diff --git a/include/pemagine/pemagine.h b/include/pemagine/pemagine.h index 518b567..ba70edc 100644 --- a/include/pemagine/pemagine.h +++ b/include/pemagine/pemagine.h @@ -210,6 +210,7 @@ pe_api union pe_raw_opt_hdr * pe_get_image_opt_hdr_addr (const void * base); pe_api struct pe_raw_data_dirs * pe_get_image_data_dirs_addr (const void * base); pe_api struct pe_raw_sec_hdr * pe_get_image_section_tbl_addr (const void * base); pe_api struct pe_raw_sec_hdr * pe_get_image_named_section_addr (const void * base, const char * name); +pe_api struct pe_raw_sec_hdr * pe_get_image_block_section_addr (const void * base, uint32_t blk_rva, uint32_t blk_size); pe_api struct pe_raw_export_hdr * pe_get_image_export_hdr_addr (const void * base, uint32_t * sec_size); pe_api struct pe_raw_import_hdr * pe_get_image_import_dir_addr (const void * base, uint32_t * sec_size); diff --git a/src/headers/pe_get_image_section_tbl_addr.c b/src/headers/pe_get_image_section_tbl_addr.c index 56c55a6..98f9dd4 100644 --- a/src/headers/pe_get_image_section_tbl_addr.c +++ b/src/headers/pe_get_image_section_tbl_addr.c @@ -75,3 +75,41 @@ struct pe_raw_sec_hdr * pe_get_image_named_section_addr(const void * base, const return 0; } + + +struct pe_raw_sec_hdr * pe_get_image_block_section_addr( + const void * base, + uint32_t blk_rva, + uint32_t blk_size) +{ + uint32_t low,size; + uint16_t count; + struct pe_raw_sec_hdr * hdr; + struct pe_raw_coff_image_hdr * coff; + + if (!(hdr = pe_get_image_section_tbl_addr(base))) + return 0; + + if (!(coff = pe_get_image_coff_hdr_addr(base))) + return 0; + + count = coff->cfh_num_of_sections[1] << 8; + count += coff->cfh_num_of_sections[0]; + + for (; count; hdr++,count--) { + low = hdr->sh_virtual_addr[3] << 24; + low += hdr->sh_virtual_addr[2] << 16; + low += hdr->sh_virtual_addr[1] << 8; + low += hdr->sh_virtual_addr[0]; + + size = hdr->sh_virtual_size[3] << 24; + size += hdr->sh_virtual_size[2] << 16; + size += hdr->sh_virtual_size[1] << 8; + size += hdr->sh_virtual_size[0]; + + if ((low <= blk_rva) && (blk_rva + blk_size <= low + size)) + return hdr; + } + + return 0; +}