admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: replace section SizeOfRawData with Misc_VirtualSize

Browse Source
This commit is contained in:
Dobin
2024-02-18 14:04:57 +00:00
parent 224d252e78
commit 00f0d8d388
3 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
derbackdoorer/derbackdoorer.py
+1 -1
View File
@@ -162,7 +162,7 @@ class PeBackdoor:
entrypoint = self.pe.OPTIONAL_HEADER.AddressOfEntryPoint entrypoint = self.pe.OPTIONAL_HEADER.AddressOfEntryPoint
for sect in self.pe.sections: for sect in self.pe.sections:
if sect.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE']: if sect.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE']:
if entrypoint >= sect.VirtualAddress and entrypoint <= sect.VirtualAddress + sect.SizeOfRawData: if entrypoint >= sect.VirtualAddress and entrypoint <= sect.VirtualAddress + sect.Misc_VirtualSize:
return sect return sect
return None return None
model.py
+5 -4
View File
@@ -59,12 +59,13 @@ class ExeInfo():
# .text virtual address # .text virtual address
self.code_section = pehelper.get_code_section(pe) self.code_section = pehelper.get_code_section(pe)
self.code_virtaddr = self.code_section.VirtualAddress
self.code_size = self.code_section.Misc_VirtualSize
logger.info("--[ Injectable: Chosen code section: {} at 0x{:x} size: {}".format( logger.info("--[ Injectable: Chosen code section: {} at 0x{:x} size: {}".format(
self.code_section.Name.decode().rstrip('\x00'), self.code_section.Name.decode().rstrip('\x00'),
self.code_section.VirtualAddress, self.code_virtaddr,
self.code_section.SizeOfRawData)) self.code_size))
self.code_virtaddr = self.code_section.VirtualAddress
self.code_size = self.code_section.SizeOfRawData
# iat # iat
self.iat = pehelper.extract_iat(pe) self.iat = pehelper.extract_iat(pe)
pehelper.py
+4 -4
View File
@@ -15,9 +15,9 @@ def extract_code_from_exe(exe_file: FilePath) -> bytes:
section = get_code_section(pe) section = get_code_section(pe)
data: bytes = section.get_data() data: bytes = section.get_data()
data = remove_trailing_null_bytes(data) data = remove_trailing_null_bytes(data)
logger.info(" > 0x{:X} Code Size: {} (raw code section size: {})".format( logger.info(" > 0x{:X} Code Size: {} (code section size: {})".format(
section.VirtualAddress, section.VirtualAddress,
len(data), section.SizeOfRawData)) len(data), section.Misc_VirtualSize))
pe.close() pe.close()
return data return data
@@ -35,7 +35,7 @@ def get_code_section(pe: pefile.PE) -> pefile.SectionStructure:
entrypoint = pe.OPTIONAL_HEADER.AddressOfEntryPoint entrypoint = pe.OPTIONAL_HEADER.AddressOfEntryPoint
for sect in pe.sections: for sect in pe.sections:
if sect.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE']: if sect.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE']:
if entrypoint >= sect.VirtualAddress and entrypoint <= sect.VirtualAddress + sect.SizeOfRawData: if entrypoint >= sect.VirtualAddress and entrypoint <= sect.VirtualAddress + sect.Misc_VirtualSize:
return sect return sect
raise Exception("Code section not found") raise Exception("Code section not found")
@@ -48,7 +48,7 @@ def get_rwx_section(pe: pefile.PE) -> pefile.SectionStructure:
section.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_WRITE'] and section.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_WRITE'] and
section.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE'] section.Characteristics & pefile.SECTION_CHARACTERISTICS['IMAGE_SCN_MEM_EXECUTE']
): ):
if entrypoint > section.VirtualAddress and entrypoint < section.VirtualAddress + section.SizeOfRawData: if entrypoint > section.VirtualAddress and entrypoint < section.VirtualAddress + section.Misc_VirtualSize:
return section return section
return None return None