//static Action<int> Test; static void Main2(string[] args) { /* Test = (a) => { }; */ var CpuContext = new CpuContext(); var ThreadContext = new ThreadContext(CpuContext); Console.SetWindowSize(160, 60); var Loader = new Win32PeLoader(); if (args.Length > 0) { Loader.Load(File.OpenRead(args[0]), ThreadContext); } else { //Loader.Load(File.OpenRead(@"..\..\..\Samples\test.exe"), ThreadContext); Loader.Load(@"c:\dev\tcc\test.exe", ThreadContext); } //Console.WriteLine("$$ {0}", ThreadContext); while (true) { var Method = CpuContext.GetMethod(ThreadContext.PC); Method(ThreadContext); } }
public void printf(ThreadContext ThreadContext) { int StackPos = 1; var Format = ThreadContext.MemoryStream.SliceWithLength(ThreadContext.ReadStack(StackPos++)).ReadStringz(); var Str = ""; for (int n = 0; n < Format.Length; n++) { if (Format[n] == '%') { switch (Format[n + 1]) { case 'd': Str += ThreadContext.ReadStack(StackPos++).ToString(); n++; break; default: throw(new InvalidOperationException("Invalid format!")); } } else { Str += Format[n]; } } Console.Write("{0}", Str); }
public void TestMethod1() { var CpuContext = new CpuContext(); var ThreadContext = new ThreadContext(CpuContext); var MethodGenerator = new MethodGenerator(); var Method = MethodGenerator.GenerateMethod(CpuContext, new MemoryStream(new byte[] { 0x50 })); Method(ThreadContext); }
/// <summary> /// int __getmainargs(int * _Argc, char *** _Argv, char *** _Env, int _DoWildCard, _startupinfo * _StartInfo); /// </summary> /// <param name="ThreadContext"></param> public void __getmainargs(ThreadContext ThreadContext) { var ArgcPtr = ThreadContext.ReadStack(1); var ArgvPtr = ThreadContext.ReadStack(2); var EnvPtr = ThreadContext.ReadStack(3); var DoWildCard = ThreadContext.ReadStack(4); var StartInfo = ThreadContext.ReadStack(5); ThreadContext.Memory.Write4(ArgcPtr, 0); ThreadContext.Memory.Write4(ArgvPtr, 0); }
public void Load(Stream Stream, ThreadContext ThreadContext) { var Memory = ThreadContext.CpuContext.Memory; var DosHeader = Stream.ReadStruct<IMAGE_DOS_HEADER>(); Stream.Position = DosHeader.AddressOfNewExeHeader; var NtHeader = Stream.ReadStruct<IMAGE_NT_HEADERS>(); int len = NtHeader.OptionalHeader.NumberOfRvaAndSizes; if (len >= 1) Export = Stream.ReadStruct<DATA_DIR>(); if (len >= 2) Import = Stream.ReadStruct<DATA_DIR>(); if (len >= 3) Resource = Stream.ReadStruct<DATA_DIR>(); if (len >= 4) Exception = Stream.ReadStruct<DATA_DIR>(); if (len >= 5) Security = Stream.ReadStruct<DATA_DIR>(); if (len >= 6) BaseRelocationTable = Stream.ReadStruct<DATA_DIR>(); if (len >= 7) DebugDirectory = Stream.ReadStruct<DATA_DIR>(); if (len >= 8) CopyrightOrArchitectureSpecificData = Stream.ReadStruct<DATA_DIR>(); if (len >= 9) GlobalPtr = Stream.ReadStruct<DATA_DIR>(); if (len >= 10) TLSDirectory = Stream.ReadStruct<DATA_DIR>(); if (len >= 11) LoadConfigurationDirectory = Stream.ReadStruct<DATA_DIR>(); if (len >= 12) BoundImportDirectory = Stream.ReadStruct<DATA_DIR>(); if (len >= 13) ImportAddressTable = Stream.ReadStruct<DATA_DIR>(); if (len >= 14) DelayLoadImportDescriptors = Stream.ReadStruct<DATA_DIR>(); if (len >= 15) COMRuntimedescriptor = Stream.ReadStruct<DATA_DIR>(); if (len >= 16) Reserved = Stream.ReadStruct<DATA_DIR>(); var Sections = new List<IMAGE_SECTION_HEADER>(); for (int n = 0; n < NtHeader.FileHeader.NumberOfSections; n++) { Sections.Add(Stream.ReadStruct<IMAGE_SECTION_HEADER>()); } var ImageBase = NtHeader.OptionalHeader.ImageBase; foreach (var Section in Sections) { Stream.Position = Section.PointerToRawData; var Data = new byte[Section.VirtualSize]; Stream.Read(Data, 0, Data.Length); Memory.Write(ImageBase + Section.VirtualAddress, Data); } ThreadContext.PC = ImageBase + NtHeader.OptionalHeader.AddressOfEntryPoint; ThreadContext.ESP = (uint)(Memory.AllocStack(NtHeader.OptionalHeader.SizeOfStackReserve) + NtHeader.OptionalHeader.SizeOfStackReserve); var VirtualStream = Memory.GetStream().SliceWithLength(ImageBase); VirtualStream.Position = Import.VirtualAddress; var ImportDirectoryCount = Import.Size / Marshal.SizeOf(typeof(IMPORT_DIRECTORY_TABLE)); for (int n = 0; n < ImportDirectoryCount; n++) { var ImportDirectory = VirtualStream.ReadStruct<IMPORT_DIRECTORY_TABLE>(); if (ImportDirectory.NameRVA != 0) { var DllName = VirtualStream.SliceWithLength(ImportDirectory.NameRVA).ReadStringz(); var Imports = VirtualStream.SliceWithLength(ImportDirectory.ImportLookupTableRVA); var ImportsReader = new BinaryReader(Imports); uint POS = ImportDirectory.ImportAddressTableRVA; uint JumpAddress = 0x100; while (true) { var ImportLookupAddress = ImportsReader.ReadUInt32(); if (ImportLookupAddress == 0) break; var ImportLookupStream = VirtualStream.SliceWithLength(ImportLookupAddress); ImportLookupStream.ReadByte(); ImportLookupStream.ReadByte(); var Name = ImportLookupStream.ReadStringz(); //Console.WriteLine("{0} : 0x{1:X} : {2} <-- 0x{3:X}", DllName, POS, Name, JumpAddress); new BinaryWriter(VirtualStream.SliceWithLength(POS)).Write((uint)JumpAddress); var JumpStream = new BinaryWriter(Memory.GetStream().SliceWithLength(JumpAddress)); JumpStream.Write(new byte[] { 0xCD, 0x01 }); JumpStream.Write((uint)JumpAddress); ThreadContext.CpuContext.NativeMethodInfoList[JumpAddress] = CreateNativeMethodInfo(DllName, Name); POS += 4; JumpAddress += 6; } } } //Console.WriteLine(DosHeader.Magic); //BinaryFormatter BinaryFormatter = new BinaryFormatter(); //var Header = (IMAGE_DOS_HEADER)BinaryFormatter.Deserialize(Stream); //Marshal.StructureToPtr }
public void Load(string FileName, ThreadContext ThreadContext) { Load(new MemoryStream(File.ReadAllBytes(FileName)), ThreadContext); }
public void __set_app_type(ThreadContext ThreadContext) { //Console.WriteLine("__set_app_type: {0}", (AppType)ThreadContext.ReadStack(1)); }
public void _controlfp(ThreadContext ThreadContext) { var New = ThreadContext.ReadStack(1); var Mask = ThreadContext.ReadStack(2); //Console.WriteLine("_controlfp (New=0x{0:X}, Mask=0x{1:X})", New, Mask); }
public void exit(ThreadContext ThreadContext) { //throw (new X86HaltException()); Console.ReadKey(); Environment.Exit(0); }