Reflective Polymorphism

The ReflectivePolymorphism.c and ReflectivePolymorphism.h contain common functionality for use by other components in the project. This reduces the amount of code duplication but also requires users of other components to include these sources files.

API Reference

DWORD ImageSizeFromHeaders(PDOS_HEADER pDosHeader)

Calculate the size of of a PE image from the specified DOS headers.

Parameters:
  • pDosHeader (PDOS_HEADER) – The headers to use for the calculation.
Returns:

The size of the PE image.
Return type:

DWORD
BOOL RebaseImage(PDOS_HEADER pDosHeader, ULONG_PTR uiBaseFrom, ULONG_PTR uiBaseTo)

Rebase the specified PE image by processing the relocation data as necessary.

Parameters:
  • pDosHeader (PDOS_HEADER) – Pointer to the DOS header of the blob to patch.
  • uiBaseFrom (ULONG_PTR) – The address to rebase the image from.
  • uiBaseTo (ULONG_PTR) – The address to rebase the image to.
Returns:

The function returns TRUE on success.
Return type:

BOOL
BOOL ShadowSectionCopy(PDOS_HEADER pDosHeader, BOOL bCopyTo)

Copy data to or from the shadow section. Copying data from the shadow section effectively restores content from the backup. Copying data to the shadow section effectively updates backup content. See the Shadow Section description for more details.

Parameters:
  • pDosHeader (PDOS_HEADER) – Pointer to the DOS header of the blob to patch.
  • bCopyTo (BOOL) – Whether to copy to or from the shadow section.
Returns:

The function returns TRUE on success.
Return type:

BOOL
PIMAGE_SECTION_HEADER SectionHeaderFromRVA(PDOS_HEADER pDosHeader, ULONG_PTR pVirtualAddress)

Retrieve the section header for the specified Relative Virtual Address (RVA).

Parameters:
  • pDosHeader (PDOS_HEADER) – A pointer to the associated DOS header.
  • pVirtualAddress (ULONG_PTR) – The RVA of the section header to retrieve.
Returns:

A pointer to the section header or NULL if it could not be found.
Return type:

PIMAGE_SECTION_HEADER
PIMAGE_SECTION_HEADER SectionHeaderFromName(PDOS_HEADER pDosHeader, PVOID pName)

Retrieve the section header for the specified name.

Parameters:
  • pDosHeader (PDOS_HEADER) – A pointer to the associated DOS header.
  • pName (PVOID) – A pointer to the section header name to retrieve.
Returns:

A pointer to the section header or NULL if it could not be found.
Return type:

PIMAGE_SECTION_HEADER
ULONG_PTR PAFromRVA(PDOS_HEADER pDosHeader, ULONG_PTR pVirtualAddress)

Calculate the Physical Address (PA) from the specified Relative Virtual Address (RVA). The Physical Address is the offset within the PE image in relation to the DOS header.

Parameters:
  • pDosHeader (PDOS_HEADER) – A pointer to the associated DOS header.
  • pVirtualAddress (ULONG_PTR) – The RVA to convert to a PA.
Returns:

The physical address of the specified relative virtual address or 0 on failure.
Return type:

ULONG_PTR
ULONG_PTR VAFromRVA(PDOS_HEADER pDosHeader, ULONG_PTR pVirtualAddress)

Calculate the Virtual Address (VA) from the specified Relative Virtual Address (RVA).

Parameters:
  • pDosHeader (PDOS_HEADER) – A pointer to the associated DOS header.
  • pVirtualAddress (ULONG_PTR) – The RVA to convert to a VA.
Returns:

The virtual address of the specified relative virtual address or 0 on failure.
Return type:

ULONG_PTR