFilePointer(file, 0, NULL, FILE_BEGIN);
  55.     //and finaly,we add all the modifications to the file
  56.     WriteFile(file, pByte, fileSize, &dw, NULL);
  57.     CloseHandle(file);
  58.     return true;
  59. }
  60.  
  61. bool AddCode(char *filepath){
  62.     HANDLE file = CreateFile(filepath, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  63.     if (file == INVALID_HANDLE_VALUE)
  64.         return false;
  65.     DWORD filesize = GetFileSize(file, NULL);
  66.     BYTE *pByte = new BYTE[filesize];
  67.     DWORD dw;
  68.     ReadFile(file, pByte, filesize, &dw, NULL);
  69.     PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)pByte;
  70.     PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(pByte + dos->e_lfanew);
  71.  
  72.     //since we added a new section,it must be the last section added,cause of the code inside
  73.     //AddSection function,thus we must get to the last section to insert our secret data :)
  74.     PIMAGE_SECTION_HEADER first = IMAGE_FIRST_SECTION(nt);
  75.     PIMAGE_SECTION_HEADER last = first + (nt->FileHeader.NumberOfSections - 1);
  76.  
  77.     SetFilePointer(file, last->PointerToRawData, NULL, FILE_BEGIN);
  78.     char *str = "ATHENIAN WAS HERE";
  79.     WriteFile(file, str, strlen(str), &dw, 0);
  80.     CloseHandle(file);
  81.     return TRUE;
  82. }
  83.  
  84. void main()
  85. {
  86.     if (AddSection("C:\\Users\\M\\Desktop\\Athena.exe", ".ATH", 400)){
  87.         printf("Section added!\n");
  88.         //Lets insert data into the last section
  89.         if (AddCode("C:\\Users\\M\\Desktop\\Athena.exe")){
  90.             printf("Code written!\n");
  91.         }
  92.         else
  93.             printf("Error writting code!\n");
  94.     }
  95.     else
  96.         printf("Error adding section!\n");
  97. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!