Exemple #1
0
        public virtual bool ProbeForPointer(ImageReader rdr, out T linAddrInstr)
        {
            linAddrInstr = GetLinearAddress(rdr.Address);
            T    target;
            uint opcode;

            if (TryPeekOpcode(rdr, out opcode))
            {
                if ((flags & PointerScannerFlags.Calls) != 0)
                {
                    if (MatchCall(rdr, opcode, out target) && knownLinAddresses.Contains(target))
                    {
                        rdr.Seek(PointerAlignment);
                        return(true);
                    }
                }
                if ((flags & PointerScannerFlags.Jumps) != 0)
                {
                    if (MatchJump(rdr, opcode, out target) && knownLinAddresses.Contains(target))
                    {
                        rdr.Seek(PointerAlignment);
                        return(true);
                    }
                }
                if ((flags & PointerScannerFlags.Pointers) != 0)
                {
                    if (TryPeekPointer(rdr, out target) && knownLinAddresses.Contains(target))
                    {
                        rdr.Seek(PointerAlignment);
                        return(true);
                    }
                }
            }
            rdr.Seek(PointerAlignment);
            return(false);
        }
Exemple #2
0
        /// <summary>
        /// Reads the ELF header.
        /// </summary>
        /// <returns></returns>
        private Elf32_Ehdr ReadElfHeaderStart()
        {
            var rdr = new ImageReader(RawImage, 0);
            var h = new Elf32_Ehdr();

            h.e_ident = rdr.ReadBeUInt32();
            
            h.e_class = rdr.ReadByte();
            h.endianness = rdr.ReadByte();
            h.version = rdr.ReadByte();
            h.osAbi = rdr.ReadByte();

            rdr.Seek(8);             // 8 bytes of padding.

            // Now that we know the endianness, read the remaining fields in endian mode.
            rdr = CreateImageReader(h.endianness, rdr.Offset);
            h.e_type = rdr.ReadInt16();
            h.e_machine = rdr.ReadInt16();
            h.e_version = rdr.ReadInt32();
            h.e_entry = rdr.ReadUInt32();
            h.e_phoff = rdr.ReadUInt32();
            h.e_shoff = rdr.ReadUInt32();
            h.e_flags = rdr.ReadInt32();
            h.e_ehsize = rdr.ReadInt16();
            h.e_phentsize = rdr.ReadInt16();
            h.e_phnum = rdr.ReadInt16();
            h.e_shentsize = rdr.ReadInt16();
            h.e_shnum = rdr.ReadInt16();
            h.e_shstrndx = rdr.ReadInt16();

            Dump("e_type: {0}", h.e_type);
            Dump("e_machine: {0}", (MachineType) h.e_machine);
            Dump("e_version: {0}", h.e_version);
            Dump("e_entry: {0:X}", h.e_entry);
            Dump("e_phoff: {0:X}", h.e_phoff);
            Dump("e_shoff: {0:X}", h.e_shoff);
            Dump("e_flags: {0:X}", h.e_flags);
            Dump("e_ehsize: {0}", h.e_ehsize);
            Dump("e_phentsize: {0}", h.e_phentsize);
            Dump("e_phnum: {0}", h.e_phnum);
            Dump("e_shentsize: {0}", h.e_shentsize);
            Dump("e_shnum: {0}", h.e_shnum);
            Dump("e_shstrndx: {0}", h.e_shstrndx);
            
            return h;
        }
Exemple #3
0
		public override long Seek(long offset, SeekOrigin origin) {
			return rdr.Seek(offset, origin);
		}