private IRelocationDirectoryInfo CreateDirectoryInfoFromList(
List <RelocationTypeOffset> relocationTypeOffetList, ICode code,
IImageBaseRelocationSerializer imageBaseRelocationSerializer,
IRelocationDirectoryInfoFactory relocationDirecroryInfoFactory)
{
var relocationInfo = code.CodeInMemoryLayout.RelocationDirectoryInfo;
//the relocation directory might grow up to twice. the obfuscation algorithm might add jump instruction for each existing
//jump instruction which doubles the number of addresses
var newBufferSize = relocationInfo.RelocationDirectorySize * 2;
byte[] buffer = new byte[newBufferSize];
List <IMAGE_BASE_RELOCATION> imageBaseRelocationList = new List <IMAGE_BASE_RELOCATION>();
//contains reloction offset list of virtual addresses from 0 to 999 after performing
//virtual address%1000
IMAGE_BASE_RELOCATION relocations0To999;
ulong bufferIndex = 0;
int listIndex = 0;
while (listIndex < relocationTypeOffetList.Count)
{
relocations0To999 = CreateRelocationsFrom0To999(relocationTypeOffetList,
ref listIndex, buffer, ref bufferIndex, imageBaseRelocationSerializer);
imageBaseRelocationList.Add(relocations0To999);
}
List <RelocationTypeOffsetItem> newCodeAddressesInData = GetNewAddressesInData(code);
return(relocationDirecroryInfoFactory.Create(imageBaseRelocationList.ToArray(),
(uint)bufferIndex, buffer, 0, newCodeAddressesInData));
}
private IMAGE_BASE_RELOCATION CreateRelocationsFrom0To999(
List <RelocationTypeOffset> relocationTypeOffetList, ref int listIndex,
byte[] buffer, ref ulong bufferIndex,
IImageBaseRelocationSerializer imageBaseRelocationSerialiazer)
{
//get the first item virtual relocation address
if (relocationTypeOffetList.Count < listIndex)
{
return(null);
}
if ((uint)bufferIndex >= buffer.Length)
{
return(null);
}
var firstRelocationAddress = relocationTypeOffetList[listIndex].Offset;
//if for example the first virtual address to check is 0x3034, than max address is 0x4000
var maxVirtualAddressToCheck = ((firstRelocationAddress / 0x1000) + 1) * 0x1000;
var relocationsList0To999 = new List <RelocationTypeOffset>();
var oldBufferIndex = bufferIndex;
while (relocationTypeOffetList.Count > listIndex &&
relocationTypeOffetList[listIndex].Offset < maxVirtualAddressToCheck)
{
relocationsList0To999.Add(relocationTypeOffetList[listIndex]);
listIndex++;
}
if (relocationsList0To999.Count % 2 != 0)
{
relocationsList0To999.Add(RelocationTypeOffset.PaddingRelocationOffset);
}
imageBaseRelocationSerialiazer.Serialize(buffer, ref bufferIndex, relocationsList0To999);
return(new IMAGE_BASE_RELOCATION(buffer, (uint)oldBufferIndex, (uint)buffer.Length));
}
public RelocationDirectoryFromNewCode(IImageBaseRelocationSerializer imageBaseRelcationSerializer,
IRelocationDirectoryInfoFactory relocationDirectoryInfoFactory)
{
m_ImageBaseRelocationSerializer = imageBaseRelcationSerializer ??
throw new ArgumentNullException(nameof(imageBaseRelcationSerializer));
m_relocationDirectoryInfoFactory = relocationDirectoryInfoFactory ??
throw new ArgumentNullException(nameof(relocationDirectoryInfoFactory));
}
