WinPE Binary R/RO and Text

[DimmuBurgor]

Should I be doing something different, looking at OEP/Offset?

for (int i = 0; i < ntHeaders->FileHeader.NumberOfSections; i++) {
name = (char*)sectionHeaders[i]. Name;
        printf("Section %d: %s\n", i + 1, name);
        if (strcmp(name, ".text") == 0 || strcmp(name, ".rdata") == 0) {
DWORD sectionOffset = sectionHeaders[i]. PointerToRawData;
 DWORD sectionSize = sectionHeaders[i]. SizeOfRawData;
char* sectionData = (char*)((uintptr_t)baseAddress + sectionOffset);

const char* targetSections[] = { ".text", ".rdata", ".rodata" };
    size_t numSections = sizeof(targetSections) / sizeof(targetSections[0]);

    for (size_t i = 0; i < numSections; i++) {
        PIMAGE_SECTION_HEADER sectionHeader = IMAGE_FIRST_SECTION((PIMAGE_NT_HEADERS)baseAddress) + i;

        if (strcmp((const char*)sectionHeader->Name, targetSections[i]) == 0) {
            char* sectionData = (char*)baseAddress + sectionHeader->VirtualAddress;

            size_t sectionSize = sectionHeader->Misc.VirtualSize;
            encryptData(sectionData, sectionSize);

            DWORD oldProtect;
            VirtualProtect(sectionData, sectionSize, PAGE_EXECUTE_READWRITE, &oldProtect);

            decryptData(sectionData, sectionSize);

            UnmapViewOfFile(baseAddress);

            CloseHandle(hMapping);
            CloseHandle(hFile);

            printf("Binary file successfully processed.\n");
            return 0;
        }
    }

    UnmapViewOfFile(baseAddress);

    CloseHandle(hMapping);
CloseHandle(hFile);

I think I am working backwards

 

[DimmuBurgor]

UPDATE: Solved

#include <stdio.h>
#include <windows.h>

int main()
{
    const char* filePath = "c:\\programdata\\build.exe";
  
    HANDLE hFile = CreateFile(filePath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
  
    if (hFile == INVALID_HANDLE_VALUE)
    {
        printf("Failed to open file.\n");
        return 1;
    }
  
    HANDLE hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
  
    if (hMapFile == NULL)
    {
        printf("Failed to create file mapping.\n");
        CloseHandle(hFile);
        return 1;
    }
  
    LPVOID baseAddress = MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 0);
  
    if (baseAddress == NULL)
    {
        printf("Failed to map view of file.\n");
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
    }
  
    PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)baseAddress;
  
    if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
    {
        printf("Invalid DOS signature.\n");
        UnmapViewOfFile(baseAddress);
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
    }
  
    PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)baseAddress + dosHeader->e_lfanew);
  
    if (ntHeader->Signature != IMAGE_NT_SIGNATURE)
    {
        printf("Invalid NT signature.\n");
        UnmapViewOfFile(baseAddress);
        CloseHandle(hMapFile);
        CloseHandle(hFile);
        return 1;
    }
  
    PIMAGE_SECTION_HEADER sectionHeader = IMAGE_FIRST_SECTION(ntHeader);
    int sectionCount = ntHeader->FileHeader.NumberOfSections;
  
    printf("Section\t\tVirtual Address\t\tVirtual Size\n");
    printf("------------------------------------------------------\n");
  
    for (int i = 0; i < sectionCount; i++)
    {
        printf("%s\t\t%08X\t\t%08X\n", sectionHeader[i].Name, sectionHeader[i].VirtualAddress, sectionHeader[i].Misc.VirtualSize);
      
        if (strcmp((char*)sectionHeader[i].Name, ".text") == 0)
        {
            printf("Found .text section!\n");
        }
      
        if (strcmp((char*)sectionHeader[i].Name, ".rdata") == 0)
        {
            printf("Found .rdata section!\n");
        }
      
        if (strcmp((char*)sectionHeader[i].Name, ".rodata") == 0)
        {
            printf("Found .rodata section!\n");
        }
    }
  
    UnmapViewOfFile(baseAddress);
    CloseHandle(hMapFile);
    CloseHandle(hFile);
  
    return 0;
}

 

[h1z1]

Their a better syntax to get the pe sections

PIMAGE_SECTION_HEADER sc = (PIMAGE_SECTION_HEADER)((DWORD)image + dos->e_lfanew + sizeof(IMAGE_NT_HEADERS));

 

[DimmuBurgor]

Their a better syntax to get the pe sections

PIMAGE_SECTION_HEADER sc = (PIMAGE_SECTION_HEADER)((DWORD)image + dos->e_lfanew + sizeof(IMAGE_NT_HEADERS));

Thanks for your comment.
Btw, up until now, ever since you started posting I was under the false assumption that h1z1 was some sort of medical short-hand/ID for a "Horse Flu". ...dont ask me why =))