DrFrugal
/
laa_toggle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

seems like LAA can affect 64 bit apps too,... oops 

dropped machine check entirely and consts (used them directly if only used once)
This commit is contained in:
DrFrugal 2023-07-16 17:05:15 +02:00
parent d0bd1dd405
commit f2e1292e72
2 changed files with 3 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.toml
View File

@ -1,6 +1,6 @@
[package] [package]
name = "laa_toggle" name = "laa_toggle"
version = "0.1.0" version = "0.1.1"
edition = "2021" edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

17
src/main.rs
View File

@ -20,10 +20,7 @@ fn abort(message: &str, error: Option<&dyn Error>) -> ! {
} }
fn main() { fn main() {
const IMAGE_DOS_HEADER_E_LFANEW: u64 = 0x3C;
const IMAGE_FILE_LARGE_ADDRESS_AWARE: u8 = 0x20; const IMAGE_FILE_LARGE_ADDRESS_AWARE: u8 = 0x20;
const IMAGE_FILE_MACHINE_AMD64: u16 = 0x8664;
const IMAGE_FILE_MACHINE_I386: u16 = 0x14C;
let mut buffer2 = [0u8; 2]; let mut buffer2 = [0u8; 2];
let mut buffer4 = [0u8; 4]; let mut buffer4 = [0u8; 4];
let args= env::args().collect::<Vec<String>>(); let args= env::args().collect::<Vec<String>>();
@ -39,20 +36,10 @@ fn main() {
Ok(file) => file, Ok(file) => file,
Err(error) => abort("Failed to open EXE in read/write mode", Some(&error)) Err(error) => abort("Failed to open EXE in read/write mode", Some(&error))
}; };
if let Err(error) = file.seek_read(&mut buffer4, IMAGE_DOS_HEADER_E_LFANEW) { if let Err(error) = file.seek_read(&mut buffer4, 0x3C) {
abort("Failed to read e_lfanew of MS DOS stub", Some(&error)); abort("Failed to read e_lfanew of MS DOS stub", Some(&error));
} }
let address_coff_machine = (u32::from_le_bytes(buffer4) + 0x4) as u64; // real data starts after "PE\0\0" string let address_coff_characteristics = (u32::from_le_bytes(buffer4) + 0x4 + 0x12) as u64; // real data starts after "PE\0\0" string (first 4 Bytes)
if let Err(error) = file.seek_read(&mut buffer2, address_coff_machine) {
abort("Failed to read Machine of PE header", Some(&error));
}
let machine = u16::from_le_bytes(buffer2);
match machine {
IMAGE_FILE_MACHINE_I386 => {},
IMAGE_FILE_MACHINE_AMD64 => abort("This binary is 64 bit - LAA is not needed", None),
_ => abort(&*format!("Unsupported machine type: {}", machine), None)
}
let address_coff_characteristics = address_coff_machine + 0x12;
if let Err(error) = file.seek_read(&mut buffer2, address_coff_characteristics) { if let Err(error) = file.seek_read(&mut buffer2, address_coff_characteristics) {
abort("Failed to read Characteristics from PE header", Some(&error)); abort("Failed to read Characteristics from PE header", Some(&error));
} }