@@ -0,0 +1,1336 @@
#include < windows.h>
#include < iostream>
#include < fstream>
#include < string>
#include < vector>
#include < ctime>
#include < memory>
#include < optional>
#include < random>
#include < string_view>
#include < unordered_map>
#include < charconv>
#define DEBUG_LOGGING 0
#if DEBUG_LOGGING
#define log_debug (msg ) std::cout << " [DEBUG] "
#else
#define log_debug (msg )
#endif
#define log_info (msg ) std::cout << " [INFO] "
#define log_error (msg ) std::cerr << " [ERROR] "
struct exp_entry
{
std::string name;
DWORD rva;
};
struct expmod
{
struct mmf
{
HANDLE map = nullptr ;
void * data = nullptr ;
SIZE_T size = 0 ;
~mmf ()
{
if ( data )
{
FlushViewOfFile ( data, 0 );
UnmapViewOfFile ( data );
}
if ( map )
{
CloseHandle ( map );
}
}
};
std::unique_ptr<mmf> mem;
std::string path;
IMAGE_DOS_HEADER* dos = nullptr ;
IMAGE_NT_HEADERS64* nt = nullptr ;
IMAGE_SECTION_HEADER* sec = nullptr ;
IMAGE_EXPORT_DIRECTORY* exp_dir = nullptr ;
DWORD exp_rva = 0 ;
DWORD exp_size = 0 ;
DWORD* func_addr = nullptr ;
DWORD* name_addr = nullptr ;
WORD* name_ord = nullptr ;
std::vector<exp_entry> old_exp;
std::vector<exp_entry> new_exp;
public:
bool load_file ( const std::string& p )
{
log_debug ( " loading file: "
path = p;
mem = std::make_unique<mmf>();
HANDLE file = CreateFileA ( p.c_str (), GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ, nullptr , OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, nullptr );
if ( file == INVALID_HANDLE_VALUE )
{
DWORD err = GetLastError ();
log_error ( " failed to open file: " " , Error: "
return false ;
}
DWORD size_high;
DWORD size_low = GetFileSize ( file, &size_high );
mem->size = ( ( SIZE_T ) size_high << 32 ) | size_low;
log_debug ( " file size: " size << " bytes"
mem->map = CreateFileMappingA ( file, nullptr , PAGE_READWRITE,
size_high, size_low, nullptr );
CloseHandle ( file );
if ( !mem->map )
{
DWORD err = GetLastError ();
log_error ( " failed to create file mapping, Error: "
return false ;
}
log_debug ( " file mapping created successfully"
mem->data = MapViewOfFile ( mem->map , FILE_MAP_ALL_ACCESS, 0 , 0 , 0 );
if ( !mem->data )
{
DWORD err = GetLastError ();
log_error ( " failed to map view of file, Error: "
return false ;
}
log_debug ( " file mapped into memory at address: " data << std::dec );
return init_headers ();
}
bool init_headers ()
{
log_debug ( " initializing PE headers"
if ( !mem->data )
{
return false ;
}
dos = static_cast < IMAGE_DOS_HEADER* >( mem->data );
if ( dos->e_magic != IMAGE_DOS_SIGNATURE )
{
log_error ( " invalid DOS signature"
return false ;
}
nt = reinterpret_cast < IMAGE_NT_HEADERS64* >( ( BYTE* ) ( mem->data ) + dos->e_lfanew );
if ( nt->Signature != IMAGE_NT_SIGNATURE )
{
log_error ( " invalid NT signature"
return false ;
}
if ( nt->FileHeader .Machine != IMAGE_FILE_MACHINE_AMD64 )
{
log_error ( " not a 64b PE"
return false ;
}
log_debug ( " number of sections: " FileHeader .NumberOfSections );
log_debug ( " size of optional header: " FileHeader .SizeOfOptionalHeader );
sec = reinterpret_cast < IMAGE_SECTION_HEADER* >(
reinterpret_cast < BYTE* >( &nt->OptionalHeader ) +
nt->FileHeader .SizeOfOptionalHeader );
log_debug ( " section headers at: "
log_debug ( " checking export directory"
log_debug ( " export directory RVA: 0x"
<< nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress
<< std::dec );
log_debug ( " export directory Size: 0x"
<< nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].Size
<< std::dec );
if ( nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress == 0 )
{
log_info ( " no export directory found. Will create one."
return true ;
}
exp_rva = nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress ;
exp_size = nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].Size ;
exp_dir = ( IMAGE_EXPORT_DIRECTORY* ) ( rva_to_va ( exp_rva ) );
log_debug ( " export directory at VA: "
if ( !exp_dir )
{
log_error ( " failed to get export directory"
return false ;
}
if ( DEBUG_LOGGING )
{
log_debug ( " export directory details:"
log_debug ( " Characteristics: 0x" Characteristics << std::dec );
log_debug ( " TimeDateStamp: 0x" TimeDateStamp << std::dec );
log_debug ( " MajorVersion: " MajorVersion );
log_debug ( " MinorVersion: " MinorVersion );
log_debug ( " Name RVA: 0x" Name << std::dec );
char * name = ( char * ) ( rva_to_va ( exp_dir->Name ) );
if ( name )
{
log_debug ( " Name: "
}
else
{
log_debug ( " Name: <invalid>"
}
log_debug ( " Base: " Base );
log_debug ( " NumberOfFunctions: " NumberOfFunctions );
log_debug ( " NumberOfNames: " NumberOfNames );
log_debug ( " AddressOfFunctions RVA: 0x" AddressOfFunctions << std::dec );
log_debug ( " AddressOfNames RVA: 0x" AddressOfNames << std::dec );
log_debug ( " AddressOfNameOrdinals RVA: 0x" AddressOfNameOrdinals << std::dec );
}
func_addr = ( DWORD* ) ( rva_to_va ( exp_dir->AddressOfFunctions ) );
name_addr = ( DWORD* ) ( rva_to_va ( exp_dir->AddressOfNames ) );
name_ord = ( WORD* ) ( rva_to_va ( exp_dir->AddressOfNameOrdinals ) );
log_debug ( " AddressOfFunctions VA: "
log_debug ( " AddressOfNames VA: "
log_debug ( " AddressOfNameOrdinals VA: "
if ( !func_addr || !name_addr || !name_ord )
{
log_error ( " failed to get export tables"
return false ;
}
load_exports ();
return true ;
}
void load_exports ()
{
log_debug ( " loading existing exports"
if ( !exp_dir )
{
log_debug ( " no export directory, nothing to load"
return ;
}
old_exp.clear ();
for ( DWORD i = 0 ; i < exp_dir->NumberOfNames ; i++ )
{
char * name = ( char * ) ( rva_to_va ( name_addr[ i ] ) );
if ( !name )
{
log_debug ( " export " " : Name pointer is invalid"
continue ;
}
WORD ord = name_ord[ i ];
if ( ord >= exp_dir->NumberOfFunctions )
{
log_debug ( " export " " : ordinal " " is out of range"
continue ;
}
DWORD rva = func_addr[ ord ];
log_debug ( " export " " : name=" " , ordinal=" " , RVA=0x"
exp_entry e{ std::string ( name ), rva };
old_exp.push_back ( e );
}
log_debug ( " loaded " size () << " existing exports"
}
void * rva_to_va ( DWORD rva ) const
{
if ( !mem->data || rva == 0 )
{
return nullptr ;
}
DWORD off = rva_to_off ( rva );
if ( off == 0 && rva != 0 )
{
return nullptr ;
}
if ( off >= mem->size )
{
return nullptr ;
}
void * va = ( BYTE* ) ( mem->data ) + off;
return va;
}
DWORD rva_to_off ( DWORD rva ) const
{
if ( !mem->data || rva == 0 )
{
return 0 ;
}
for ( int i = 0 ; i < nt->FileHeader .NumberOfSections ; i++ )
{
if ( rva >= sec[ i ].VirtualAddress &&
rva < sec[ i ].VirtualAddress + sec[ i ].SizeOfRawData )
{
DWORD off = rva - sec[ i ].VirtualAddress + sec[ i ].PointerToRawData ;
return off;
}
}
return rva;
}
DWORD off_to_rva ( DWORD off ) const
{
if ( !mem->data || off == 0 )
{
return 0 ;
}
for ( int i = 0 ; i < nt->FileHeader .NumberOfSections ; i++ )
{
if ( off >= sec[ i ].PointerToRawData &&
off < sec[ i ].PointerToRawData + sec[ i ].SizeOfRawData )
{
DWORD rva = off - sec[ i ].PointerToRawData + sec[ i ].VirtualAddress ;
return rva;
}
}
return off;
}
bool add_export ( const std::string& name, DWORD64 va )
{
log_debug ( " adding export: " " -> 0x"
if ( !mem->data )
{
log_error ( " file data is NULL"
return false ;
}
DWORD rva = static_cast < DWORD >( va - nt->OptionalHeader .ImageBase );
log_debug ( " converted VA 0x" " to RVA 0x"
exp_entry e{ name, rva };
new_exp.push_back ( e );
log_debug ( " added export to list, total new exports: " size () );
return true ;
}
bool update_exports ()
{
log_debug ( " adding to existing export directory"
if ( !mem->data )
{
return false ;
}
if ( new_exp.empty () )
{
log_debug ( " no exports to add"
return true ;
}
if ( !exp_dir )
{
log_debug ( " no existing export directory, will create new one"
return create_exp_dir ();
}
log_debug ( " found existing export directory"
int sec_idx = -1 ;
for ( int i = 0 ; i < nt->FileHeader .NumberOfSections ; i++ )
{
if ( exp_rva >= sec[ i ].VirtualAddress &&
exp_rva < sec[ i ].VirtualAddress + sec[ i ].Misc .VirtualSize )
{
sec_idx = i;
break ;
}
}
if ( sec_idx == -1 )
{
log_error ( " could not find section containing export directory"
return false ;
}
log_debug ( " export directory is in section "
char name[ 9 ] = { 0 };
memcpy ( name, sec[ sec_idx ].Name , 8 );
log_debug ( " export section name: "
std::vector<exp_entry> back = old_exp;
if ( create_exp_dir () )
{
log_debug ( " successfully created new export directory with all exports"
return true ;
}
log_error ( " failed to create new export directory"
return false ;
}
bool create_new_sec ( DWORD need_size, const std::vector<exp_entry>& all_exp )
{
log_debug ( " creating new section for export directory"
if ( nt->FileHeader .NumberOfSections >= 96 )
{
log_error ( " maximum number of sections reached"
return false ;
}
DWORD align_size = ( need_size + 0xFFF ) & ~0xFFF ;
log_debug ( " aligned section size: 0x"
IMAGE_SECTION_HEADER* last = &sec[ nt->FileHeader .NumberOfSections - 1 ];
char lname[ 9 ] = { 0 };
memcpy ( lname, last->Name , 8 );
log_debug ( " prev section: "
log_debug ( " prev section VirtualAddress: 0x" VirtualAddress << std::dec );
log_debug ( " prev section VirtualSize: 0x" Misc .VirtualSize << std::dec );
log_debug ( " prev section PointerToRawData: 0x" PointerToRawData << std::dec );
log_debug ( " prev section SizeOfRawData: 0x" SizeOfRawData << std::dec );
DWORD new_rva = ( last->VirtualAddress + last->Misc .VirtualSize + 0xFFF ) & ~0xFFF ;
log_debug ( " new section RVA: 0x"
DWORD align = nt->OptionalHeader .FileAlignment ;
DWORD new_off = ( last->PointerToRawData + last->SizeOfRawData + align - 1 ) & ~( align - 1 );
log_debug ( " new section raw offset: 0x"
DWORD new_size = new_off + align_size;
log_debug ( " current file size: 0x" size << std::dec );
log_debug ( " new file size: 0x"
if ( new_size > mem->size )
{
log_debug ( " need to expand file from 0x" size << " to 0x"
UnmapViewOfFile ( mem->data );
CloseHandle ( mem->map );
HANDLE file = CreateFileA ( path.c_str (), GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ, nullptr , OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, nullptr );
if ( file == INVALID_HANDLE_VALUE )
{
DWORD err = GetLastError ();
log_error ( " failed to reopen file for resizing: " " , Error: "
return false ;
}
LARGE_INTEGER dist;
dist.QuadPart = new_size;
if ( !SetFilePointerEx ( file, dist, nullptr , FILE_BEGIN ) )
{
DWORD err = GetLastError ();
log_error ( " Failed to set file pointer: "
CloseHandle ( file );
return false ;
}
if ( !SetEndOfFile ( file ) )
{
DWORD err = GetLastError ();
log_error ( " failed to set end of file: "
CloseHandle ( file );
return false ;
}
mem->map = CreateFileMappingA ( file, nullptr , PAGE_READWRITE, 0 , 0 , nullptr );
CloseHandle ( file );
if ( !mem->map )
{
DWORD err = GetLastError ();
log_error ( " failed to create new file mapping: "
return false ;
}
mem->data = MapViewOfFile ( mem->map , FILE_MAP_ALL_ACCESS, 0 , 0 , 0 );
if ( !mem->data )
{
DWORD err = GetLastError ();
log_error ( " failed to map view of expanded file: "
return false ;
}
mem->size = new_size;
log_debug ( " file expanded successfully to 0x" size << std::dec );
dos = static_cast < IMAGE_DOS_HEADER* >( mem->data );
nt = reinterpret_cast < IMAGE_NT_HEADERS64* >( ( BYTE* ) ( mem->data ) + dos->e_lfanew );
sec = reinterpret_cast < IMAGE_SECTION_HEADER* >(
reinterpret_cast < BYTE* >( &nt->OptionalHeader ) +
nt->FileHeader .SizeOfOptionalHeader );
last = &sec[ nt->FileHeader .NumberOfSections - 1 ];
}
IMAGE_SECTION_HEADER new_sec;
memset ( &new_sec, 0 , sizeof ( IMAGE_SECTION_HEADER ) );
memcpy ( new_sec.Name , " .edata" 6 );
new_sec.Misc .VirtualSize = need_size;
new_sec.VirtualAddress = new_rva;
new_sec.SizeOfRawData = align_size;
new_sec.PointerToRawData = new_off;
new_sec.PointerToRelocations = 0 ;
new_sec.PointerToLinenumbers = 0 ;
new_sec.NumberOfRelocations = 0 ;
new_sec.NumberOfLinenumbers = 0 ;
new_sec.Characteristics = IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_MEM_READ;
memcpy ( &sec[ nt->FileHeader .NumberOfSections ], &new_sec, sizeof ( IMAGE_SECTION_HEADER ) );
nt->FileHeader .NumberOfSections ++;
log_debug ( " added new section '.edata' at index " FileHeader .NumberOfSections - 1 ) );
DWORD new_img_size = new_rva + align_size;
if ( new_img_size > nt->OptionalHeader .SizeOfImage )
{
nt->OptionalHeader .SizeOfImage = new_img_size;
log_debug ( " updated SizeOfImage to 0x"
}
memset ( ( BYTE* ) ( mem->data ) + new_off, 0 , align_size );
DWORD exp_off = new_off;
DWORD exp_rva = new_rva;
if ( exp_rva % 16 != 0 )
{
DWORD a = 16 - ( exp_rva % 16 );
exp_rva += a;
exp_off += a;
}
log_debug ( " placing export directory in new section at RVA 0x"
<< " (offset 0x" " )"
void * exp_va = ( BYTE* ) ( mem->data ) + exp_off;
log_debug ( " new export directory VA: "
auto * new_dir = ( IMAGE_EXPORT_DIRECTORY* ) ( exp_va );
new_dir->Characteristics = 0 ;
new_dir->TimeDateStamp = static_cast < DWORD >( time ( nullptr ) );
new_dir->MajorVersion = 0 ;
new_dir->MinorVersion = 0 ;
new_dir->Base = 1 ;
new_dir->NumberOfFunctions = all_exp.size ();
new_dir->NumberOfNames = all_exp.size ();
DWORD cur_off = exp_off + sizeof ( IMAGE_EXPORT_DIRECTORY );
DWORD cur_rva = exp_rva + sizeof ( IMAGE_EXPORT_DIRECTORY );
std::string dname = path.substr ( path.find_last_of ( " /\\ " 1 );
log_debug ( " setting up DLL name at offset 0x"
char * nptr = ( char * ) ( ( BYTE* ) ( mem->data ) + cur_off );
strcpy_s ( nptr, dname.length () + 1 , dname.c_str () );
new_dir->Name = cur_rva;
cur_off += dname.length () + 1 ;
cur_rva += dname.length () + 1 ;
if ( cur_off % 4 != 0 )
{
DWORD a = 4 - ( cur_off % 4 );
cur_off += a;
cur_rva += a;
}
log_debug ( " setting up functions table at offset 0x"
new_dir->AddressOfFunctions = cur_rva;
DWORD* ftbl = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += all_exp.size () * sizeof ( DWORD );
cur_rva += all_exp.size () * sizeof ( DWORD );
log_debug ( " setting up names table at offset 0x"
new_dir->AddressOfNames = cur_rva;
DWORD* ntbl = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += all_exp.size () * sizeof ( DWORD );
cur_rva += all_exp.size () * sizeof ( DWORD );
log_debug ( " setting up ordinals table at offset 0x"
new_dir->AddressOfNameOrdinals = cur_rva;
WORD* otbl = ( WORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += all_exp.size () * sizeof ( WORD );
cur_rva += all_exp.size () * sizeof ( WORD );
for ( size_t i = 0 ; i < all_exp.size (); i++ )
{
log_debug ( " processing export " " : " name
<< " -> 0x" rva << std::dec );
ftbl[ i ] = all_exp[ i ].rva ;
otbl[ i ] = static_cast < WORD >( i );
log_debug ( " setting up name string at offset 0x"
char * nstr = ( char * ) ( ( BYTE* ) ( mem->data ) + cur_off );
strcpy_s ( nstr, all_exp[ i ].name .length () + 1 , all_exp[ i ].name .c_str () );
ntbl[ i ] = cur_rva;
cur_off += all_exp[ i ].name .length () + 1 ;
cur_rva += all_exp[ i ].name .length () + 1 ;
}
DWORD dir_size = cur_rva - exp_rva;
log_debug ( " new export directory size: 0x"
log_debug ( " updating data directory"
nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress = exp_rva;
nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].Size = dir_size;
log_debug ( " export directory created in new section successfully"
return true ;
}
bool create_exp_dir ()
{
log_debug ( " creating new export directory"
if ( !mem->data )
{
log_error ( " file data is null"
return false ;
}
std::vector<exp_entry> all = old_exp;
all.insert ( all.end (), new_exp.begin (), new_exp.end () );
DWORD n = all.size ();
log_debug ( " total exports will be: "
DWORD need = sizeof ( IMAGE_EXPORT_DIRECTORY );
need += sizeof ( DWORD ) * n;
need += sizeof ( DWORD ) * n;
need += sizeof ( WORD ) * n;
std::string dname = path.substr ( path.find_last_of ( " /\\ " 1 );
need += dname.length () + 1 ;
log_debug ( " size after adding DLL name (" " ): " " bytes"
for ( const auto & e : all )
{
need += e.name .length () + 1 ;
log_debug ( " adding size for export name '" name << " ': " name .length () + 1 << " bytes"
}
need = ( need + 15 ) & ~15 ;
log_debug ( " total needed size (aligned): " " bytes"
int rdata_idx = find_rdata_sec ();
if ( rdata_idx == -1 )
{
log_error ( " could not find .rdata section or suitable section for exports"
return false ;
}
log_debug ( " using section index " " for exports"
IMAGE_SECTION_HEADER& rsec = sec[ rdata_idx ];
char sname[ 9 ] = { 0 };
memcpy ( sname, rsec.Name , 8 );
log_debug ( " export section name: "
log_debug ( " export section VirtualAddress: 0x" VirtualAddress << std::dec );
log_debug ( " export section VirtualSize: 0x" Misc .VirtualSize << std::dec );
log_debug ( " export section PointerToRawData: 0x" PointerToRawData << std::dec );
log_debug ( " export section SizeOfRawData: 0x" SizeOfRawData << std::dec );
DWORD avail = rsec.SizeOfRawData - rsec.Misc .VirtualSize ;
if ( avail >= need )
{
DWORD exp_off = rsec.PointerToRawData + rsec.Misc .VirtualSize ;
DWORD exp_rva = rsec.VirtualAddress + rsec.Misc .VirtualSize ;
if ( exp_rva % 16 != 0 )
{
DWORD a = 16 - ( exp_rva % 16 );
exp_rva += a;
exp_off += a;
}
log_debug ( " placing export directory at RVA 0x"
<< " (offset 0x" " )"
if ( exp_off + need > rsec.PointerToRawData + rsec.SizeOfRawData )
{
log_error ( " export directory would extend beyond section raw data"
return create_new_sec ( need, all );
}
DWORD v_size = exp_rva + need - rsec.VirtualAddress ;
log_debug ( " new virtual size for section: 0x"
if ( v_size > rsec.SizeOfRawData )
{
log_error ( " new virtual size would exceed raw data size"
return create_new_sec ( need, all );
}
void * exp_va = ( BYTE* ) ( mem->data ) + exp_off;
log_debug ( " new export directory VA: "
memset ( exp_va, 0 , need );
auto * new_dir = ( IMAGE_EXPORT_DIRECTORY* ) ( exp_va );
new_dir->Characteristics = 0 ;
new_dir->TimeDateStamp = static_cast < DWORD >( time ( nullptr ) );
new_dir->MajorVersion = 0 ;
new_dir->MinorVersion = 0 ;
new_dir->Base = 1 ;
new_dir->NumberOfFunctions = n;
new_dir->NumberOfNames = n;
DWORD cur_off = exp_off + sizeof ( IMAGE_EXPORT_DIRECTORY );
DWORD cur_rva = exp_rva + sizeof ( IMAGE_EXPORT_DIRECTORY );
log_debug ( " setting up DLL name at offset 0x"
char * nptr = ( char * ) ( ( BYTE* ) ( mem->data ) + cur_off );
strcpy_s ( nptr, dname.length () + 1 , dname.c_str () );
new_dir->Name = cur_rva;
cur_off += dname.length () + 1 ;
cur_rva += dname.length () + 1 ;
if ( cur_off % 4 != 0 )
{
DWORD a = 4 - ( cur_off % 4 );
cur_off += a;
cur_rva += a;
}
log_debug ( " setting up functions table at offset 0x"
new_dir->AddressOfFunctions = cur_rva;
DWORD* ftbl = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += n * sizeof ( DWORD );
cur_rva += n * sizeof ( DWORD );
log_debug ( " setting up names table at offset 0x"
new_dir->AddressOfNames = cur_rva;
DWORD* ntbl = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += n * sizeof ( DWORD );
cur_rva += n * sizeof ( DWORD );
log_debug ( " setting up ordinals table at offset 0x"
new_dir->AddressOfNameOrdinals = cur_rva;
WORD* otbl = ( WORD* ) ( ( BYTE* ) ( mem->data ) + cur_off );
cur_off += n * sizeof ( WORD );
cur_rva += n * sizeof ( WORD );
for ( size_t i = 0 ; i < n; i++ )
{
log_debug ( " processing export " " : " name
<< " -> 0x" rva << std::dec );
ftbl[ i ] = all[ i ].rva ;
otbl[ i ] = static_cast < WORD >( i );
log_debug ( " setting up name string at offset 0x"
char * nstr = ( char * ) ( ( BYTE* ) ( mem->data ) + cur_off );
strcpy_s ( nstr, all[ i ].name .length () + 1 , all[ i ].name .c_str () );
ntbl[ i ] = cur_rva;
cur_off += all[ i ].name .length () + 1 ;
cur_rva += all[ i ].name .length () + 1 ;
}
DWORD dir_size = cur_rva - exp_rva;
log_debug ( " new export directory size: 0x"
log_debug ( " updating data directory"
nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress = exp_rva;
nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].Size = dir_size;
if ( rsec.Misc .VirtualSize < v_size )
{
log_debug ( " increasing section virtual size from 0x"
<< rsec.Misc .VirtualSize << " to 0x"
rsec.Misc .VirtualSize = v_size;
}
log_debug ( " export directory created successfully in existing section"
return true ;
}
log_debug ( " not enough space in existing section. Creating new section."
return create_new_sec ( need, all );
}
int find_rdata_sec () const
{
log_debug ( " finding .rdata section or suitable section for exports"
for ( int i = 0 ; i < nt->FileHeader .NumberOfSections ; i++ )
{
char name[ 9 ] = { 0 };
memcpy ( name, sec[ i ].Name , 8 );
log_debug ( " checking section " " : "
if ( _stricmp ( name, " .rdata" 0 )
{
log_debug ( " found .rdata section at index "
return i;
}
}
for ( int i = 0 ; i < nt->FileHeader .NumberOfSections ; i++ )
{
if ( ( sec[ i ].Characteristics & IMAGE_SCN_CNT_INITIALIZED_DATA ) &&
( sec[ i ].Characteristics & IMAGE_SCN_MEM_READ ) &&
!( sec[ i ].Characteristics & IMAGE_SCN_MEM_WRITE ) )
{
log_debug ( " found suitable read-only data section at index "
return i;
}
}
log_debug ( " no suitable section found"
return -1 ;
}
void print_exports () const
{
log_debug ( " printing exports"
if ( !mem->data )
{
log_debug ( " file data is null, cannot show exports"
return ;
}
DWORD exp_rva = nt->OptionalHeader .DataDirectory [ IMAGE_DIRECTORY_ENTRY_EXPORT ].VirtualAddress ;
log_debug ( " current export directory RVA: 0x"
if ( exp_rva == 0 )
{
log_info ( " no export directory found."
return ;
}
DWORD exp_off = rva_to_off ( exp_rva );
if ( exp_off == 0 && exp_rva != 0 )
{
log_error ( " could not convert export directory RVA to file offset"
return ;
}
auto * dir = ( IMAGE_EXPORT_DIRECTORY* ) ( ( BYTE* ) ( mem->data ) + exp_off );
log_debug ( " export directory VA: "
if ( ( BYTE* ) ( dir ) < ( BYTE* ) ( mem->data ) ||
( BYTE* ) ( dir ) >= ( BYTE* ) ( mem->data ) + mem->size ||
exp_off + sizeof ( IMAGE_EXPORT_DIRECTORY ) > mem->size )
{
log_error ( " export directory is out of bounds"
return ;
}
DWORD f_off = rva_to_off ( dir->AddressOfFunctions );
DWORD n_off = rva_to_off ( dir->AddressOfNames );
DWORD o_off = rva_to_off ( dir->AddressOfNameOrdinals );
if ( f_off == 0 || n_off == 0 || o_off == 0 )
{
log_error ( " failed to get offsets for export tables"
return ;
}
DWORD* funcs = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + f_off );
DWORD* names = ( DWORD* ) ( ( BYTE* ) ( mem->data ) + n_off );
WORD* ords = ( WORD* ) ( ( BYTE* ) ( mem->data ) + o_off );
log_debug ( " functions table VA: "
log_debug ( " names table VA: "
log_debug ( " ordinals table VA: "
if ( ( BYTE* ) ( funcs ) < ( BYTE* ) ( mem->data ) ||
( BYTE* ) ( funcs ) >= ( BYTE* ) ( mem->data ) + mem->size ||
( BYTE* ) ( names ) < ( BYTE* ) ( mem->data ) ||
( BYTE* ) ( names ) >= ( BYTE* ) ( mem->data ) + mem->size ||
( BYTE* ) ( ords ) < ( BYTE* ) ( mem->data ) ||
( BYTE* ) ( ords ) >= ( BYTE* ) ( mem->data ) + mem->size )
{
log_error ( " export tables are out of bounds"
return ;
}
DWORD name_off = rva_to_off ( dir->Name );
char * dname = ( char * ) ( ( BYTE* ) ( mem->data ) + name_off );
std::cout << " Export Directory Information:\n "
std::cout << " Characteristics: 0x" Characteristics << ' \n '
std::cout << " TimeDateStamp: 0x" TimeDateStamp << ' \n '
std::cout << " MajorVersion: " MajorVersion << ' \n '
std::cout << " MinorVersion: " MinorVersion << ' \n '
if ( dname && ( BYTE* ) ( dname ) >= ( BYTE* ) ( mem->data ) &&
( BYTE* ) ( dname ) < ( BYTE* ) ( mem->data ) + mem->size )
{
std::cout << " Name: " ' \n '
}
else
{
std::cout << " Name: <invalid>\n "
}
std::cout << " Base: " Base << ' \n '
std::cout << " NumberOfFunctions: " NumberOfFunctions << ' \n '
std::cout << " NumberOfNames: " NumberOfNames << ' \n '
std::cout << " Exported Functions:\n "
for ( DWORD i = 0 ; i < dir->NumberOfNames ; i++ )
{
if ( i >= dir->NumberOfFunctions )
{
log_debug ( " export index " " exceeds function count"
break ;
}
DWORD name_rva = names[ i ];
WORD ord = ords[ i ];
if ( ord >= dir->NumberOfFunctions )
{
log_debug ( " export " " : ordinal " " is out of range"
continue ;
}
DWORD func_rva = funcs[ ord ];
DWORD name_off = rva_to_off ( name_rva );
if ( name_off == 0 && name_rva != 0 )
{
log_debug ( " export " " : failed to get name offset for RVA 0x"
<< std::hex << name_rva << std::dec );
continue ;
}
char * exp_name = ( char * ) ( ( BYTE* ) ( mem->data ) + name_off );
if ( ( BYTE* ) ( exp_name ) < ( BYTE* ) ( mem->data ) ||
( BYTE* ) ( exp_name ) >= ( BYTE* ) ( mem->data ) + mem->size )
{
log_debug ( " export " " : name pointer is out of bounds"
continue ;
}
std::cout << " " " -> "
<< " 0x" ' \n '
}
log_debug ( " finished printing exports"
}
DWORD64 get_image_base () const
{
if ( !nt )
{
log_error ( " nt headers not set"
return 0 ;
}
return nt->OptionalHeader .ImageBase ;
}
};
std::string gen_rand_name ( int min_len, int max_len )
{
static const char chars[] = " 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
std::random_device rd;
std::mt19937 gen ( rd () );
std::uniform_int_distribution len_dist ( min_len, max_len );
std::uniform_int_distribution<> char_dist ( 0 , sizeof ( chars ) - 2 );
int len = len_dist ( gen );
std::string result;
result.reserve ( len );
for ( int i = 0 ; i < len; ++i )
result += chars[ char_dist ( gen ) ];
return result;
}
DWORD64 gen_rand_va ( DWORD64 min_va, DWORD64 max_va )
{
std::random_device rd;
std::mt19937_64 gen ( rd () );
std::uniform_int_distribution dist ( min_va, max_va );
return dist ( gen );
}
struct args_parser
{
std::unordered_map<std::string_view, std::string_view> option_map;
std::vector<std::string_view> positional_args;
args_parser ( int argc, char * argv[] )
{
for ( int it = 1 ; it < argc; it++ )
{
std::string_view arg = argv[ it ];
if ( arg.starts_with ( " --"
{
auto pos = arg.find ( ' ='
if ( pos != std::string_view::npos )
{
std::string_view key = arg.substr ( 0 , pos );
std::string_view value = arg.substr ( pos + 1 );
option_map[ key ] = value;
}
else if ( it + 1 < argc && !std::string_view ( argv[ it + 1 ] ).starts_with ( " -"
{
option_map[ arg ] = argv[ ++it ];
}
else
{
option_map[ arg ] = " "
}
}
else if ( arg.starts_with ( " -" size () > 1 )
{
if ( it + 1 < argc && !std::string_view ( argv[ it + 1 ] ).starts_with ( " -"
{
option_map[ arg ] = argv[ ++it ];
}
else
{
option_map[ arg ] = " "
}
}
else
{
positional_args.push_back ( arg );
}
}
}
bool has_flag ( std::string_view flag ) const
{
return option_map.contains ( flag );
}
std::optional<std::string_view> get_option ( std::string_view name ) const
{
auto it = option_map.find ( name );
if ( it != option_map.end () )
{
return it->second ;
}
return std::nullopt ;
}
std::optional<std::string_view> get_arg ( size_t index ) const
{
if ( index < positional_args.size () )
{
return positional_args[ index ];
}
return std::nullopt ;
}
std::optional<uint64_t > get_address ( std::string_view name ) const
{
auto value = get_option ( name );
if ( !value || value->empty () )
{
return std::nullopt ;
}
uint64_t result = 0 ;
std::string_view str = *value;
if ( str.size () > 2 && str.substr ( 0 , 2 ) == " 0x"
{
str.remove_prefix ( 2 );
auto [ptr, ec] = std::from_chars ( str.data (), str.data () + str.size (), result, 16 );
if ( ec != std::errc () )
{
return std::nullopt ;
}
}
else
{
auto [ptr, ec] = std::from_chars ( str.data (), str.data () + str.size (), result, 10 );
if ( ec != std::errc () )
{
return std::nullopt ;
}
}
return result;
}
std::optional<int > get_int ( std::string_view name ) const
{
const auto value = get_option ( name );
if ( !value || value->empty () )
{
return std::nullopt ;
}
int result = 0 ;
auto [ptr, ec] = std::from_chars ( value->data (), value->data () + value->size (), result, 10 );
if ( ec != std::errc () )
{
return std::nullopt ;
}
return result;
}
static uint64_t parse_address ( std::string_view str )
{
uint64_t result = 0 ;
if ( str.size () > 2 && str.substr ( 0 , 2 ) == " 0x"
{
str.remove_prefix ( 2 );
auto [ptr, ec] = std::from_chars ( str.data (), str.data () + str.size (), result, 16 );
if ( ec != std::errc () )
{
return 0 ;
}
}
else
{
auto [ptr, ec] = std::from_chars ( str.data (), str.data () + str.size (), result, 10 );
if ( ec != std::errc () )
{
return 0 ;
}
}
return result;
}
};
void print_usage ()
{
std::cout << R"(
EXPMOD - just adds exports to 64-bit PE's
Usage:
exp <file_path> <export_name> <export_address> [--va | --rva]
exp <file_path> --random [count]
Options:
<file_path> Path to the 64-bit PE file to modify
<export_name> Name of the export to add
<export_address> Address of the export (hex with 0x prefix or decimal)
--va Specify that export_address is a Virtual Address (default)
--rva Specify that export_address is a Relative Virtual Address
--random, -r Add random exports
[count] Number of random exports to add (optional, default: 512)
--min-va=<addr> Minimum virtual address for random exports (hex or decimal)
--max-va=<addr> Maximum virtual address for random exports (hex or decimal)
--min-rva=<addr> Minimum RVA for random exports (hex or decimal)
--max-rva=<addr> Maximum RVA for random exports (hex or decimal)
Example:
exp mydll.dll MyExport 0x140001000
exp mydll.dll MyExport 0x1000 --rva
exp mydll.dll --random 1000 --min-va=0x140010000 --max-va=0x140020000
exp mydll.dll --random 100 --min-rva=0x1000 --max-rva=0x2000
)" ;
}
int main ( int argc, char * argv[] )
{
log_debug ( " Starting pe_export_adder"
args_parser args ( argc, argv );
auto file_path = args.get_arg ( 0 );
if ( !file_path )
{
print_usage ();
return 1 ;
}
expmod e;
if ( !e.load_file ( std::string ( *file_path ) ) )
{
log_error ( " Failed to load file"
return 1 ;
}
bool ok = false ;
DWORD64 img_base = e.get_image_base ();
if ( args.has_flag ( " --random" has_flag ( " -r"
{
// this is just for examples sake... change it or remove it
//
int count = 512 ;
DWORD64 min_va = 0x140001000 ;
DWORD64 max_va = 0x140003000 ;
auto count_opt = args.get_option ( " --random"
if ( !count_opt ) count_opt = args.get_option ( " -r"
if ( count_opt && !count_opt->empty () && !count_opt->starts_with ( " -"
{
try
{
count = std::stoi ( std::string ( *count_opt ) );
if ( count <= 0 ) count = 512 ;
}
catch ( ... )
{
}
}
else if ( auto count_arg = args.get_arg ( 1 ) )
{
if ( !count_arg->starts_with ( " -"
{
try
{
count = std::stoi ( std::string ( *count_arg ) );
if ( count <= 0 ) count = 512 ;
}
catch ( ... )
{
}
}
}
if ( auto val = args.get_address ( " --min-va"
{
min_va = *val;
}
if ( auto val = args.get_address ( " --max-va"
{
max_va = *val;
}
if ( auto val = args.get_address ( " --min-rva"
{
min_va = *val + img_base;
}
if ( auto val = args.get_address ( " --max-rva"
{
max_va = *val + img_base;
}
log_info ( " adding " " random exports with VA range 0x"
<< std::hex << min_va << " - 0x"
for ( int i = 0 ; i < count; i++ )
{
std::string name = gen_rand_name ( 8 , 16 );
DWORD64 addr = gen_rand_va ( min_va, max_va );
if ( !e.add_export ( name, addr ) )
{
log_error ( " failed to add random export #" 1 ) );
return 1 ;
}
}
ok = true ;
}
else
{
auto name = args.get_arg ( 1 );
auto addr_str = args.get_arg ( 2 );
if ( name && addr_str )
{
try
{
DWORD64 addr = args.parse_address ( *addr_str );
bool is_rva = args.has_flag ( " --rva"
if ( is_rva )
{
addr += img_base;
log_info ( " adding export: " " -> RVA 0x"
<< ( addr - img_base ) << " (VA 0x" " )"
}
else
{
log_info ( " adding export: " " -> VA 0x"
<< addr << " (RVA 0x" " )"
}
if ( !e.add_export ( std::string ( *name ), addr ) )
{
log_error ( " failed to add export"
return 1 ;
}
ok = true ;
}
catch ( const std::exception& e )
{
log_error ( " error parsing address: " what () );
return 1 ;
}
}
else
{
print_usage ();
return 1 ;
}
}
if ( ok )
{
if ( !e.update_exports () )
{
log_error ( " failed to update export directory"
return 1 ;
}
e.print_exports ();
log_info ( " exports successfully added to "
}
return 0 ;
}
daaximus revised this gist