appcontainer.pl 1.55 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62
#!/usr/bin/perl
# Copyright © 2011 Rafaël Carré <funman at videolanorg>
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
#

use warnings;

if ($#ARGV < 0 || $#ARGV > 1) {
    die "Usage: appcontainer.pl file";
}
my $file = $ARGV[0];

open F, "+<$file"
    or die "Can't open `$file'";
binmode F;

seek F, 0x3c, 0;
my $offset = get_le(4);
seek F, $offset, 0;

if (get_le(4) != 0x00004550) { # IMAGE_NT_SIGNATURE
    die "Not a NT executable";
}

seek F, 20 + 70, 1;

my $flags = get_le(2);
seek F, -2, 1;

$flags |= 0x1000; # App Container

printf F "%c%c", $flags & 0xff,($flags >> 8) & 0xff;

close F;

sub get_le {
    my $bytes;
    read F, $bytes, $_[0];
    if (length $bytes ne $_[0]) {
        die "Couldn't read";
    }

    my $ret = 0;
    my @array = split //, $bytes;
    for (my $shift = 0, my $i = 0; $i < $_[0]; $i++, $shift += 8) {
        $ret += (ord $array[$i]) << $shift;
    }
    return $ret;
}