public ProgramResourceInstance ReadResourceEntry(
EndianImageReader rdr,
string resourceId,
string sLcid,
ResourceType resourceType)
{
var rvaData = rdr.ReadUInt32();
var size = rdr.ReadUInt32();
var codepage = rdr.ReadInt32();
var padding = rdr.ReadUInt32();
var abResource = new byte[size];
Array.Copy(imgLoaded.Bytes, (int)rvaData, abResource, 0, abResource.Length);
if (resourceType == PeResourceType.BITMAP)
{
abResource = PostProcessBitmap(abResource);
}
string?encodingName = GetEncodingName(codepage);
string?langTag = GetLanguageTag(sLcid);
return(new ProgramResourceInstance
{
Name = $"{resourceId}-{langTag}",
Type = resourceType.Name,
TextEncoding = encodingName,
FileExtension = resourceType.FileExtension,
Bytes = abResource,
});
}
public void VisitPointer(Pointer ptr)
{
switch (ptr.Size)
{
case 2:
fmt.WriteKeyword("dw");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X4}", rdr.ReadByte()));
fmt.WriteLine();
return;
case 4:
fmt.WriteKeyword("dd");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X8}", rdr.ReadUInt32()));
fmt.WriteLine();
return;
case 8:
fmt.WriteKeyword("dq");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X16}", rdr.ReadUInt64()));
fmt.WriteLine();
return;
}
}
public static Elf32_Rel Read(EndianImageReader rdr)
{
var o = rdr.ReadUInt32();
var i = rdr.ReadUInt32();
return(new Elf32_Rel
{
r_offset = o,
r_info = i,
});
}
public static Elf32_Sym Load(EndianImageReader rdr)
{
var sym = new Elf32_Sym();
sym.st_name = rdr.ReadUInt32();
sym.st_value = rdr.ReadUInt32();
sym.st_size = rdr.ReadUInt32();
sym.st_info = rdr.ReadByte();
sym.st_other = rdr.ReadByte();
sym.st_shndx = rdr.ReadUInt16();
return(sym);
}
public static Elf32_Rela Read(EndianImageReader rdr)
{
var o = rdr.ReadUInt32();
var i = rdr.ReadUInt32();
var a = rdr.ReadInt32();
return(new Elf32_Rela
{
r_offset = o,
r_info = i,
r_addend = a
});
}
public static Elf64_PHdr Load(EndianImageReader rdr)
{
var hdr = new Elf64_PHdr
{
p_type = (ProgramHeaderType)rdr.ReadUInt32(),
p_flags = rdr.ReadUInt32(),
p_offset = rdr.ReadUInt64(),
p_vaddr = rdr.ReadUInt64(),
p_paddr = rdr.ReadUInt64(),
p_filesz = rdr.ReadUInt64(),
p_pmemsz = rdr.ReadUInt64(),
p_align = rdr.ReadUInt64(),
};
return(hdr);
}
public static Elf64_SHdr Load(EndianImageReader rdr)
{
return(new Elf64_SHdr
{
sh_name = rdr.ReadUInt32(),
sh_type = (SectionHeaderType)rdr.ReadUInt32(),
sh_flags = rdr.ReadUInt64(),
sh_addr = rdr.ReadUInt64(), // Address
sh_offset = rdr.ReadUInt64(),
sh_size = rdr.ReadUInt64(),
sh_link = rdr.ReadUInt32(),
sh_info = rdr.ReadUInt32(),
sh_addralign = rdr.ReadUInt64(),
sh_entsize = rdr.ReadUInt64(),
});
}
public List <ProgramResource> ReadLanguageDirectory(EndianImageReader rdr, uint resourceType, string resourceId)
{
const uint DIR_MASK = 0x80000000;
var flags = rdr.ReadUInt32();
var date = rdr.ReadUInt32();
var version = rdr.ReadUInt32();
var cNameEntries = rdr.ReadUInt16();
var cIdEntries = rdr.ReadUInt16();
var entries = new List <ProgramResource>();
for (int i = 0; i < cNameEntries; ++i)
{
var rvaName = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) != 0)
{
throw new BadImageFormatException();
}
entries.Add(ReadResourceEntry(subRdr, resourceId, ReadResourceString(rvaName), resourceType));
}
for (int i = 0; i < cIdEntries; ++i)
{
var id = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) != 0)
{
throw new BadImageFormatException();
}
entries.Add(ReadResourceEntry(subRdr, resourceId, id.ToString(), resourceType));
}
return(entries);
}
public ushort e_shstrndx; // section name string table index
public static Elf32_EHdr Load(EndianImageReader rdr)
{
return(new Elf32_EHdr
{
e_type = rdr.ReadUInt16(),
e_machine = rdr.ReadUInt16(),
e_version = rdr.ReadUInt32(),
e_entry = rdr.ReadUInt32(),
e_phoff = rdr.ReadUInt32(),
e_shoff = rdr.ReadUInt32(),
e_flags = rdr.ReadUInt32(),
e_ehsize = rdr.ReadUInt16(),
e_phentsize = rdr.ReadUInt16(),
e_phnum = rdr.ReadUInt16(),
e_shentsize = rdr.ReadUInt16(),
e_shnum = rdr.ReadUInt16(),
e_shstrndx = rdr.ReadUInt16(),
});
}
public static Elf32_SHdr Load(EndianImageReader rdr)
{
try
{
return(new Elf32_SHdr
{
sh_name = rdr.ReadUInt32(),
sh_type = (SectionHeaderType)rdr.ReadUInt32(),
sh_flags = rdr.ReadUInt32(),
sh_addr = rdr.ReadUInt32(), // Address
sh_offset = rdr.ReadUInt32(),
sh_size = rdr.ReadUInt32(),
sh_link = rdr.ReadUInt32(),
sh_info = rdr.ReadUInt32(),
sh_addralign = rdr.ReadUInt32(),
sh_entsize = rdr.ReadUInt32(),
});
} catch
{
//$TODO: report error?
return(null);
}
}
public ProgramResourceInstance ReadResourceEntry(EndianImageReader rdr, string resourceId, string langId, uint resourceType)
{
var rvaData = rdr.ReadUInt32();
var size = rdr.ReadUInt32();
var codepage = rdr.ReadUInt32();
var padding = rdr.ReadUInt32();
var abResource = new byte[size];
Array.Copy(imgLoaded.Bytes, (int)rvaData, abResource, 0, abResource.Length);
if (resourceType == RT_BITMAP)
{
abResource = PostProcessBitmap(abResource);
}
string localeName = GetLocaleName(langId);
return(new ProgramResourceInstance
{
Name = string.Format("{0}:{1}", resourceId, localeName),
Type = GetResourceType(resourceType),
Bytes = abResource,
});
}
void ParseFunctionStarts(EndianImageReader rdr)
{
if (!rdr.TryReadUInt32(out uint dataoff) ||
!rdr.TryReadUInt32(out uint datasize))
{
throw new BadImageFormatException("Couldn't read LC_FUNCTIONSTARTS command");
}
Debug.Print(" LC_FUNCTIONSTARTS {0:X8} {1:X8}", dataoff, datasize);
rdr.Offset = dataoff;
var endoff = dataoff + datasize;
while (rdr.Offset < endoff)
{
uint fn = rdr.ReadUInt32();
Debug.Print(" fn: {0:X}", fn);
}
}
public List <ProgramResource> ReadResourceDirectory(EndianImageReader rdr)
{
const uint DIR_MASK = 0x80000000;
var flags = rdr.ReadUInt32();
var date = rdr.ReadUInt32();
var version = rdr.ReadUInt32();
var cNameEntries = rdr.ReadUInt16();
var cIdEntries = rdr.ReadUInt16();
var entries = new List <ProgramResource>();
for (int i = 0; i < cNameEntries; ++i)
{
var rvaName = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
{
throw new BadImageFormatException();
}
if ((rvaName & DIR_MASK) != 0)
{
var e = new ProgramResourceGroup
{
//Name = ReadResourceString(rvaName),
Name = ReadResourceUtf16leString(rvaResources + (rvaName & ~DIR_MASK)),
};
e.Resources.AddRange(ReadNameDirectory(subRdr, 0));
entries.Add(e);
}
}
for (int i = 0; i < cIdEntries; ++i)
{
var id = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
{
throw new BadImageFormatException();
}
var e = new ProgramResourceGroup
{
Name = GenerateResourceName(id),
};
e.Resources.AddRange(ReadNameDirectory(subRdr, id));
entries.Add(e);
}
return(entries);
}
/// <summary>
/// Reads a resource directory, starting at the position of the given image
/// reader.
/// </summary>
/// <param name="rdr">A little endian <see cref="EndianImageReader"/>.</param>
/// <returns>A list of the resources found in the directory.</returns>
public List <ProgramResource> ReadResourceDirectory(EndianImageReader rdr)
{
const uint DIR_MASK = 0x80000000;
var flags = rdr.ReadUInt32();
var date = rdr.ReadUInt32();
var version = rdr.ReadUInt32();
var cNameEntries = rdr.ReadUInt16();
var cIdEntries = rdr.ReadUInt16();
var entries = new List <ProgramResource>();
// Read the named entries.
for (int i = 0; i < cNameEntries; ++i)
{
var rvaName = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
{
throw new BadImageFormatException();
}
if ((rvaName & DIR_MASK) != 0)
{
var e = new ProgramResourceGroup
{
//Name = ReadResourceString(rvaName),
Name = ReadResourceUtf16leString(rvaResources + (rvaName & ~DIR_MASK)),
};
e.Resources.AddRange(ReadNameDirectory(subRdr, PeResourceType.FromInt(0)));
entries.Add(e);
}
}
// Read the entries accessed by numeric ID.
for (int i = 0; i < cIdEntries; ++i)
{
var id = rdr.ReadInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
{
throw new BadImageFormatException();
}
var rt = PeResourceType.FromInt(id);
var e = new ProgramResourceGroup
{
Name = rt.Name
};
e.Resources.AddRange(ReadNameDirectory(subRdr, rt));
entries.Add(e);
}
return(entries);
}
public void Sift_32Bit()
{
var writer = arch.CreateImageWriter(mem, mem.BaseAddress);
while (DecrementCount())
{
var instr = Dasm();
processInstr(mem.Bytes, instr);
rdr.Offset = 0;
var val = rdr.ReadUInt32(0);
if (val == 0xFFFFFFFFu)
{
break;
}
++val;
writer.Position = 0;
writer.WriteUInt32(val);
}
}
public override PowerPcInstruction DisassembleInstruction()
{
if (!rdr.IsValid)
{
return(null);
}
this.addr = rdr.Address;
uint wInstr = rdr.ReadUInt32();
try
{
instrCur = primaryDecoders[wInstr >> 26].Decode(this, wInstr);
}
catch
{
instrCur = new PowerPcInstruction(Opcode.illegal);
}
instrCur.Address = addr;
instrCur.Length = 4;
return(instrCur);
}
public override ProcedureBase GetTrampolineDestination(EndianImageReader rdr, IRewriterHost host)
{
var dasm = new PowerPcDisassembler(
(PowerPcArchitecture64)Architecture,
rdr,
PrimitiveType.Word64);
PowerPcInstruction instr;
ImmediateOperand immOp;
MemoryOperand memOp;
//addi r12,r0,0000
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.addi)
{
return(null);
}
//oris r12,r12,0006
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.oris)
{
return(null);
}
immOp = (ImmediateOperand)instr.op3;
uint aFuncDesc = immOp.Value.ToUInt32() << 16;
//lwz r12,nnnn(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
{
return(null);
}
memOp = (MemoryOperand)instr.op2;
int offset = memOp.Offset.ToInt32();
aFuncDesc = (uint)(aFuncDesc + offset);
//std r2,40(r1)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.std)
{
return(null);
}
//lwz r0,0(r12)
// Have a pointer to a trampoline
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
{
return(null);
}
//lwz r2,4(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
{
return(null);
}
// mtctr r0
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.mtctr)
{
return(null);
}
// bcctr 14,00
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.bcctr)
{
return(null);
}
// Read the function pointer from the function descriptor.
offset = (int)aFuncDesc - (int)rdr.Address.ToUInt32();
rdr.Offset = rdr.Offset + offset;
var aFn = rdr.ReadUInt32();
return(null);
}
