예제 #1
0
        //recursively descend through resource directory structure
        //resource directories are 3 levels deep by Microsoft convention:
        //level 1 : resource type
        //level 2 : resource name str/id num
        //level 3 : language (aka code page)
        private void parseResourceDirectory(BinaryIn source, int level)
        {
            //parse IMAGE_RESOURCE_DIRECTORY
            uint characteristics = source.getFour();    //unused
            uint timeDateStamp = source.getFour();
            uint majorVersion = source.getTwo();
            uint minorVersion = source.getTwo();
            uint numberOfNamedEntries = source.getTwo();
            uint numberOfIdEntries = source.getTwo();
            int entryCount = (int)(numberOfNamedEntries + numberOfIdEntries);

            for (int i = 0; i < entryCount; i++)
            {
                uint idName = source.getFour();         //either numeric val or a ptr to name str
                uint data = source.getFour();           //either ptr to subdir or a leaf node
                resIdNameValues[level] = idName;        //store id/name val at this level

                uint curPos = source.getPos();          //save cur pos in resource directory
                uint dataPos = (data & 0x7FFFFFFF);
                source.seek(dataPos);                   //goto leaf/subtree data

                if (data < 0x80000000)                                  //high bit not set -> data points to leaf node
                {
                    parseResourceData(source);                    
                }
                else
                {                                                       //high bit is set -> data points to subtree
                    parseResourceDirectory(source, level + 1);          //recurse next subtree
                }   

                source.seek(curPos);        //ret to pos in resource directory
            }
        }
예제 #2
0
        //- reading in ----------------------------------------------------------------

        public static CoffSection readSection(BinaryIn source)
        {
            string      name = source.getAsciiString(8);
            CoffSection sec  = new CoffSection(name);

            sec.memSize  = source.getFour();
            sec.memPos   = source.getFour();
            sec.fileSize = source.getFour();
            sec.filePos  = source.getFour();

            sec.relocTblPos = source.getFour();
            uint skip1 = source.getFour();              //line numbers are deprecated

            sec.relocTblCount = source.getTwo();
            uint skip2 = source.getTwo();

            uint flagval = source.getFour();

            sec.settings = SectionSettings.decodeFlags(flagval);

            uint mark = source.getPos();

            source.seek(sec.filePos);
            byte[] secdata = source.getRange(sec.fileSize);
            sec.data = new List <byte>(secdata);
            source.seek(mark);

            return(sec);
        }
예제 #3
0
 public static ResImageGroupDataEntry parseData(BinaryIn src)
 {
     ResImageGroupDataEntry cgdata = new ResImageGroupDataEntry();
     cgdata.bWidth = src.getOne();
     cgdata.bHeight = src.getOne();
     cgdata.bColorCount = src.getOne();
     uint res = src.getOne();
     cgdata.wPlanes = src.getTwo();
     cgdata.wBitCount = src.getTwo();
     cgdata.dwBytesInRes = src.getFour();
     cgdata.nID = src.getTwo();
     cgdata.image = null;
     return cgdata;
 }
예제 #4
0
 public static ResImageGroupData parseData(byte[] resdata)
 {
     ResImageGroupData igdata = new ResImageGroupData();
     BinaryIn src = new BinaryIn(resdata);
     uint res = src.getTwo();                
     uint type = src.getTwo();
     int count = (int)src.getTwo();
     igdata.entries = new List<ResImageGroupDataEntry>(count);
     for (int i = 0; i < count; i++)
     {
         ResImageGroupDataEntry igentry = ResImageGroupDataEntry.parseData(src);
         igdata.entries.Add(igentry);
     }
     return igdata;
 }
예제 #5
0
        private void readOptionalHeader(BinaryIn source)
        {
            magicNum                = source.getTwo();
            majorLinkerVersion      = source.getOne();
            minorLinkerVersion      = source.getOne();
            sizeOfCode              = source.getFour();
            sizeOfInitializedData   = source.getFour();
            sizeOfUninitializedData = source.getFour();
            addressOfEntryPoint     = source.getFour();
            baseOfCode              = source.getFour();
            baseOfData              = source.getFour();
            imageBase               = source.getFour();
            memAlignment            = source.getFour();
            fileAlignment           = source.getFour();
            majorOSVersion          = source.getTwo();
            minorOSVersion          = source.getTwo();
            majorImageVersion       = source.getTwo();
            minorImageVersion       = source.getTwo();
            majorSubsystemVersion   = source.getTwo();
            minorSubsystemVersion   = source.getTwo();
            win32VersionValue       = source.getFour();
            sizeOfImage             = source.getFour();
            sizeOfHeaders           = source.getFour();
            checksum                = source.getFour();
            subsystem               = source.getTwo();
            dLLCharacteristics      = source.getTwo();
            sizeOfStackReserve      = source.getFour();
            sizeOfStackCommit       = source.getFour();
            sizeOfHeapReserve       = source.getFour();
            sizeOfHeapCommit        = source.getFour();
            loaderFlags             = source.getFour();
            numberOfRvaAndSizes     = source.getFour();

            dExportTable            = DataDirectory.readIn(source);
            dImportTable            = DataDirectory.readIn(source);
            dResourceTable          = DataDirectory.readIn(source);
            exceptionTable          = DataDirectory.readIn(source);
            certificatesTable       = DataDirectory.readIn(source);
            baseRelocationTable     = DataDirectory.readIn(source);
            debugTable              = DataDirectory.readIn(source);
            architecture            = DataDirectory.readIn(source);
            globalPtr               = DataDirectory.readIn(source);
            threadLocalStorageTable = DataDirectory.readIn(source);
            loadConfigurationTable  = DataDirectory.readIn(source);
            boundImportTable        = DataDirectory.readIn(source);
            importAddressTable      = DataDirectory.readIn(source);
            delayImportDescriptor   = DataDirectory.readIn(source);
            CLRRuntimeHeader        = DataDirectory.readIn(source);
            reserved = DataDirectory.readIn(source);
        }
예제 #6
0
        private String getResourceName(BinaryIn source, uint pos)
        {
            uint curPos = source.getPos();
            pos = (pos & 0x7FFFFFFF);
            source.seek(pos);

            int strLen = (int)source.getTwo();
            pos += 2;
            StringBuilder str = new StringBuilder(strLen);
            for (int i = 0; i < strLen; i++)
            {
                uint ch = source.getTwo();
                str.Append(Convert.ToChar(ch));
                pos += 2;
            }
            source.seek(curPos);
            return str.ToString();
        }
예제 #7
0
        //- reading in ----------------------------------------------------------------

        public void readFile(String _filename)
        {
            filename = _filename;

            BinaryIn source = new BinaryIn(filename);

            dosHeader = MsDosHeader.readMSDOSHeader(source);
            source.seek(dosHeader.e_lfanew);
            uint pesig = source.getFour();

            if (pesig != 0x00004550)
            {
                throw new Win32ReadException("this is not a valid win32 executable file");
            }

            machine = (MachineType)source.getTwo();
            uint secCount = source.getTwo();
            uint stamp    = source.getFour();

            timeStamp = setTimestamp(stamp);
            uint symbolTblAddr   = source.getFour();
            uint symbolTblCount  = source.getFour();                //these fields should be zero
            uint optionalHdrSize = source.getTwo();

            if (optionalHdrSize != 0xe0)
            {
                throw new Win32ReadException("this is not a valid win32 executable file");
            }
            uint flags = source.getTwo();

            characteristics = Characteristics.decodeFlags(flags);

            readOptionalHeader(source);
            loadSections(source, secCount);

            //getImportTable(source);
            //getExportTable(source);
            //getResourceTable(source);
        }
예제 #8
0
        public static void loadRelocations(BinaryIn source, CoffSection sec, Win32Obj objfile)
        {
            source.seek(sec.relocTblPos);
            for (int i = 0; i < sec.relocTblCount; i++)
            {
                uint addr      = source.getFour();
                int  symidx    = (int)source.getFour();
                uint reloctype = source.getTwo();

                CoffRelocation.Reloctype reltype = CoffRelocation.Reloctype.NONE;
                switch (reloctype)
                {
                case 06:
                    reltype = CoffRelocation.Reloctype.ABSOLUTE;            //IMAGE_REL_I386_DIR32
                    break;

                case 07:
                    reltype = CoffRelocation.Reloctype.RVA;                 //IMAGE_REL_I386_DIR32NB
                    break;

                case 11:
                    reltype = CoffRelocation.Reloctype.SECREL32;            //IMAGE_REL_I386_SECREL
                    break;

                case 20:
                    reltype = CoffRelocation.Reloctype.RELATIVE;            //IMAGE_REL_I386_REL32
                    break;

                default:
                    break;
                }

                CoffSymbol     sym   = objfile.symbols[symidx];
                CoffRelocation reloc = new CoffRelocation(addr - sec.memPos, sym, reltype);
                sec.relocations.Add(reloc);
            }
        }
예제 #9
0
        static public MsDosHeader readMSDOSHeader(BinaryIn source)
        {
            MsDosHeader dosHeader = new MsDosHeader();

            dosHeader.signature = source.getTwo();
            if (dosHeader.signature != 0x5a4d)
            {
                throw new Win32FormatException("this is not a valid win32 executable file");
            }

            dosHeader.lastsize  = source.getTwo();
            dosHeader.nblocks   = source.getTwo();
            dosHeader.nreloc    = source.getTwo();
            dosHeader.hdrsize   = source.getTwo();
            dosHeader.minalloc  = source.getTwo();
            dosHeader.maxalloc  = source.getTwo();
            dosHeader.ss        = source.getTwo();
            dosHeader.sp        = source.getTwo();
            dosHeader.checksum  = source.getTwo();
            dosHeader.ip        = source.getTwo();
            dosHeader.cs        = source.getTwo();
            dosHeader.relocpos  = source.getTwo();
            dosHeader.noverlay  = source.getTwo();
            dosHeader.reserved1 = source.getRange(8);
            dosHeader.oem_id    = source.getTwo();
            dosHeader.oem_info  = source.getTwo();
            dosHeader.reserved2 = source.getRange(20);
            dosHeader.e_lfanew  = source.getFour();

            return(dosHeader);
        }
예제 #10
0
        public static void loadSymbols(BinaryIn source, uint count, byte[] strtbl, Win32Obj objfile)
        {
            for (int i = 0; i < count;)
            {
                //get short name or pos in string tbl
                uint   nameloc   = source.getPos();
                uint   namezeros = source.getFour();
                String name      = "";
                if (namezeros == 0)         //if first 4 bytes = 0, 2nd 4 bytes = ofs into str tbl
                {
                    int namepos = (int)source.getFour();
                    name = readString(strtbl, namepos);
                }
                else
                {
                    source.seek(nameloc);
                    name = source.getAsciiString(8);
                }

                //read rest of sym entry
                uint             val     = source.getFour();
                uint             secval  = source.getTwo();
                uint             type    = source.getTwo();
                CoffStorageClass storage = (CoffStorageClass)source.getOne();
                uint             aux     = source.getOne();

                CoffSymbol         sym  = null;
                CoffSymbol.SYMBIND bind = CoffSymbol.SYMBIND.EXTERNAL;
                uint        size        = 0;
                uint        addr        = 0;
                CoffSection sec         = null;

                switch (storage)
                {
                case CoffStorageClass.IMAGE_SYM_CLASS_EXTERNAL:
                    if (secval == 0)
                    {
                        if (val == 0)
                        {
                            bind = CoffSymbol.SYMBIND.EXTERNAL;
                        }
                        else
                        {
                            bind = CoffSymbol.SYMBIND.COMMON;
                            size = val;
                        }
                    }
                    else
                    {
                        bind = CoffSymbol.SYMBIND.GLOBAL;
                        sec  = objfile.sections[(int)secval - 1];
                        if (val >= sec.memPos)
                        {
                            addr = val - sec.memPos;
                        }
                    }
                    sym         = new CoffSymbol(name);
                    sym.bind    = bind;
                    sym.typ     = CoffSymbol.SYMTYPE.FUNCTION;
                    sym.section = sec;
                    sym.ofs     = addr;
                    sym.size    = size;
                    break;

                case CoffStorageClass.IMAGE_SYM_CLASS_STATIC:
                case CoffStorageClass.IMAGE_SYM_CLASS_LABEL:
                    if (secval != 0xffff)
                    {
                        sec = objfile.sections[(int)secval - 1];
                        if (val >= sec.memPos)
                        {
                            addr = val - sec.memPos;
                        }
                        sym         = new CoffSymbol(name);
                        sym.bind    = CoffSymbol.SYMBIND.LOCAL;
                        sym.typ     = CoffSymbol.SYMTYPE.FUNCTION;
                        sym.section = sec;
                        sym.ofs     = addr;
                        sym.size    = size;
                    }
                    break;

                case CoffStorageClass.IMAGE_SYM_CLASS_SECTION:
                    sec         = objfile.sections[(int)secval - 1];
                    sym         = new CoffSymbol(name);
                    sym.bind    = CoffSymbol.SYMBIND.LOCAL;
                    sym.typ     = CoffSymbol.SYMTYPE.FUNCTION;
                    sym.section = sec;
                    sym.ofs     = addr;
                    sym.size    = size;
                    break;

                case CoffStorageClass.IMAGE_SYM_CLASS_FUNCTION:
                case CoffStorageClass.IMAGE_SYM_CLASS_FILE:
                    break;

                default:
                    break;
                }
                i++;

                objfile.symbols.Add(sym);
                if (sym != null)
                {
                    objfile.symNames[sym.name] = sym;
                }

                //skip any aux sym entries
                for (int j = 0; j < aux; j++)
                {
                    source.skip(CoffSymbol.SYMTBLENTRYSIZE);
                    objfile.symbols.Add(null);
                    i++;
                }
            }
        }
예제 #11
0
        public static Win32Obj readFromFile(String filename)
        {
            Win32Obj objfile = new Win32Obj(filename);
            BinaryIn source  = new BinaryIn(filename);

            //coff header
            objfile.machine = (MachineType)source.getTwo();
            uint sectionCount = source.getTwo();

            objfile.timeStamp = source.getFour();
            uint symbolTblAddr   = source.getFour();
            uint symbolCount     = source.getFour();
            uint optionalHdrSize = source.getTwo();

            objfile.characteristics = (int)source.getTwo();

            //string tbl - follows symbol tbl
            uint strtblpos = symbolTblAddr + symbolCount * CoffSymbol.SYMTBLENTRYSIZE;

            source.seek(strtblpos);
            byte[] strtbl = null;
            uint   len    = source.getFour();

            if (len > 4)
            {
                source.seek(strtblpos);
                strtbl = source.getRange(len);
            }

            //section tbl
            source.seek(COFFHDRSIZE);
            for (int i = 0; i < sectionCount; i++)
            {
                //if section name is stored in string tbl, we read in index & let caller deref the actual name
                String secname = source.getAsciiString(8);
                if (secname[0] == '/')
                {
                    int stridx = Int32.Parse(secname.Substring(1));
                    secname = readString(strtbl, stridx);
                }

                //read section hdr field
                uint memSize  = source.getFour();       //don't use - 0 in object files
                uint memPos   = source.getFour();
                uint fileSize = source.getFour();
                uint filePos  = source.getFour();

                uint relocPos     = source.getFour();
                uint lineNumPos   = source.getFour();   //don't use - deprecated
                uint relocCount   = source.getTwo();
                uint lineNumCount = source.getTwo();    //don't use
                uint flagval      = source.getFour();

                SectionSettings settings = SectionSettings.decodeFlags(flagval);
                CoffSection     section  = new CoffSection(secname, settings);
                section.owner         = objfile;
                section.secNum        = i + 1;
                section.memPos        = memPos;
                section.fileSize      = fileSize;
                section.filePos       = filePos;
                section.relocTblPos   = relocPos;
                section.relocTblCount = relocCount;

                objfile.sections.Add(section);
                objfile.secNames[section.name] = section;
            }

            //load symbols
            source.seek(symbolTblAddr);
            loadSymbols(source, symbolCount, strtbl, objfile);

            foreach (CoffSection section in objfile.sections)
            {
                //load section data
                section.data = new List <Byte>(source.getRange(section.filePos, section.fileSize));

                //load sectionrelocs
                loadRelocations(source, section, objfile);
            }


            return(objfile);
        }