Update PE file subsystem together with signature

This commit is contained in:
Rafal Kupiec 2024-01-18 14:34:25 +01:00
parent c152b99327
commit 6808e3b1d7
Signed by: belliash
GPG Key ID: 4E829243E0CFE6B4
1 changed files with 57 additions and 41 deletions

View File

@ -2,7 +2,7 @@
* PROJECT: XTchain
* LICENSE: See COPYING.md in the top level directory
* FILE: tools/exetool.c
* DESCRIPTION: Portable Executable (PE) utility for changing subsystem
* DESCRIPTION: Portable Executable (PE) utility for changing its signature and subsystem
* DEVELOPERS: Rafal Kupiec <belliash@codingworkshop.eu.org>
*/
@ -91,6 +91,7 @@ int main(int argc, char *argv[])
FILE *ExeFile;
unsigned char Signature[4];
unsigned int HeaderOffset;
unsigned int ImageSignature;
unsigned short SubSystem;
PPE_SUBSYSTEM NewSubSystem;
@ -101,44 +102,6 @@ int main(int argc, char *argv[])
return 1;
}
/* Open the EXE file in binary mode */
ExeFile = fopen(argv[1], "r+b");
if(ExeFile == NULL)
{
/* Failed to open PE file */
printf("ERROR: Unable to open file %s\n", argv[1]);
return 1;
}
/* Verify that the input file has a valid DOS header */
fread(Signature, sizeof(unsigned char), 4, ExeFile);
if(Signature[0] != 'M' || Signature[1] != 'Z')
{
/* Invalid DOS header */
printf("ERROR: %s is not a valid EXE file\n", argv[1]);
fclose(ExeFile);
return 1;
}
/* Verify that the input file has a valid PE header */
fseek(ExeFile, 0x3C, SEEK_SET);
fread(&HeaderOffset, sizeof(unsigned int), 1, ExeFile);
fseek(ExeFile, HeaderOffset, SEEK_SET);
fread(Signature, sizeof(unsigned char), 4, ExeFile);
if(Signature[0] != 'P' || Signature[1] != 'E' || Signature[2] != 0 || Signature[3] != 0)
{
/* Invalid PE header */
printf("Error: %s is not a valid PE file\n", argv[1]);
fclose(ExeFile);
return 1;
}
/* Seek to the offset of the SubSystem field in the optional header */
fseek(ExeFile, HeaderOffset + 0x5C, SEEK_SET);
/* Read the current SubSystem value */
fread(&SubSystem, sizeof(unsigned short), 1, ExeFile);
/* Parse the new SubSystem value from the command line argument */
NewSubSystem = getSubSystem(argv[2]);
if(NewSubSystem->Identifier == 0)
@ -148,7 +111,60 @@ int main(int argc, char *argv[])
return 1;
}
/* Print new SubSystem identifier */
/* Open the EXE file in binary mode */
ExeFile = fopen(argv[1], "r+b");
if(ExeFile == NULL)
{
/* Failed to open PE file */
printf("ERROR: Unable to open file %s\n", argv[1]);
return 2;
}
/* Verify that the input file has a valid DOS header */
fread(Signature, sizeof(unsigned char), 4, ExeFile);
if(Signature[0] != 'M' || Signature[1] != 'Z')
{
/* Invalid DOS header */
printf("ERROR: %s is not a valid EXE file\n", argv[1]);
fclose(ExeFile);
return 3;
}
/* Verify that the input file has a valid PE header */
fseek(ExeFile, 0x3C, SEEK_SET);
fread(&HeaderOffset, sizeof(unsigned int), 1, ExeFile);
fseek(ExeFile, HeaderOffset, SEEK_SET);
fread(Signature, sizeof(unsigned char), 4, ExeFile);
if((Signature[0] != 'P' || Signature[1] != 'E' || Signature[2] != 0 || Signature[3] != 0) &&
(Signature[0] != 'P' || Signature[1] != 'E' || Signature[2] != 'X' || Signature[3] != 'T'))
{
/* Invalid PE header */
printf("Error: %s is not a valid PE file\n", argv[1]);
fclose(ExeFile);
return 3;
}
/* Check if setting XT subsystem */
if(NewSubSystem->Identifier >= 0x14 && NewSubSystem->Identifier <= 0x19)
{
/* Write PEXT signature */
ImageSignature = 0x54584550;
}
else
{
/* Write PE00 signature */
ImageSignature = 0x00004550;
}
/* Seek back to header offset and write new signature */
fseek(ExeFile, HeaderOffset, SEEK_SET);
fwrite(&ImageSignature, sizeof(ImageSignature), 1, ExeFile);
/* Seek to the offset of the SubSystem field in the optional header */
fseek(ExeFile, HeaderOffset + 0x5C, SEEK_SET);
/* Read the current SubSystem value */
fread(&SubSystem, sizeof(unsigned short), 1, ExeFile);
/* Seek back to the SubSystem field in the optional header */
fseek(ExeFile, -sizeof(unsigned short), SEEK_CUR);
@ -160,7 +176,7 @@ int main(int argc, char *argv[])
fclose(ExeFile);
/* Finished successfully */
printf("PE SubSystem modified: 0x%04X <%s> to 0x%04X <%s>\n",
printf("PE SubSystem modified: 0x%02X <%s> to 0x%02X <%s>\n",
SubSystem, getSubSystemName(SubSystem), NewSubSystem->Identifier, NewSubSystem->Name);
return 0;
}