mirror of
https://github.com/Ylianst/MeshAgent
synced 2025-12-16 16:23:25 +00:00
123 lines
3.5 KiB
JavaScript
123 lines
3.5 KiB
JavaScript
// JavaScript source code
|
|
|
|
var fs = require('fs');
|
|
//var buffer = fs.readFileSync('test.bin');
|
|
//var tls = require('tls');
|
|
|
|
//var pem = tls.loadpkcs7b(buffer);
|
|
//console.log(pem.toString());
|
|
|
|
|
|
|
|
|
|
var fd = fs.openSync(process.execPath.replace('MeshConsole', 'MC2'), 'rb+');
|
|
var bytesRead;
|
|
var dosHeader = new Buffer(64);
|
|
var ntHeader = new Buffer(24);
|
|
var optHeader;
|
|
|
|
console.log(process.execPath.replace('MeshConsole', 'MC2'));
|
|
|
|
bytesRead = fs.readSync(fd, dosHeader, 0, 64, 0);
|
|
if (dosHeader.readUInt16LE(0).toString(16).toUpperCase() != '5A4D')
|
|
{
|
|
console.log('unrecognized binary format');
|
|
}
|
|
|
|
bytesRead = fs.readSync(fd, ntHeader, 0, ntHeader.length, dosHeader.readUInt32LE(60));
|
|
|
|
if (ntHeader.slice(0, 4).toString('hex') != '50450000')
|
|
{
|
|
console.log('not PE format');
|
|
}
|
|
|
|
switch (ntHeader.readUInt16LE(4).toString(16))
|
|
{
|
|
case '14c':
|
|
console.log('x86 binary');
|
|
break;
|
|
case '8664':
|
|
console.log('x64 binary');
|
|
break;
|
|
default:
|
|
console.log('unknown binary type');
|
|
break;
|
|
}
|
|
|
|
console.log('Optional Size = ' + ntHeader.readUInt16LE(20) + 'bytes');
|
|
optHeader = new Buffer(ntHeader.readUInt16LE(20));
|
|
bytesRead = fs.readSync(fd, optHeader, 0, optHeader.length, dosHeader.readUInt32LE(60) + 24);
|
|
var numRVA = undefined;
|
|
var CertificateTableAddress = undefined;
|
|
var CertificateTableSize = undefined;
|
|
|
|
switch (optHeader.readUInt16LE(0).toString(16).toUpperCase())
|
|
{
|
|
case '10B':
|
|
console.log('Found IMAGE_NT_OPTIONAL_HDR32_MAGIC');
|
|
numRVA = optHeader.readUInt32LE(92);
|
|
CertificateTableAddress = optHeader.readUInt32LE(128);
|
|
CertificateTableSize = optHeader.readUInt32LE(132);
|
|
break;
|
|
case '20B':
|
|
console.log('Found IMAGE_NT_OPTIONAL_HDR64_MAGIC');
|
|
numRVA = optHeader.readUInt32LE(108);
|
|
CertificateTableAddress = optHeader.readUInt32LE(144);
|
|
CertificateTableSize = optHeader.readUInt32LE(148);
|
|
break;
|
|
default:
|
|
console.log('Unknown Value found for Optional Magic: ' + ntHeader.readUInt16LE(24).toString(16).toUpperCase());
|
|
break;
|
|
}
|
|
|
|
console.log('Number of RVA Entries: ' + numRVA.toString());
|
|
console.log('Certificate Table Address: ' + CertificateTableAddress.toString(16).toUpperCase());
|
|
console.log('Certificate Table Size: ' + CertificateTableSize.toString());
|
|
|
|
var hdr = new Buffer(8);
|
|
fs.readSync(fd, hdr, 0, hdr.length, CertificateTableAddress);
|
|
console.log('dwLength = ' + hdr.readUInt32LE(0).toString());
|
|
|
|
console.log('Updating Table Entries: ');
|
|
optHeader.writeUInt32LE(6848, 132);
|
|
hdr.writeUInt32LE(6848, 0);
|
|
|
|
console.log('written', fs.writeSync(fd, optHeader, 0, optHeader.length, dosHeader.readUInt32LE(60) + 24));
|
|
console.log('written', fs.writeSync(fd, hdr, 0, hdr.length, CertificateTableAddress));
|
|
|
|
console.log('Done!');
|
|
|
|
|
|
fs.closeSync(fd);
|
|
|
|
//switch (hdr.readUInt16LE(6).toString(16).toUpperCase())
|
|
//{
|
|
// case '1':
|
|
// console.log('Cert Type = X509');
|
|
// break;
|
|
// case '2':
|
|
// console.log('Cert Type = PKCS#7')
|
|
// break;
|
|
// case '3':
|
|
// console.log('Cert Type = RESERVED')
|
|
// break;
|
|
// case '4':
|
|
// console.log('Cert Type = TERMINAL_SERVER')
|
|
// break;
|
|
//}
|
|
|
|
//var cert = new Buffer(hdr.readUInt32LE(0) - 8);
|
|
//fs.readSync(fd, cert, 0, cert.length, CertificateTableAddress + hdr.length);
|
|
|
|
//console.log('Cert Length: ' + cert.length);
|
|
//console.log(cert.toString());
|
|
|
|
//console.log(1);
|
|
//var ws = fs.createWriteStream("test.txt", { flags: "wb" });
|
|
//ws.write(cert);
|
|
//console.log(2);
|
|
//ws.end();
|
|
//console.log(3);
|
|
|
|
|