Jasemalsadi/GetSectionHdrByName.c

## GetSectionHdrByName.c
#define IMAGE_FIRST_SECTION(ntheader) \
  ((PIMAGE_SECTION_HEADER)(ULONG_PTR)((const BYTE *)&((const IMAGE_NT_HEADERS *)(ntheader))->OptionalHeader + \
                           ((const IMAGE_NT_HEADERS *)(ntheader))->FileHeader.SizeOfOptionalHeader))

// IMAGE_FIRST_SECTION = Pointer to the starting point of optional header “OPTHDROFFSET macro” + SizeOfOptionalHeader which exist in the image file header struct.

BOOL    WINAPI GetSectionHdrByName (
    LPVOID                   lpFile, // pointer to the  file
    IMAGE_SECTION_HEADER     *sh, // returned pointer to the section header
    char                     *szSection // name of the section to find it.
)

{
    PIMAGE_SECTION_HEADER    psh;
    int                      nSections = NumOfSections (lpFile);
    int                      i;


    if ((psh = (PIMAGE_SECTION_HEADER) IMAGE_FIRST_SECTION (lpFile)) !=
         NULL)
        {
        /* find the section by name */
        for (i=0; i<nSections; i++){ // loop through all sections.

            if (!strcmp (psh->Name, szSection)) // comparing by the name
                {
                /* copy data to header */
                CopyMemory ((LPVOID)sh,
                            (LPVOID)psh,
                            sizeof (IMAGE_SECTION_HEADER));
                return TRUE;
                }
            else
                psh++;
            }
        }

    return FALSE;
}
int   WINAPI NumOfSections (
    LPVOID    lpFile)
{
    /* Number of sections is indicated in file header. */
    return (int)((PIMAGE_FILE_HEADER)
                  PEFHDROFFSET (lpFile))->NumberOfSections);
}
// *
continue to the question:
“Can we get a certain Data Directory from VirtualAddress in the above struct ? “
To find the directory virtual address:
* //
LPVOID  WINAPI ImageDirectoryOffset (
        LPVOID    lpFile,
        DWORD     dwIMAGE_DIRECTORY // index of the array.
)
{
    PIMAGE_OPTIONAL_HEADER   poh;
    PIMAGE_SECTION_HEADER    psh;
    int                      nSections = NumOfSections (lpFile);
    int                      i = 0;
    LPVOID                   VAImageDir;

    /* Must be 0 thru (NumberOfRvaAndSizes-1). */
    if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes)
        return NULL;

    /* Retrieve offsets to optional and section headers. */
    poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile);
    psh = (PIMAGE_SECTION_HEADER)SECHDROFFSET (lpFile);

    /* Locate image directory's relative virtual address. */
    VAImageDir = (LPVOID)poh->DataDirectory
                       [dwIMAGE_DIRECTORY].VirtualAddress;

    /* Locate section containing image directory. */
    while (i++<nSections)
        {
        if (psh->VirtualAddress <= (DWORD)VAImageDir &&
            psh->VirtualAddress +
                 psh->SizeOfRawData > (DWORD)VAImageDir)
// check if the Virtual address in the optional header “VAImageDir” is inside the current section.
            break;
        psh++;
        }

    if (i > nSections)
        return NULL;

    /* Return image import directory offset. */
    return (LPVOID)(
      (
(int)lpFile + (int)VAImageDir - psh->VirtualAddress
       )
       +
                         (int)psh->PointerToRawData
);
	#define IMAGE_FIRST_SECTION(ntheader) \
	((PIMAGE_SECTION_HEADER)(ULONG_PTR)((const BYTE )&((const IMAGE_NT_HEADERS )(ntheader))->OptionalHeader + \
	((const IMAGE_NT_HEADERS *)(ntheader))->FileHeader.SizeOfOptionalHeader))

	// IMAGE_FIRST_SECTION = Pointer to the starting point of optional header “OPTHDROFFSET macro” + SizeOfOptionalHeader which exist in the image file header struct.

	BOOL WINAPI GetSectionHdrByName (
	LPVOID lpFile, // pointer to the file
	IMAGE_SECTION_HEADER *sh, // returned pointer to the section header
	char *szSection // name of the section to find it.
	)

	{
	PIMAGE_SECTION_HEADER psh;
	int nSections = NumOfSections (lpFile);
	int i;


	if ((psh = (PIMAGE_SECTION_HEADER) IMAGE_FIRST_SECTION (lpFile)) !=
	NULL)
	{
	/* find the section by name */
	for (i=0; i<nSections; i++){ // loop through all sections.

	if (!strcmp (psh->Name, szSection)) // comparing by the name
	{
	/* copy data to header */
	CopyMemory ((LPVOID)sh,
	(LPVOID)psh,
	sizeof (IMAGE_SECTION_HEADER));
	return TRUE;
	}
	else
	psh++;
	}
	}

	return FALSE;
	}
	int WINAPI NumOfSections (
	LPVOID lpFile)
	{
	/* Number of sections is indicated in file header. */
	return (int)((PIMAGE_FILE_HEADER)
	PEFHDROFFSET (lpFile))->NumberOfSections);
	}
	// *
	continue to the question:
	“Can we get a certain Data Directory from VirtualAddress in the above struct ? “
	To find the directory virtual address:
	* //
	LPVOID WINAPI ImageDirectoryOffset (
	LPVOID lpFile,
	DWORD dwIMAGE_DIRECTORY // index of the array.
	)
	{
	PIMAGE_OPTIONAL_HEADER poh;
	PIMAGE_SECTION_HEADER psh;
	int nSections = NumOfSections (lpFile);
	int i = 0;
	LPVOID VAImageDir;

	/* Must be 0 thru (NumberOfRvaAndSizes-1). */
	if (dwIMAGE_DIRECTORY >= poh->NumberOfRvaAndSizes)
	return NULL;

	/* Retrieve offsets to optional and section headers. */
	poh = (PIMAGE_OPTIONAL_HEADER)OPTHDROFFSET (lpFile);
	psh = (PIMAGE_SECTION_HEADER)SECHDROFFSET (lpFile);

	/* Locate image directory's relative virtual address. */
	VAImageDir = (LPVOID)poh->DataDirectory
	[dwIMAGE_DIRECTORY].VirtualAddress;

	/* Locate section containing image directory. */
	while (i++<nSections)
	{
	if (psh->VirtualAddress <= (DWORD)VAImageDir &&
	psh->VirtualAddress +
	psh->SizeOfRawData > (DWORD)VAImageDir)
	// check if the Virtual address in the optional header “VAImageDir” is inside the current section.
	break;
	psh++;
	}

	if (i > nSections)
	return NULL;

	/* Return image import directory offset. */
	return (LPVOID)(
	(
	(int)lpFile + (int)VAImageDir - psh->VirtualAddress
	)
	+
	(int)psh->PointerToRawData
	);
No results found