From e13223465ce70e387991ecb424f3ac34e7f4d974 Mon Sep 17 00:00:00 2001 From: midipix Date: Jan 19 2017 20:59:50 +0000 Subject: ldso: added pe_get_peb_command_line(), pe_get_peb_environment_block(). --- diff --git a/include/pemagine/pemagine.h b/include/pemagine/pemagine.h index d8d3159..8990b15 100644 --- a/include/pemagine/pemagine.h +++ b/include/pemagine/pemagine.h @@ -197,6 +197,9 @@ pe_api void * pe_get_kernel32_module_handle (void); /* ldso */ +pe_api wchar16_t * pe_get_peb_command_line(void); +pe_api wchar16_t * pe_get_peb_environment_block(void); + pe_api int32_t pe_open_image_from_addr( void ** himage, void * addr, diff --git a/project/common.mk b/project/common.mk index 38b0a37..695a656 100644 --- a/project/common.mk +++ b/project/common.mk @@ -10,6 +10,7 @@ API_SRCS = \ src/headers/pe_get_image_section_tbl_addr.c \ src/headers/pe_get_image_special_hdr_addr.c \ src/imports/pe_enum_image_import_hdrs.c \ + src/ldso/pe_get_peb_strings.c \ src/ldso/pe_open_image_from_addr.c \ src/ldso/pe_open_physical_parent_directory.c \ src/meta/pe_get_image_stack_heap_info.c \ diff --git a/src/internal/pe_os.h b/src/internal/pe_os.h index 54275e3..f8a787a 100644 --- a/src/internal/pe_os.h +++ b/src/internal/pe_os.h @@ -59,6 +59,54 @@ struct os_iosb { }; +struct os_proc_params { + uint32_t alloc_size; + uint32_t used_size; + uint32_t flags; + uint32_t reserved; + void * hconsole; + uintptr_t console_flags; + void * hstdin; + void * hstdout; + void * hstderr; + struct pe_unicode_str cwd_name; + void * cwd_handle; + struct pe_unicode_str __attr_ptr_size_aligned__ dll_path; + struct pe_unicode_str __attr_ptr_size_aligned__ image_file_name; + struct pe_unicode_str __attr_ptr_size_aligned__ command_line; + wchar16_t * environment; + uint32_t dwx; + uint32_t dwy; + uint32_t dwx_size; + uint32_t dwy_size; + uint32_t dwx_count_chars; + uint32_t dwy_count_chars; + uint32_t dw_fill_attribute; + uint32_t dw_flags; + uint32_t wnd_show; + struct pe_unicode_str wnd_title; + struct pe_unicode_str __attr_ptr_size_aligned__ desktop; + struct pe_unicode_str __attr_ptr_size_aligned__ shell_info; + struct pe_unicode_str __attr_ptr_size_aligned__ runtime_data; +}; + + +struct os_peb { + unsigned char reserved_1st[2]; + unsigned char debugged; + unsigned char reserved_2nd[1]; + void * reserved_3rd[2]; + struct pe_peb_ldr_data* peb_ldr_data; + struct os_proc_params * process_params; + unsigned char reserved_4th[104]; + void * reserved_5th[52]; + void * post_process_init_routine; + unsigned char reserved_6th[128]; + void * reserved_7th[1]; + uint32_t session_id; +}; + + typedef int32_t __stdcall os_zw_query_object( __in void * handle, __in int obj_info_class, diff --git a/src/ldso/pe_get_peb_strings.c b/src/ldso/pe_get_peb_strings.c new file mode 100644 index 0000000..7817c16 --- /dev/null +++ b/src/ldso/pe_get_peb_strings.c @@ -0,0 +1,28 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013--2017 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include "pe_os.h" + +wchar16_t * pe_get_peb_command_line(void) +{ + struct os_peb * peb; + + return (peb = (struct os_peb *)pe_get_peb_address()) + ? peb->process_params->command_line.buffer + : 0; +} + + +wchar16_t * pe_get_peb_environment_block(void) +{ + struct os_peb * peb; + + return (peb = (struct os_peb *)pe_get_peb_address()) + ? peb->process_params->environment + : 0; +}