Last active
March 27, 2024 19:48
-
-
Save jeremyd2019/a3a4bfd94359c5851b9c8b105560a1bd to your computer and use it in GitHub Desktop.
program to get and set subsystem in PE headers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stddef.h> | |
| #include <stdio.h> | |
| int main(int argc, char ** argv) | |
| { | |
| FILE * fh; | |
| IMAGE_DOS_HEADER idh = {0}; | |
| DWORD signature = 0; | |
| long subsys_offset = 0; | |
| WORD magic = 0, subsystem = 0, newsubsystem = MAXWORD; | |
| if (argc < 2) | |
| { | |
| fprintf(stderr, "Usage: %s pefile [subsystem]\n", argv[0]); | |
| fprintf(stderr, "specifying a subsystem will change the subsystem in the image\n"); | |
| return 1; | |
| } | |
| if (argc > 2) | |
| { | |
| long l = strtol(argv[2], NULL, 0); | |
| if (l >= 0 && l <= MAXWORD) | |
| newsubsystem = (WORD)l; | |
| } | |
| fh = fopen(argv[1], (newsubsystem != MAXWORD) ? "r+b" : "rb"); | |
| if (!fh) | |
| { | |
| perror("Error opening file"); | |
| return 2; | |
| } | |
| if (fread(&idh, sizeof(idh), 1, fh) != 1) | |
| { | |
| perror("Error reading dos header"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (idh.e_magic != IMAGE_DOS_SIGNATURE) | |
| { | |
| fprintf(stderr, "Bad DOS magic\n"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fseek(fh, idh.e_lfanew, SEEK_SET) != 0) | |
| { | |
| perror("Error seeking to nt headers"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fread(&signature, sizeof(signature), 1, fh) != 1) | |
| { | |
| perror("Error reading NT signature"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (signature != IMAGE_NT_SIGNATURE) | |
| { | |
| fprintf(stderr, "Bad NT signature\n"); | |
| fclose(fh); | |
| return 0; | |
| } | |
| if (fseek(fh, idh.e_lfanew + offsetof(IMAGE_NT_HEADERS, OptionalHeader.Magic), SEEK_SET) != 0) | |
| { | |
| perror("Error seeking to optional header magic"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fread(&magic, sizeof(magic), 1, fh) != 1) | |
| { | |
| perror("Error reading optional header magic"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| switch (magic) | |
| { | |
| case IMAGE_NT_OPTIONAL_HDR64_MAGIC: | |
| subsys_offset = idh.e_lfanew + offsetof(IMAGE_NT_HEADERS64, OptionalHeader.Subsystem); | |
| break; | |
| case IMAGE_NT_OPTIONAL_HDR32_MAGIC: | |
| subsys_offset = idh.e_lfanew + offsetof(IMAGE_NT_HEADERS32, OptionalHeader.Subsystem); | |
| break; | |
| default: | |
| fprintf(stderr, "Bad NT Optional Header magic\n"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fseek(fh, subsys_offset, SEEK_SET) != 0) | |
| { | |
| perror("Error seeking to subsystem"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fread(&subsystem, sizeof(subsystem), 1, fh) != 1) | |
| { | |
| perror("Error reading subsystem"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| printf("subsystem %hu\n", subsystem); | |
| if (newsubsystem != MAXWORD) | |
| { | |
| if (fseek(fh, subsys_offset, SEEK_SET) != 0) | |
| { | |
| perror("Error seeking to subsystem"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| if (fwrite(&newsubsystem, sizeof(newsubsystem), 1, fh) != 1) | |
| { | |
| perror("Error writing new subsystem"); | |
| fclose(fh); | |
| return 2; | |
| } | |
| } | |
| fclose(fh); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment