int
LoadPE::RunPE(
char
* pFileBuff,
DWORD
dwSize)
{
int
ret = 0;
char
szout[1024];
DWORD
dwSizeOfImage = GetSizeOfImage(pFileBuff);
DWORD
imagebase = GetImageBase(pFileBuff);
if
(imagebase <= 0)
{
imagebase = DEFAULT_PE_BASE_ADDRESS;
}
#ifdef _MYDEBUG
wsprintfA(szout,
"image base:%x,size:%x"
, imagebase, dwSizeOfImage);
MessageBoxA(0, szout, szout, MB_OK);
#endif
char
* chBaseAddress = (
char
*)lpVirtualAlloc(imagebase, dwSizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if
(NULL == chBaseAddress)
{
#ifdef _MYDEBUG
wsprintfA(szout,
"VirtualAlloc address:%x error"
, imagebase);
MessageBoxA(0, szout, szout, MB_OK);
#endif
chBaseAddress = (
char
*)lpVirtualAlloc(0, dwSizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if
(NULL == chBaseAddress)
{
#ifdef _MYDEBUG
wsprintfA(szout,
"VirtualAlloc address:%x error"
, imagebase);
MessageBoxA(0, szout, szout, MB_OK);
#endif
return
NULL;
}
}
RtlZeroMemory(chBaseAddress, dwSizeOfImage);
ret = MapFile(pFileBuff, chBaseAddress);
ret = RelocationTable(chBaseAddress);
ret = ImportTable(chBaseAddress);
DWORD
dwOldProtect = 0;
if
(FALSE == lpVirtualProtect(chBaseAddress, dwSizeOfImage, PAGE_EXECUTE_READWRITE, &dwOldProtect))
{
lpVirtualFree(chBaseAddress, dwSizeOfImage, MEM_DECOMMIT);
lpVirtualFree(chBaseAddress, 0, MEM_RELEASE);
#ifdef _MYDEBUG
wsprintfA(szout,
"VirtualProtect address:%x error"
, imagebase);
MessageBoxA(0, szout, szout, MB_OK);
#endif
return
NULL;
}
ret = SetImageBase(chBaseAddress);
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)chBaseAddress;
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(chBaseAddress + dos->e_lfanew);
#ifdef _MYDEBUG
wsprintfA(szout,
"pe type:%x"
, nt->FileHeader.Characteristics);
MessageBoxA(0, szout, szout, MB_OK);
#endif
if
(nt->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI)
{
}
else
if
(nt->OptionalHeader.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI)
{
gType = 3;
ghPEModule = (
HMODULE
)chBaseAddress;
gPEImageSize = dwSizeOfImage;
ret = CallConsoleEntry(chBaseAddress);
lpVirtualFree(chBaseAddress, dwSizeOfImage, MEM_DECOMMIT);
lpVirtualFree(chBaseAddress, 0, MEM_RELEASE);
return
ret;
}
if
(nt->FileHeader.Characteristics & 0x2000)
{
gType = 2;
gPEImageSize = dwSizeOfImage;
ghPEModule = (
HMODULE
)chBaseAddress;
ret = recoverEAT(chBaseAddress);
ret = CallDllEntry(chBaseAddress);
return
ret;
}
else
{
gType = 1;
ghPEModule = (
HMODULE
)chBaseAddress;
gPEImageSize = dwSizeOfImage;
ret = CallExeEntry(chBaseAddress);
lpVirtualFree(chBaseAddress, dwSizeOfImage, MEM_DECOMMIT);
lpVirtualFree(chBaseAddress, 0, MEM_RELEASE);
return
ret;
}
return
TRUE;
}