C# (CSharp) AuthentiPatcher PeParser.Parse 예제들

예제 #1

파일: PrintCommand.cs 프로젝트: dsuarezv/PEWalker

        public void Process(string[] args)
        {
            if (args.Length != 2)
            {
                P.Info("print command usage");
                P.Info("  authentipatch print <filename>");
                return;
            }

            var inputFile = args[1];

            using (var parser = new PeParser(inputFile))
            {
                parser.Parse();
                PrintFields(parser.Fields);
            }
        }

예제 #2

        public void Process(string[] args)
        {
            if (args.Length != 4)
            {
                P.Info("addAuthPayload usage:");
                P.Info("  authentipatch addAuthPayload <inputfile> <payloadFile> <outputFile>");
                P.Info("    PayloadFile size should be a multipe of 8, because of PE format.");
                return;
            }

            var inputFile   = args[1];
            var outputFile  = args[3];
            var payloadFile = args[2];

            using (var parser = new PeParser(inputFile))
            {
                parser.Parse();

                var payload = File.ReadAllBytes(payloadFile);
                PatchAuthenticode(parser, inputFile, outputFile, payload);
            }
        }

예제 #3

파일: DumpCommand.cs 프로젝트: dsuarezv/PEWalker

        public void Process(string[] args)
        {
            if (args.Length < 4)
            {
                P.Info("dump command usage");
                P.Info("  authentipatch dump <format> <filename> <offset> [size]");
                P.Info("    format can be any of:");
                //P.Info("      raw  raw bytes printed to the output. Recomended redirection.");
                P.Info("      hex  00 4F 3B AB 00 44 01 0A  00 4F 3B AB 00 44 01 0A");
                P.Info("      sx   \\x00\\x4F\\x3B\\xAB\\x00\\x44\\x01\\x0A\\x00\\x4F\\x3B\\xAB\\x00\\x44\\x01\\x0A");
                P.Info("      zx   0x00,0x4F,0x3B,0xAB,0x00,0x44,0x01,0x0A,0x00,0x4F,0x3B,0xAB,0x00,0x44,0x01,0x0A");
                P.Info("    offset can be any of:");
                P.Info("      section name: .text  In this case, size is not required");
                P.Info("      decimal value: 34563");
                P.Info("      hex value: 0x34A63");
                P.Info("");
                P.Info("Samples:");
                P.Info("  authentipatch dump sx c:\\windows\\system32\\calc.exe .text");
                P.Info("  authentipatch dump hex c:\\windows\\system32\\calc.exe .text");
                P.Info("  authentipatch dump raw c:\\windows\\system32\\calc.exe 307200 0x345");
                return;
            }

            var  format = args[1];
            var  inputFile = args[2];
            long offset, size;

            byte[]          content;
            Action <byte[]> formatter;

            switch (format.ToLower())
            {
            //case "raw": formatter = DumpRawContent; break;
            case "hex": formatter = DumpHexContent; break;

            case "sx": formatter = DumpSXContent; break;

            case "zx": formatter = DumpZXContent; break;

            default: throw new Exception($"Invalid format '{format}'");
            }

            using (var parser = new PeParser(inputFile))
            {
                parser.Parse();

                (offset, size) = OffsetUtils.ParseOffset(parser, args[3]);

                if (args.Length > 4)
                {
                    size = OffsetUtils.ParseNumber(args[4]);
                }
                if (size == 0 || size == -1)
                {
                    throw new Exception("Must specify a size");
                }

                // load the target content
                parser.SeekAbsolute(offset);
                content = parser.Reader.ReadBytes((int)size);
            }

            formatter(content);
        }