commit f91f052c0b2858e5e1f20245ff4a57100d904b0a Author: crt0mega Date: Thu Jun 4 15:02:40 2020 +0200 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..429bf25 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.o +laa_patcher +*.exe diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..b651c87 --- /dev/null +++ b/Makefile @@ -0,0 +1,2 @@ +laa_patcher: laa_patcher.c help.c patch.c + gcc -o laa_patcher laa_patcher.c help.c patch.c diff --git a/README.md b/README.md new file mode 100644 index 0000000..6684bb9 --- /dev/null +++ b/README.md @@ -0,0 +1,7 @@ +# laa_patcher +## Usage: +`./laa_patcher win32pe.exe` +## What does it do? +It's a simple C progam which patches existing Win32 PE binaries to be LARGE_ADDRESS_AWARE. +## Why does it look so ugly? :tw-1f4a9: +It's my first C program so don't judge :tw-1f61d: diff --git a/help.c b/help.c new file mode 100644 index 0000000..5a64da7 --- /dev/null +++ b/help.c @@ -0,0 +1,31 @@ +/* + * help.c + * + * Copyright 2020 crt0mega + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + * + */ + +#include + +void help() +{ + printf("\nUsage:\nlaa_patcher \n" + "This Program sets or unsets the LARGE_ADDRESS_AWARE flag on " + "32 Bit PE Executables.\n"); +} diff --git a/help.h b/help.h new file mode 100644 index 0000000..d0b862c --- /dev/null +++ b/help.h @@ -0,0 +1,24 @@ +/* + * help.h + * + * Copyright 2020 crt0mega + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + * + */ + +void help(); diff --git a/laa_patcher.c b/laa_patcher.c new file mode 100644 index 0000000..283c7fc --- /dev/null +++ b/laa_patcher.c @@ -0,0 +1,87 @@ +/* + * laa_patcher.c + * + * Copyright 2020 crt0mega + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + * + */ + + +#include +#include +#include +#include "help.h" +#include "patch.h" + +#define VERSION 0.1 + + + +int main(int argc, char **argv) +{ + // Introduce yerself + + printf("laa_patcher v%g (c) 2020 by crt0mega\n", VERSION, argc); + + if (argc == 1) + { + help(); + return 0; + } + + char filename[strlen(argv[1])]; + strcpy(filename, argv[1]); + + printf("\nPatching %s ...\n", filename); + + if (ispe(filename)) + { + printf("- %s is a PE binary...\n", filename); + } + + else + { + printf("- %s is no PE binary, aborting.\n", filename); + return 1; + } + + if (ispatched(filename)) + { + printf("- %s is already aware of large addresses, unpatching.\n", filename); + //return 1; + } + + // Let's get busy + + bool success; + + success = patch(filename); + + if (success == true) + { + printf("- %s successfully patched.\n", filename); + return 0; + } + + else + { + printf("- Error while patching %s.\n", filename); + return 1; + } + +} diff --git a/laa_patcher.geany b/laa_patcher.geany new file mode 100644 index 0000000..6b8c7d9 --- /dev/null +++ b/laa_patcher.geany @@ -0,0 +1,40 @@ +[editor] +line_wrapping=false +line_break_column=72 +auto_continue_multiline=true + +[file_prefs] +final_new_line=true +ensure_convert_new_lines=false +strip_trailing_spaces=false +replace_tabs=false + +[indentation] +indent_width=4 +indent_type=1 +indent_hard_tab_width=8 +detect_indent=false +detect_indent_width=false +indent_mode=2 + +[project] +name=laa_patcher +base_path=/home/crt0mega/Projekte/laa_patcher/ +description= +file_patterns= + +[long line marker] +long_line_behaviour=1 +long_line_column=72 + +[files] +current_page=0 +FILE_NAME_0=853;C;0;EUTF-8;1;1;0;%2Fhome%2Fcrt0mega%2FProjekte%2Flaa_patcher%2Flaa_patcher.c;0;4 + +[VTE] +last_dir=/home/crt0mega + +[build-menu] +EX_00_LB=_Execute +EX_00_CM="./%e" +EX_00_WD= diff --git a/patch.c b/patch.c new file mode 100644 index 0000000..578cf6b --- /dev/null +++ b/patch.c @@ -0,0 +1,152 @@ +/* + * patch.c + * + * Copyright 2020 crt0mega + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + * + */ + + +#include +#include +#include + +#define IS_LAA 0x0020 + +bool ispe(char *filename) +{ + FILE *pFile; + int16_t header; + int32_t peloc; + int32_t peheader; + + pFile = fopen(filename, "rb"); + fread(&header, sizeof(header), 1, pFile); + + if (header != 0x5a4d) //Check presence of MZ magic bytes + { + fclose(pFile); + return false; + } + + fseek(pFile, 0x3c, SEEK_SET); + fread(&peloc, sizeof(peloc), 1, pFile); //Get PE header location + + fseek(pFile, peloc, SEEK_SET); + fread(&peheader, sizeof(peheader), 1, pFile); + + if (peheader != 0x4550) // Check presence of PE magic bytes + { + fclose(pFile); + return false; + } + + fclose(pFile); + return true; +} + +bool ispatched(char *filename) +{ + FILE *pFile; + int32_t peloc; + int32_t peheader; + int16_t laa; + + if (!ispe(filename)) + { + printf("How did we even get here?!"); + return false; + } + + pFile = fopen(filename, "rb"); + + fseek(pFile, 0x3c, SEEK_SET); + fread(&peloc, sizeof(peloc), 1, pFile); + + fseek(pFile, peloc, SEEK_SET); // Seek to PE Location and + fread(&peheader, sizeof(peheader), 1, pFile); // Fetch header + + if (peheader != 0x4550) + { + printf("How the hell did we even geht here?!"); + return false; + } + + fseek(pFile, 0x12, SEEK_CUR); // Seek to characteristics + fread(&laa, sizeof(laa), 1, pFile); // Read characteristics + + fclose(pFile); + + if ((laa & IS_LAA) == IS_LAA) + { + return true; + } + + return false; +} + +bool patch(char *filename) +{ + FILE *pFile; + int32_t peloc; + int32_t peheader; + int16_t laa; + + if (!ispe(filename)) + { + printf("How did we even get here?!\n"); + return false; + } + + pFile = fopen(filename, "r+b"); + + fseek(pFile, 0x3c, SEEK_SET); + fread(&peloc, sizeof(peloc), 1, pFile); + + fseek(pFile, peloc, SEEK_SET); // Seek to PE Location and + fread(&peheader, sizeof(peheader), 1, pFile); // Fetch header + + if (peheader != 0x4550) + { + printf("How the hell did we even geht here?!\n"); + return false; + } + + fseek(pFile, 0x12, SEEK_CUR); // Seek to characteristics + fread(&laa, sizeof(laa), 1, pFile); // Read characteristics + + int16_t setlaa; + + if ((laa & IS_LAA) == IS_LAA) + { + setlaa=laa&~IS_LAA; + } + + else + { + setlaa=laa|IS_LAA; + } + + fseek(pFile, -sizeof(laa), SEEK_CUR); // Seek back + fwrite(&setlaa, 1, sizeof(setlaa), pFile); // Write new value + + fclose(pFile); + + return true; + +} diff --git a/patch.h b/patch.h new file mode 100644 index 0000000..a01738b --- /dev/null +++ b/patch.h @@ -0,0 +1,28 @@ +/* + * patch.h + * + * Copyright 2020 crt0mega + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + * + * + */ + +#include + +int patch(char *filename); +bool ispe(char *filename); +bool ispatched(char *filename);