private uint FindReference(uint pointer, Elf32_Shdr search)
{
var searchend = search.sh_offset + search.sh_size;
Position = search.sh_offset;
while (Position < searchend)
{
if (ReadUInt32() == pointer)
{
return((uint)Position - search.sh_offset + search.sh_addr); //VirtualAddress
}
}
return(0);
}
private uint FindCodeRegistration(int count, Elf32_Shdr search, Elf32_Shdr search2, Elf32_Shdr range)
{
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
var search2end = search2 == null ? 0 : search2.sh_offset + search2.sh_size;
Position = search.sh_offset;
while (Position < searchend)
{
var add = Position;
if (ReadUInt32() == count)
{
try
{
uint pointers = MapVATR(ReadUInt32());
if (pointers >= search.sh_offset && pointers <= searchend)
{
var np = Position;
var temp = ReadClassArray <uint>(pointers, count);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r == -1)
{
return((uint)add - search.sh_offset + search.sh_addr); //VirtualAddress
}
Position = np;
}
else if (search2 != null && pointers >= search2.sh_offset && pointers <= search2end)
{
var np = Position;
var temp = ReadClassArray <uint>(pointers, count);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r == -1)
{
return((uint)add - search.sh_offset + search.sh_addr); //VirtualAddress
}
Position = np;
}
}
catch
{
// ignored
}
}
}
return(0);
}
private uint FindMetadataRegistration(int typeDefinitionsCount, Elf32_Shdr search, Elf32_Shdr search2, Elf32_Shdr range)
{
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
var search2end = search2 == null ? 0 : search2.sh_offset + search2.sh_size;
Position = search.sh_offset;
while (Position < searchend)
{
var add = Position;
if (ReadUInt32() == typeDefinitionsCount)
{
try
{
var np = Position;
Position += 8;
uint pointers = MapVATR(ReadUInt32());
if (pointers >= search.sh_offset && pointers <= searchend)
{
var temp = ReadClassArray <uint>(pointers, maxmetadataUsages);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r == -1)
{
return((uint)add - 48u - search.sh_offset + search.sh_addr);//MapRATV
}
}
else if (search2 != null && pointers >= search2.sh_offset && pointers <= search2end)
{
var temp = ReadClassArray <uint>(pointers, maxmetadataUsages);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r == -1)
{
return((uint)add - 48u - search.sh_offset + search.sh_addr);//MapRATV
}
}
Position = np;
}
catch
{
// ignored
}
}
}
return(0);
}
private uint FindPointersDesc(long readCount, Elf32_Shdr search, Elf32_Shdr range)
{
var add = 0;
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
while (searchend + add > search.sh_offset)
{
var temp = ReadClassArray <int>(searchend + add - 4 * readCount, readCount);
var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r != -1)
{
add -= (int)((readCount - r) * 4);
}
else
{
return((uint)(search.sh_addr + search.sh_size + add - 4 * readCount)); //VirtualAddress
}
}
return(0);
}
private uint FindPointersAsc(long readCount, Elf32_Shdr search, Elf32_Shdr range)
{
var add = 0;
var searchend = search.sh_offset + search.sh_size;
var rangeend = range.sh_addr + range.sh_size;
while (search.sh_offset + add < searchend)
{
var temp = ReadClassArray <int>(search.sh_offset + add, readCount);
var r = Array.FindLastIndex(temp, x => x <range.sh_addr || x> rangeend);
if (r != -1)
{
add += ++r * 4;
}
else
{
return(search.sh_addr + (uint)add); //VirtualAddress
}
}
return(0);
}
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
{
var datarelro = sectionWithName[".data.rel.ro"];
var text = sectionWithName[".text"];
var bss = sectionWithName[".bss"];
Elf32_Shdr datarelrolocal = null;
if (sectionWithName.ContainsKey(".data.rel.ro.local"))
{
datarelrolocal = sectionWithName[".data.rel.ro.local"];
}
uint codeRegistration = 0;
uint metadataRegistration = 0;
codeRegistration = FindCodeRegistration(methodCount, datarelro, datarelrolocal, text);
if (codeRegistration == 0 && datarelrolocal != null)
{
codeRegistration = FindCodeRegistration(methodCount, datarelrolocal, datarelrolocal, text);
}
metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, maxmetadataUsages, datarelro, datarelrolocal, bss);
if (metadataRegistration == 0 && datarelrolocal != null)
{
metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, maxmetadataUsages, datarelrolocal, datarelrolocal, bss);
}
if (codeRegistration != 0 && metadataRegistration != 0)
{
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
Console.WriteLine("ERROR: The necessary section is missing.");
}
return(false);
}
public override bool AdvancedSearch(int methodCount)
{
if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
{
var datarelro = sectionWithName[".data.rel.ro"];
var text = sectionWithName[".text"];
var bss = sectionWithName[".bss"];
uint codeRegistration = 0;
uint metadataRegistration = 0;
Elf32_Shdr datarelrolocal = null;
if (sectionWithName.ContainsKey(".data.rel.ro.local"))
{
datarelrolocal = sectionWithName[".data.rel.ro.local"];
}
var pmethodPointers = FindPointersAsc(methodCount, datarelro, text);
if (pmethodPointers == 0 && datarelrolocal != null)
{
pmethodPointers = FindPointersAsc(methodCount, datarelrolocal, text);
}
if (pmethodPointers != 0)
{
codeRegistration = FindReference(pmethodPointers, datarelro);
if (codeRegistration == 0 && datarelrolocal != null)
{
codeRegistration = FindReference(pmethodPointers, datarelrolocal);
}
if (codeRegistration == 0)
{
pmethodPointers = FindPointersDesc(methodCount, datarelro, text);
if (pmethodPointers == 0 && datarelrolocal != null)
{
pmethodPointers = FindPointersDesc(methodCount, datarelrolocal, text);
}
if (pmethodPointers != 0)
{
codeRegistration = FindReference(pmethodPointers, datarelro);
if (codeRegistration == 0 && datarelrolocal != null)
{
codeRegistration = FindReference(pmethodPointers, datarelrolocal);
}
}
}
}
var pmetadataUsages = FindPointersAsc(maxMetadataUsages, datarelro, bss);
if (pmetadataUsages == 0 && datarelrolocal != null)
{
pmetadataUsages = FindPointersAsc(maxMetadataUsages, datarelrolocal, bss);
}
if (pmetadataUsages != 0)
{
metadataRegistration = FindReference(pmetadataUsages, datarelro);
if (metadataRegistration == 0 && datarelrolocal != null)
{
metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
}
if (metadataRegistration == 0)
{
pmetadataUsages = FindPointersDesc(maxMetadataUsages, datarelro, bss);
if (pmetadataUsages == 0 && datarelrolocal != null)
{
pmetadataUsages = FindPointersDesc(maxMetadataUsages, datarelrolocal, bss);
}
if (pmetadataUsages != 0)
{
metadataRegistration = FindReference(pmetadataUsages, datarelro);
if (metadataRegistration == 0 && datarelrolocal != null)
{
metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
}
}
}
}
if (codeRegistration != 0 && metadataRegistration != 0)
{
codeRegistration -= 8u;
metadataRegistration -= 64u;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else
{
Console.WriteLine("ERROR: This file has been protected.");
}
return(false);
}
public override bool Search()
{
if (version < 21)
{
Console.WriteLine("ERROR: Auto mode not support this version.");
return(false);
}
//取.dynamic
var dynamic = new Elf32_Shdr();
var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);
dynamic.sh_offset = PT_DYNAMIC.p_offset;
dynamic.sh_size = PT_DYNAMIC.p_filesz;
//从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
uint _GLOBAL_OFFSET_TABLE_ = 0;
var init_array = new Elf32_Shdr();
Position = dynamic.sh_offset;
var dynamicend = dynamic.sh_offset + dynamic.sh_size;
while (Position < dynamicend)
{
var tag = ReadInt32();
switch (tag)
{
case 3:
_GLOBAL_OFFSET_TABLE_ = ReadUInt32();
break;
case 25:
init_array.sh_offset = MapVATR(ReadUInt32());
break;
case 27:
init_array.sh_size = ReadUInt32();
break;
default:
Position += 4;
break;
}
}
if (_GLOBAL_OFFSET_TABLE_ != 0)
{
//从.init_array获取函数
var addrs = ReadClassArray <uint>(init_array.sh_offset, init_array.sh_size / 4u);
foreach (var i in addrs)
{
if (i > 0)
{
Position = i;
if (elf_header.e_machine == 0x28) //ARM
{
var buff = ReadBytes(12);
if (ARMFeatureBytes.SequenceEqual(buff))
{
Position = i + 0x2c;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x28;
codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x2C;
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
metadataRegistration = ReadUInt32();
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else if (elf_header.e_machine == 0x3) //x86
{
Position = i + 22;
var buff = ReadBytes(2);
if (X86FeatureBytes1.SequenceEqual(buff))
{
Position = i + 28;
buff = ReadBytes(6);
if (X86FeatureBytes2.SequenceEqual(buff))
{
Position = i + 0x18;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x2C;
codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x20;
var temp = ReadUInt16();
metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
if (temp == 0x838B)//mov
{
Position = MapVATR(metadataRegistration);
metadataRegistration = ReadUInt32();
}
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
}
else
{
Console.WriteLine("ERROR: Automatic processing does not support this ELF file.");
}
}
}
}
else
{
Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
}
return(false);
}
private bool Searchv21()
{
//取.dynamic
var dynamic = new Elf32_Shdr();
var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);
dynamic.sh_offset = PT_DYNAMIC.p_offset;
dynamic.sh_size = PT_DYNAMIC.p_filesz;
//从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
uint _GLOBAL_OFFSET_TABLE_ = 0;
var init_array = new Elf32_Shdr();
Position = dynamic.sh_offset;
var dynamicend = dynamic.sh_offset + dynamic.sh_size;
while (Position < dynamicend)
{
var tag = ReadInt32();
if (tag == 3)//DT_PLTGOT
{
_GLOBAL_OFFSET_TABLE_ = ReadUInt32();
}
else if (tag == 25)//DT_INIT_ARRAY
{
init_array.sh_offset = MapVATR(ReadUInt32());
}
else if (tag == 27)//DT_INIT_ARRAYSZ
{
init_array.sh_size = ReadUInt32();
}
else
{
Position += 4;//skip
}
}
if (_GLOBAL_OFFSET_TABLE_ != 0)
{
//从.init_array获取函数
var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4);
foreach (var i in addrs)
{
if (i > 0)
{
Position = i;
if (elf_header.e_machine == 0x28)
{
var buff = ReadBytes(12);
if (ARMFeatureBytes.SequenceEqual(buff))
{
Position = i + 0x2c;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x28;
var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x2C;
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
var metadataRegistration = ReadUInt32();
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
else if (elf_header.e_machine == 0x3)
{
Position = i + 22;
var buff = ReadBytes(2);
if (X86FeatureBytes1.SequenceEqual(buff))
{
Position = i + 28;
buff = ReadBytes(6);
if (X86FeatureBytes2.SequenceEqual(buff))
{
Position = i + 0x18;
var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = subaddr + 0x2C;
var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
Position = subaddr + 0x20;
var temp = ReadUInt16();
uint metadataRegistration;
if (temp == 0x838D)//lea
{
metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
}
else//mov
{
var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
Position = MapVATR(ptr);
metadataRegistration = ReadUInt32();
}
Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
Init(codeRegistration, metadataRegistration);
return(true);
}
}
}
else
{
Console.WriteLine("ERROR: Automatic processing does not support this ELF file.");
}
}
}
}
else
{
Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
}
return(false);
}
