def add_import_section_api(self,
hdr,
virtualmemorysize,
totalsize,
check_space=True):
# Set check_space to false if the pe-header was relocated
if check_space:
rva_to_section_table = hdr.dos_header.e_lfanew + len(
bytes(_IMAGE_FILE_HEADER())) + len(
bytes(_IMAGE_OPTIONAL_HEADER()))
number_of_sections = hdr.pe_header.NumberOfSections
end_of_section_table = rva_to_section_table + len(
bytes(IMAGE_SECTION_HEADER())) * number_of_sections
beginning_of_first_section = sys.maxsize
for section in hdr.section_list:
if section.VirtualAddress < beginning_of_first_section:
beginning_of_first_section = section.VirtualAddress
if end_of_section_table + len(bytes(
IMAGE_SECTION_HEADER())) >= beginning_of_first_section:
print("Not enough space for additional section")
return
import_section = IMAGE_SECTION_HEADER(
bytes(".impdata", 'ascii'), # Name
0x10000, # VirtualSize
virtualmemorysize - 0x10000, # VirtualAddress
0x10000, # SizeOfRawData
virtualmemorysize - 0x10000, # PointerToRawData
0, # PointerToRelocations
0, # PointerToLinenumbers
0, # NumberOfRelocations
0, # NumberOfLinenumbers
0xe0000020, # Characteristics
)
hdr.section_list.append(import_section)
# Correct Value of Number of Sections
hdr.pe_header.NumberOfSections += 1
# Fix SizeOfHeaders
hdr.opt_header.SizeOfHeaders = alignments(
hdr.opt_header.SizeOfHeaders + len(bytes(IMAGE_SECTION_HEADER())),
hdr.opt_header.FileAlignment)
return hdr
import struct
from ctypes import *
from datetime import datetime
from unicorn import UcError
from unipacker.pe_structs import _IMAGE_DOS_HEADER, _IMAGE_FILE_HEADER, _IMAGE_OPTIONAL_HEADER, IMAGE_SECTION_HEADER, \
_IMAGE_DATA_DIRECTORY, IMAGE_IMPORT_DESCRIPTOR, SectionHeader, DosHeader, PEHeader, OptionalHeader, \
ImportDescriptor, DataDirectory
from unipacker.utils import InvalidPEFile, ImportValues, get_string
header_sizes = {
"_IMAGE_DOS_HEADER": len(bytes(_IMAGE_DOS_HEADER())), # 0x40
"_IMAGE_FILE_HEADER": len(bytes(_IMAGE_FILE_HEADER())), # 0x18
"_IMAGE_OPTIONAL_HEADER": len(bytes(_IMAGE_OPTIONAL_HEADER())), # 0xE0
"IMAGE_SECTION_HEADER": len(bytes(IMAGE_SECTION_HEADER())), # 0x28
"_IMAGE_DATA_DIRECTORY": len(bytes(_IMAGE_DATA_DIRECTORY())), # 0x8
"IMAGE_IMPORT_DESCRIPTOR": len(bytes(IMAGE_IMPORT_DESCRIPTOR())),
}
short_hdr_names = {
"DOS": "_IMAGE_DOS_HEADER",
"DOS_HEADER": "_IMAGE_DOS_HEADER",
"DOS_HDR": "_IMAGE_DOS_HEADER",
"IMAGE_DOS_HEADER": "_IMAGE_DOS_HEADER",
"PE": "_IMAGE_FILE_HEADER",
"PE_HEADER": "_IMAGE_FILE_HEADER",
"PE_HDR": "_IMAGE_FILE_HEADER",
"FILE_HEADER": "_IMAGE_FILE_HEADER",
"FILE_HDR": "_IMAGE_FILE_HEADER",
"IMAGE_FILE_HEADER": "_IMAGE_FILE_HEADER",