13 Years of Service
24%
Code:
>using System;
using System.IO;
using System.Runtime.InteropServices;
{
class Reali
{
public bool RealignPE(string sFilePath)
{
IMAGE_DOS_HEADER DHD = new IMAGE_DOS_HEADER();
IMAGE_NT_HEADERS NHD = new IMAGE_NT_HEADERS();
IMAGE_SECTION_HEADER SHD = new IMAGE_SECTION_HEADER();
int iPointer = 0;
long lLastSectPos = 0;
long lSize = 0;
long lAlign = 0;
long lDataSize = 0;
byte[] fBytes = new byte[0];
try
{
BinaryReader bReader = new BinaryReader(new FileStream(sFilePath, FileMode.Open, FileAccess.Read));
fBytes = bReader.ReadBytes((int)bReader.BaseStream.Length);
bReader.Close();
}
catch { }
if (fBytes.Length
GCHandle gHandle = GCHandle.Alloc(fBytes, GCHandleType.Pinned);
iPointer = gHandle.AddrOfPinnedObject().ToInt32();
DHD = (IMAGE_DOS_HEADER)Marshal.PtrToStructure(new IntPtr(iPointer), typeof(IMAGE_DOS_HEADER));
NHD = (IMAGE_NT_HEADERS)Marshal.PtrToStructure(new IntPtr(iPointer + DHD.e_lfanew), typeof(IMAGE_NT_HEADERS));
if (NHD.Signature != 17744 || DHD.e_magic != 23117) { return false; }
lLastSectPos = DHD.e_lfanew + Marshal.SizeOf(new IMAGE_NT_HEADERS()) + (NHD.FileHeader.NumberOfSections - 1) * Marshal.SizeOf(new IMAGE_SECTION_HEADER());
SHD = (IMAGE_SECTION_HEADER)Marshal.PtrToStructure(new IntPtr(iPointer + lLastSectPos), typeof(IMAGE_SECTION_HEADER));
lSize = SHD.SizeOfRawData;
lDataSize = fBytes.Length - SHD.SizeOfRawData - SHD.PointerToRawData;
gHandle.Free();
if (lDataSize
lAlign = lDataSize + NHD.OptionalHeader.SectionAlignment;
lAlign = lAlign - Align(lDataSize, NHD.OptionalHeader.SectionAlignment);
SHD.SizeOfRawData = (SHD.SizeOfRawData + Convert.ToUInt32(lAlign));
byte[] bSHD = getBytes_(SHD);
Array.Copy(bSHD, 0, fBytes, lLastSectPos, bSHD.Length);
try
{
BinaryWriter bWriter = new BinaryWriter(new FileStream(sFilePath, FileMode.Open));
bWriter.Write(fBytes);
bWriter.Flush();
bWriter.Close();
}
catch { return false; }
return true;
}
private byte[] getBytes_(object oObject)
{
int iSize = Marshal.SizeOf(oObject);
IntPtr ipBuffer = Marshal.AllocHGlobal(iSize);
Marshal.StructureToPtr(oObject, ipBuffer, false);
byte[] bData = new byte[iSize];
Marshal.Copy(ipBuffer, bData, 0, iSize);
Marshal.FreeHGlobal(ipBuffer);
return bData;
}
private long Align(long dwValue, long dwAlign)
{
if (dwAlign != 0)
{
if ((dwValue % dwAlign) != 0)
{
return (dwValue + dwAlign) - (dwValue % dwAlign);
}
else { return dwValue; }
}
else { return dwValue; }
}
//STRUCTURES
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_DOS_HEADER
{
public UInt16 e_magic;
public UInt16 e_cblp;
public UInt16 e_cp;
public UInt16 e_crlc;
public UInt16 e_cparhdr;
public UInt16 e_minalloc;
public UInt16 e_maxalloc;
public UInt16 e_ss;
public UInt16 e_sp;
public UInt16 e_csum;
public UInt16 e_ip;
public UInt16 e_cs;
public UInt16 e_lfarlc;
public UInt16 e_ovno;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 4)]
public UInt16[] e_res1;
public UInt16 e_oemid;
public UInt16 e_oeminfo;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 10)]
public UInt16[] e_res2;
public Int32 e_lfanew;
}
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_FILE_HEADER
{
public UInt16 Machine;
public UInt16 NumberOfSections;
public UInt32 TimeDateStamp;
public UInt32 PointerToSymbolTable;
public UInt32 NumberOfSymbols;
public UInt16 SizeOfOptionalHeader;
public UInt16 Characteristics;
}
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_DATA_DIRECTORY
{
public UInt32 VirtualAddress;
public UInt32 Size;
}
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_OPTIONAL_HEADER32
{
public UInt16 Magic;
public Byte MajorLinkerVersion;
public Byte MinorLinkerVersion;
public UInt32 SizeOfCode;
public UInt32 SizeOfInitializedData;
public UInt32 SizeOfUninitializedData;
public UInt32 AddressOfEntryPoint;
public UInt32 BaseOfCode;
public UInt32 BaseOfData;
public UInt32 ImageBase;
public UInt32 SectionAlignment;
public UInt32 FileAlignment;
public UInt16 MajorOperatingSystemVersion;
public UInt16 MinorOperatingSystemVersion;
public UInt16 MajorImageVersion;
public UInt16 MinorImageVersion;
public UInt16 MajorSubsystemVersion;
public UInt16 MinorSubsystemVersion;
public UInt32 Win32VersionValue;
public UInt32 SizeOfImage;
public UInt32 SizeOfHeaders;
public UInt32 CheckSum;
public UInt16 Subsystem;
public UInt16 DllCharacteristics;
public UInt32 SizeOfStackReserve;
public UInt32 SizeOfStackCommit;
public UInt32 SizeOfHeapReserve;
public UInt32 SizeOfHeapCommit;
public UInt32 LoaderFlags;
public UInt32 NumberOfRvaAndSizes;
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 16)]
public IMAGE_DATA_DIRECTORY[] DataDirectory;
}
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_NT_HEADERS
{
public UInt32 Signature;
public IMAGE_FILE_HEADER FileHeader;
public IMAGE_OPTIONAL_HEADER32 OptionalHeader;
}
[structLayout(LayoutKind.Sequential)]
private struct IMAGE_SECTION_HEADER
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 8)]
public byte[] Name;
public UIntPtr VirtualSize;
public uint VirtualAddress;
public uint SizeOfRawData;
public uint PointerToRawData;
public uint PointerToRelocations;
public uint PointerToLinenumbers;
public short NumberOfRelocations;
public short NumberOfLinenumbers;
public uint Characteristics;
}
}
}
all credits to w!cked