public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var __const = sections.First(x => x.section_name == "__const"); var __const2 = sections.Last(x => x.section_name == "__const"); var __text = sections.First(x => x.section_name == "__text"); var __common = sections.First(x => x.section_name == "__common"); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(__const, __const2); plusSearch.SetPointerRangeFirst(__const2, __const2); plusSearch.SetPointerRangeSecond(__text); var codeRegistration = plusSearch.FindCodeRegistration(); if (version == 16) { Console.WriteLine("WARNING: Version 16 can only get CodeRegistration"); Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); return(false); } plusSearch.SetPointerRangeSecond(__common); var metadataRegistration = plusSearch.FindMetadataRegistration(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (!isDump && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss"))) { Console.WriteLine("ERROR: This file has been protected."); } var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf32_Phdr>(); var execList = new List <Elf32_Phdr>(); foreach (var phdr in program_table.Where(x => x.p_type == 1u)) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); if (isDump) { plusSearch.SetPointerRangeSecond(dumpAddr, exec); } else { plusSearch.SetPointerRangeSecond(exec); } var codeRegistration = plusSearch.FindCodeRegistration(); if (isDump) { plusSearch.SetPointerRangeSecond(dumpAddr, data); } else { plusSearch.SetPointerRangeSecond(data); } var metadataRegistration = plusSearch.FindMetadataRegistration(); return(AutoInit(codeRegistration, metadataRegistration)); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(header.DataSegment); plusSearch.SetPointerRangeFirst(header.DataSegment); plusSearch.SetPointerRangeSecond(header.TextSegment); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(header.BssSegment); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); return(AutoInit(codeRegistration, metadataRegistration)); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var execList = new List <SectionHeader>(); var dataList = new List <SectionHeader>(); foreach (var section in sections) { switch (section.Characteristics) { case 0x60000020: execList.Add(section); break; case 0x40000040: case 0xC0000040: dataList.Add(section); break; } } ulong codeRegistration; ulong metadataRegistration; var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(imageBase, data); plusSearch.SetPointerRangeFirst(imageBase, data); plusSearch.SetPointerRangeSecond(imageBase, exec); if (is32Bit) { codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(imageBase, data); metadataRegistration = plusSearch.FindMetadataRegistration(); } else { codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(imageBase, data); metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); } if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var data = sections.Where(x => x.sectname == "__const").ToArray(); var code = sections.Where(x => x.flags == 0x80000400).ToArray(); var bss = sections.Where(x => x.flags == 1u).ToArray(); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(code); var codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(bss); var metadataRegistration = plusSearch.FindMetadataRegistration(); return AutoInit(codeRegistration, metadataRegistration); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf64_Phdr>(); var execList = new List <Elf64_Phdr>(); foreach (var phdr in program_table) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(header.DataSegment); plusSearch.SetPointerRangeFirst(header.DataSegment); plusSearch.SetPointerRangeSecond(header.TextSegment); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(header.BssSegment); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (sections.Any(x => x.Name == ".text") && sections.Any(x => x.Name == ".data") && sections.Any(x => x.Name == ".rdata")) { var text = sections.First(x => x.Name == ".text"); var data = sections.First(x => x.Name == ".data"); var rdata = sections.First(x => x.Name == ".rdata"); ulong codeRegistration; ulong metadataRegistration; var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(imageBase, data, rdata); plusSearch.SetPointerRangeFirst(imageBase, data, rdata); plusSearch.SetPointerRangeSecond(imageBase, text); if (is32Bit) { codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(imageBase, data, rdata); metadataRegistration = plusSearch.FindMetadataRegistration(); } else { codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(imageBase, data, rdata); metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); } if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { Console.WriteLine("ERROR: The necessary section is missing."); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss")) { var datarelro = sectionWithName[".data.rel.ro"]; var text = sectionWithName[".text"]; var bss = sectionWithName[".bss"]; sectionWithName.TryGetValue(".data.rel.ro.local", out var datarelrolocal); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(datarelro, datarelrolocal); plusSearch.SetPointerRangeFirst(datarelro, datarelrolocal); plusSearch.SetPointerRangeSecond(text); var codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(bss); var metadataRegistration = plusSearch.FindMetadataRegistration(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf32_Phdr>(); var execList = new List <Elf32_Phdr>(); foreach (var phdr in program_table) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } return(false); }