Archive for Sources

PHP modify PE header

<?php
$myFile = “test.exe”;
$fh = fopen($myFile, ‘r’);
$theData = fread($fh, filesize($myFile));
fclose($fh);
$A=chr(0×41);
$str_hex = bin2hex($theData);
$len = count($str_hex);
for ($i=0;$i<12;$i++)
{
$str_hex[$i] = $A;
$str_bin = pack(’H*’, $str_hex);
}
$myFile = “File.exe”;
$fh = fopen($myFile,’w’);
fwrite($fh, $str_bin);
fclose($fh);
?>

Share and Enjoy:

Share and Enjoy:

Tags: , ,
Posted by admin in Sources | No Comments »

Run Program From Memory And Not File

void RunFromMemory(char* pImage,char* pPath)
{
DWORD dwWritten = 0;
DWORD dwHeader = 0;
DWORD dwImageSize = 0;
DWORD dwSectionCount = 0;
DWORD dwSectionSize = 0;
DWORD firstSection = 0;
DWORD previousProtection = 0;
DWORD jmpSize = 0;
IMAGE_NT_HEADERS INH;
IMAGE_DOS_HEADER IDH;
IMAGE_SECTION_HEADER Sections[1000];
PROCESS_INFORMATION peProcessInformation;
STARTUPINFO peStartUpInformation;
CONTEXT pContext;
char* pMemory;
char* pFile;
memcpy(&IDH,pImage,sizeof(IDH));
memcpy(&INH,(void*)((DWORD)pImage+IDH.e_lfanew),sizeof(INH));
dwImageSize = INH.OptionalHeader.SizeOfImage;
pMemory = (char*)malloc(dwImageSize);
memset(pMemory,0,dwImageSize);
pFile = pMemory;
dwHeader = INH.OptionalHeader.SizeOfHeaders;
firstSection = (DWORD)(((DWORD)pImage+IDH.e_lfanew) + sizeof(IMAGE_NT_HEADERS));
memcpy(Sections,(char*)(firstSection),sizeof(IMAGE_SECTION_HEADER)*INH.FileHeader.NumberOfSections);
memcpy(pFile,pImage,dwHeader);
if((INH.OptionalHeader.SizeOfHeaders % INH.OptionalHeader.SectionAlignment)==0)
{
jmpSize = INH.OptionalHeader.SizeOfHeaders;
}
else
{
jmpSize = INH.OptionalHeader.SizeOfHeaders / [...]

Share and Enjoy:

Tags: , ,
Posted by admin in Sources | No Comments »