Esempio n. 1
0
        private void PopulateImports()
        {
            BeImageReader memRdr = new BeImageReader(xexData.memoryData);

            for (int i = 0; i < xexData.import_records.Count; i++)
            {
                UInt32 tableAddress = xexData.import_records[i];

                UInt32 memOffset = tableAddress - xexData.exe_address;
                if (memOffset > xexData.memorySize)
                {
                    throw new BadImageFormatException($"XEX: invalid import record offset: 0x{memOffset}");
                }

                UInt32 value = memRdr.ReadAt <UInt32>(memOffset, rdr => rdr.ReadUInt32());

                XexImportType type     = (XexImportType)((value & 0xFF000000) >> 24);
                byte          libIndex = (byte)((value & 0x00FF0000) >> 16);

                if (type > XexImportType.Function)
                {
                    decompilerEventListener.Error(
                        $"XEX: Unsupported import type {type}, value: 0x{value:X}");
                    continue;
                }

                if (libIndex >= xexData.libNames.Count)
                {
                    throw new BadImageFormatException($"XEX: invalid import record lib index ({libIndex}, max:{xexData.libNames.Count})");
                }

                UInt32    importOrdinal = (value & 0xFFFF);
                string    importLibName = xexData.libNames[libIndex];
                Address32 importAddress = new Address32(xexData.import_records[i]);

                SymbolType symbolType = SymbolType.Unknown;
                switch (type)
                {
                case XexImportType.Data:
                    symbolType = SymbolType.Data;
                    break;

                case XexImportType.Function:
                    symbolType = SymbolType.ExternalProcedure;
                    break;
                }
                imports.Add(importAddress, new OrdinalImportReference(importAddress, importLibName, (int)importOrdinal, symbolType));
            }
        }
Esempio n. 2
0
        private void PopulateImports()
        {
            BeImageReader memRdr = new BeImageReader(xexData.memoryData);

            for (int i = 0; i < xexData.import_records.Count; i++)
            {
                UInt32 tableAddress = xexData.import_records[i];

                UInt32 memOffset = tableAddress - xexData.exe_address;
                if (memOffset > xexData.memorySize)
                {
                    throw new BadImageFormatException($"XEX: invalid import record offset: 0x{memOffset}");
                }

                UInt32 value = memRdr.ReadAt <UInt32>(memOffset, rdr => rdr.ReadUInt32());

                byte type     = (byte)((value & 0xFF000000) >> 24);
                byte libIndex = (byte)((value & 0x00FF0000) >> 16);

                if (type == 0)
                {
                    if (libIndex >= xexData.libNames.Count)
                    {
                        throw new BadImageFormatException($"XEX: invalid import type 0 record lib index ({libIndex}, max:{xexData.libNames.Count})");
                    }

                    UInt32 importOrdinal = (value & 0xFFFF);
                    string importLibName = xexData.libNames[libIndex];
                    UInt32 importAddress = xexData.import_records[i];

                    var theAddress = new Address32(importAddress);
                    imports.Add(theAddress, new OrdinalImportReference(theAddress, importLibName, (int)importOrdinal, SymbolType.ExternalProcedure));
                }
                else if (type == 1)
                {
                    if (libIndex >= xexData.libNames.Count)
                    {
                        throw new BadImageFormatException($"XEX: invalid import type 0 record lib index ({libIndex}, max:{xexData.libNames.Count})");
                    }

                    UInt32 importOrdinal = (value & 0xFFFF);
                    string importLibName = xexData.libNames[libIndex];
                    UInt32 importAddress = xexData.import_records[i];

                    var theAddress = new Address32(importAddress);
                    imports.Add(theAddress, new OrdinalImportReference(theAddress, importLibName, (int)importOrdinal, SymbolType.ExternalProcedure));
                }
            }
        }
Esempio n. 3
0
        private void LoadHeaders()
        {
            ImageData imageData = xexData;

            xexData.header = rdr.ReadStruct <XexHeader>();

            XexHeader header = xexData.header;

            switch (header.magic)
            {
            case XEX2_MAGIC:
            case XEX1_MAGIC:
                break;

            default:
                throw new BadImageFormatException("Invalid XEX Magic");
            }

            for (uint i = 0; i < header.header_count; i++)
            {
                bool add = true;
                XexOptionalHeader st_optionalHeader = rdr.ReadStruct <XexOptionalHeader>();
                OptionalHeader    optionalHeader    = new OptionalHeader(st_optionalHeader);

                switch ((byte)optionalHeader.key)
                {
                // just the data
                case 0x00:
                case 0x01:
                    optionalHeader.value  = optionalHeader.offset;
                    optionalHeader.offset = 0;
                    break;

                case 0xFF:
                    optionalHeader.length = rdr.ReadAt <UInt32>(optionalHeader.offset, (r) =>
                    {
                        return(r.ReadUInt32());
                    });
                    optionalHeader.offset += 4;

                    if (optionalHeader.length + optionalHeader.offset > rdr.Bytes.Length)
                    {
                        decompilerEventListener.Warn(
                            new NullCodeLocation(""),
                            $"Optional header {i} (0x{optionalHeader.key:X}) crosses file boundary. Will not be read"
                            );
                        add = false;
                    }
                    break;

                default:
                    optionalHeader.length = ((uint)(byte)optionalHeader.key) * 4;

                    if (optionalHeader.length + optionalHeader.offset > rdr.Bytes.Length)
                    {
                        decompilerEventListener.Warn(
                            new NullCodeLocation(""),
                            $"Optional header {i} (0x{optionalHeader.key:X}) crosses file boundary. Will not be read"
                            );
                        add = false;
                    }
                    break;
                }

                if (add)
                {
                    optional_headers.Add(optionalHeader);
                }
            }

            for (int i = 0; i < optional_headers.Count; i++)
            {
                OptionalHeader opt = optional_headers[i];

                // go to the header offset
                if (opt.length > 0 && opt.offset != 0)
                {
                    rdr.Offset = opt.offset;
                }

                // process the optional headers
                switch (opt.key)
                {
                case XEXHeaderKeys.XEX_HEADER_SYSTEM_FLAGS:
                    imageData.system_flags = (XEXSystemFlags)opt.value;
                    break;

                case XEXHeaderKeys.XEX_HEADER_RESOURCE_INFO:
                    uint count = (opt.length - 4) / 16;
                    xexData.resources = new List <XexResourceInfo>((int)count);

                    for (uint n = 0; n < count; n++)
                    {
                        xexData.resources.Insert(i, rdr.ReadStruct <XexResourceInfo>());
                    }
                    break;

                case XEXHeaderKeys.XEX_HEADER_EXECUTION_INFO:
                    imageData.execution_info = rdr.ReadStruct <XexExecutionInfo>();
                    break;

                case XEXHeaderKeys.XEX_HEADER_GAME_RATINGS:
                    break;

                case XEXHeaderKeys.XEX_HEADER_TLS_INFO:
                    imageData.tls_info = rdr.ReadStruct <XexTlsInfo>();
                    break;

                case XEXHeaderKeys.XEX_HEADER_IMAGE_BASE_ADDRESS:
                    imageData.exe_address = opt.value;
                    break;

                case XEXHeaderKeys.XEX_HEADER_ENTRY_POINT:
                    imageData.exe_entry_point = opt.value;
                    break;

                case XEXHeaderKeys.XEX_HEADER_DEFAULT_STACK_SIZE:
                    imageData.exe_stack_size = opt.value;
                    break;

                case XEXHeaderKeys.XEX_HEADER_DEFAULT_HEAP_SIZE:
                    imageData.exe_heap_size = opt.value;
                    break;

                case XEXHeaderKeys.XEX_HEADER_FILE_FORMAT_INFO:
                    XexEncryptionHeader encHeader = rdr.ReadStruct <XexEncryptionHeader>();

                    imageData.file_format_info.encryption_type  = encHeader.encryption_type;
                    imageData.file_format_info.compression_type = encHeader.compression_type;

                    switch (encHeader.compression_type)
                    {
                    case XEXCompressionType.XEX_COMPRESSION_NONE:
                        break;

                    case XEXCompressionType.XEX_COMPRESSION_DELTA:
                        throw new NotImplementedException("XEX: image::Binary is using unsupported delta compression");

                    case XEXCompressionType.XEX_COMPRESSION_BASIC:
                        uint block_count = (opt.length - 8) / 8;
                        imageData.file_format_info.basic_blocks = new List <XexFileBasicCompressionBlock>((int)block_count);

                        for (int ib = 0; ib < block_count; ib++)
                        {
                            imageData.file_format_info.basic_blocks.Insert(ib, rdr.ReadStruct <XexFileBasicCompressionBlock>());
                        }
                        break;

                    case XEXCompressionType.XEX_COMPRESSION_NORMAL:
                        imageData.file_format_info.normal = rdr.ReadStruct <XexFileNormalCompressionInfo>();
                        break;
                    }

                    if (encHeader.encryption_type != XEXEncryptionType.XEX_ENCRYPTION_NONE)
                    {
                        //
                    }
                    break;

                case XEXHeaderKeys.XEX_HEADER_IMPORT_LIBRARIES:
                    XexImportLibraryBlockHeader blockHeader = rdr.ReadStruct <XexImportLibraryBlockHeader>();

                    long string_table = rdr.Offset;
                    for (int j = 0; j < blockHeader.count; j++)
                    {
                        string name = rdr.ReadCString(PrimitiveType.Char, Encoding.ASCII).ToString();
                        imageData.libNames.Add(name);
                    }
                    rdr.Offset = string_table + blockHeader.string_table_size;

                    for (int m = 0; m < blockHeader.count; m++)
                    {
                        XexImportLibaryHeader imp_header = rdr.ReadStruct <XexImportLibaryHeader>();

                        string name       = null;
                        int    name_index = (byte)imp_header.name_index;
                        if (name_index < blockHeader.count)
                        {
                            name = imageData.libNames[name_index];
                        }

                        for (uint ri = 0; ri < imp_header.record_count; ++ri)
                        {
                            UInt32 recordEntry = rdr.ReadUInt32();
                            xexData.import_records.Add(recordEntry);
                        }
                    }
                    break;
                }
            }

            // load the loader info
            {
                rdr.Offset = header.security_offset;

                switch (header.magic)
                {
                case XEX1_MAGIC:
                    Xex1LoaderInfo info1 = rdr.ReadStruct <Xex1LoaderInfo>();
                    xexData.loader_info.aes_key = info1.aes_key;
                    break;

                case XEX2_MAGIC:
                    Xex2LoaderInfo info2 = rdr.ReadStruct <Xex2LoaderInfo>();
                    xexData.loader_info.aes_key = info2.aes_key;
                    break;
                }
            }

            // load the sections
            {
                rdr.Offset = header.security_offset + 0x180;

                UInt32 sectionCount = rdr.ReadUInt32();
                xexData.sections = new List <XexSection>((int)sectionCount);

                for (int si = 0; si < sectionCount; si++)
                {
                    xexData.sections.Insert(0, rdr.ReadStruct <XexSection>());
                }
            }

            // decrypt the XEX key
            {
                byte[] keyToUse = xe_xex2_devkit_key;
                if (header.magic != XEX1_MAGIC && xexData.execution_info.title_id != 0)
                {
                    keyToUse = xe_xex2_retail_key;
                }

                Rijndael aes = new RijndaelManaged()
                {
                    BlockSize = 128,
                    KeySize   = 128,
                    Mode      = CipherMode.ECB,
                    Key       = keyToUse,
                    Padding   = PaddingMode.None
                };

                xexData.session_key = aes
                                      .CreateDecryptor()
                                      .TransformFinalBlock(xexData.loader_info.aes_key, 0, 16);
                decompilerEventListener.Info(
                    new NullCodeLocation(""),
                    "XEX Session key: " + BitConverter.ToString(xexData.session_key).Replace("-", "")
                    );
            }
        }
Esempio n. 4
0
        private void LoadPEImage()
        {
            long fileDataSize = rdr.Bytes.Length - xexData.header.header_size;

            BeImageReader memRdr    = new BeImageReader(xexData.memoryData);
            DOSHeader     dosHeader = memRdr.ReadStruct <DOSHeader>();

            dosHeader.Validate();

            memRdr.Offset = dosHeader.e_lfanew;

            UInt32 peSignature = memRdr.ReadUInt32();

            if (peSignature != 0x50450000)
            {
                throw new BadImageFormatException("PE: Invalid or Missing PE Signature");
            }

            COFFHeader coffHeader = memRdr.ReadStruct <COFFHeader>();

            if (coffHeader.Machine != 0x1F2)
            {
                throw new BadImageFormatException($"PE: Machine type does not match Xbox360 (found 0x{coffHeader.Machine:X})");
            }

            if ((coffHeader.Characteristics & 0x0100) == 0)
            {
                throw new BadImageFormatException("PE: Only 32-bit images are supported");
            }

            if (coffHeader.SizeOfOptionalHeader != 224)
            {
                throw new BadImageFormatException($"PE: Invalid size of optional header (got {coffHeader.SizeOfOptionalHeader}");
            }

            PEOptHeader optHeader = memRdr.ReadStruct <PEOptHeader>();

            if (optHeader.signature != 0x10b)
            {
                throw new BadImageFormatException($"PE: Invalid signature of optional header (got 0x{optHeader.signature})");
            }

            if (optHeader.Subsystem != IMAGE_SUBSYSTEM_XBOX)
            {
                throw new BadImageFormatException($"PE: Invalid subsystem (got {optHeader.Subsystem})");
            }

            xexData.peHeader = optHeader;

            uint extendedMemorySize = 0;
            uint numSections        = coffHeader.NumberOfSections;

            List <PESection> peSections = new List <PESection>();

            for (uint i = 0; i < numSections; i++)
            {
                COFFSection section = memRdr.ReadStruct <COFFSection>();

                string sectionName = Encoding.ASCII.GetString(section.Name).Trim('\0');

                uint lastMemoryAddress = section.VirtualAddress + section.VirtualSize;
                if (lastMemoryAddress > extendedMemorySize)
                {
                    extendedMemorySize = lastMemoryAddress;
                }

                if (section.SizeOfRawData == 0)
                {
                    decompilerEventListener.Info(new NullCodeLocation(""),
                                                 $"Skipping empty section {sectionName}"
                                                 );
                    continue;
                }

                byte[] sectionData = memRdr.ReadAt <byte[]>(section.PointerToRawData, rdr => rdr.ReadBytes(section.SizeOfRawData));

                AccessMode acc = AccessMode.Read;
                if (section.Flags.HasFlag(PESectionFlags.IMAGE_SCN_MEM_WRITE))
                {
                    acc |= AccessMode.Write;
                }
                if (section.Flags.HasFlag(PESectionFlags.IMAGE_SCN_MEM_EXECUTE))
                {
                    acc |= AccessMode.Execute;
                }

                PESection managedSection = new PESection(section);
                peSections.Add(managedSection);

                ImageSegment seg = new ImageSegment(sectionName, new MemoryArea(
                                                        new Address32(managedSection.PhysicalOffset + xexData.exe_address), sectionData
                                                        ), acc);
                segments.Add(seg);
            }

            if (extendedMemorySize > xexData.memorySize)
            {
                decompilerEventListener.Info(new NullCodeLocation(""),
                                             $"PE: Image sections extend beyond virtual memory range loaded from file ({extendedMemorySize} > {xexData.memorySize}). Extending by {extendedMemorySize - xexData.memorySize} bytes."
                                             );

                UInt32 oldMemorySize = xexData.memorySize;

                byte[] newMemoryData = new byte[extendedMemorySize];
                Array.Copy(xexData.memoryData, newMemoryData, xexData.memorySize);
                xexData.memorySize = extendedMemorySize;
                xexData.memoryData = newMemoryData;

                for (int i = 0; i < peSections.Count; i++)
                {
                    PESection section = peSections[i];

                    if (section.PhysicalSize == 0)
                    {
                        continue;
                    }

                    if (section.PhysicalSize + section.PhysicalOffset > fileDataSize)
                    {
                        decompilerEventListener.Warn(new NullCodeLocation(""),
                                                     $"PE: Section '{section.Name}' lies outside any phyisical data we have {section.PhysicalOffset} (size {section.PhysicalSize})"
                                                     );
                        continue;
                    }

                    if (section.VirtualOffset >= oldMemorySize)
                    {
                        uint sizeToCopy = section.PhysicalSize;
                        if (section.VirtualSize < sizeToCopy)
                        {
                            sizeToCopy = section.VirtualSize;
                        }

                        Array.Copy(
                            xexData.memoryData, section.PhysicalOffset,
                            newMemoryData, section.VirtualOffset,
                            sizeToCopy);
                    }
                }
            }
        }