public void Process(string[] args)
{
if (args.Length != 2)
{
P.Info("print command usage");
P.Info(" authentipatch print <filename>");
return;
}
var inputFile = args[1];
using (var parser = new PeParser(inputFile))
{
parser.Parse();
PrintFields(parser.Fields);
}
}
public void Process(string[] args)
{
if (args.Length != 4)
{
P.Info("addAuthPayload usage:");
P.Info(" authentipatch addAuthPayload <inputfile> <payloadFile> <outputFile>");
P.Info(" PayloadFile size should be a multipe of 8, because of PE format.");
return;
}
var inputFile = args[1];
var outputFile = args[3];
var payloadFile = args[2];
using (var parser = new PeParser(inputFile))
{
parser.Parse();
var payload = File.ReadAllBytes(payloadFile);
PatchAuthenticode(parser, inputFile, outputFile, payload);
}
}
public void Process(string[] args)
{
if (args.Length < 4)
{
P.Info("dump command usage");
P.Info(" authentipatch dump <format> <filename> <offset> [size]");
P.Info(" format can be any of:");
//P.Info(" raw raw bytes printed to the output. Recomended redirection.");
P.Info(" hex 00 4F 3B AB 00 44 01 0A 00 4F 3B AB 00 44 01 0A");
P.Info(" sx \\x00\\x4F\\x3B\\xAB\\x00\\x44\\x01\\x0A\\x00\\x4F\\x3B\\xAB\\x00\\x44\\x01\\x0A");
P.Info(" zx 0x00,0x4F,0x3B,0xAB,0x00,0x44,0x01,0x0A,0x00,0x4F,0x3B,0xAB,0x00,0x44,0x01,0x0A");
P.Info(" offset can be any of:");
P.Info(" section name: .text In this case, size is not required");
P.Info(" decimal value: 34563");
P.Info(" hex value: 0x34A63");
P.Info("");
P.Info("Samples:");
P.Info(" authentipatch dump sx c:\\windows\\system32\\calc.exe .text");
P.Info(" authentipatch dump hex c:\\windows\\system32\\calc.exe .text");
P.Info(" authentipatch dump raw c:\\windows\\system32\\calc.exe 307200 0x345");
return;
}
var format = args[1];
var inputFile = args[2];
long offset, size;
byte[] content;
Action <byte[]> formatter;
switch (format.ToLower())
{
//case "raw": formatter = DumpRawContent; break;
case "hex": formatter = DumpHexContent; break;
case "sx": formatter = DumpSXContent; break;
case "zx": formatter = DumpZXContent; break;
default: throw new Exception($"Invalid format '{format}'");
}
using (var parser = new PeParser(inputFile))
{
parser.Parse();
(offset, size) = OffsetUtils.ParseOffset(parser, args[3]);
if (args.Length > 4)
{
size = OffsetUtils.ParseNumber(args[4]);
}
if (size == 0 || size == -1)
{
throw new Exception("Must specify a size");
}
// load the target content
parser.SeekAbsolute(offset);
content = parser.Reader.ReadBytes((int)size);
}
formatter(content);
}