tulips / perk

Clone
Source Code
GIT

Blame src/logic/pe_get_image_meta.c

main
  1.   9770d49cd8836910508683290c7c835ad15d50be
  2.   src
  3.   logic
  4.   pe_get_image_meta.c
Blob History Raw
e2e2c2 
/***************************************************************/
e2e2c2 
/*  perk: PE Resource Kit                                      */
e2e2c2 
/*  Copyright (C) 2015--2016  Z. Gilboa                        */
e2e2c2 
/*  Released under GPLv2 and GPLv3; see COPYING.PERK.          */
e2e2c2 
/***************************************************************/
e2e2c2
c0fbae 
#include <stdint.h>
c0fbae 
#include <stdlib.h>
c0fbae 
#include <stdio.h>
c0fbae 
#include <string.h>
c0fbae
c0fbae 
#include <perk/perk.h>
413f56 
#include "perk_reader_impl.h"
0e3fd6 
#include "perk_errinfo_impl.h"
c0fbae
0e3fd6 
static int pe_free_image_meta_impl(struct pe_image_meta * meta, int ret)
c0fbae 
{
c3f597 
	int i;
4e9e98
fa22b4 
	if (meta) {
b5c6e6 
		for (i=0; i<meta->summary.nimplibs; i++)
fa22b4 
			free(meta->idata[i].items);
c0fbae
fa22b4 
		free(meta->idata);
fa22b4 
		free(meta->sectbl);
fa22b4 
		free(meta);
fa22b4 
	}
da8e21
0e3fd6 
	return ret;
c0fbae 
}
c0fbae
2b7f36 
void pe_free_image_meta(struct pe_image_meta * meta)
c0fbae 
{
fa22b4 
	pe_free_image_meta_impl(meta,0);
c0fbae 
}
c0fbae
2b7f36 
int pe_get_named_section_index(const struct pe_image_meta * m, const char * name)
c0fbae 
{
c0fbae 
	int i; for (i=0; i<m->coff.num_of_sections; i++)
c0fbae 
		if (!(strcmp(name,m->sectbl[i].name)))
c0fbae 
			return i;
c0fbae
c0fbae 
	return -1;
c0fbae 
}
c0fbae
2b7f36 
int pe_get_block_section_index(const struct pe_image_meta * m, const struct pe_block * block)
c0fbae 
{
c0fbae 
	int i;
c0fbae 
	uint32_t low,high;
c0fbae
c0fbae 
	for (i=0; i<m->coff.num_of_sections; i++) {
c0fbae 
		low  = m->sectbl[i].virtual_addr;
c0fbae 
		high = low + m->sectbl[i].virtual_size;
c0fbae
c0fbae 
		if ((block->rva >= low) && (block->rva + block->size <= high))
c0fbae 
			return i;
c0fbae 
	}
c0fbae
c0fbae 
	return -1;
c0fbae 
}
c0fbae
62b9db 
int pe_get_roffset_from_rva(const struct pe_image_meta * m, uint32_t rva, uint32_t * roffset)
62b9db 
{
62b9db 
	int i;
62b9db 
	uint32_t low,high;
62b9db
62b9db 
	for (i=0; i<m->coff.num_of_sections; i++) {
62b9db 
		low  = m->sectbl[i].virtual_addr;
62b9db 
		high = low + m->sectbl[i].virtual_size;
62b9db
62b9db 
		if ((rva >= low) && (rva < high)) {
62b9db 
			*roffset = (rva - low) + m->sectbl[i].ptr_to_raw_data;
62b9db 
			return 0;
62b9db 
		}
62b9db 
	}
62b9db
62b9db 
	return -1;
62b9db 
}
62b9db
62b9db 
int pe_get_rva_from_roffset(const struct pe_image_meta * m, uint32_t roffset, uint32_t * rva)
62b9db 
{
62b9db 
	int i;
62b9db 
	uint32_t low,high,ref;
62b9db
a8c6cb 
	for (i=0, ref=~0; i<m->coff.num_of_sections; i++) {
62b9db 
		low  = m->sectbl[i].ptr_to_raw_data;
62b9db 
		high = low + m->sectbl[i].virtual_size;
62b9db
62b9db 
		if ((roffset >= low) && (roffset < high)) {
62b9db 
			*rva = (roffset - low) + m->sectbl[i].virtual_addr;
62b9db 
			return 0;
62b9db 
		} else if (ref > low) {
62b9db 
			ref = low;
62b9db 
		}
62b9db 
	}
62b9db
62b9db 
	if (roffset < ref) {
62b9db 
		*rva = roffset;
62b9db 
		return 0;
62b9db 
	}
62b9db
62b9db 
	return -1;
62b9db 
}
62b9db
cf4adc 
int pe_get_expsym_by_name(
c7ca52 
	const struct pe_image_meta *	m,
cf4adc 
	const char *			name,
cf4adc 
	struct pe_expsym *		expsym)
c7ca52 
{
c7ca52 
	uint32_t 	offset;
c7ca52 
	uint32_t *	symrva;
c7ca52 
	const char *	sym;
c7ca52 
	unsigned	i;
c7ca52
c7ca52 
	offset	= m->hedata->virtual_addr - m->hedata->ptr_to_raw_data;
c7ca52 
	symrva	= (uint32_t *)((uintptr_t)m->image.addr + (m->edata.name_ptr_rva - offset));
c7ca52
c7ca52 
	for (i=0; i<m->edata.num_of_name_ptrs; i++) {
c7ca52 
		sym = (const char *)m->image.addr + symrva[i] - offset;
c7ca52
cf4adc 
		if (!(strcmp(sym,name))) {
cf4adc 
			if (expsym) {
cf4adc 
				expsym->name    = sym;
cf4adc 
				expsym->eaddr   = 0;
cf4adc 
				expsym->maddr   = 0;
cf4adc 
				expsym->roffset = 0;
cf4adc 
			}
cf4adc
cf4adc 
			return 0;
cf4adc 
		}
c7ca52 
	}
c7ca52
cf4adc 
	return -1;
c7ca52 
}
c7ca52
cf4adc 
int pe_get_expsym_by_index(
c7ca52 
	const struct pe_image_meta *	m,
cf4adc 
	unsigned			index,
cf4adc 
	struct pe_expsym *		expsym)
c7ca52 
{
c7ca52 
	uint32_t 	offset;
c7ca52 
	uint32_t *	symrva;
cf4adc 
	uintptr_t	symaddr;
c7ca52
c7ca52 
	if (index >= m->edata.num_of_name_ptrs)
cf4adc 
		return -1;
c7ca52
cf4adc 
	if (expsym) {
cf4adc 
		offset  = m->hedata->virtual_addr - m->hedata->ptr_to_raw_data;
cf4adc 
		symrva  = (uint32_t *)((uintptr_t)m->image.addr + (m->edata.name_ptr_rva - offset));
cf4adc 
		symaddr = (uintptr_t)m->image.addr + symrva[index] - offset;
c7ca52
cf4adc 
		expsym->name    = (const char *)symaddr;
cf4adc 
		expsym->eaddr   = 0;
cf4adc 
		expsym->maddr   = 0;
cf4adc 
		expsym->roffset = 0;
cf4adc 
	}
cf4adc
cf4adc 
	return 0;
c7ca52 
}
c7ca52
0e3fd6 
int pe_get_image_meta(
0e3fd6 
	const struct pe_driver_ctx *	dctx,
0e3fd6 
	const struct pe_raw_image *	image,
0e3fd6 
	struct pe_image_meta ** meta)
c0fbae 
{
85fd0d 
	int			ret;
85fd0d 
	int 			i,s;
85fd0d 
	long			l;
85fd0d 
	unsigned		j;
4a8ae6 
	const unsigned char *	mark;
85fd0d 
	struct pe_image_meta *	m;
85fd0d 
	char *			base;
85fd0d
85fd0d 
	base = image->addr;
c0fbae
c0fbae 
	if (!(m = calloc(1,sizeof(*m))))
0e3fd6 
		return PERK_SYSTEM_ERROR(dctx);
c0fbae
c0fbae 
	m->ados = (struct pe_image_dos_hdr *)base;
c0fbae
85fd0d 
	if ((ret = (pe_read_dos_header(m->ados,&m->dos))))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_CUSTOM_ERROR(dctx,ret));
c0fbae
c0fbae 
	m->acoff = (struct pe_coff_file_hdr *)(base + m->dos.dos_lfanew);
c0fbae
85fd0d 
	if ((ret = (pe_read_coff_header(m->acoff,&m->coff))))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_CUSTOM_ERROR(dctx,ret));
c0fbae
4a8ae6 
	mark  = (const unsigned char *)image->addr + m->coff.ptr_to_sym_tbl;
67b1e9 
	mark += m->coff.num_of_syms * sizeof(struct pe_coff_sym_entry);
67b1e9
67b1e9 
	m->coff.ptr_to_string_tbl  = m->coff.ptr_to_sym_tbl;
67b1e9 
	m->coff.ptr_to_string_tbl += m->coff.num_of_syms * sizeof(struct pe_coff_sym_entry);
67b1e9 
	m->coff.size_of_string_tbl = pe_read_long(mark);
67b1e9
85fd0d 
	mark    = &m->acoff->signature[0];
85fd0d 
	m->aopt = (union pe_opt_hdr *)(mark + sizeof(*m->acoff));
c0fbae
85fd0d 
	if ((ret = (pe_read_optional_header(m->aopt,&m->opt))))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_CUSTOM_ERROR(dctx,ret));
c0fbae
85fd0d 
	mark       = &m->aopt->opt_hdr_32.magic[0];
85fd0d 
	m->asectbl = (struct pe_sec_hdr *)(mark + m->coff.size_of_opt_hdr);
c0fbae
c0fbae 
	if (!(m->sectbl = calloc(m->coff.num_of_sections,sizeof(*(m->sectbl)))))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_SYSTEM_ERROR(dctx));
c0fbae
67b1e9 
	for (i=0; i<m->coff.num_of_sections; i++) {
c0fbae 
		pe_read_section_header(&m->asectbl[i],&m->sectbl[i]);
c0fbae
67b1e9 
		if (m->sectbl[i].name[0] == '/')
67b1e9 
			if ((l = strtol(&m->sectbl[i].name[1],0,10)) > 0)
67b1e9 
				if (l < m->coff.size_of_string_tbl)
67b1e9 
					m->sectbl[i].long_name = base + m->coff.ptr_to_string_tbl + l;
67b1e9 
	}
67b1e9
c0fbae 
	/* .edata */
c0fbae 
	i = pe_get_named_section_index(m,".edata");
c0fbae 
	s = pe_get_block_section_index(m,&m->opt.dirs.export_tbl);
c0fbae
c0fbae 
	if ((i >= 0) && (i != s))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_CUSTOM_ERROR(dctx,PERK_ERR_IMAGE_MALFORMED));
c0fbae
ed9e7f 
	if (s >= 0) {
c0fbae 
		m->hedata = &m->sectbl[s];
c0fbae 
		m->aedata = (struct pe_export_hdr *)(base + m->sectbl[s].ptr_to_raw_data
c0fbae 
				+ m->opt.dirs.export_tbl.rva - m->sectbl[s].virtual_addr);
ed9e7f 
	} else if (i >= 0) {
ed9e7f 
		m->hedata = &m->sectbl[i];
ed9e7f 
		m->aedata = (struct pe_export_hdr *)(base + m->sectbl[i].ptr_to_raw_data);
c0fbae 
	}
c0fbae
ad7d42 
	if (m->aedata) {
c0fbae 
		pe_read_export_header(m->aedata,&m->edata);
ad7d42 
		m->summary.nexpsyms = m->edata.num_of_name_ptrs;
ad7d42 
	}
c0fbae
c0fbae 
	/* .idata */
c0fbae 
	struct pe_import_hdr * 		pidata;
7d4d3d 
	union  pe_import_lookup_item *	pitem;
c0fbae
c0fbae 
	i = pe_get_named_section_index(m,".idata");
c0fbae 
	s = pe_get_block_section_index(m,&m->opt.dirs.import_tbl);
c0fbae
c0fbae 
	if ((i >= 0) && (i != s))
85fd0d 
		return pe_free_image_meta_impl(
85fd0d 
			m,PERK_CUSTOM_ERROR(dctx,PERK_ERR_IMAGE_MALFORMED));
c0fbae
ed9e7f 
	if (s >= 0) {
c0fbae 
		m->hidata = &m->sectbl[s];
c0fbae 
		m->aidata = (struct pe_import_hdr *)(base + m->sectbl[s].ptr_to_raw_data
c0fbae 
				+ m->opt.dirs.import_tbl.rva - m->sectbl[s].virtual_addr);
ed9e7f 
	} else if (i >= 0) {
ed9e7f 
		m->hidata = &m->sectbl[i];
ed9e7f 
		m->aidata = (struct pe_import_hdr *)(base + m->sectbl[i].ptr_to_raw_data);
c0fbae 
	}
c0fbae
c0fbae 
	if (m->aidata) {
c0fbae 
		/* num of implibs */
85fd0d 
		for (pidata=m->aidata; pidata->name_rva[0]; pidata++)
85fd0d 
			m->summary.nimplibs++;
c0fbae
c0fbae 
		/* import headers */
85fd0d 
		if (!(m->idata = calloc(m->summary.nimplibs,sizeof(*m->idata))))
85fd0d 
			return pe_free_image_meta_impl(
85fd0d 
				m,PERK_SYSTEM_ERROR(dctx));
c0fbae
b5c6e6 
		for (i=0; i<m->summary.nimplibs; i++) {
c0fbae 
			pe_read_import_header(&m->aidata[i],&m->idata[i]);
c0fbae
c0fbae 
			m->idata[i].name = base + m->hidata->ptr_to_raw_data
c0fbae 
						+ m->idata[i].name_rva - m->hidata->virtual_addr;
c0fbae
82a0a1 
			if (m->idata[i].import_lookup_tbl_rva)
7d4d3d 
				m->idata[i].aitems = (union pe_import_lookup_item *)(base + m->hidata->ptr_to_raw_data
82a0a1 
							+ m->idata[i].import_lookup_tbl_rva - m->hidata->virtual_addr);
c0fbae
c0fbae 
			/* items */
7d801c 
			uint32_t * hint;
c0fbae 
			m->idata[i].count = 0;
7d801c
82a0a1 
			if (m->idata[i].import_lookup_tbl_rva) {
7d801c 
				pitem = m->idata[i].aitems;
7d801c 
				hint  = (uint32_t *)pitem->hint_name_tbl_rva;
7d801c
7d801c 
				for (; *hint; hint=(uint32_t *)((++pitem)->hint_name_tbl_rva))
82a0a1 
					m->idata[i].count++;
c0fbae
82a0a1 
				if (!(m->idata[i].items = calloc(m->idata[i].count,sizeof(*(m->idata[i].items)))))
85fd0d 
					return pe_free_image_meta_impl(
85fd0d 
						m,PERK_SYSTEM_ERROR(dctx));
82a0a1 
			}
c0fbae
c0fbae 
			for (j=0; j<m->idata[i].count; j++) {
9770d4 
				if ((ret = pe_read_import_lookup(
c0fbae 
						&(m->idata[i].aitems[j]),
c0fbae 
						&(m->idata[i].items[j]),
c0fbae 
						m->opt.std.magic)))
85fd0d 
					return pe_free_image_meta_impl(
85fd0d 
						m,PERK_CUSTOM_ERROR(dctx,ret));
c0fbae
c0fbae 
				switch (m->opt.std.magic) {
c0fbae 
					case PE_MAGIC_PE32:
c0fbae 
						m->idata[i].items[j].flags = m->idata[i].items[j].u.import_lookup_entry_32;
c0fbae 
						break;
c0fbae
c0fbae 
					case PE_MAGIC_PE32_PLUS:
c0fbae 
						m->idata[i].items[j].flags = (m->idata[i].items[j].u.import_lookup_entry_64 >> 32);
c0fbae 
						break;
c0fbae 
				}
c0fbae
e5e018 
				if (!m->idata[i].items[j].flags) {
e5e018 
					struct pe_hint_name_entry * pentry =
e5e018 
						(struct pe_hint_name_entry *)(base + m->hidata->ptr_to_raw_data
e5e018 
							+ m->idata[i].items[j].u.hint_name_tbl_rva - m->hidata->virtual_addr);
c0fbae
c0fbae 
					m->idata[i].items[j].name = (char *)pentry->name;
c0fbae 
				}
c0fbae 
			}
c0fbae 
		}
c0fbae 
	}
c0fbae
c0fbae 
	/* image */
c0fbae 
	m->image.addr = image->addr;
c0fbae 
	m->image.size = image->size;
c0fbae
c0fbae 
	/* all done */
c0fbae 
	*meta = m;
c0fbae 
	return 0;
c0fbae 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation | About

© Red Hat, Inc. and others.