private uint FindReference(uint pointer, elf_32_shdr search)
{
var searchend = search.sh_offset + search.sh_size;
Position = search.sh_offset;
while (Position < searchend)
{
if (ReadUInt32() == pointer)
{
return((uint)Position - search.sh_offset + search.sh_addr);//MapRATV
}
}
return(0);
}
private uint FindPointersDesc(long readCount, elf_32_shdr search, elf_32_shdr range)
{
var add = 0;
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
while (searchend + add > search.sh_offset)
{
var temp = ReadClassArray <int>(searchend + add - 4 * readCount, readCount);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r != -1)
{
add -= (int)((readCount - r) * 4);
}
else
{
return((uint)(search.sh_addr + search.sh_size + add - 4 * readCount));//MapRATV
}
}
return(0);
}
private uint FindPointersAsc(long readCount, elf_32_shdr search, elf_32_shdr range)
{
var add = 0;
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
while (search.sh_offset + add < searchend)
{
var temp = ReadClassArray <int>(search.sh_offset + add, readCount);
var r = Array.FindLastIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r != -1)
{
add += ++r * 4;
}
else
{
return(search.sh_addr + (uint)add);//MapRATV
}
}
return(0);
}
private bool Searchv21()
{
//取.dynamic
var dynamic = new elf_32_shdr();
var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);
dynamic.sh_offset = PT_DYNAMIC.p_offset;
dynamic.sh_size = PT_DYNAMIC.p_filesz;
//从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
uint _GLOBAL_OFFSET_TABLE_ = 0;
var init_array = new elf_32_shdr();
Position = dynamic.sh_offset;
var dynamicend = dynamic.sh_offset + dynamic.sh_size;
while (Position < dynamicend)
{
var tag = ReadInt32();
if (tag == 3)//DT_PLTGOT
{
_GLOBAL_OFFSET_TABLE_ = ReadUInt32();
}
else if (tag == 25)//DT_INIT_ARRAY
{
init_array.sh_offset = MapVATR(ReadUInt32());
}
else if (tag == 27)//DT_INIT_ARRAYSZ
{
init_array.sh_size = ReadUInt32();
}
else
{
Position += 4;//skip
}
}
if (_GLOBAL_OFFSET_TABLE_ != 0)
{
//从.init_array获取函数
var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4);
foreach (var i in addrs)
{
if (i > 0)
{
Position = i;
if (elf_header.e_machine == 0x28)
{
var buff = ReadBytes(12);
if (ARMFeatureBytes.SequenceEqual(buff))
{
Position = i + 0x2c;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x28;
var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x2C;
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
var metadataRegistration = ReadUInt32();
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else if (elf_header.e_machine == 0x3)
{
var buff = ReadBytes(16);
if (X86FeatureBytes.SequenceEqual(buff))
{
Position = i + 0x18;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x2C;
var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x22;
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
var metadataRegistration = ReadUInt32();
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
Console.WriteLine("ERROR: Automatic processing does not support this ELF file.");
}
}
}
}
else
{
Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
}
return(false);
}
public bool Auto()
{
//函数特征码
var bytes = new byte[] { 0x1c, 0x0, 0x9f, 0xe5, 0x1c, 0x10, 0x9f, 0xe5, 0x1c, 0x20, 0x9f, 0xe5 };
//取.dynamic
var dynamic = new elf_32_shdr();
var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);
dynamic.sh_offset = PT_DYNAMIC.p_offset;
dynamic.sh_size = PT_DYNAMIC.p_filesz;
//从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
uint _GLOBAL_OFFSET_TABLE_ = 0;
var init_array = new elf_32_shdr();
Position = dynamic.sh_offset;
var dynamicend = dynamic.sh_offset + dynamic.sh_size;
while (Position < dynamicend)
{
var tag = ReadInt32();
if (tag == 3)//DT_PLTGOT
{
_GLOBAL_OFFSET_TABLE_ = ReadUInt32();
continue;
}
else if (tag == 25)//DT_INIT_ARRAY
{
init_array.sh_offset = MapVATR(ReadUInt32());
continue;
}
else if (tag == 27)//DT_INIT_ARRAYSZ
{
init_array.sh_size = ReadUInt32();
continue;
}
Position += 4;
}
if (_GLOBAL_OFFSET_TABLE_ != 0)
{
//从.init_array获取函数
var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4);
foreach (var i in addrs)
{
if (i != 0)
{
Position = i;
var buff = ReadBytes(12);
if (bytes.SequenceEqual(buff))
{
Position = i + 0x2c;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x28;
var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x2C;
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
var metadataRegistration = ReadUInt32();
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
}
}
else
{
Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
}
return(false);
}
public override bool AdvancedSearch(int methodCount)
{
if (sectionWithName != null)
{
if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
{
var datarelro = sectionWithName[".data.rel.ro"];
var text = sectionWithName[".text"];
var bss = sectionWithName[".bss"];
elf_32_shdr datarelrolocal = null;
if (sectionWithName.ContainsKey(".data.rel.ro.local"))
{
datarelrolocal = sectionWithName[".data.rel.ro.local"];
}
uint codeRegistration = 0;
uint metadataRegistration = 0;
var pmethodPointers = FindPointersAsc(methodCount, datarelro, text);
if (pmethodPointers == 0 && datarelrolocal != null)
{
pmethodPointers = FindPointersAsc(methodCount, datarelrolocal, text);
}
if (pmethodPointers != 0)
{
codeRegistration = FindReference(pmethodPointers, datarelro);
if (codeRegistration == 0 && datarelrolocal != null)
{
codeRegistration = FindReference(pmethodPointers, datarelrolocal);
}
if (codeRegistration == 0)
{
pmethodPointers = FindPointersDesc(methodCount, datarelro, text);
if (pmethodPointers == 0 && datarelrolocal != null)
{
pmethodPointers = FindPointersDesc(methodCount, datarelrolocal, text);
}
if (pmethodPointers != 0)
{
codeRegistration = FindReference(pmethodPointers, datarelro);
if (codeRegistration == 0 && datarelrolocal != null)
{
codeRegistration = FindReference(pmethodPointers, datarelrolocal);
}
}
}
}
var pmetadataUsages = FindPointersAsc(maxmetadataUsages, datarelro, bss);
if (pmetadataUsages == 0 && datarelrolocal != null)
{
pmetadataUsages = FindPointersAsc(maxmetadataUsages, datarelrolocal, bss);
}
if (pmetadataUsages != 0)
{
metadataRegistration = FindReference(pmetadataUsages, datarelro);
if (metadataRegistration == 0 && datarelrolocal != null)
{
metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
}
if (metadataRegistration == 0)
{
pmetadataUsages = FindPointersDesc(maxmetadataUsages, datarelro, bss);
if (pmetadataUsages == 0 && datarelrolocal != null)
{
pmetadataUsages = FindPointersDesc(maxmetadataUsages, datarelrolocal, bss);
}
if (pmetadataUsages != 0)
{
metadataRegistration = FindReference(pmetadataUsages, datarelro);
if (metadataRegistration == 0 && datarelrolocal != null)
{
metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
}
}
}
}
if (codeRegistration != 0 && metadataRegistration != 0)
{
codeRegistration -= 8u;
metadataRegistration -= 64u;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
Console.WriteLine("ERROR: The necessary section is missing.");
}
}
return(false);
}
