aboutsummaryrefslogtreecommitdiffhomepage
path: root/tests/corruptor.cpp
blob: e528629294096264658e59fedf553bd71209c950 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
//////////////////////////////////////////////////////////////////////////////
//
//  Unit Test Image Corruptor (corruptor.cpp of unittests.exe)
//
//  Microsoft Research Detours Package
//
//  Copyright (c) Microsoft Corporation.  All rights reserved.
//
#include "windows.h"
#include "corruptor.h"

ImageCorruptor::ImageCorruptor(PIMAGE_DOS_HEADER Header)
{
    m_TargetDosHeader = Header;
    m_OriginalDosHeader = *Header;
    m_OriginalDosProtection = 0;
    m_TargetNtHeaders = (PIMAGE_NT_HEADERS)((PBYTE)Header + Header->e_lfanew);
    m_OriginalNtHeaders = *m_TargetNtHeaders;
    m_OriginalNtProtection = 0;

    VirtualProtect(
            m_TargetDosHeader,
            sizeof(*m_TargetDosHeader),
            PAGE_READWRITE,
            &m_OriginalDosProtection);

    VirtualProtect(
            m_TargetNtHeaders,
            sizeof(*m_TargetNtHeaders),
            PAGE_READWRITE,
            &m_OriginalNtProtection);
}

ImageCorruptor::~ImageCorruptor()
{
    // Restore original header contents.
    //
    *m_TargetDosHeader = m_OriginalDosHeader;
    *m_TargetNtHeaders = m_OriginalNtHeaders;

    // Restore original protection of DOS header.
    //
    DWORD OldProtection {};
    VirtualProtect(
            m_TargetDosHeader,
            sizeof(*m_TargetDosHeader),
            m_OriginalDosProtection,
            &OldProtection);

    // Restore original protection of NT headers.
    //
    VirtualProtect(
            m_TargetNtHeaders,
            sizeof(*m_TargetNtHeaders),
            m_OriginalNtProtection,
            &OldProtection);
}

void ImageCorruptor::ModifyDosMagic(WORD Value)
{
    m_TargetDosHeader->e_magic = Value;
}

void ImageCorruptor::ModifyNtSignature(ULONG Value)
{
    m_TargetNtHeaders->Signature = Value;
}