Is it possible to write a C code that retrieve its PE sections addresses after compiling it to .exe ?
Did you mean you want to access each section of exe ?
If yes, then find below way to do so:
#include<windows.h>
#include<stdio.h>
int main()
{
LPCSTR fileName="inputFile.exe";
HANDLE hFile;
HANDLE hFileMapping;
LPVOID lpFileBase;
PIMAGE_DOS_HEADER dosHeader;
PIMAGE_NT_HEADERS peHeader;
PIMAGE_SECTION_HEADER sectionHeader;
hFile = CreateFileA(fileName,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(hFile==INVALID_HANDLE_VALUE)
{
printf("\n CreateFile failed \n");
return 1;
}
hFileMapping = CreateFileMapping(hFile,NULL,PAGE_READONLY,0,0,NULL);
if(hFileMapping==0)
{
printf("\n CreateFileMapping failed \n");
CloseHandle(hFile);
return 1;
}
lpFileBase = MapViewOfFile(hFileMapping,FILE_MAP_READ,0,0,0);
if(lpFileBase==0)
{
printf("\n MapViewOfFile failed \n");
CloseHandle(hFileMapping);
CloseHandle(hFile);
return 1;
}
dosHeader = (PIMAGE_DOS_HEADER) lpFileBase;
if(dosHeader->e_magic==IMAGE_DOS_SIGNATURE)
{
printf("\n DOS Signature (MZ) Matched \n");
peHeader = (PIMAGE_NT_HEADERS) ((u_char*)dosHeader+dosHeader->e_lfanew);
if(peHeader->Signature==IMAGE_NT_SIGNATURE)
{
printf("\n PE Signature (PE) Matched \n");
//once found valid exe or dll
//go to first section
sectionHeader = IMAGE_FIRST_SECTION(peHeader);
UINT nSectionCount = peHeader->FileHeader.NumberOfSections;
//No of sections
printf("\n No of sections : %d \n",nSectionCount);
//sectionHeader contains address of first section
//traverse each section by below way
for( UINT i=0; i<nSectionCount; ++i, ++sectionHeader )
{
//section information
}
}
else
{
return 1;
}
}
else
{
return 1;
}
return 0;
}
Related
I am Working with Win32 API and C.
I need to get supported page sizes of my system default printer.
Referring to DeviceCapabilities of a network printer on this forum (which suggested PrintDlg), I am trying to use PrintDlgEx, with Flags=PD_RETURNDEFAULT.
My problem is, call to PrintDlgEx fails with error "E_INVALIDARG", ie, Invalid Argument.
I have written the code as a console program.
Can some one help me identify what is going wrong.
My code is pasted below
int main(void)
{
HWND Myhwnd = GetConsoleWindow();
if (Myhwnd == NULL)
printf("GetConsoleWindow Failed \n");
PRINTDLGEX pdlg;
memset(&pdlg, 0, sizeof(PRINTDLGEX));
pdlg.lStructSize = sizeof(PRINTDLGEX);
pdlg.hwndOwner = Myhwnd;
pdlg.Flags = PD_RETURNDEFAULT|| PD_NOPAGENUMS;
pdlg.nCopies = 1;
pdlg.nPropertyPages = 0;
pdlg.dwResultAction = 0;
pdlg.nStartPage = START_PAGE_GENERAL;
HRESULT result = PrintDlgEx(&pdlg);
switch (result)
{
... ...
case E_INVALIDARG:
printf("Invalid Argument\n");
break;
}
return 0;
}
I noticed in PrintDlgEx documentation it says "This structure must be declared dynamically using a memory allocation function.". So I changed my program as below, but still gives same error "Invalid Argument".
int main(void)
{
HWND Myhwnd = GetConsoleWindow();
if (Myhwnd == NULL)
printf("GetConsoleWindow Failed \n");
PRINTDLGEX * pdlg;
pdlg = malloc(sizeof(PRINTDLGEX));
memset(pdlg, 0, sizeof(PRINTDLGEX));
pdlg->lStructSize = sizeof(PRINTDLGEX);
pdlg->hwndOwner = Myhwnd;
pdlg->Flags = PD_RETURNDEFAULT|| PD_NOPAGENUMS;
pdlg->nCopies = 1;
pdlg->nPropertyPages = 0;
pdlg->dwResultAction = 0;
pdlg->nStartPage = START_PAGE_GENERAL;
HRESULT result = PrintDlgEx(pdlg);
switch (result)
{
... ...
case E_INVALIDARG:
printf("Invalid Argument\n");
break;
}
return 0;
}
I have checked your code with MSVC2019. As IInspectable said in a comment, the error is the use of boolean or || operator instead of bitwise or |operator.
I also checked that the call work with a statically allocated PRINTDLGEX variable or a dynamically allocated one.
The code is:
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
int main(void)
{
HWND Myhwnd = GetConsoleWindow();
if (Myhwnd == NULL)
printf("GetConsoleWindow Failed \n");
PRINTDLGEX pdlg;
memset(&pdlg, 0, sizeof(PRINTDLGEX));
pdlg.lStructSize = sizeof(PRINTDLGEX);
pdlg.hwndOwner = Myhwnd;
pdlg.Flags = PD_RETURNDEFAULT | PD_NOPAGENUMS;
pdlg.nCopies = 1;
pdlg.nPropertyPages = 0;
pdlg.dwResultAction = 0;
pdlg.nStartPage = START_PAGE_GENERAL;
HRESULT result = PrintDlgEx(&pdlg);
switch (result)
{
case S_OK:
printf("Success\n");
break;
case E_INVALIDARG:
printf("Invalid Argument\n");
break;
default:
printf("Error %d\n", result);
break;
}
return 0;
}
I'm playing around the bfd library (<bfd.h>), and I was able to implement my own version of objdump -h on binary files by printing out sections, their vmas, size, etc. Now, I'm having trouble implementing nm. I'm able to use the bfd library to obtain all the different symbols of a binary executable file, but how can I get each symbol's (main, etc) vma using asection/asymbol struct data? Here's the code I have that prints out every symbol name:
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <bfd.h>
int main(int argc, char *argv[])
{
bfd *ibfd = NULL;
if (!argv[1])
{
printf("Please supply a second argument\n");
return -1;
}
else
{
// initialize bfd so we can use it
bfd_init();
// open the supplied argument file
const char *str = argv[1];
ibfd = bfd_openr(str, "elf64-x86-64");
// if issue opening
if (!ibfd)
{
bfd_perror("open failure\n");
return -1;
}
// if file isnt elf binary file
if (!bfd_check_format(ibfd, bfd_object))
{
printf("not an object file\n");
return -1;
}
int spaceNeeded = bfd_get_symtab_upper_bound(ibfd);
if (spaceNeeded < 0)
{
return -1;
}
else if (spaceNeeded == 0)
{
return 1;
}
asymbol **symTable = malloc(spaceNeeded);
long numSyms = bfd_canonicalize_symtab(ibfd, symTable);
if (numSyms < 0)
return -1;
for (int i = 0, count = 0; i < numSyms; i++)
{
printf("%s\n", symTable[i]->name);
}
bfd_close(ibfd);
}
// success code
return 1;
}
nm uses the function bfd_symbol_info to fetch the virtual memory addresses of the symbols. You can read the source code for that function to get an idea as to the implementation.
void
bfd_symbol_info (symbol, ret)
asymbol *symbol;
symbol_info *ret;
{
ret->type = bfd_decode_symclass (symbol);
if (bfd_is_undefined_symclass (ret->type))
ret->value = 0;
else
ret->value = symbol->value + symbol->section->vma;
ret->name = symbol->name;
}
The following code doesn't behave as expected ..
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <stdbool.h>
struct dest
{
char filename[20], keyword[20];
bool opened;
FILE * file;
};
void display_data(const struct dest p) {
printf("Keyword: %s, Filename: %s, Used: %s\n", p.keyword, p.filename, p.opened ? "Yes" : "No");
}
int main(int argc, char const *argv[])
{
// declaring variables
float lon, lat;
char info[80];
FILE *reader;
// checking required arguments
if ((argc+1) % 2 || argc < 2) {
fprintf(stderr, "Usage: %s file_to_read file_for_unknown type file type file ...\n", argv[0]);
return 2;
}
// opening the reader
if (!(reader = fopen(argv[1], "r"))) {
fprintf(stderr, "File can't be accessed: %s\n", argv[1]);
return 2;
}
// creating important globals
const short pairs = (argc-3)/2;
struct dest data[pairs];
struct dest other;
strcpy(other.filename, argv[2]);
other.opened = false;
// gathering data
short times = 4;
for(short i = 4; i < argc; i += 2) {
data[i-times].opened = false;
strcpy(data[i-times].keyword, argv[i-1]);
strcpy(data[i-times].filename, argv[i]);
times += 1;
}
// finally, scanning the file ..
struct dest *use_f; // pointer for the wanted destination ..
bool known;
while (fscanf(reader, "%f,%f,%79[^\n]", &lat, &lon, info)) {
// deciding which file to use ..
known = false;
for(short i=0; i < pairs; ++i) {
if (strstr(info, data[i].keyword)) {
known = true;
use_f = &data[i];
}
}
if (!(known)) {
use_f = &other;
}
// checking the file ..
if (!((*use_f).opened)) {
(*use_f).file = fopen((*use_f).filename, "w");
(*use_f).opened = true;
}
// writing to the file ..
fprintf((*use_f).file, "%f,%f,%s\n", lat, lon, info);
}
// closing all data streams, and informing user ..
for (short i=0; i < pairs; ++i) {
display_data(data[i]);
if (data[i].opened) {
fclose(data[i].file);
data[i].opened = false;
}
}
fclose(reader);
fclose(other.file);
return 0;
}
The command used to run it is this ..
./categorize spooky.csv other.csv UFO UFOS.csv # I get no output at all
It seems that the while loop doesn't actually end, which is mysterious, because the file (spooky.csv) is only 11 lines !
30.685163,-68.137207,Type=Yeti
28.304380,-74.575195,Type=UFO
29.132971,-71.136475,Type=Ship
28.343065,-62.753906,Type=Elvis
27.868217,-68.005371,Type=Goatsucker
30.496017,-73.333740,Type=Disappearance
26.224447,-71.477051,Type=UFO
29.401320,-66.027832,Type=Ship
37.879536,-69.477539,Type=Elvis
22.705256,-68.192139,Type=Elvis
27.166695,-87.484131,Type=Elvis
It just keeps writing to other.file, yet I don't know why ..
The program simply doesn't end, can anybody explain things to me ?
From the fscanf() manpage: "The value EOF is returned if an input failure occurs before any conversion (such as an end-of-file) occurs."
Here's a hint... EOF isn't equal to 0. Your while-loop never terminates.
I can't figure out why my program is outputting seemingly random Windows paths as shown below.
\maven, : ORS=4 (id: 4677968)
m32\cmd.exe, ò: Æ (id: 5525087)
, : (id: 4653392)
It does this when looping through an array of structures I have and displaying the values inside. Funny thing is though that it works perfectly. If I add 5 entries, it still displays all of them accurately. Yet it prints the random paths shown above before everything else.
I'm going to attach the whole program because I honestly don't know where to narrow the problem down to. I'm new to C and especially new to manually handling memory. So that may be where the problem lies. Thanks ahead of time.
The program:
#include<stdio.h>
#include<string.h>
// Define structures
typedef struct Contact
{
int id;
char fname[24];
char lname[24];
char number[16];
} Contact;
typedef struct Phonebook
{
Contact* contacts;
int contacts_length;
int id_tracking;
} Phonebook;
// Define prototypes
Phonebook addContact(Phonebook);
Phonebook removeContact(Phonebook); // removeContact() prompts the user for information about whom they want to remove.
void viewContacts(Phonebook);
void exportContacts(Phonebook);
Contact findEntry(int, Phonebook);
Phonebook removeEntry(int, Phonebook); // removeEntry() can be called to explicitly remove the entry with the passed in integer id.
int main()
{
// Define variables
int menuChoice = 0, status = 1;
Phonebook phonebook;
phonebook.contacts = (Contact*) malloc(sizeof(Contact));
// Check memory allocation
if(phonebook.contacts == NULL)
{
printf("\nFatal error: Out of memory... now exiting.");
return;
}
// Handle the user
do
{
// Begin collecting and assigning data
printf("\nContact Menu\n");
printf("\n(1.) Add contact");
printf("\n(2.) Remove contact");
printf("\n(3.) View contacts");
printf("\n(4.) Export contacts");
printf("\n(5.) Exit");
printf("\n\nPlease choose a menu option (enter the number): ");
scanf("%d", &menuChoice);
// Interpret menu choice
switch(menuChoice)
{
case 1:
// Begin adding contact
phonebook = addContact(phonebook);
status = 1;
break;
case 2:
phonebook = removeContact(phonebook);
status = 1;
break;
case 3:
viewContacts(phonebook);
status = 1;
break;
case 4:
exportContacts(phonebook);
status = 1;
break;
case 5:
// Free memory
free(phonebook.contacts);
// See ya!
printf("\nGoodbye!");
status = 0;
break;
default:
printf("I'm sorry, I didn't quite understand that. Please try again.");
status = 1;
break;
}
}
while(status != 0);
// Return 0 for exit
return 0;
}
Phonebook addContact(Phonebook phonebook)
{
// Clear screen first
system("cls");
// Define contact and set random id
Contact entry;
entry.id = phonebook.id_tracking;
phonebook.id_tracking++;
// Obtain information
printf("First name (24 characters max): ");
scanf("%s", &entry.fname);
printf("Last name (24 characters max): ");
scanf("%s", &entry.lname);
printf("Telephone number (recommended format: ###-###-####): ");
scanf("%s", &entry.number);
// Handle memory allocation
if(phonebook.contacts_length > 1)
{
phonebook.contacts = (Contact*) realloc(phonebook.contacts, sizeof(Contact) * (phonebook.contacts_length + 1));
}
// Save the contact to the array and count up
phonebook.contacts[phonebook.contacts_length] = entry;
phonebook.contacts_length++;
printf("Contact saved!\n");
return phonebook;
}
Phonebook removeContact(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou haven't saved any contacts.\n");
return;
}
// Define variables
int i, chosenId = 0;
// Display contacts with their ids
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
printf("\n%s, %s (id: %d)", entry.lname, entry.fname, entry.id);
}
// Handle removal
printf("\n\nPlease enter the ID of the contact you would like to remove: ");
scanf("%d", &chosenId);
// Remove
Phonebook updatedPhonebook = removeEntry(chosenId, phonebook);
printf("Contact removed!\n");
return updatedPhonebook;
}
void viewContacts(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou haven't saved any contacts.\n");
return;
}
// Define variables
int i;
// Display contacts with their ids
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
printf("\n%s, %s: %s (id: %d)", entry.lname, entry.fname, entry.number, entry.id);
}
printf("\n");
return;
}
/*
* Experimenting with I/O in C
*/
void exportContacts(Phonebook phonebook)
{
// First check to make sure they have saved contacts
if(phonebook.contacts_length < 1)
{
// No contacts saved, tell them
printf("\nYou have no contacts to be exported.\n");
return;
}
// Define and initialize variables
int i;
char outputName[] = "contacts.txt";
FILE *contactFile = fopen(outputName, "w");
// Print message
printf("\nExporting contacts to .txt file... ");
// Print to the file
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
fprintf(contactFile, "%s, %s (id: %d): %s\n", entry.lname, entry.fname, entry.id, entry.number);
}
// Close the file
fclose(contactFile);
// Done
printf("Done!");
printf("\nData exported to contacts.txt located where this program was launched.");
}
Contact findEntry(int id, Phonebook phonebook)
{
int i;
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
if(entry.id == id)
{
return entry;
}
}
}
Phonebook removeEntry(int id, Phonebook phonebook)
{
// Define variables
int i, positionToFree;
// Search for the index of the entry to remove
for(i = 0; i < phonebook.contacts_length; i++)
{
Contact entry = phonebook.contacts[i];
if(entry.id == id)
{
positionToFree = i; // This is the position to be freed
}
// We've found what we need, break now
break;
}
// Loop starting at that entry and remove
for(i = positionToFree; i < phonebook.contacts_length; i++)
{
Contact temp = phonebook.contacts[i + 1];
phonebook.contacts[i] = temp;
}
// Count down for contacts_length
phonebook.contacts_length--;
// Return the updated contacts
return phonebook;
}
This sounds like undefined behaviour.
You never initialise phonebook.contacts_length. It could have any value. When you go to add an entry, it's quite possible that the realloc call fails. You don't check the return value, so you wouldn't know.
Bad juju.
Okay, what I was trying to do is to print all the data of a section of a PE executable:
#include<stdio.h>
#include<Windows.h>
int dth(int dec)
{
return 0;
}
int main()
{
IMAGE_NT_HEADERS peHead;
IMAGE_DOS_HEADER dosMZ;
IMAGE_SECTION_HEADER *secHead;
unsigned long d;
char file[]=".\\test.exe";
HANDLE host;
int i=0;
printf("\nScanning %s :-",file);
if((host=CreateFileA(file,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL))==INVALID_HANDLE_VALUE)
{
printf("\nFile OPEN Error");
return 0;
}
if(!ReadFile(host,(void*)&dosMZ,sizeof(dosMZ),&d,NULL))
{
printf("\nRead Fail");
return 0;
}
if(!(dosMZ.e_magic==IMAGE_DOS_SIGNATURE))
{
printf("\nNot a Valid PE");
return 0;
}
printf("\nDos Signature Found");
SetFilePointer(host,dosMZ.e_lfanew,NULL,FILE_BEGIN);
if(!ReadFile(host,(void*)&peHead,sizeof(peHead),&d,NULL))
{
printf("\nRead Fail");
return 0;
}
if(!(peHead.Signature==IMAGE_NT_SIGNATURE))
{
printf("\nNot Valid PE");
return 0;
}
printf("\nPe Signature Found");
printf("\nMachine to be Executed on: %x ;Intelx86 for 0x14c",peHead.FileHeader.Machine);
printf("\nNumber of Sections : %d",peHead.FileHeader.NumberOfSections);
if(peHead.FileHeader.Characteristics==0x10f)
printf("\nCharachteristics : Executable File");
else
printf("\nCharachteristics : DLL File");
printf("\nReading Sections :");
printf("%d",peHead.OptionalHeader.SizeOfHeaders);
secHead=(IMAGE_SECTION_HEADER*)GlobalAlloc(GMEM_FIXED,sizeof(IMAGE_SECTION_HEADER)*peHead.FileHeader.NumberOfSections);
ReadFile(host,(void*)secHead,sizeof(IMAGE_SECTION_HEADER)*peHead.FileHeader.NumberOfSections,&d,NULL);
for(i=0;i<peHead.FileHeader.NumberOfSections;i++)
{
printf("\n Section Name : %s",secHead[i].Name);
printf("\n RVA : %x",secHead[i].VirtualAddress);
printf("\n Pointer to Raw Data : %x",secHead[i].PointerToRawData);
printf("\n Size of Data : %x",secHead[i].SizeOfRawData);
}
printf("\nPrinting opcodes of code Section:\n\n");
SetFilePointer(host,(int)secHead[1].PointerToRawData,NULL,FILE_BEGIN);
char ab;
for(i=0;i<=(secHead[1].SizeOfRawData);i++)
{
ReadFile(host,&ab,1,&d,NULL);
printf("%c",ab);
}
printf("%d\n,%d",i);
CloseHandle(host);
return 0;
}
The error happens when the setfilepointer sets the pointer to the start of .text section where it has to set the file pointer to 4096 location of file, instead it points to 16384 location. I discovered this after debugging the issue with ollydbg.
Anyoone can tell me whats wrong?