private uint FindReference(uint pointer, elf_32_shdr search) { var searchend = search.sh_offset + search.sh_size; Position = search.sh_offset; while (Position < searchend) { if (ReadUInt32() == pointer) { return((uint)Position - search.sh_offset + search.sh_addr);//MapRATV } } return(0); }
private uint FindPointersDesc(long readCount, elf_32_shdr search, elf_32_shdr range) { var add = 0; var searchend = search.sh_offset + search.sh_size; var rangeend = range.sh_addr + range.sh_size; while (searchend + add > search.sh_offset) { var temp = ReadClassArray <int>(searchend + add - 4 * readCount, readCount); var r = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend); if (r != -1) { add -= (int)((readCount - r) * 4); } else { return((uint)(search.sh_addr + search.sh_size + add - 4 * readCount));//MapRATV } } return(0); }
private uint FindPointersAsc(long readCount, elf_32_shdr search, elf_32_shdr range) { var add = 0; var searchend = search.sh_offset + search.sh_size; var rangeend = range.sh_addr + range.sh_size; while (search.sh_offset + add < searchend) { var temp = ReadClassArray <int>(search.sh_offset + add, readCount); var r = Array.FindLastIndex(temp, x => x <range.sh_addr || x> rangeend); if (r != -1) { add += ++r * 4; } else { return(search.sh_addr + (uint)add);//MapRATV } } return(0); }
private bool Searchv21() { //取.dynamic var dynamic = new elf_32_shdr(); var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u); dynamic.sh_offset = PT_DYNAMIC.p_offset; dynamic.sh_size = PT_DYNAMIC.p_filesz; //从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array uint _GLOBAL_OFFSET_TABLE_ = 0; var init_array = new elf_32_shdr(); Position = dynamic.sh_offset; var dynamicend = dynamic.sh_offset + dynamic.sh_size; while (Position < dynamicend) { var tag = ReadInt32(); if (tag == 3)//DT_PLTGOT { _GLOBAL_OFFSET_TABLE_ = ReadUInt32(); } else if (tag == 25)//DT_INIT_ARRAY { init_array.sh_offset = MapVATR(ReadUInt32()); } else if (tag == 27)//DT_INIT_ARRAYSZ { init_array.sh_size = ReadUInt32(); } else { Position += 4;//skip } } if (_GLOBAL_OFFSET_TABLE_ != 0) { //从.init_array获取函数 var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4); foreach (var i in addrs) { if (i > 0) { Position = i; if (elf_header.e_machine == 0x28) { var buff = ReadBytes(12); if (ARMFeatureBytes.SequenceEqual(buff)) { Position = i + 0x2c; var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = subaddr + 0x28; var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Position = subaddr + 0x2C; var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = MapVATR(ptr); var metadataRegistration = ReadUInt32(); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else if (elf_header.e_machine == 0x3) { var buff = ReadBytes(16); if (X86FeatureBytes.SequenceEqual(buff)) { Position = i + 0x18; var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = subaddr + 0x2C; var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Position = subaddr + 0x22; var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = MapVATR(ptr); var metadataRegistration = ReadUInt32(); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { Console.WriteLine("ERROR: Automatic processing does not support this ELF file."); } } } } else { Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC."); } return(false); }
public bool Auto() { //函数特征码 var bytes = new byte[] { 0x1c, 0x0, 0x9f, 0xe5, 0x1c, 0x10, 0x9f, 0xe5, 0x1c, 0x20, 0x9f, 0xe5 }; //取.dynamic var dynamic = new elf_32_shdr(); var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u); dynamic.sh_offset = PT_DYNAMIC.p_offset; dynamic.sh_size = PT_DYNAMIC.p_filesz; //从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array uint _GLOBAL_OFFSET_TABLE_ = 0; var init_array = new elf_32_shdr(); Position = dynamic.sh_offset; var dynamicend = dynamic.sh_offset + dynamic.sh_size; while (Position < dynamicend) { var tag = ReadInt32(); if (tag == 3)//DT_PLTGOT { _GLOBAL_OFFSET_TABLE_ = ReadUInt32(); continue; } else if (tag == 25)//DT_INIT_ARRAY { init_array.sh_offset = MapVATR(ReadUInt32()); continue; } else if (tag == 27)//DT_INIT_ARRAYSZ { init_array.sh_size = ReadUInt32(); continue; } Position += 4; } if (_GLOBAL_OFFSET_TABLE_ != 0) { //从.init_array获取函数 var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4); foreach (var i in addrs) { if (i != 0) { Position = i; var buff = ReadBytes(12); if (bytes.SequenceEqual(buff)) { Position = i + 0x2c; var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = subaddr + 0x28; var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Position = subaddr + 0x2C; var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = MapVATR(ptr); var metadataRegistration = ReadUInt32(); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } } } else { Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC."); } return(false); }
public override bool AdvancedSearch(int methodCount) { if (sectionWithName != null) { if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss")) { var datarelro = sectionWithName[".data.rel.ro"]; var text = sectionWithName[".text"]; var bss = sectionWithName[".bss"]; elf_32_shdr datarelrolocal = null; if (sectionWithName.ContainsKey(".data.rel.ro.local")) { datarelrolocal = sectionWithName[".data.rel.ro.local"]; } uint codeRegistration = 0; uint metadataRegistration = 0; var pmethodPointers = FindPointersAsc(methodCount, datarelro, text); if (pmethodPointers == 0 && datarelrolocal != null) { pmethodPointers = FindPointersAsc(methodCount, datarelrolocal, text); } if (pmethodPointers != 0) { codeRegistration = FindReference(pmethodPointers, datarelro); if (codeRegistration == 0 && datarelrolocal != null) { codeRegistration = FindReference(pmethodPointers, datarelrolocal); } if (codeRegistration == 0) { pmethodPointers = FindPointersDesc(methodCount, datarelro, text); if (pmethodPointers == 0 && datarelrolocal != null) { pmethodPointers = FindPointersDesc(methodCount, datarelrolocal, text); } if (pmethodPointers != 0) { codeRegistration = FindReference(pmethodPointers, datarelro); if (codeRegistration == 0 && datarelrolocal != null) { codeRegistration = FindReference(pmethodPointers, datarelrolocal); } } } } var pmetadataUsages = FindPointersAsc(maxmetadataUsages, datarelro, bss); if (pmetadataUsages == 0 && datarelrolocal != null) { pmetadataUsages = FindPointersAsc(maxmetadataUsages, datarelrolocal, bss); } if (pmetadataUsages != 0) { metadataRegistration = FindReference(pmetadataUsages, datarelro); if (metadataRegistration == 0 && datarelrolocal != null) { metadataRegistration = FindReference(pmetadataUsages, datarelrolocal); } if (metadataRegistration == 0) { pmetadataUsages = FindPointersDesc(maxmetadataUsages, datarelro, bss); if (pmetadataUsages == 0 && datarelrolocal != null) { pmetadataUsages = FindPointersDesc(maxmetadataUsages, datarelrolocal, bss); } if (pmetadataUsages != 0) { metadataRegistration = FindReference(pmetadataUsages, datarelro); if (metadataRegistration == 0 && datarelrolocal != null) { metadataRegistration = FindReference(pmetadataUsages, datarelrolocal); } } } } if (codeRegistration != 0 && metadataRegistration != 0) { codeRegistration -= 8u; metadataRegistration -= 64u; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { Console.WriteLine("ERROR: The necessary section is missing."); } } return(false); }