private void LoadSectionTable()
{
int index;
int numOfDirectories;
int numOfSections;
byte[] arr = new byte[40];
if (_b32 == true)
{
numOfDirectories = Convert.ToInt32(_NT_HEADERS32.OptionalHeader.NumberOfRvaAndSizes);
index = Convert.ToInt32(_DOS_HEADER.e_lfanew) + 120 + numOfDirectories * 8;
numOfSections = _NT_HEADERS32.FileHeader.NumberOfSections;
}
else
{
numOfDirectories = Convert.ToInt32(_NT_HEADERS64.OptionalHeader.NumberOfRvaAndSizes);
index = Convert.ToInt32(_DOS_HEADER.e_lfanew) + 136 + numOfDirectories * 8;
numOfSections = _NT_HEADERS64.FileHeader.NumberOfSections;
}
_HeaderLength = index;
File.Seek(index, 0);
IMAGE_SECTION_HEADER tmp = new IMAGE_SECTION_HEADER();
for (int i = 0; i < numOfSections; i++)
{
File.Read(arr, 0, 40);
ByteToType <IMAGE_SECTION_HEADER>(ref tmp, arr);
_SECTION_TABLE.Add(tmp);
}
}
public void StaticDLLInjectionByAddingSection(string DllName, string FuncName)
{
AddNewSection(".Patch", 1024);
IMAGE_SECTION_HEADER LastSecHeader = _SECTION_TABLE.Last();
File = new FileStream(this.Name, System.IO.FileMode.Open);
UInt32 RAW = LastSecHeader.PointerToRawData;
int index;
UInt32 offsetOfOriginalFirstThunk = RAW;
UInt32 offsetOfFirstThunk = RAW + 8;
UInt32 offsetOfDLLName = offsetOfFirstThunk + 8;
UInt32 offsetOfIMAGE_IMPORT_BY_NAME = offsetOfDLLName + Convert.ToUInt32(DllName.Length) + 2;
UInt32 offsetOfNew_IID = offsetOfIMAGE_IMPORT_BY_NAME + Convert.ToUInt32(FuncName.Length) + 6;
UInt32 OriginalFirstThunk = offsetOfIMAGE_IMPORT_BY_NAME;
UInt32 FirstThunk = OriginalFirstThunk;
UInt32 RVAOfOffsetOriginalFirstThunk = RAWToRVA(offsetOfOriginalFirstThunk);
UInt32 RVOffsetOfFirstThunk = RAWToRVA(offsetOfFirstThunk);
UInt32 RVAOffsetOfDllName = RAWToRVA(offsetOfDLLName);
UInt32 RVAOfOrignalFirstThunk = RAWToRVA(OriginalFirstThunk);
UInt32 RVAOfFirstThunk = RAWToRVA(OriginalFirstThunk);
UInt32 RVAOfOffsetOfNew_IID = RAWToRVA(offsetOfNew_IID);
_IMPORT_DIRECTORY.Size += 0x14;
_IMPORT_DIRECTORY.VirtualAddress = RVAOfOffsetOfNew_IID;
if (_b32 == true)
{
index = Convert.ToInt32(_DOS_HEADER.e_lfanew) + 128;
}
else
{
index = Convert.ToInt32(_DOS_HEADER.e_lfanew) + 144;
}
File.Seek(index, 0);
WriteType <IMAGE_DATA_DIRECTORY>(ref _IMPORT_DIRECTORY);
File.Seek(offsetOfOriginalFirstThunk, 0);
WriteType <UInt32>(ref RVAOfOrignalFirstThunk);
File.Seek(offsetOfFirstThunk, 0);
WriteType <UInt32>(ref RVAOfFirstThunk);
File.Seek(offsetOfDLLName, 0);
byte[] bytes = Encoding.ASCII.GetBytes(DllName);
File.Write(bytes);
File.Seek(offsetOfIMAGE_IMPORT_BY_NAME + 2, 0);
bytes = Encoding.ASCII.GetBytes(FuncName);
File.Write(bytes);
IMAGE_IMPORT_DESCRIPTOR IID;
File.Seek(offsetOfNew_IID, 0);
IID.OriginalFirstThunk = RVAOfOffsetOriginalFirstThunk;
IID.FirstThunk = RVOffsetOfFirstThunk;
IID.Name = RVAOffsetOfDllName;
IID.ForwarderChain = 0;
IID.TimeDateStamp = 0;
_IMPORT_TABLE.Add(IID);
IMAGE_IMPORT_DESCRIPTOR tmp;
for (int i = 0; i < _IMPORT_TABLE.Count; i++)
{
tmp = _IMPORT_TABLE[i];
if (tmp.FirstThunk == 0 && tmp.OriginalFirstThunk == 0)
{
continue;
}
WriteType <IMAGE_IMPORT_DESCRIPTOR>(ref tmp);
}
File.Close();
}
public void AddNewSection(string SectionName, UInt32 SectionSize)
{
File = new FileStream(this.Name, System.IO.FileMode.Open);
UInt32 SecHeadindex;
UInt32 NumberOfRvaAndSizes;
UInt32 NumberOfSections;
UInt32 FileAlignment, SectionAlignment, AlignedSecSize;
if (_b32)
{
FileAlignment = _NT_HEADERS32.OptionalHeader.FileAlignment;
SectionAlignment = _NT_HEADERS32.OptionalHeader.SectionAlignment;
NumberOfRvaAndSizes = _NT_HEADERS32.OptionalHeader.NumberOfRvaAndSizes;
NumberOfSections = _NT_HEADERS32.FileHeader.NumberOfSections;
}
else
{
FileAlignment = _NT_HEADERS64.OptionalHeader.FileAlignment;
SectionAlignment = _NT_HEADERS64.OptionalHeader.SectionAlignment;
NumberOfRvaAndSizes = _NT_HEADERS64.OptionalHeader.NumberOfRvaAndSizes;
NumberOfSections = _NT_HEADERS64.FileHeader.NumberOfSections;
}
UInt32 SectionVA = _SECTION_TABLE.Last().VirtualAddress + GetAlignedSize(_SECTION_TABLE.Last().VirtualSize, SectionAlignment);
UInt32 SectionRawOffset = _SECTION_TABLE.Last().PointerToRawData + GetAlignedSize(_SECTION_TABLE.Last().SizeOfRawData, FileAlignment);
AlignedSecSize = GetAlignedSize(SectionSize, FileAlignment);
SecHeadindex = _DOS_HEADER.e_lfanew + Convert.ToUInt32(Marshal.SizeOf <IMAGE_NT_HEADERS32>() +
NumberOfRvaAndSizes * Marshal.SizeOf <IMAGE_DATA_DIRECTORY>() + NumberOfSections * Marshal.SizeOf <IMAGE_SECTION_HEADER>());
File.Seek(_DOS_HEADER.e_lfanew, 0);
if (_b32)
{
_NT_HEADERS32.FileHeader.NumberOfSections += 1;
_NT_HEADERS32.OptionalHeader.SizeOfImage += AlignedSecSize;
WriteType <IMAGE_NT_HEADERS32>(ref _NT_HEADERS32);
}
else
{
_NT_HEADERS64.FileHeader.NumberOfSections += 1;
_NT_HEADERS64.OptionalHeader.SizeOfImage += AlignedSecSize;
WriteType <IMAGE_NT_HEADERS64>(ref _NT_HEADERS64);
}
IMAGE_SECTION_HEADER newSecHeader = new IMAGE_SECTION_HEADER();
byte[] tmp = Encoding.ASCII.GetBytes(SectionName);
UInt64 _Name = 0;
ByteToType <UInt64>(ref _Name, tmp);
newSecHeader.Name = _Name;
newSecHeader.VirtualSize = AlignedSecSize;
newSecHeader.VirtualAddress = SectionVA;
newSecHeader.PointerToRawData = SectionRawOffset;
newSecHeader.SizeOfRawData = AlignedSecSize;
newSecHeader.Characteristics = 0x00000040 | 0x40000000 | 0x80000000 | 0x20000000;
_SECTION_TABLE.Add(newSecHeader);
File.Seek(SecHeadindex, 0);
WriteType <IMAGE_SECTION_HEADER>(ref newSecHeader);
byte[] filling = new byte[AlignedSecSize];
File.Seek(SectionRawOffset, 0);
File.Write(filling);
File.Close();
}
