/// <summary>
/// Copies sections of the PE into the injectable process.
/// </summary>
/// <param name="data">The sections to copy.</param>
/// <param name="oldHeaders">The old PE headers before relocation.</param>
/// <param name="headers">The current PE headers.</param>
/// <param name="dosHeader">The current assembly header.</param>
public void CopySections(byte[] data, IMAGE_NT_HEADERS oldHeaders, IntPtr headers, IMAGE_DOS_HEADER dosHeader)
{
int i;
IntPtr codebase = module.codeBase;
var section = PointerHelpers.ToStruct <IMAGE_SECTION_HEADER>(headers, (uint)(24 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader));
for (i = 0; i < module.headers.FileHeader.NumberOfSections; i++)
{
IntPtr dest;
if (section.SizeOfRawData == 0)
{
uint size = oldHeaders.OptionalHeader.SectionAlignment;
if (size > 0)
{
dest = new IntPtr((Win32Imports.VirtualAlloc((uint)(codebase + (int)section.VirtualAddress), size, Win32Constants.MEM_COMMIT,
Win32Constants.PAGE_READWRITE)));
section.PhysicalAddress = (uint)dest;
var write = new IntPtr(headers.ToInt32() + (32 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader) + (Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER)) * (i)));
Marshal.WriteInt32(write, (int)dest);
var datazz = new byte[size + 1];
Marshal.Copy(datazz, 0, dest, (int)size);
}
section = PointerHelpers.ToStruct <IMAGE_SECTION_HEADER>(headers, (uint)((24 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader) + (Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER)) * (i + 1))));
continue;
}
dest = new IntPtr((Win32Imports.VirtualAlloc((uint)(codebase + (int)section.VirtualAddress), section.SizeOfRawData, Win32Constants.MEM_COMMIT,
Win32Constants.PAGE_READWRITE)));
Marshal.Copy(data, (int)section.PointerToRawData, dest, (int)section.SizeOfRawData);
section.PhysicalAddress = (uint)dest;
var write2 = new IntPtr(headers.ToInt32() + (32 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader) + (Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER)) * (i)));
Marshal.WriteInt32(write2, (int)dest);
section = PointerHelpers.ToStruct <IMAGE_SECTION_HEADER>(headers, (uint)((24 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader) + (Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER)) * (i + 1))));
}
}
/// <summary>
/// Allocates memory pages and sets header permissions.
/// </summary>
/// <param name="headers">The headers to write to each section of the PE.</param>
/// <param name="dosHeader">The current header of the PE.</param>
/// <param name="oldHeaders">The old headers of the PE that have been overwritten.</param>
public void FinalizeSections(IntPtr headers, IMAGE_DOS_HEADER dosHeader, IMAGE_NT_HEADERS oldHeaders)
{
ProtectionFlags[0] = new int[2][];
ProtectionFlags[1] = new int[2][];
ProtectionFlags[0][0] = new int[2];
ProtectionFlags[0][1] = new int[2];
ProtectionFlags[1][0] = new int[2];
ProtectionFlags[1][1] = new int[2];
ProtectionFlags[0][0][0] = 0x01;
ProtectionFlags[0][0][1] = 0x08;
ProtectionFlags[0][1][0] = 0x02;
ProtectionFlags[0][1][1] = 0x04;
ProtectionFlags[1][0][0] = 0x10;
ProtectionFlags[1][0][1] = 0x80;
ProtectionFlags[1][1][0] = 0x20;
ProtectionFlags[1][1][1] = 0x40;
var section = PointerHelpers.ToStruct <IMAGE_SECTION_HEADER>(headers, (uint)(24 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader));
for (int i = 0; i < module.headers.FileHeader.NumberOfSections; i++)
{
int executable = (section.Characteristics & 0x20000000) != 0 ? 1 : 0;
int readable = (section.Characteristics & 0x40000000) != 0 ? 1 : 0;
int writeable = (section.Characteristics & 0x80000000) != 0 ? 1 : 0;
if ((section.Characteristics & 0x02000000) > 0)
{
bool aa = Win32Imports.VirtualFree(new IntPtr(section.PhysicalAddress), (UIntPtr)section.SizeOfRawData, 0x4000);
continue;
}
var protect = (uint)ProtectionFlags[executable][readable][writeable];
if ((section.Characteristics & 0x04000000) > 0)
{
protect |= 0x200;
}
var size = (int)section.SizeOfRawData;
if (size == 0)
{
if ((section.Characteristics & 0x00000040) > 0)
{
size = (int)module.headers.OptionalHeader.SizeOfInitializedData;
}
else if ((section.Characteristics & 0x00000080) > 0)
{
size = (int)module.headers.OptionalHeader.SizeOfUninitializedData;
}
}
if (size > 0)
{
uint oldProtect;
if (!Win32Imports.VirtualProtect(new IntPtr(section.PhysicalAddress), section.SizeOfRawData, protect, out oldProtect))
{
}
}
section = PointerHelpers.ToStruct <IMAGE_SECTION_HEADER>(headers, (uint)((24 + dosHeader.e_lfanew + oldHeaders.FileHeader.SizeOfOptionalHeader) + (Marshal.SizeOf(typeof(IMAGE_SECTION_HEADER)) * (i + 1))));
}
}
