public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var execList = new List <SectionHeader>();
var dataList = new List <SectionHeader>();
foreach (var section in sections)
{
switch (section.Characteristics)
{
case 0x60000020:
execList.Add(section);
break;
case 0x40000040:
case 0xC0000040:
dataList.Add(section);
break;
}
}
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
var data = dataList.ToArray();
var exec = execList.ToArray();
plusSearch.SetSection(SearchSectionType.Exec, imageBase, exec);
plusSearch.SetSection(SearchSectionType.Data, imageBase, data);
plusSearch.SetSection(SearchSectionType.Bss, imageBase, data);
var codeRegistration = plusSearch.FindCodeRegistration();
var metadataRegistration = plusSearch.FindMetadataRegistration();
return(AutoPlusInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var exec = new SearchSection
{
offset = 0,
offsetEnd = (ulong)methodCount, //hack
address = 0,
addressEnd = (ulong)methodCount //hack
};
var data = new SearchSection
{
offset = 1024,
offsetEnd = Length,
address = 1024,
addressEnd = Length
};
var bss = new SearchSection
{
offset = Length,
offsetEnd = long.MaxValue, //hack
address = Length,
addressEnd = long.MaxValue //hack
};
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSection(SearchSectionType.Exec, exec);
plusSearch.SetSection(SearchSectionType.Data, data);
plusSearch.SetSection(SearchSectionType.Bss, bss);
var codeRegistration = plusSearch.FindCodeRegistration();
var metadataRegistration = plusSearch.FindMetadataRegistration();
return(AutoPlusInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var __const = sections.First(x => x.section_name == "__const");
var __const2 = sections.Last(x => x.section_name == "__const");
var __text = sections.First(x => x.section_name == "__text");
var __common = sections.First(x => x.section_name == "__common");
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(__const, __const2);
plusSearch.SetPointerRangeFirst(__const2, __const2);
plusSearch.SetPointerRangeSecond(__text);
var codeRegistration = plusSearch.FindCodeRegistration();
if (version == 16)
{
Console.WriteLine("WARNING: Version 16 can only get CodeRegistration");
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
return(false);
}
plusSearch.SetPointerRangeSecond(__common);
var metadataRegistration = plusSearch.FindMetadataRegistration();
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
return(false);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var dataList = new List<Elf64_Phdr>();
var execList = new List<Elf64_Phdr>();
foreach (var phdr in programSegment)
{
if (phdr.p_memsz != 0ul)
{
switch (phdr.p_flags)
{
case 1u: //PF_X
case 3u:
case 5u:
case 7u:
execList.Add(phdr);
break;
case 2u: //PF_W && PF_R
case 4u:
case 6u:
dataList.Add(phdr);
break;
}
}
}
var data = dataList.ToArray();
var exec = execList.ToArray();
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSection(SearchSectionType.Exec, exec);
plusSearch.SetSection(SearchSectionType.Data, data);
plusSearch.SetSection(SearchSectionType.Bss, data);
var codeRegistration = plusSearch.FindCodeRegistration();
var metadataRegistration = plusSearch.FindMetadataRegistration();
return AutoPlusInit(codeRegistration, metadataRegistration);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (!isDump && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss")))
{
Console.WriteLine("ERROR: This file has been protected.");
}
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
var dataList = new List <Elf32_Phdr>();
var execList = new List <Elf32_Phdr>();
foreach (var phdr in program_table.Where(x => x.p_type == 1u))
{
if (phdr.p_memsz != 0ul)
{
switch (phdr.p_flags)
{
case 1u: //PF_X
case 3u:
case 5u:
case 7u:
execList.Add(phdr);
break;
case 2u: //PF_W && PF_R
case 4u:
case 6u:
dataList.Add(phdr);
break;
}
}
}
var data = dataList.ToArray();
var exec = execList.ToArray();
plusSearch.SetSearch(data);
plusSearch.SetPointerRangeFirst(data);
if (isDump)
{
plusSearch.SetPointerRangeSecond(dumpAddr, exec);
}
else
{
plusSearch.SetPointerRangeSecond(exec);
}
var codeRegistration = plusSearch.FindCodeRegistration();
if (isDump)
{
plusSearch.SetPointerRangeSecond(dumpAddr, data);
}
else
{
plusSearch.SetPointerRangeSecond(data);
}
var metadataRegistration = plusSearch.FindMetadataRegistration();
return(AutoInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSection(SearchSectionType.Exec, header.TextSegment);
plusSearch.SetSection(SearchSectionType.Data, header.DataSegment);
plusSearch.SetSection(SearchSectionType.Bss, header.BssSegment);
var codeRegistration = plusSearch.FindCodeRegistration();
var metadataRegistration = plusSearch.FindMetadataRegistration();
return(AutoInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(header.DataSegment);
plusSearch.SetPointerRangeFirst(header.DataSegment);
plusSearch.SetPointerRangeSecond(header.TextSegment);
var codeRegistration = plusSearch.FindCodeRegistration64Bit();
plusSearch.SetPointerRangeSecond(header.BssSegment);
var metadataRegistration = plusSearch.FindMetadataRegistration64Bit();
return(AutoInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var execList = new List <SectionHeader>();
var dataList = new List <SectionHeader>();
foreach (var section in sections)
{
switch (section.Characteristics)
{
case 0x60000020:
execList.Add(section);
break;
case 0x40000040:
case 0xC0000040:
dataList.Add(section);
break;
}
}
ulong codeRegistration;
ulong metadataRegistration;
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
var data = dataList.ToArray();
var exec = execList.ToArray();
plusSearch.SetSearch(imageBase, data);
plusSearch.SetPointerRangeFirst(imageBase, data);
plusSearch.SetPointerRangeSecond(imageBase, exec);
if (is32Bit)
{
codeRegistration = plusSearch.FindCodeRegistration();
plusSearch.SetPointerRangeSecond(imageBase, data);
metadataRegistration = plusSearch.FindMetadataRegistration();
}
else
{
codeRegistration = plusSearch.FindCodeRegistration64Bit();
plusSearch.SetPointerRangeSecond(imageBase, data);
metadataRegistration = plusSearch.FindMetadataRegistration64Bit();
}
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
return(false);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var data = sections.Where(x => x.sectname == "__const").ToArray();
var code = sections.Where(x => x.flags == 0x80000400).ToArray();
var bss = sections.Where(x => x.flags == 1u).ToArray();
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(data);
plusSearch.SetPointerRangeFirst(data);
plusSearch.SetPointerRangeSecond(code);
var codeRegistration = plusSearch.FindCodeRegistration();
plusSearch.SetPointerRangeSecond(bss);
var metadataRegistration = plusSearch.FindMetadataRegistration();
return AutoInit(codeRegistration, metadataRegistration);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var data = sections.Where(x => x.sectname == "__const").ToArray();
var code = sections.Where(x => x.flags == 0x80000400).ToArray();
var bss = sections.Where(x => x.flags == 1u).ToArray();
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSection(SearchSectionType.Exec, code);
plusSearch.SetSection(SearchSectionType.Data, data);
plusSearch.SetSection(SearchSectionType.Bss, bss);
var codeRegistration = plusSearch.FindCodeRegistration();
var metadataRegistration = plusSearch.FindMetadataRegistration();
return(AutoInit(codeRegistration, metadataRegistration));
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
var dataList = new List <Elf64_Phdr>();
var execList = new List <Elf64_Phdr>();
foreach (var phdr in program_table)
{
if (phdr.p_memsz != 0ul)
{
switch (phdr.p_flags)
{
case 1u: //PF_X
case 3u:
case 5u:
case 7u:
execList.Add(phdr);
break;
case 2u: //PF_W && PF_R
case 4u:
case 6u:
dataList.Add(phdr);
break;
}
}
}
var data = dataList.ToArray();
var exec = execList.ToArray();
plusSearch.SetSearch(data);
plusSearch.SetPointerRangeFirst(data);
plusSearch.SetPointerRangeSecond(exec);
var codeRegistration = plusSearch.FindCodeRegistration64Bit();
plusSearch.SetPointerRangeSecond(data);
var metadataRegistration = plusSearch.FindMetadataRegistration64Bit();
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
return(false);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(header.DataSegment);
plusSearch.SetPointerRangeFirst(header.DataSegment);
plusSearch.SetPointerRangeSecond(header.TextSegment);
var codeRegistration = plusSearch.FindCodeRegistration64Bit();
plusSearch.SetPointerRangeSecond(header.BssSegment);
var metadataRegistration = plusSearch.FindMetadataRegistration64Bit();
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
return(false);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (sections.Any(x => x.Name == ".text") && sections.Any(x => x.Name == ".data") && sections.Any(x => x.Name == ".rdata"))
{
var text = sections.First(x => x.Name == ".text");
var data = sections.First(x => x.Name == ".data");
var rdata = sections.First(x => x.Name == ".rdata");
ulong codeRegistration;
ulong metadataRegistration;
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(imageBase, data, rdata);
plusSearch.SetPointerRangeFirst(imageBase, data, rdata);
plusSearch.SetPointerRangeSecond(imageBase, text);
if (is32Bit)
{
codeRegistration = plusSearch.FindCodeRegistration();
plusSearch.SetPointerRangeSecond(imageBase, data, rdata);
metadataRegistration = plusSearch.FindMetadataRegistration();
}
else
{
codeRegistration = plusSearch.FindCodeRegistration64Bit();
plusSearch.SetPointerRangeSecond(imageBase, data, rdata);
metadataRegistration = plusSearch.FindMetadataRegistration64Bit();
}
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
Console.WriteLine("ERROR: The necessary section is missing.");
}
return(false);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
{
var datarelro = sectionWithName[".data.rel.ro"];
var text = sectionWithName[".text"];
var bss = sectionWithName[".bss"];
sectionWithName.TryGetValue(".data.rel.ro.local", out var datarelrolocal);
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
plusSearch.SetSearch(datarelro, datarelrolocal);
plusSearch.SetPointerRangeFirst(datarelro, datarelrolocal);
plusSearch.SetPointerRangeSecond(text);
var codeRegistration = plusSearch.FindCodeRegistration();
plusSearch.SetPointerRangeSecond(bss);
var metadataRegistration = plusSearch.FindMetadataRegistration();
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages);
var dataList = new List <Elf32_Phdr>();
var execList = new List <Elf32_Phdr>();
foreach (var phdr in program_table)
{
if (phdr.p_memsz != 0ul)
{
switch (phdr.p_flags)
{
case 1u: //PF_X
case 3u:
case 5u:
case 7u:
execList.Add(phdr);
break;
case 2u: //PF_W && PF_R
case 4u:
case 6u:
dataList.Add(phdr);
break;
}
}
}
var data = dataList.ToArray();
var exec = execList.ToArray();
plusSearch.SetSearch(data);
plusSearch.SetPointerRangeFirst(data);
plusSearch.SetPointerRangeSecond(exec);
var codeRegistration = plusSearch.FindCodeRegistration();
plusSearch.SetPointerRangeSecond(data);
var metadataRegistration = plusSearch.FindMetadataRegistration();
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
return(false);
}
