|
 |
437706 |
/***************************************************************/
|
|
|
437706 |
/* perk: PE Resource Kit */
|
|
|
6a5301 |
/* Copyright (C) 2015--2025 SysDeer Technologies, LLC */
|
|
|
437706 |
/* Released under GPLv2 and GPLv3; see COPYING.PERK. */
|
|
|
437706 |
/***************************************************************/
|
|
|
437706 |
|
|
|
437706 |
#include <stdio.h>
|
|
|
437706 |
|
|
|
437706 |
#include <perk/perk.h>
|
|
|
437706 |
#include <perk/perk_output.h>
|
|
|
a03a54 |
#include <perk/perk_consts.h>
|
|
|
49d195 |
#include <perk/perk_structs.h>
|
|
|
67bba7 |
#include "perk_driver_impl.h"
|
|
|
67bba7 |
#include "perk_dprintf_impl.h"
|
|
|
437706 |
#include "perk_errinfo_impl.h"
|
|
|
437706 |
|
|
|
a03a54 |
static const char * pe_i386_reloc_type_desc[0x16] = {
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_ABSOLUTE] = "PE_IMAGE_REL_I386_ABSOLUTE",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_DIR16] = "PE_IMAGE_REL_I386_DIR16",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_REL16] = "PE_IMAGE_REL_I386_REL16",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_DIR32] = "PE_IMAGE_REL_I386_DIR32",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_DIR32NB] = "PE_IMAGE_REL_I386_DIR32NB",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_SEG12] = "PE_IMAGE_REL_I386_SEG12",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_SECTION] = "PE_IMAGE_REL_I386_SECTION",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_SECREL] = "PE_IMAGE_REL_I386_SECREL",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_TOKEN] = "PE_IMAGE_REL_I386_TOKEN",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_SECREL7] = "PE_IMAGE_REL_I386_SECREL7",
|
|
|
a03a54 |
[PE_IMAGE_REL_I386_REL32] = "PE_IMAGE_REL_I386_REL32",
|
|
|
a03a54 |
};
|
|
|
a03a54 |
|
|
|
a03a54 |
static const char * pe_amd64_reloc_type_desc[0x12] = {
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_ABSOLUTE] = "PE_IMAGE_REL_AMD64_ABSOLUTE",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_ADDR64] = "PE_IMAGE_REL_AMD64_ADDR64",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_ADDR32] = "PE_IMAGE_REL_AMD64_ADDR32",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_ADDR32NB] = "PE_IMAGE_REL_AMD64_ADDR32NB",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32] = "PE_IMAGE_REL_AMD64_REL32",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32_1] = "PE_IMAGE_REL_AMD64_REL32_1",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32_2] = "PE_IMAGE_REL_AMD64_REL32_2",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32_3] = "PE_IMAGE_REL_AMD64_REL32_3",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32_4] = "PE_IMAGE_REL_AMD64_REL32_4",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_REL32_5] = "PE_IMAGE_REL_AMD64_REL32_5",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_SECTION] = "PE_IMAGE_REL_AMD64_SECTION",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_SECREL] = "PE_IMAGE_REL_AMD64_SECREL",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_SECREL7] = "PE_IMAGE_REL_AMD64_SECREL7",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_TOKEN] = "PE_IMAGE_REL_AMD64_TOKEN",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_SREL32] = "PE_IMAGE_REL_AMD64_SREL32",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_PAIR] = "PE_IMAGE_REL_AMD64_PAIR",
|
|
|
a03a54 |
[PE_IMAGE_REL_AMD64_SSPAN32] = "PE_IMAGE_REL_AMD64_SSPAN32",
|
|
|
a03a54 |
};
|
|
|
a03a54 |
|
|
|
72d820 |
static int pe_output_section_names(
|
|
|
437706 |
const struct pe_driver_ctx * dctx,
|
|
|
72d820 |
const struct pe_image_meta * meta,
|
|
|
72d820 |
int fdout)
|
|
|
437706 |
{
|
|
|
72d820 |
int i;
|
|
|
437706 |
|
|
|
72d820 |
for (i=0; i<meta->m_coff.cfh_num_of_sections; i++)
|
|
|
72d820 |
if (pe_dprintf(fdout,"%s\n",meta->m_sectbl[i].sh_name) < 0)
|
|
|
437706 |
return PERK_FILE_ERROR(dctx);
|
|
|
437706 |
|
|
|
72d820 |
return 0;
|
|
|
72d820 |
}
|
|
|
72d820 |
|
|
|
72d820 |
static int pe_output_section_names_yaml(
|
|
|
72d820 |
const struct pe_driver_ctx * dctx,
|
|
|
72d820 |
const struct pe_image_meta * meta,
|
|
|
72d820 |
int fdout)
|
|
|
72d820 |
{
|
|
|
72d820 |
int i;
|
|
|
72d820 |
|
|
|
72d820 |
if (pe_dprintf(fdout," - Sections:\n") < 0)
|
|
|
72d820 |
return PERK_FILE_ERROR(dctx);
|
|
|
437706 |
|
|
|
58ced9 |
for (i=0; i<meta->m_coff.cfh_num_of_sections; i++)
|
|
|
72d820 |
if (pe_dprintf(fdout," - section: %s\n",meta->m_sectbl[i].sh_name) < 0)
|
|
|
437706 |
return PERK_FILE_ERROR(dctx);
|
|
|
437706 |
|
|
|
437706 |
return 0;
|
|
|
437706 |
}
|
|
|
72d820 |
|
|
|
97dd39 |
static int pe_output_section_record_yaml(
|
|
|
97dd39 |
int fdout,
|
|
|
97dd39 |
const struct pe_driver_ctx * dctx,
|
|
|
a03a54 |
const struct pe_image_meta * meta,
|
|
|
49d195 |
const struct pe_meta_sec_hdr * s,
|
|
|
49d195 |
const unsigned char * base)
|
|
|
97dd39 |
{
|
|
|
49d195 |
int i;
|
|
|
49d195 |
const struct pe_raw_coff_reloc * r;
|
|
|
49d195 |
struct pe_meta_coff_reloc m;
|
|
|
a03a54 |
char reltypedesc[64];
|
|
|
49d195 |
|
|
|
97dd39 |
if (pe_dprintf(fdout,
|
|
|
97dd39 |
" - section:\n"
|
|
|
97dd39 |
" - [ name: %s ]\n"
|
|
|
97dd39 |
" - [ virtual-size: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ virtual-addr: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ size-of-raw-data: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ ptr-to-raw-data: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ ptr-to-relocs: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ ptr-to-line-nums: 0x%08x ]\n"
|
|
|
97dd39 |
" - [ num-of-relocs: %u ]\n"
|
|
|
97dd39 |
" - [ num-of-line-nums: %u ]\n"
|
|
|
97dd39 |
" - [ characteristics: 0x%08x ]\n"
|
|
|
97dd39 |
"\n",
|
|
|
97dd39 |
s->sh_name,
|
|
|
97dd39 |
s->sh_virtual_size,
|
|
|
97dd39 |
s->sh_virtual_addr,
|
|
|
97dd39 |
s->sh_size_of_raw_data,
|
|
|
97dd39 |
s->sh_ptr_to_raw_data,
|
|
|
97dd39 |
s->sh_ptr_to_relocs,
|
|
|
97dd39 |
s->sh_ptr_to_line_nums,
|
|
|
97dd39 |
s->sh_num_of_relocs,
|
|
|
97dd39 |
s->sh_num_of_line_nums,
|
|
|
97dd39 |
s->sh_characteristics) < 0)
|
|
|
97dd39 |
return PERK_FILE_ERROR(dctx);
|
|
|
97dd39 |
|
|
|
49d195 |
if (s->sh_num_of_relocs == 0)
|
|
|
49d195 |
return 0;
|
|
|
49d195 |
|
|
|
49d195 |
if (pe_dprintf(fdout," - relocation-records:\n") < 0)
|
|
|
49d195 |
return PERK_FILE_ERROR(dctx);
|
|
|
49d195 |
|
|
|
49d195 |
r = (const struct pe_raw_coff_reloc *)&base[s->sh_ptr_to_relocs];
|
|
|
49d195 |
|
|
|
49d195 |
for (i=0; i<s->sh_num_of_relocs; i++) {
|
|
|
49d195 |
pe_read_coff_reloc(&r[i],&m);
|
|
|
a03a54 |
memset(reltypedesc,0,sizeof(reltypedesc));
|
|
|
a03a54 |
|
|
|
a03a54 |
switch (meta->m_abi) {
|
|
|
a03a54 |
case PE_ABI_PE32:
|
|
|
a03a54 |
if (m.rel_type <= PE_IMAGE_REL_I386_REL32)
|
|
|
a03a54 |
snprintf(reltypedesc,sizeof(reltypedesc),
|
|
|
a03a54 |
"0x%04x (%s)",
|
|
|
a03a54 |
m.rel_type,
|
|
|
a03a54 |
pe_i386_reloc_type_desc[m.rel_type]);
|
|
|
a03a54 |
break;
|
|
|
a03a54 |
|
|
|
a03a54 |
case PE_ABI_PE64:
|
|
|
a03a54 |
if (m.rel_type <= PE_IMAGE_REL_AMD64_SSPAN32)
|
|
|
a03a54 |
snprintf(reltypedesc,sizeof(reltypedesc),
|
|
|
a03a54 |
"0x%04x (%s)",
|
|
|
a03a54 |
m.rel_type,
|
|
|
a03a54 |
pe_amd64_reloc_type_desc[m.rel_type]);
|
|
|
a03a54 |
break;
|
|
|
a03a54 |
|
|
|
a03a54 |
default:
|
|
|
a03a54 |
snprintf(reltypedesc,sizeof(reltypedesc),
|
|
|
a03a54 |
"0x%04x",
|
|
|
a03a54 |
m.rel_type);
|
|
|
a03a54 |
}
|
|
|
49d195 |
|
|
|
49d195 |
if (pe_dprintf(
|
|
|
49d195 |
fdout,
|
|
|
49d195 |
" - reloction-record:\n"
|
|
|
49d195 |
" - [ rva: 0x%08x ]\n"
|
|
|
e72eab |
" - [ sym: 0x%08x (%s) ]\n"
|
|
|
a03a54 |
" - [ type: %s ]\n"
|
|
|
49d195 |
"\n",
|
|
|
49d195 |
m.rel_rva,
|
|
|
49d195 |
m.rel_sym,
|
|
|
e72eab |
meta->m_symvec_symidx[m.rel_sym]->cs_name,
|
|
|
a03a54 |
reltypedesc) < 0)
|
|
|
49d195 |
return PERK_FILE_ERROR(dctx);
|
|
|
49d195 |
}
|
|
|
49d195 |
|
|
|
97dd39 |
return 0;
|
|
|
97dd39 |
}
|
|
|
97dd39 |
|
|
|
72d820 |
static int pe_output_section_records_yaml(
|
|
|
72d820 |
const struct pe_driver_ctx * dctx,
|
|
|
72d820 |
const struct pe_image_meta * meta,
|
|
|
72d820 |
int fdout)
|
|
|
72d820 |
{
|
|
|
97dd39 |
int i;
|
|
|
97dd39 |
|
|
|
97dd39 |
if (pe_dprintf(fdout," - Sections:\n") < 0)
|
|
|
97dd39 |
return PERK_FILE_ERROR(dctx);
|
|
|
97dd39 |
|
|
|
97dd39 |
for (i=0; i<meta->m_coff.cfh_num_of_sections; i++)
|
|
|
49d195 |
if (pe_output_section_record_yaml(
|
|
|
a03a54 |
fdout,dctx,meta,
|
|
|
49d195 |
&meta->m_sectbl[i],
|
|
|
49d195 |
meta->r_image.map_addr) < 0)
|
|
|
97dd39 |
return PERK_NESTED_ERROR(dctx);
|
|
|
97dd39 |
|
|
|
72d820 |
return 0;
|
|
|
72d820 |
}
|
|
|
72d820 |
|
|
|
b3bd3b |
static int pe_output_pecoff_sections_yaml(
|
|
|
72d820 |
const struct pe_driver_ctx * dctx,
|
|
|
72d820 |
const struct pe_image_meta * meta,
|
|
|
72d820 |
int fdout)
|
|
|
72d820 |
{
|
|
|
72d820 |
if (dctx->cctx->fmtflags & PERK_PRETTY_VERBOSE) {
|
|
|
72d820 |
if (pe_output_section_records_yaml(dctx,meta,fdout) < 0)
|
|
|
72d820 |
return PERK_NESTED_ERROR(dctx);
|
|
|
72d820 |
} else {
|
|
|
72d820 |
if (pe_output_section_names_yaml(dctx,meta,fdout) < 0)
|
|
|
72d820 |
return PERK_NESTED_ERROR(dctx);
|
|
|
72d820 |
}
|
|
|
72d820 |
|
|
|
72d820 |
return 0;
|
|
|
72d820 |
}
|
|
|
72d820 |
|
|
|
b3bd3b |
int pe_output_pecoff_sections(
|
|
|
72d820 |
const struct pe_driver_ctx * dctx,
|
|
|
72d820 |
const struct pe_image_meta * meta)
|
|
|
72d820 |
{
|
|
|
72d820 |
int fdout = pe_driver_fdout(dctx);
|
|
|
72d820 |
|
|
|
72d820 |
if (dctx->cctx->fmtflags & PERK_PRETTY_YAML) {
|
|
|
b3bd3b |
if (pe_output_pecoff_sections_yaml(dctx,meta,fdout) < 0)
|
|
|
72d820 |
return PERK_NESTED_ERROR(dctx);
|
|
|
72d820 |
|
|
|
72d820 |
} else {
|
|
|
72d820 |
if (pe_output_section_names(dctx,meta,fdout) < 0)
|
|
|
72d820 |
return PERK_NESTED_ERROR(dctx);
|
|
|
72d820 |
}
|
|
|
72d820 |
|
|
|
72d820 |
return 0;
|
|
|
72d820 |
}
|