| skipped 44 lines |
45 | 45 | | bytestoread, |
46 | 46 | | &mut byteswritten, |
47 | 47 | | ); |
48 | | - | |
| 48 | + | println!("array being filled: {:x?}",&buffer); |
49 | 49 | | FillStructureFromArray(dest, &buffer); |
50 | 50 | | |
51 | 51 | | return byteswritten; |
| skipped 1 lines |
53 | 53 | | } |
54 | 54 | | |
55 | 55 | | |
| 56 | + | pub fn GetHeadersSize(buffer:&Vec<u8>) -> usize{ |
| 57 | + | if buffer.len()<2{ panic!("file size is less than 2")} |
| 58 | + | let magic =&buffer[0..2]; |
| 59 | + | let magicstring =String::from_utf8_lossy(magic); |
| 60 | + | if magicstring=="MZ"{ |
| 61 | + | if buffer.len()<64{ panic!("file size is less than 64")} |
| 62 | + | let mut ntoffset =&buffer[60..64]; |
| 63 | + | unsafe{ |
| 64 | + | let offset = std::ptr::read(ntoffset.as_ptr() as *const i32) as usize; |
| 65 | + | |
| 66 | + | |
| 67 | + | let bitversion =&buffer[offset+4+20..offset+4+20+2]; |
| 68 | + | let bit =std::ptr::read(bitversion.as_ptr() as *const u16); |
| 69 | + | if bit==523{ |
| 70 | + | let index = offset + 24+60; |
| 71 | + | let headerssize =&buffer[index as usize..index as usize+4]; |
| 72 | + | let size = std::ptr::read(headerssize.as_ptr() as *const i32); |
| 73 | + | println!("size of headers: {:x?}",size); |
| 74 | + | return size as usize; |
| 75 | + | |
| 76 | + | } |
| 77 | + | else if bit==267{ |
| 78 | + | let index = offset + 24+60; |
| 79 | + | let headerssize =&buffer[index as usize..index as usize+4]; |
| 80 | + | let size = std::ptr::read(headerssize.as_ptr() as *const i32); |
| 81 | + | println!("size of headers: {:x?}",size); |
| 82 | + | return size as usize; |
| 83 | + | } |
| 84 | + | else{ |
| 85 | + | panic!("invalid bit version"); |
| 86 | + | } |
| 87 | + | } |
| 88 | + | |
| 89 | + | } |
| 90 | + | else{ |
| 91 | + | panic!("its not a pe file"); |
| 92 | + | } |
| 93 | + | } |
| 94 | + | |
| 95 | + | |
| 96 | + | pub fn GetImageSize(buffer:&Vec<u8>) -> usize{ |
| 97 | + | if buffer.len()<2{ panic!("file size is less than 2")} |
| 98 | + | let magic =&buffer[0..2]; |
| 99 | + | let magicstring =String::from_utf8_lossy(magic); |
| 100 | + | if magicstring=="MZ"{ |
| 101 | + | if buffer.len()<64{ panic!("file size is less than 64")} |
| 102 | + | let mut ntoffset =&buffer[60..64]; |
| 103 | + | unsafe{ |
| 104 | + | let offset = std::ptr::read(ntoffset.as_ptr() as *const i32) as usize; |
| 105 | + | |
| 106 | + | |
| 107 | + | let bitversion =&buffer[offset+4+20..offset+4+20+2]; |
| 108 | + | let bit =std::ptr::read(bitversion.as_ptr() as *const u16); |
| 109 | + | if bit==523{ |
| 110 | + | let index = offset + 24+60-4; |
| 111 | + | let headerssize =&buffer[index as usize..index as usize+4]; |
| 112 | + | let size = std::ptr::read(headerssize.as_ptr() as *const i32); |
| 113 | + | println!("size of image: {:x?}",size); |
| 114 | + | return size as usize; |
| 115 | + | |
| 116 | + | } |
| 117 | + | else if bit==267{ |
| 118 | + | let index = offset + 24+60-4; |
| 119 | + | let headerssize =&buffer[index as usize..index as usize+4]; |
| 120 | + | let size = std::ptr::read(headerssize.as_ptr() as *const i32); |
| 121 | + | println!("size of image: {:x?}",size); |
| 122 | + | return size as usize; |
| 123 | + | } |
| 124 | + | else{ |
| 125 | + | panic!("invalid bit version"); |
| 126 | + | } |
| 127 | + | } |
| 128 | + | |
| 129 | + | } |
| 130 | + | else{ |
| 131 | + | panic!("its not a pe file"); |
| 132 | + | } |
| 133 | + | } |
| 134 | + | |
56 | 135 | | |
57 | 136 | | fn main() { |
| 137 | + | |
58 | 138 | | use std::fs::File; |
59 | 139 | | let filepath = r#"D:\red teaming tools\calc2.exe"#; |
60 | 140 | | let mut buffer = Vec::new(); |
| skipped 1 lines |
62 | 142 | | let mut fd = File::open(filepath).unwrap(); |
63 | 143 | | fd.read_to_end(&mut buffer); |
64 | 144 | | |
| 145 | + | |
| 146 | + | GetHeadersSize(&buffer); |
| 147 | + | GetImageSize(&buffer); |
65 | 148 | | //println!("{:#?}", String::from_utf8_lossy(&buffer[0..2])); |
66 | 149 | | |
67 | 150 | | unsafe { |
| skipped 15 lines |
83 | 166 | | FillStructureFromMemory(&mut ntheader, ((baseptr as isize)+dosheader.e_lfanew as isize) as *const c_void, GetCurrentProcess()); |
84 | 167 | | println!("signature: {:x?}",ntheader.Signature); |
85 | 168 | | |
86 | | - | println!("number of sections: {:x?}",ntheader.FileHeader.NumberOfSections); |
| 169 | + | println!("sections count: {}",ntheader.FileHeader.NumberOfSections); |
| 170 | + | |
| 171 | + | println!("export directory: {:x?}",ntheader.OptionalHeader.ExportTable); |
| 172 | + | |
| 173 | + | println!("import directory: {:x?}",ntheader.OptionalHeader.ImportTable); |
| 174 | + | |
| 175 | + | |
| 176 | + | let mut section:Vec<IMAGE_SECTION_HEADER> = vec![IMAGE_SECTION_HEADER::default();ntheader.FileHeader.NumberOfSections as usize]; |
| 177 | + | |
| 178 | + | |
| 179 | + | |
| 180 | + | for i in 0..section.len(){ |
| 181 | + | FillStructureFromMemory(&mut section[i] , |
| 182 | + | ((baseptr as isize)+dosheader.e_lfanew as isize+ |
| 183 | + | std::mem::size_of_val(&ntheader) as isize + (i as isize * std::mem::size_of::<IMAGE_SECTION_HEADER>() as isize)) as *const c_void, |
| 184 | + | GetCurrentProcess()); |
| 185 | + | } |
| 186 | + | println!("{:#?}",section[1].getsecname()); |
| 187 | + | |
| 188 | + | |
| 189 | + | /*if ntheader.OptionalHeader.ImportTable.Size!=0{ |
| 190 | + | //let firstimportptr = baseptr as isize + ntheader.OptionalHeader.ImportTable.VirtualAddress as isize; |
| 191 | + | // println!("{:x?}",firstimportptr); |
| 192 | + | let mut import = IMAGE_IMPORT_DESCRIPTOR::default(); |
| 193 | + | FillStructureFromMemory(&mut import, |
| 194 | + | ((baseptr as isize)+(ntheader.OptionalHeader.ImportTable.VirtualAddress as isize)) as *const c_void, |
| 195 | + | GetCurrentProcess()); |
| 196 | + | println!("{:x?}",import); |
| 197 | + | }*/ |
| 198 | + | |
| 199 | + | |
| 200 | + | let freeres = VirtualFree(baseptr, 0, 0x00008000); |
| 201 | + | } |
| 202 | + | } |
| 203 | + | |
| 204 | + | |
| 205 | + | |
| 206 | + | #[derive(Clone,Default,Debug)] |
| 207 | + | #[repr(C)] |
| 208 | + | pub struct IMAGE_SECTION_HEADER{ |
| 209 | + | Name:[u8;8], |
| 210 | + | VirtualSize: u32, |
| 211 | + | VirtualAddress: u32, |
| 212 | + | SizeOfRawData: u32, |
| 213 | + | PointerToRawData: u32, |
| 214 | + | PointerToRelocations: u32, |
| 215 | + | PointerToLinenumbers: u32, |
| 216 | + | NumberOfRelocations: u16, |
| 217 | + | NumberOfLinenumbers: u16, |
| 218 | + | Characteristics: u32 |
87 | 219 | | |
88 | | - | VirtualFree(baseptr, 0, 0x00008000); |
| 220 | + | } |
| 221 | + | |
| 222 | + | impl IMAGE_SECTION_HEADER{ |
| 223 | + | fn getsecname(&mut self)-> String { |
| 224 | + | String::from_utf8_lossy(&self.Name).to_string() |
89 | 225 | | } |
90 | 226 | | } |
| 227 | + | |
91 | 228 | | |
92 | 229 | | #[repr(C)] |
93 | 230 | | pub union chars_or_originalfirstthunk { |
| skipped 294 lines |