-- © 2008 Daniel Pistelli. All rights reserved. -- Header Pack Script Version: 1.0.0.1 -- This neat little script does the following: -- -- packs the dos header + PE header + section headers -- removes useless things like the Rich Signature -- removes linker references inside the PE header -- strips the debug information (if any) from the PE -- if it's a .NET, removes Strong Name Signature -- updates checksum -- shows an invalid PE Msgbox function InvPEMsg() MsgBox("The current file seems to be an invalid PE. Cannot proceed!", strScriptName, MB_ICONEXCLAMATION) end -- -------------------------------------------------- -- the main code starts here -- -------------------------------------------------- strScriptName = "Header Pack Script 1.0.0.1 - by Daniel Pistelli" local filename = GetOpenFile("Select a PE...", "All\n*.*\nExe Files\n*.exe\nDll Files\n*.dll\n") --[[ -- if it is a fixed file name, write: filename = @"C:\...\Release\App.exe" ]] if filename == null then return end local hPE = OpenFile(filename) if hPE == null then MsgBox("Couldn't open file.", "Error", MB_ICONEXCLAMATION) return end local OptHdrOffset = GetOffset(hPE, PE_OptionalHeader) if OptHdrOffset == null then InvPEMsg() return end local bPE64 = IsPE64(hPE) local bDotNET = IsDotNET(hPE) -- -------------------------------------------------- -- START PROCESSING -- -------------------------------------------------- -- PACK HEADERS do local SecrHdrsOffset = GetOffset(hOriginalPE, PE_SectionHeaders) local SizeOfSections = GetNumberOfSections(hPE) * IMAGE_SIZEOF_SECTION_HEADER local FileHdrOffset = GetOffset(hPE, PE_FileHeader) local SizeOfOptionalHdr = ReadWord(hPE, FileHdrOffset + 16) local SizeOfPEHeader = 4 + 20 + SizeOfOptionalHdr; local PEHdrOffset = GetOffset(hPE, PE_NtHeaders) -- we assume that the PE header comes right after -- the Dos header, this is a normal PE FillBytes(hPE, 0x40, PEHdrOffset - 0x40, 0) -- move headers local HeadersSize = SizeOfPEHeader + SizeOfSections local PEHdrAndSects = ReadBytes(hPE, PEHdrOffset, HeadersSize) FillBytes(hPE, PEHdrOffset, HeadersSize, 0) WriteBytes(hPE, 0x40, PEHdrAndSects, HeadersSize) -- e_lfanew WriteDword(hPE, 0x3C, 0x40) OptHdrOffset = GetOffset(hPE, PE_OptionalHeader) end -- REMOVE LINKER REF do WriteWord(hPE, OptHdrOffset + 2, 0x0000) end -- REMOVE DBG INFO RemoveDebugDirectory(hPE) -- REMOVE SNS IF .NET if bDotNET == true then RemoveStrongNameSignature(hPE) end -- UPDATE CHECKSUM UpdateChecksum(hPE) -- SAVE FILE SaveFile(hPE)