#include <Windows.h>
#include <stdio.h>
#include "error.h"
 
#pragma comment(linker, "/DYNAMICBASE:NO")
#pragma comment(linker, "/BASE:0x02000000")
 
void * FileToMemory(LPTSTR file)
{
	HANDLE hFile = NULL;
	HANDLE hFileMap = NULL;
	LPVOID pMapView = NULL;
 
	hFile = CreateFile(file, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
	if (hFile == INVALID_HANDLE_VALUE)
	{
		CloseHandle(hFile);
		return NULL;
	}
 
	hFileMap = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
	if (hFileMap == NULL)
	{
		CloseHandle(hFile);
		return NULL;
	}
 
	pMapView = MapViewOfFile(hFileMap, FILE_MAP_READ, 0, 0, 0);
 
	return pMapView;
}
 
void GetHeaders(PBYTE ibase, PIMAGE_FILE_HEADER *pfh, PIMAGE_OPTIONAL_HEADER *poh, PIMAGE_SECTION_HEADER *psh)
{
	PIMAGE_DOS_HEADER mzhead = (PIMAGE_DOS_HEADER)ibase;
	*pfh = (PIMAGE_FILE_HEADER)&ibase[mzhead->e_lfanew];
	*pfh = (PIMAGE_FILE_HEADER)((PBYTE)*pfh + sizeof(IMAGE_NT_SIGNATURE));
	*poh = (PIMAGE_OPTIONAL_HEADER)((PBYTE)*pfh + sizeof(IMAGE_FILE_HEADER));
	*psh = (PIMAGE_SECTION_HEADER)((PBYTE)*poh + sizeof(IMAGE_OPTIONAL_HEADER));
}
 
void * LoadPE(void *image)
{
	PIMAGE_DOS_HEADER dos_hdr = NULL;
	PIMAGE_FILE_HEADER file_hdr = NULL;
	PIMAGE_OPTIONAL_HEADER opt_hdr = NULL;
	PIMAGE_SECTION_HEADER section_hdr = NULL;
	LPVOID pImageBase = NULL;
 
	dos_hdr = (PIMAGE_DOS_HEADER) image;
	file_hdr = (PIMAGE_FILE_HEADER) ((DWORD)image + dos_hdr->e_lfanew + 4);
	opt_hdr = (PIMAGE_OPTIONAL_HEADER) (file_hdr + 1);
	section_hdr = (PIMAGE_SECTION_HEADER)((DWORD)opt_hdr + sizeof(IMAGE_OPTIONAL_HEADER));
 
	printf("Allocating memory for image\n");
	UnmapViewOfFile((LPVOID)opt_hdr->ImageBase);
	pImageBase = VirtualAlloc((LPVOID)opt_hdr->ImageBase, opt_hdr->SizeOfImage, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	if (pImageBase == NULL)
	{
		FormatError(GetLastError());
		printf("Error while allocating memory. Possible conflict of base addresses\n");
		return NULL;
	}
 
	printf("Copying headers\n");
	CopyMemory(pImageBase, image, opt_hdr->SizeOfHeaders);
 
	printf("Copying sections\n");
	for (DWORD i = 0; i < file_hdr->NumberOfSections; i++)
	{
		LPVOID VirtualAddress = (LPVOID)((DWORD)pImageBase + section_hdr[i].VirtualAddress);
		CopyMemory(VirtualAddress, (void *)((DWORD)image + section_hdr[i].PointerToRawData), section_hdr[i].SizeOfRawData);
	}
 
	printf("Setting attributes\n");
	for (DWORD i = 0; i < file_hdr->NumberOfSections; i++)
	{
		LPVOID VirtualAddress = (LPVOID)((DWORD)pImageBase + section_hdr->VirtualAddress);
		DWORD VirtualSize = section_hdr[i].Misc.VirtualSize;
 
		DWORD attributes = 0;
		if(section_hdr[i].Characteristics & IMAGE_SCN_MEM_EXECUTE ||section_hdr[i].Characteristics & IMAGE_SCN_MEM_READ )
		{
			attributes |= PAGE_EXECUTE;
			if(section_hdr[i].Characteristics & IMAGE_SCN_MEM_WRITE )
				attributes |= PAGE_READWRITE;
			else
				attributes |= PAGE_READONLY;
		}
		else if(section_hdr[i].Characteristics & IMAGE_SCN_MEM_WRITE )
			attributes |= PAGE_READWRITE;
 
		VirtualProtect(VirtualAddress, VirtualSize, attributes, &attributes);
	}
 
	return pImageBase;
}
 
void CallPE(void *base)
{
	PIMAGE_FILE_HEADER pfh;
	PIMAGE_OPTIONAL_HEADER poh;
	PIMAGE_SECTION_HEADER psh;
	LPVOID entry = NULL;
 
    GetHeaders((PBYTE)base, &pfh, &poh, &psh);
 
	entry = (LPVOID)((DWORD)base + poh->AddressOfEntryPoint);
	__asm call dword ptr [entry];
}
 
int main()
{
	void *pImage = FileToMemory(TEXT("test.exe"));
	void *pModule = LoadPE(pImage);
	CallPE(pModule);
	return 0;
}

I2luY2x1ZGUgPFdpbmRvd3MuaD4KI2luY2x1ZGUgPHN0ZGlvLmg+CiNpbmNsdWRlICJlcnJvci5oIgoKI3ByYWdtYSBjb21tZW50KGxpbmtlciwgIi9EWU5BTUlDQkFTRTpOTyIpCiNwcmFnbWEgY29tbWVudChsaW5rZXIsICIvQkFTRToweDAyMDAwMDAwIikKCnZvaWQgKiBGaWxlVG9NZW1vcnkoTFBUU1RSIGZpbGUpCnsKCUhBTkRMRSBoRmlsZSA9IE5VTEw7CglIQU5ETEUgaEZpbGVNYXAgPSBOVUxMOwoJTFBWT0lEIHBNYXBWaWV3ID0gTlVMTDsKCgloRmlsZSA9IENyZWF0ZUZpbGUoZmlsZSwgR0VORVJJQ19SRUFELCBGSUxFX1NIQVJFX1JFQUQsIE5VTEwsIE9QRU5fRVhJU1RJTkcsIEZJTEVfQVRUUklCVVRFX05PUk1BTCwgTlVMTCk7CglpZiAoaEZpbGUgPT0gSU5WQUxJRF9IQU5ETEVfVkFMVUUpCgl7CgkJQ2xvc2VIYW5kbGUoaEZpbGUpOwoJCXJldHVybiBOVUxMOwoJfQoKCWhGaWxlTWFwID0gQ3JlYXRlRmlsZU1hcHBpbmcoaEZpbGUsIE5VTEwsIFBBR0VfUkVBRE9OTFksIDAsIDAsIE5VTEwpOwoJaWYgKGhGaWxlTWFwID09IE5VTEwpCgl7CgkJQ2xvc2VIYW5kbGUoaEZpbGUpOwoJCXJldHVybiBOVUxMOwoJfQoKCXBNYXBWaWV3ID0gTWFwVmlld09mRmlsZShoRmlsZU1hcCwgRklMRV9NQVBfUkVBRCwgMCwgMCwgMCk7CgoJcmV0dXJuIHBNYXBWaWV3Owp9Cgp2b2lkIEdldEhlYWRlcnMoUEJZVEUgaWJhc2UsIFBJTUFHRV9GSUxFX0hFQURFUiAqcGZoLCBQSU1BR0VfT1BUSU9OQUxfSEVBREVSICpwb2gsIFBJTUFHRV9TRUNUSU9OX0hFQURFUiAqcHNoKQp7CglQSU1BR0VfRE9TX0hFQURFUiBtemhlYWQgPSAoUElNQUdFX0RPU19IRUFERVIpaWJhc2U7CgkqcGZoID0gKFBJTUFHRV9GSUxFX0hFQURFUikmaWJhc2VbbXpoZWFkLT5lX2xmYW5ld107CgkqcGZoID0gKFBJTUFHRV9GSUxFX0hFQURFUikoKFBCWVRFKSpwZmggKyBzaXplb2YoSU1BR0VfTlRfU0lHTkFUVVJFKSk7CgkqcG9oID0gKFBJTUFHRV9PUFRJT05BTF9IRUFERVIpKChQQllURSkqcGZoICsgc2l6ZW9mKElNQUdFX0ZJTEVfSEVBREVSKSk7CgkqcHNoID0gKFBJTUFHRV9TRUNUSU9OX0hFQURFUikoKFBCWVRFKSpwb2ggKyBzaXplb2YoSU1BR0VfT1BUSU9OQUxfSEVBREVSKSk7Cn0KCnZvaWQgKiBMb2FkUEUodm9pZCAqaW1hZ2UpCnsKCVBJTUFHRV9ET1NfSEVBREVSIGRvc19oZHIgPSBOVUxMOwoJUElNQUdFX0ZJTEVfSEVBREVSIGZpbGVfaGRyID0gTlVMTDsKCVBJTUFHRV9PUFRJT05BTF9IRUFERVIgb3B0X2hkciA9IE5VTEw7CglQSU1BR0VfU0VDVElPTl9IRUFERVIgc2VjdGlvbl9oZHIgPSBOVUxMOwoJTFBWT0lEIHBJbWFnZUJhc2UgPSBOVUxMOwoKCWRvc19oZHIgPSAoUElNQUdFX0RPU19IRUFERVIpIGltYWdlOwoJZmlsZV9oZHIgPSAoUElNQUdFX0ZJTEVfSEVBREVSKSAoKERXT1JEKWltYWdlICsgZG9zX2hkci0+ZV9sZmFuZXcgKyA0KTsKCW9wdF9oZHIgPSAoUElNQUdFX09QVElPTkFMX0hFQURFUikgKGZpbGVfaGRyICsgMSk7CglzZWN0aW9uX2hkciA9IChQSU1BR0VfU0VDVElPTl9IRUFERVIpKChEV09SRClvcHRfaGRyICsgc2l6ZW9mKElNQUdFX09QVElPTkFMX0hFQURFUikpOwoKCXByaW50ZigiQWxsb2NhdGluZyBtZW1vcnkgZm9yIGltYWdlXG4iKTsKCVVubWFwVmlld09mRmlsZSgoTFBWT0lEKW9wdF9oZHItPkltYWdlQmFzZSk7CglwSW1hZ2VCYXNlID0gVmlydHVhbEFsbG9jKChMUFZPSUQpb3B0X2hkci0+SW1hZ2VCYXNlLCBvcHRfaGRyLT5TaXplT2ZJbWFnZSwgTUVNX0NPTU1JVCwgUEFHRV9FWEVDVVRFX1JFQURXUklURSk7CglpZiAocEltYWdlQmFzZSA9PSBOVUxMKQoJewoJCUZvcm1hdEVycm9yKEdldExhc3RFcnJvcigpKTsKCQlwcmludGYoIkVycm9yIHdoaWxlIGFsbG9jYXRpbmcgbWVtb3J5LiBQb3NzaWJsZSBjb25mbGljdCBvZiBiYXNlIGFkZHJlc3Nlc1xuIik7CgkJcmV0dXJuIE5VTEw7Cgl9CgoJcHJpbnRmKCJDb3B5aW5nIGhlYWRlcnNcbiIpOwoJQ29weU1lbW9yeShwSW1hZ2VCYXNlLCBpbWFnZSwgb3B0X2hkci0+U2l6ZU9mSGVhZGVycyk7CgoJcHJpbnRmKCJDb3B5aW5nIHNlY3Rpb25zXG4iKTsKCWZvciAoRFdPUkQgaSA9IDA7IGkgPCBmaWxlX2hkci0+TnVtYmVyT2ZTZWN0aW9uczsgaSsrKQoJewoJCUxQVk9JRCBWaXJ0dWFsQWRkcmVzcyA9IChMUFZPSUQpKChEV09SRClwSW1hZ2VCYXNlICsgc2VjdGlvbl9oZHJbaV0uVmlydHVhbEFkZHJlc3MpOwoJCUNvcHlNZW1vcnkoVmlydHVhbEFkZHJlc3MsICh2b2lkICopKChEV09SRClpbWFnZSArIHNlY3Rpb25faGRyW2ldLlBvaW50ZXJUb1Jhd0RhdGEpLCBzZWN0aW9uX2hkcltpXS5TaXplT2ZSYXdEYXRhKTsKCX0KCglwcmludGYoIlNldHRpbmcgYXR0cmlidXRlc1xuIik7Cglmb3IgKERXT1JEIGkgPSAwOyBpIDwgZmlsZV9oZHItPk51bWJlck9mU2VjdGlvbnM7IGkrKykKCXsKCQlMUFZPSUQgVmlydHVhbEFkZHJlc3MgPSAoTFBWT0lEKSgoRFdPUkQpcEltYWdlQmFzZSArIHNlY3Rpb25faGRyLT5WaXJ0dWFsQWRkcmVzcyk7CgkJRFdPUkQgVmlydHVhbFNpemUgPSBzZWN0aW9uX2hkcltpXS5NaXNjLlZpcnR1YWxTaXplOwoKCQlEV09SRCBhdHRyaWJ1dGVzID0gMDsKCQlpZihzZWN0aW9uX2hkcltpXS5DaGFyYWN0ZXJpc3RpY3MgJiBJTUFHRV9TQ05fTUVNX0VYRUNVVEUgfHxzZWN0aW9uX2hkcltpXS5DaGFyYWN0ZXJpc3RpY3MgJiBJTUFHRV9TQ05fTUVNX1JFQUQgKQoJCXsKCQkJYXR0cmlidXRlcyB8PSBQQUdFX0VYRUNVVEU7CgkJCWlmKHNlY3Rpb25faGRyW2ldLkNoYXJhY3RlcmlzdGljcyAmIElNQUdFX1NDTl9NRU1fV1JJVEUgKQoJCQkJYXR0cmlidXRlcyB8PSBQQUdFX1JFQURXUklURTsKCQkJZWxzZQoJCQkJYXR0cmlidXRlcyB8PSBQQUdFX1JFQURPTkxZOwoJCX0KCQllbHNlIGlmKHNlY3Rpb25faGRyW2ldLkNoYXJhY3RlcmlzdGljcyAmIElNQUdFX1NDTl9NRU1fV1JJVEUgKQoJCQlhdHRyaWJ1dGVzIHw9IFBBR0VfUkVBRFdSSVRFOwoKCQlWaXJ0dWFsUHJvdGVjdChWaXJ0dWFsQWRkcmVzcywgVmlydHVhbFNpemUsIGF0dHJpYnV0ZXMsICZhdHRyaWJ1dGVzKTsKCX0KCglyZXR1cm4gcEltYWdlQmFzZTsKfQoKdm9pZCBDYWxsUEUodm9pZCAqYmFzZSkKewoJUElNQUdFX0ZJTEVfSEVBREVSIHBmaDsKCVBJTUFHRV9PUFRJT05BTF9IRUFERVIgcG9oOwoJUElNQUdFX1NFQ1RJT05fSEVBREVSIHBzaDsKCUxQVk9JRCBlbnRyeSA9IE5VTEw7CgogICAgR2V0SGVhZGVycygoUEJZVEUpYmFzZSwgJnBmaCwgJnBvaCwgJnBzaCk7CgoJZW50cnkgPSAoTFBWT0lEKSgoRFdPUkQpYmFzZSArIHBvaC0+QWRkcmVzc09mRW50cnlQb2ludCk7CglfX2FzbSBjYWxsIGR3b3JkIHB0ciBbZW50cnldOwp9CgppbnQgbWFpbigpCnsKCXZvaWQgKnBJbWFnZSA9IEZpbGVUb01lbW9yeShURVhUKCJ0ZXN0LmV4ZSIpKTsKCXZvaWQgKnBNb2R1bGUgPSBMb2FkUEUocEltYWdlKTsKCUNhbGxQRShwTW9kdWxlKTsKCXJldHVybiAwOwp9