PE header in C

[karapidiola]

header.h

Code:

typedef struct _StaffToUse
{
	DWORD EIP;
	DWORD IMAGE_BASE;
	DWORD VEP;
	
	DWORD NumbOfSections;
	DWORD WinExec_;
	DWORD LoadLib_;
	DWORD ExitProc_;
	DWORD *VirtualS[32];
	DWORD *SizeOfRaw[32];
	DWORD *PointerToRaw[32];
	DWORD *VirtualAddr[32];
	BYTE *SectionNames[32];

} StaffToUse;

typedef struct _DWDataStorage{

	BYTE *dwData;

}DWDataStorage;

//cracps
HANDLE hFile,oFile = NULL;
DWORD dwBytesRead;
DWORD Sections;
DWORD fSize = 0;
PCHAR pMem;
IMAGE_NT_HEADERS  _nt;
DWDataStorage dw_[32];
IMAGE_DOS_HEADER header;
IMAGE_SECTION_HEADER *_img;

StaffToUse _help_my_ass;
PIMAGE_SECTION_HEADER Custom_hdr;
BYTE *ptrBuffer;
DWORD stub_size;
BYTE *stub;

source.c

Code:

//code by darkInjection..........................................................
int readFileHeaders(char*file){

	hFile =	CreateFile( file,GENERIC_READ,FILE_SHARE_WRITE | FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL);

	if(hFile == INVALID_HANDLE_VALUE){
	
		MessageBoxA(0,"File Not Found","Error",MB_ICONEXCLAMATION|MB_OK);
		return 0;
		
	}

	fSize = GetFileSize(hFile,NULL);

	if(fSize <= 60 ){
		MessageBoxA(0,"File Size Error","Error",MB_ICONEXCLAMATION|MB_OK);
		
		return 0;

	}else{
	
		ptrBuffer = (BYTE*)malloc(fSize+1);
	
	}

	//read the file
	ReadFile( hFile, ptrBuffer, fSize, &dwBytesRead, NULL );

	if(dwBytesRead != fSize){
	
		MessageBoxA(0,"Read Size Error","Error",MB_ICONEXCLAMATION|MB_OK);
		
		return 0;

	}



	//copy the dos header
	memcpy(&header, ptrBuffer, sizeof(IMAGE_DOS_HEADER)); 
	
	stub_size = header.e_lfanew - sizeof(IMAGE_DOS_HEADER);

	stub = (BYTE*)malloc(stub_size);

	memcpy(stub,ptrBuffer+ sizeof(IMAGE_DOS_HEADER),stub_size);

	if(header.e_magic != IMAGE_DOS_SIGNATURE){
	
		MessageBoxA(0,"Not A Valid Dos Stub","Error",MB_ICONEXCLAMATION|MB_OK);
		
		return 0;

	};
	

	//copy the pe header
	memcpy(&_nt,ptrBuffer + header.e_lfanew,sizeof(IMAGE_NT_HEADERS));
	
	if(_nt.Signature != IMAGE_NT_SIGNATURE){
	
		MessageBoxA(0,"Not A Valid PE Executable","Error",MB_ICONEXCLAMATION|MB_OK);

		return 0;
	}
	//place shit to my structure
	_help_my_ass.EIP = _nt.OptionalHeader.AddressOfEntryPoint;
	_help_my_ass.IMAGE_BASE = _nt.OptionalHeader.ImageBase;
	_help_my_ass.VEP = _nt.OptionalHeader.AddressOfEntryPoint + _nt.OptionalHeader.ImageBase;
	//read the sections
	Sections = _nt.FileHeader.NumberOfSections;
	_help_my_ass.NumbOfSections = Sections;
	//fill the image section structure
	_img = (IMAGE_SECTION_HEADER *)(ptrBuffer + header.e_lfanew+sizeof(IMAGE_NT_HEADERS));

	if( (Sections < 1) || (Sections > 32) ){
	
		MessageBoxA(0,"Error With File Sections","Error",MB_ICONEXCLAMATION|MB_OK);

		return 0;

	}

	for(DWORD i=0; i<= Sections-1; i++){
	
		memcpy(&_img_[i],_img,sizeof(IMAGE_SECTION_HEADER));
		_help_my_ass.SectionNames[i] = _img_[i].Name;
		_help_my_ass.PointerToRaw[i] = (unsigned long*)_img_[i].PointerToRawData;
		_help_my_ass.SizeOfRaw[i] = (unsigned long*)_img_[i].SizeOfRawData;
		_help_my_ass.VirtualAddr[i] = (unsigned long*)_img_[i].VirtualAddress;
		_help_my_ass.VirtualS[i] =(unsigned long*) _img_[i].Misc.VirtualSize;
		//allocate memory to store the datas from each section
		DWORD size_to  = PEAlign(_img_[i].SizeOfRawData,_nt.OptionalHeader.FileAlignment);
		dw_[i].dwData = (BYTE*)malloc(size_to);
		//copy them
		memcpy(dw_[i].dwData,ptrBuffer+_img_[i].PointerToRawData,_img_[i].SizeOfRawData);
		_img++;
	}

	return 1;
}

find EP sections etc from executables file portable executable