public static void GetImageHeaders(byte[] rawImage, out NT.IMAGE_DOS_HEADER dosHeader, out NT.IMAGE_FILE_HEADER fileHeader, out NT.IMAGE_OPTIONAL_HEADER64 optionalHeader)
{
fixed(byte *imagePointer = &rawImage[0])
{
dosHeader = *(NT.IMAGE_DOS_HEADER *)imagePointer;
NT.IMAGE_NT_HEADERS *ntHeader = (NT.IMAGE_NT_HEADERS *)(imagePointer + dosHeader.e_lfanew);
fileHeader = ntHeader->FileHeader;
optionalHeader = ntHeader->OptionalHeader;
}
}
public void WriteImageSections(byte[] rawImage, NT.IMAGE_DOS_HEADER dosHeader, ulong localImage, int numberOfSections)
{
// GET POINTER TO FIRST MEMORY SECTION - LOCATED RIGHT AFTER HEADERS
NT.IMAGE_SECTION_HEADER *sections = Tools.GetFirstSection(localImage, dosHeader);
// ITERATE PE SECTIONS
for (int index = 0; index < numberOfSections; index++)
{
if (sections[index].SizeOfRawData > 0)
{
ulong localSectionPointer = localImage + sections[index].VirtualAddress;
Marshal.Copy(rawImage, (int)sections[index].PointerToRawData, (IntPtr)localSectionPointer, (int)sections[index].SizeOfRawData);
//Log.LogInfo($"{sections[index].SectionName} - {sections[index].SizeOfRawData}");
}
}
}
// SAME TBH public static NT.IMAGE_SECTION_HEADER *GetFirstSection(ulong localImage, NT.IMAGE_DOS_HEADER dosHeader) => (NT.IMAGE_SECTION_HEADER *)(localImage + (uint)dosHeader.e_lfanew /*START OF NTHEADER*/ + (uint)Marshal.SizeOf <NT.IMAGE_NT_HEADERS>());
