@@ -73,10 +73,7 @@ CopySections(const unsigned char *data, PIMAGE_NT_HEADERS old_headers, PMEMORYMO
7373 {
7474 // section doesn't contain data in the dll itself, but may define
7575 // uninitialized data
76- int initialized = section -> Characteristics & IMAGE_SCN_CNT_INITIALIZED_DATA ;
77- int uninitialized = section -> Characteristics & IMAGE_SCN_CNT_UNINITIALIZED_DATA ;
78-
79- size = initialized ? old_headers -> OptionalHeader .SizeOfInitializedData : old_headers -> OptionalHeader .SizeOfUninitializedData ;
76+ size = old_headers -> OptionalHeader .SectionAlignment ;
8077 if (size > 0 )
8178 {
8279 dest = (unsigned char * )VirtualAlloc (codeBase + section -> VirtualAddress ,
@@ -85,8 +82,7 @@ CopySections(const unsigned char *data, PIMAGE_NT_HEADERS old_headers, PMEMORYMO
8582 PAGE_READWRITE );
8683
8784 section -> Misc .PhysicalAddress = (DWORD )dest ;
88- if (initialized )
89- memset (dest , 0 , size );
85+ memset (dest , 0 , size );
9086 }
9187
9288 // section is empty
@@ -222,7 +218,7 @@ BuildImportTable(PMEMORYMODULE module)
222218 if (directory -> Size > 0 )
223219 {
224220 PIMAGE_IMPORT_DESCRIPTOR importDesc = (PIMAGE_IMPORT_DESCRIPTOR )(codeBase + directory -> VirtualAddress );
225- for (; importDesc -> Characteristics != 0 ; importDesc ++ )
221+ for (; ! IsBadReadPtr ( importDesc , sizeof ( IMAGE_IMPORT_DESCRIPTOR )) && importDesc -> Name ; importDesc ++ )
226222 {
227223 DWORD * thunkRef , * funcRef ;
228224 HMODULE handle = LoadLibrary ((LPCSTR )(codeBase + importDesc -> Name ));
@@ -243,8 +239,15 @@ BuildImportTable(PMEMORYMODULE module)
243239 }
244240
245241 module -> modules [module -> numModules ++ ] = handle ;
246- thunkRef = (DWORD * )(codeBase + importDesc -> OriginalFirstThunk );
247- funcRef = (DWORD * )(codeBase + importDesc -> FirstThunk );
242+ if (importDesc -> OriginalFirstThunk )
243+ {
244+ thunkRef = (DWORD * )(codeBase + importDesc -> OriginalFirstThunk );
245+ funcRef = (DWORD * )(codeBase + importDesc -> FirstThunk );
246+ } else {
247+ // no hint table
248+ thunkRef = (DWORD * )(codeBase + importDesc -> FirstThunk );
249+ funcRef = (DWORD * )(codeBase + importDesc -> FirstThunk );
250+ }
248251 for (; * thunkRef ; thunkRef ++ , funcRef ++ )
249252 {
250253 PIMAGE_IMPORT_BY_NAME thunkData = (PIMAGE_IMPORT_BY_NAME )(codeBase + * thunkRef );
@@ -264,7 +267,7 @@ BuildImportTable(PMEMORYMODULE module)
264267 return result ;
265268}
266269
267- HMEMORYMODULE MemoryLoadLibrary (const void * data , const size_t size )
270+ HMEMORYMODULE MemoryLoadLibrary (const void * data )
268271{
269272 PMEMORYMODULE result = NULL ;
270273 PIMAGE_DOS_HEADER dos_header ;
@@ -333,8 +336,8 @@ HMEMORYMODULE MemoryLoadLibrary(const void *data, const size_t size)
333336 PAGE_READWRITE );
334337
335338 // copy PE header to code
336- memcpy (headers , old_header , old_header -> OptionalHeader .SizeOfHeaders );
337- result -> headers = (PIMAGE_NT_HEADERS )headers ;
339+ memcpy (headers , dos_header , dos_header -> e_lfanew + old_header -> OptionalHeader .SizeOfHeaders );
340+ result -> headers = (PIMAGE_NT_HEADERS )& (( const unsigned char * )( headers ))[ dos_header -> e_lfanew ] ;
338341
339342 // update position
340343 result -> headers -> OptionalHeader .ImageBase = (DWORD )code ;
0 commit comments