void (*stub_addr)(void) = stub_fun;// stub_fun is the function to add the // decryption logic in .stub segment unsigned int stub_size = get_stub_size(stub_addr); //added .stub segment as follows PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)image_addr; if (dos_header->e_magic != 0x5A4D) { return NULL; } PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((DWORD_PTR)dos_header + dos_header->e_lfanew); const int name_max_length = 8; PIMAGE_SECTION_HEADER last_section = IMAGE_FIRST_SECTION(nt_headers) + (nt_headers->FileHeader.NumberOfSections - 1); PIMAGE_SECTION_HEADER new_section = IMAGE_FIRST_SECTION(nt_headers) + (nt_headers->FileHeader.NumberOfSections); memset(new_section, 0, sizeof(IMAGE_SECTION_HEADER)); new_section->Characteristics = IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE; memcpy(new_section->Name, section_name, name_max_length); new_section->Misc.VirtualSize = section_size; new_section->PointerToRawData = align_to_boundary(last_section->PointerToRawData + last_section->SizeOfRawData, nt_headers->OptionalHeader.FileAlignment); new_section->SizeOfRawData = align_to_boundary(section_size, nt_headers->OptionalHeader.SectionAlignment); new_section->VirtualAddress = align_to_boundary(last_section->VirtualAddress + last_section->Misc.VirtualSize, nt_headers->OptionalHeader.SectionAlignment); nt_headers->OptionalHeader.SizeOfImage = new_section->VirtualAddress + new_section->Misc.VirtualSize; nt_headers->FileHeader.NumberOfSections++; //Changed the stub as Entry Point Encrypted the .text segment //Now I am confused about how to add the decryption logic in the .stub segment. #pragma code_seg(".stub") void stub_fun () { //How to load the PE32+ to the memory, decrypt the .text segment and run it from memory. //Trying in C++ without using assembly language }
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)