📄 mergebin.cpp
字号:
DWORD *pszFuncNames;
DWORD exportsStartRVA;
DWORD exportsEndRVA;
CHAR szName[MAX_PATH + 1];
PIMAGE_NT_HEADERS32 pNT = file;
PIMAGE_NT_HEADERS64 pNT64 = file;
if (pNT)
{
exportsStartRVA = pNT->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
exportsEndRVA = exportsStartRVA + pNT->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
else
{
exportsStartRVA = pNT64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
exportsEndRVA = exportsStartRVA + pNT64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
}
header = file.GetEnclosingSectionHeader(exportsStartRVA);
if (!header)
return 0;
delta = (INT)(header->VirtualAddress - header->PointerToRawData);
pExportDir = (PIMAGE_EXPORT_DIRECTORY)file.GetPtrFromRVA(exportsStartRVA);
pdwFunctions = (PDWORD)file.GetPtrFromRVA(pExportDir->AddressOfFunctions);
pwOrdinals = (PWORD)file.GetPtrFromRVA(pExportDir->AddressOfNameOrdinals);
pszFuncNames = (DWORD *)file.GetPtrFromRVA(pExportDir->AddressOfNames);
for (i = 0; i < pExportDir->NumberOfFunctions; i++, pdwFunctions++)
{
DWORD entryPointRVA = *pdwFunctions;
if ( entryPointRVA == 0 )
continue;
for (UINT j = 0; j < pExportDir->NumberOfNames; j++)
{
if (pwOrdinals[j] == i)
{
lstrcpynA(szName, (LPSTR)file.GetPtrFromRVA(pszFuncNames[j]), MAX_PATH);
szName[MAX_PATH] = 0;
CharUpper(szName);
if (strstr(szName, "CORDLLMAIN") != 0) return entryPointRVA;
}
}
}
return 0;
}
// Merges a pure .NET assembly with a native DLL, inserting it into the specified section
void MergeModules(LPCTSTR pszAssembly, LPCTSTR pszNative, LPCTSTR pszSection)
{
CPEFile peFile;
CPEFile peDest;
HRESULT hr;
DWORD dwMinRVA;
DWORD dwMaxRVA;
DWORD dwDestRVA;
PIMAGE_SECTION_HEADER pSection;
LPBYTE pSrc;
LPBYTE pDest;
DWORD dwSize;
DWORD dwNewEntrypoint;
PIMAGE_COR20_HEADER pCor;
PIMAGE_NT_HEADERS32 pNT;
PIMAGE_NT_HEADERS64 pNT64;
int diffRVA;
CTableData *p;
DWORD *pdwRVA;
DWORD dwRows;
LPEXTRA_STUFF pExtra;
// Open the .NET assembly
hr = peFile.Open(pszAssembly);
if (FAILED(hr)) return;
// Scan the .NET assembly and find the block of .NET code specified in the .NET metadata
if (!GetMinMaxCOR20RVA(peFile, dwMinRVA, dwMaxRVA))
{
_tprintf(_T("Unable to retrieve .NET assembly information for file %s\n"), pszAssembly);
return;
}
// Total number of bytes of the block of .NET code we're going to merge
dwSize = (dwMaxRVA - dwMinRVA) + ((PIMAGE_COR20_HEADER)peFile)->cb;
// Open the destination file for readwrite access
hr = peDest.Open(pszNative, FALSE);
if (FAILED(hr)) return;
// Make sure it has the section specified in the command-line
pSection = peDest.GetSectionHeader(pszSection);
if (!pSection)
{
_tprintf(_T("Unable to find section %s in file\n"), pszSection);
return;
}
// If the section isn't large enough, tell the user how large it needs to be
if (pSection->Misc.VirtualSize < (dwSize + sizeof(EXTRA_STUFF)))
{
_tprintf(_T("Not enough room in section for data. Need %d bytes\n"), dwSize + sizeof(EXTRA_STUFF));
return;
}
/*
** Find a new entrypoint to use for the DLL. The old entrypoint is written into the .NET header
*/
dwNewEntrypoint = GetExportedCorDllMainRVA(peDest);
if (!dwNewEntrypoint)
{
_tprintf(_T("Native DLL must export a function that calls _CorDllMain, and its name must contain the word \"CorDllMain\".\n"));
return;
}
// Change this section's flags
pSection->Characteristics = IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ;
dwDestRVA = pSection->VirtualAddress;
pExtra = (LPEXTRA_STUFF)peDest.GetPtrFromRVA(dwDestRVA);
dwDestRVA += sizeof(EXTRA_STUFF);
// If the native DLL has been merged with an assembly beforehand, we need to strip the .NET stuff and restore the entrypoint
pCor = peDest;
if (pCor)
{
if (pCor->Flags & 0x10)
{
pNT = peDest;
pNT64 = peDest;
if (pNT)
pNT->OptionalHeader.AddressOfEntryPoint = pCor->EntryPointToken;
else
pNT64->OptionalHeader.AddressOfEntryPoint = pCor->EntryPointToken;
}
}
// Copy the assembly's .NET header into the section
dwSize = ((PIMAGE_COR20_HEADER)peFile)->cb;
pSrc = (LPBYTE)(PIMAGE_COR20_HEADER)peFile;
pDest = (LPBYTE)peDest.GetPtrFromRVA(dwDestRVA);
CopyMemory(pDest, pSrc, dwSize);
pNT = peDest;
pNT64 = peDest;
// Fixup the NT header on the native DLL to include the new .NET header
if (pNT)
{
pExtra->dwNativeEntryPoint = pNT->OptionalHeader.AddressOfEntryPoint;
pNT->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress = dwDestRVA;
pNT->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size = dwSize;
}
else
{
pExtra->dwNativeEntryPoint = pNT64->OptionalHeader.AddressOfEntryPoint;
pNT64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].VirtualAddress = dwDestRVA;
pNT64->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].Size = dwSize;
}
dwDestRVA += dwSize;
if (dwDestRVA % 4) dwDestRVA += (4 - (dwDestRVA % 4));
// Copy the .NET block of code and metadata into the section, after the header
dwSize = dwMaxRVA - dwMinRVA;
pSrc = (LPBYTE)peFile.GetPtrFromRVA(dwMinRVA);
pDest = (LPBYTE)peDest.GetPtrFromRVA(dwDestRVA);
CopyMemory(pDest, pSrc, dwSize);
// Figure out by how much we need to change the RVA's to compensate for the relocation
diffRVA = dwDestRVA - dwMinRVA;
pCor = peDest;
// Fixup the DLL entrypoints
if (pNT)
{
if (pNT->OptionalHeader.AddressOfEntryPoint != dwNewEntrypoint)
{
pCor->EntryPointToken = pNT->OptionalHeader.AddressOfEntryPoint;
pNT->OptionalHeader.AddressOfEntryPoint = dwNewEntrypoint;
}
}
else
{
if (pNT64->OptionalHeader.AddressOfEntryPoint != dwNewEntrypoint)
{
pCor->EntryPointToken = pNT64->OptionalHeader.AddressOfEntryPoint;
pNT64->OptionalHeader.AddressOfEntryPoint = dwNewEntrypoint;
}
}
// Adjust the .NET headers to indicate we're a mixed DLL
pCor->Flags = (pCor->Flags & 0xFFFE) | 0x10;
// Fixup the metadata header RVA's
if (pCor->MetaData.VirtualAddress) pCor->MetaData.VirtualAddress += diffRVA;
if (pCor->Resources.VirtualAddress) pCor->Resources.VirtualAddress += diffRVA;
if (pCor->StrongNameSignature.VirtualAddress) pCor->StrongNameSignature.VirtualAddress += diffRVA;
if (pCor->CodeManagerTable.VirtualAddress) pCor->CodeManagerTable.VirtualAddress += diffRVA;
if (pCor->VTableFixups.VirtualAddress) pCor->VTableFixups.VirtualAddress += diffRVA;
if (pCor->ExportAddressTableJumps.VirtualAddress) pCor->ExportAddressTableJumps.VirtualAddress += diffRVA;
if (pCor->ManagedNativeHeader.VirtualAddress) pCor->ManagedNativeHeader.VirtualAddress += diffRVA;
CMetadata meta(peDest);
CMetadataTables tables(meta);
// Fixup all the RVA's for methods and fields that have them in the .NET code
for (int n = 0; n < 2; n++)
{
p = tables.GetTable((n == 0) ? ttMethodDef : ttFieldRVA);
if (p)
{
dwRows = p->GetRowCount();
for (UINT uRow = 0; uRow < dwRows; uRow ++)
{
pdwRVA = (DWORD *)p->Column(uRow, (UINT)0);
if (*pdwRVA)
*pdwRVA = (*pdwRVA) + diffRVA;
}
}
}
// If this is a CE file, then change the processor to x86
if (pNT)
{
if (pNT->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CE_GUI
|| pNT->FileHeader.Machine == IMAGE_FILE_MACHINE_ARM)
{
pNT->FileHeader.Machine = IMAGE_FILE_MACHINE_I386;
pNT->OptionalHeader.Subsystem = IMAGE_SUBSYSTEM_WINDOWS_CUI;
}
if (pNT->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI && (pCor->Flags & 0x08))
{
PIMAGE_SECTION_HEADER section = IMAGE_FIRST_SECTION(pNT);
for (UINT i=0; i < pNT->FileHeader.NumberOfSections; i++, section++)
{
if (section->SizeOfRawData < section->Misc.VirtualSize)
{
_tprintf(_T("\nWARNING: %s section has a RawData size of %X and a VirtualSize of %X, strong named image may not run on Windows CE\n"), section->Name, section->SizeOfRawData, section->Misc.VirtualSize);
}
}
}
}
if (pCor->Flags & 0x08)
_tprintf(_T("\nWARNING: %s must be re-signed before it can be used!\n"), pszNative);
_tprintf(_T("Success!\n"));
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -