[Vb.NET] Reling PE class

Administrador

Mensajes : 1000 Reputación : 142
Registrado : 11/08/2010
Localización : Nicaragua

Mar Sep 14, 2010 11:23 am

Les dejo esto para ir rellenando las secciones del foro [Vb.NET] Reling PE class 732861

Código:: Imports System.IO Imports System.Runtime.InteropServices Class Reali Public Function RealignPE(sFilePath As String) As Boolean Dim DHD As New IMAGE_DOS_HEADER() Dim NHD As New IMAGE_NT_HEADERS() Dim SHD As New IMAGE_SECTION_HEADER() Dim iPointer As Integer = 0 Dim lLastSectPos As Long = 0 Dim lSize As Long = 0 Dim lAlign As Long = 0 Dim lDataSize As Long = 0 Dim fBytes As Byte() = New Byte(-1) {} Try Dim bReader As New BinaryReader(New FileStream(sFilePath, FileMode.Open, FileAccess.Read)) fBytes = bReader.ReadBytes(CInt(bReader.BaseStream.Length)) bReader.Close() Catch End Try If fBytes.Length <= 0 Then Return False End If Dim gHandle As GCHandle = GCHandle.Alloc(fBytes, GCHandleType.Pinned) iPointer = gHandle.AddrOfPinnedObject().ToInt32() DHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer), GetType(IMAGE_DOS_HEADER)), IMAGE_DOS_HEADER) NHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer + DHD.e_lfanew), GetType(IMAGE_NT_HEADERS)), IMAGE_NT_HEADERS) If NHD.Signature <> 17744 OrElse DHD.e_magic <> 23117 Then Return False End If lLastSectPos = DHD.e_lfanew + Marshal.SizeOf(New IMAGE_NT_HEADERS()) + (NHD.FileHeader.NumberOfSections - 1) * Marshal.SizeOf(New IMAGE_SECTION_HEADER()) SHD = CType(Marshal.PtrToStructure(New IntPtr(iPointer + lLastSectPos), GetType(IMAGE_SECTION_HEADER)), IMAGE_SECTION_HEADER) lSize = SHD.SizeOfRawData lDataSize = fBytes.Length - SHD.SizeOfRawData - SHD.PointerToRawData gHandle.Free() If lDataSize <= 0 Then Return True End If lAlign = lDataSize + NHD.OptionalHeader.SectionAlignment lAlign = lAlign - Align(lDataSize, NHD.OptionalHeader.SectionAlignment) SHD.SizeOfRawData = (SHD.SizeOfRawData + Convert.ToUInt32(lAlign)) Dim bSHD As Byte() = getBytes_(SHD) Array.Copy(bSHD, 0, fBytes, lLastSectPos, bSHD.Length) Try Dim bWriter As New BinaryWriter(New FileStream(sFilePath, FileMode.Open)) bWriter.Write(fBytes) bWriter.Flush() bWriter.Close() Catch Return False End Try Return True End Function Private Function getBytes_(oObject As Object) As Byte() Dim iSize As Integer = Marshal.SizeOf(oObject) Dim ipBuffer As IntPtr = Marshal.AllocHGlobal(iSize) Marshal.StructureToPtr(oObject, ipBuffer, False) Dim bData As Byte() = New Byte(iSize - 1) {} Marshal.Copy(ipBuffer, bData, 0, iSize) Marshal.FreeHGlobal(ipBuffer) Return bData End Function Private Function Align(dwValue As Long, dwAlign As Long) As Long If dwAlign <> 0 Then If (dwValue Mod dwAlign) <> 0 Then Return (dwValue + dwAlign) - (dwValue Mod dwAlign) Else Return dwValue End If Else Return dwValue End If End Function 'STRUCTURES <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_DOS_HEADER Public e_magic As UInt16 Public e_cblp As UInt16 Public e_cp As UInt16 Public e_crlc As UInt16 Public e_cparhdr As UInt16 Public e_minalloc As UInt16 Public e_maxalloc As UInt16 Public e_ss As UInt16 Public e_sp As UInt16 Public e_csum As UInt16 Public e_ip As UInt16 Public e_cs As UInt16 Public e_lfarlc As UInt16 Public e_ovno As UInt16 <MarshalAs(UnmanagedType.ByValArray, SizeConst := 4)> _ Public e_res1 As UInt16() Public e_oemid As UInt16 Public e_oeminfo As UInt16 <MarshalAs(UnmanagedType.ByValArray, SizeConst := 10)> _ Public e_res2 As UInt16() Public e_lfanew As Int32 End Structure <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_FILE_HEADER Public Machine As UInt16 Public NumberOfSections As UInt16 Public TimeDateStamp As UInt32 Public PointerToSymbolTable As UInt32 Public NumberOfSymbols As UInt32 Public SizeOfOptionalHeader As UInt16 Public Characteristics As UInt16 End Structure <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_DATA_DIRECTORY Public VirtualAddress As UInt32 Public Size As UInt32 End Structure <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_OPTIONAL_HEADER32 Public Magic As UInt16 Public MajorLinkerVersion As [Byte] Public MinorLinkerVersion As [Byte] Public SizeOfCode As UInt32 Public SizeOfInitializedData As UInt32 Public SizeOfUninitializedData As UInt32 Public AddressOfEntryPoint As UInt32 Public BaseOfCode As UInt32 Public BaseOfData As UInt32 Public ImageBase As UInt32 Public SectionAlignment As UInt32 Public FileAlignment As UInt32 Public MajorOperatingSystemVersion As UInt16 Public MinorOperatingSystemVersion As UInt16 Public MajorImageVersion As UInt16 Public MinorImageVersion As UInt16 Public MajorSubsystemVersion As UInt16 Public MinorSubsystemVersion As UInt16 Public Win32VersionValue As UInt32 Public SizeOfImage As UInt32 Public SizeOfHeaders As UInt32 Public CheckSum As UInt32 Public Subsystem As UInt16 Public DllCharacteristics As UInt16 Public SizeOfStackReserve As UInt32 Public SizeOfStackCommit As UInt32 Public SizeOfHeapReserve As UInt32 Public SizeOfHeapCommit As UInt32 Public LoaderFlags As UInt32 Public NumberOfRvaAndSizes As UInt32 <MarshalAs(UnmanagedType.ByValArray, SizeConst := 16)> _ Public DataDirectory As IMAGE_DATA_DIRECTORY() End Structure <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_NT_HEADERS Public Signature As UInt32 Public FileHeader As IMAGE_FILE_HEADER Public OptionalHeader As IMAGE_OPTIONAL_HEADER32 End Structure <StructLayout(LayoutKind.Sequential)> _ Private Structure IMAGE_SECTION_HEADER <MarshalAs(UnmanagedType.ByValArray, SizeConst := 8)> _ Public Name As Byte() Public VirtualSize As UIntPtr Public VirtualAddress As UInteger Public SizeOfRawData As UInteger Public PointerToRawData As UInteger Public PointerToRelocations As UInteger Public PointerToLinenumbers As UInteger Public NumberOfRelocations As Short Public NumberOfLinenumbers As Short Public Characteristics As UInteger End Structure End Class

1-Slandg-