예제 #1
        public PeWrapper(string moduleName, byte[] fileData, ulong destAddress)
            ModuleName = moduleName;
            _fileData  = fileData;
            _pe        = new PeFile(fileData);
            Size       = _pe.ImageNtHeaders.OptionalHeader.SizeOfImage;
            Start      = destAddress;

            if (Size < _pe.ImageSectionHeaders.Max(s => (ulong)s.VirtualSize + s.VirtualAddress))
                throw new InvalidOperationException("Image not Big Enough");

            _fileHash = WaterboxUtils.Hash(fileData);

            foreach (var s in _pe.ImageSectionHeaders)
                ulong start  = Start + s.VirtualAddress;
                ulong length = s.VirtualSize;

                MemoryBlock.Protection prot;
                var r = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_READ) != 0;
                var w = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_WRITE) != 0;
                var x = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_EXECUTE) != 0;
                if (w && x)
                    throw new InvalidOperationException("Write and Execute not allowed");

                prot = x ? MemoryBlock.Protection.RX : w ? MemoryBlock.Protection.RW : MemoryBlock.Protection.R;

                var section = new Section
                    // chop off possible null padding from name
                    Name = Encoding.ASCII.GetString(s.Name, 0,
                                                    (s.Name.Select((v, i) => new { v, i }).FirstOrDefault(a => a.v == 0) ?? new { v = (byte)0, i = s.Name.Length }).i),
                    Start     = start,
                    Size      = length,
                    SavedSize = WaterboxUtils.AlignUp(length),
                    R         = r,
                    W         = w,
                    X         = x,
                    Prot      = prot,
                    DiskStart = s.PointerToRawData,
                    DiskSize  = s.SizeOfRawData

                _sectionsByName.Add(section.Name, section);
            _sectionsByName.TryGetValue(".idata", out _imports);

예제 #2
		public void Seal()
			if (!Sealed)
				Memory.Protect(Memory.Start, Used, MemoryBlock.Protection.R);
				_hash = WaterboxUtils.Hash(Memory.GetStream(Memory.Start, WaterboxUtils.AlignUp(Used), false));
				Sealed = true;
				throw new InvalidOperationException($"Attempt to reseal heap {Name}");
예제 #3
 public void Seal()
     if (!Sealed)
         Memory.Protect(Memory.Start, Used, MemoryBlock.Protection.R);
         _hash  = WaterboxUtils.Hash(Memory.GetStream(Memory.Start, Used, false));
         Sealed = true;
         throw new InvalidOperationException(string.Format("Attempt to reseal heap {0}", Name));
예제 #4
파일: Heap.cs 프로젝트: WolfpawGroup/RTC3
        public void Seal()
            if (!Sealed)
                //RTC_Hijack : Change the protect level to RW instead of R
                Memory.Protect(Memory.Start, Used, MemoryBlock.Protection.RW);

                _hash  = WaterboxUtils.Hash(Memory.GetStream(Memory.Start, Used, false));
                Sealed = true;
                throw new InvalidOperationException(string.Format("Attempt to reseal heap {0}", Name));
예제 #5
        public ElfRunner(string filename, long heapsize, long sealedheapsize, long invisibleheapsize)
            using (var fs = new FileStream(filename, FileMode.Open, FileAccess.Read))
                _elfhash = WaterboxUtils.Hash(fs);

            // todo: hack up this baby to take Streams
            _elf = ELFReader.Load <long>(filename);

            var loadsegs = _elf.Segments.Where(s => s.Type == SegmentType.Load);

            long orig_start = loadsegs.Min(s => s.Address);

            orig_start &= ~(Environment.SystemPageSize - 1);
            long orig_end = loadsegs.Max(s => s.Address + s.Size);

            if (HasRelocations())
                _base       = new MemoryBlock((ulong)(orig_end - orig_start));
                _loadoffset = (long)_base.Start - orig_start;
                _base       = new MemoryBlock((ulong)orig_start, (ulong)(orig_end - orig_start));
                _loadoffset = 0;

                AddMemoryBlock(_base, "elf");
                _base.Protect(_base.Start, _base.Size, MemoryBlock.Protection.RW);

                foreach (var seg in loadsegs)
                    var data = seg.GetContents();
                    Marshal.Copy(data, 0, Z.SS(seg.Address + _loadoffset), data.Length);

                _base.Protect(_base.Start, _base.Size, MemoryBlock.Protection.R);

                foreach (var sec in _elf.Sections.Where(s => (s.Flags & SectionFlags.Allocatable) != 0))
                    if ((sec.Flags & SectionFlags.Executable) != 0)
                        _base.Protect((ulong)(sec.LoadAddress + _loadoffset), (ulong)sec.Size, MemoryBlock.Protection.RX);
                    else if ((sec.Flags & SectionFlags.Writable) != 0)
                        _base.Protect((ulong)(sec.LoadAddress + _loadoffset), (ulong)sec.Size, MemoryBlock.Protection.RW);

                ulong end = _base.End;

                if (heapsize > 0)
                    _heap = new Heap(GetHeapStart(end), (ulong)heapsize, "sbrk-heap");
                    end = _heap.Memory.End;
                    AddMemoryBlock(_heap.Memory, "sbrk - heap");

                if (sealedheapsize > 0)
                    _sealedheap = new Heap(GetHeapStart(end), (ulong)sealedheapsize, "sealed-heap");
                    end = _sealedheap.Memory.End;
                    AddMemoryBlock(_sealedheap.Memory, "sealed-heap");

                if (invisibleheapsize > 0)
                    _invisibleheap = new Heap(GetHeapStart(end), (ulong)invisibleheapsize, "invisible-heap");
                    end = _invisibleheap.Memory.End;
                    AddMemoryBlock(_invisibleheap.Memory, "invisible-heap");

                Console.WriteLine("Loaded {0}@{1:X16}", filename, _base.Start);
                foreach (var sec in _elf.Sections.Where(s => s.LoadAddress != 0))
                    Console.WriteLine("  {0}@{1:X16}, size {2}", sec.Name.PadLeft(20), sec.LoadAddress + _loadoffset, sec.Size.ToString().PadLeft(12));

예제 #6
 public ReadonlyFirmware(byte[] data, string name)
     _data = data;
     _hash = WaterboxUtils.Hash(data);
     Name  = name;
예제 #7
        public PeWrapper(string moduleName, byte[] fileData, ulong destAddress)
            ModuleName = moduleName;
            _pe        = new PeFile(fileData);
            Size       = _pe.ImageNtHeaders.OptionalHeader.SizeOfImage;
            Start      = destAddress;

            if (Size < _pe.ImageSectionHeaders.Max(s => (ulong)s.VirtualSize + s.VirtualAddress))
                throw new InvalidOperationException("Image not Big Enough");

            _fileHash = WaterboxUtils.Hash(fileData);

            foreach (var s in _pe.ImageSectionHeaders)
                ulong start  = Start + s.VirtualAddress;
                ulong length = s.VirtualSize;

                MemoryBlockBase.Protection prot;
                var r = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_READ) != 0;
                var w = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_WRITE) != 0;
                var x = (s.Characteristics & (uint)Constants.SectionFlags.IMAGE_SCN_MEM_EXECUTE) != 0;
                if (w && x)
                    throw new InvalidOperationException("Write and Execute not allowed");

                prot = x ? MemoryBlockBase.Protection.RX : w ? MemoryBlockBase.Protection.RW : MemoryBlockBase.Protection.R;

                var section = new Section
                    // chop off possible null padding from name
                    Name = Encoding.ASCII.GetString(s.Name, 0,
                                                    (s.Name.Select((v, i) => new { v, i }).FirstOrDefault(a => a.v == 0) ?? new { v = (byte)0, i = s.Name.Length }).i),
                    Start     = start,
                    Size      = length,
                    SavedSize = WaterboxUtils.AlignUp(length),
                    R         = r,
                    W         = w,
                    X         = x,
                    Prot      = prot,
                    DiskStart = s.PointerToRawData,
                    DiskSize  = s.SizeOfRawData

                _sectionsByName.Add(section.Name, section);
            _sectionsByName.TryGetValue(".idata", out _imports);
            _sectionsByName.TryGetValue(".sealed", out _sealed);
            _sectionsByName.TryGetValue(".invis", out _invisible);

            // OK, NOW MOUNT

            LoadOffset = (long)Start - (long)_pe.ImageNtHeaders.OptionalHeader.ImageBase;
            Memory     = MemoryBlockBase.CallPlatformCtor(Start, Size);
            Memory.Protect(Start, Size, MemoryBlockBase.Protection.RW);

            // copy headers
            Marshal.Copy(fileData, 0, Z.US(Start), (int)_pe.ImageNtHeaders.OptionalHeader.SizeOfHeaders);

            // copy sections
            foreach (var s in _sections)
                ulong datalength = Math.Min(s.Size, s.DiskSize);
                Marshal.Copy(fileData, (int)s.DiskStart, Z.US(s.Start), (int)datalength);
                WaterboxUtils.ZeroMemory(Z.US(s.Start + datalength), (long)(s.SavedSize - datalength));

            // apply relocations
            var n32 = 0;
            var n64 = 0;

            foreach (var rel in _pe.ImageRelocationDirectory)
                foreach (var to in rel.TypeOffsets)
                    ulong address = Start + rel.VirtualAddress + to.Offset;

                    switch (to.Type)
                    // there are many other types of relocation specified,
                    // but the only that are used is 0 (does nothing), 3 (32 bit standard), 10 (64 bit standard)

                    case 3:                             // IMAGE_REL_BASED_HIGHLOW
                        byte[] tmp = new byte[4];
                        Marshal.Copy(Z.US(address), tmp, 0, 4);
                        uint val = BitConverter.ToUInt32(tmp, 0);
                        tmp = BitConverter.GetBytes((uint)(val + LoadOffset));
                        Marshal.Copy(tmp, 0, Z.US(address), 4);

                    case 10:                             // IMAGE_REL_BASED_DIR64
                        byte[] tmp = new byte[8];
                        Marshal.Copy(Z.US(address), tmp, 0, 8);
                        long val = BitConverter.ToInt64(tmp, 0);
                        tmp = BitConverter.GetBytes(val + LoadOffset);
                        Marshal.Copy(tmp, 0, Z.US(address), 8);
            if (IntPtr.Size == 8 && n32 > 0)
                // check mcmodel, etc
                throw new InvalidOperationException("32 bit relocations found in 64 bit dll!  This will fail.");
            Console.WriteLine($"Processed {n32} 32 bit and {n64} 64 bit relocations");


            // publish exports
            EntryPoint = Z.US(Start + _pe.ImageNtHeaders.OptionalHeader.AddressOfEntryPoint);
            foreach (var export in _pe.ExportedFunctions)
                if (export.Name != null)
                    ExportsByName.Add(export.Name, Z.US(Start + export.Address));
                ExportsByOrdinal.Add(export.Ordinal, Z.US(Start + export.Address));

            // collect information about imports
            // NB: Hints are not the same as Ordinals
            foreach (var import in _pe.ImportedFunctions)
                Dictionary <string, IntPtr> module;
                if (!ImportsByModule.TryGetValue(import.DLL, out module))
                    module = new Dictionary <string, IntPtr>();
                    ImportsByModule.Add(import.DLL, module);
                var dest = Start + import.Thunk;
                if (_imports == null || dest >= _imports.Start + _imports.Size || dest < _imports.Start)
                    throw new InvalidOperationException("Import record outside of .idata!");

                module.Add(import.Name, Z.US(dest));

            Section midipix;

            if (_sectionsByName.TryGetValue(".midipix", out midipix))
                var dataOffset = midipix.DiskStart;
                CtorList = Z.SS(BitConverter.ToInt64(fileData, (int)(dataOffset + 0x30)) + LoadOffset);
                DtorList = Z.SS(BitConverter.ToInt64(fileData, (int)(dataOffset + 0x38)) + LoadOffset);

            Console.WriteLine($"Mounted `{ModuleName}` @{Start:x16}");
            foreach (var s in _sections.OrderBy(s => s.Start))
                Console.WriteLine("  @{0:x16} {1}{2}{3} `{4}` {5} bytes",
                                  s.R ? "R" : " ",
                                  s.W ? "W" : " ",
                                  s.X ? "X" : " ",
            Console.WriteLine("GDB Symbol Load:");
            var symload = $"add-sym {ModuleName} {_sectionsByName[".text"].Start}";

            if (_sectionsByName.ContainsKey(".data"))
                symload += $" -s .data {_sectionsByName[".data"].Start}";
            if (_sectionsByName.ContainsKey(".bss"))
                symload += $" -s .bss {_sectionsByName[".bss"].Start}";
예제 #8
        public ElfLoader(string moduleName, byte[] fileData, ulong assumedStart, bool skipCoreConsistencyCheck, bool skipMemoryConsistencyCheck)
            ModuleName = moduleName;
            _skipCoreConsistencyCheck   = skipCoreConsistencyCheck;
            _skipMemoryConsistencyCheck = skipMemoryConsistencyCheck;

            _elfHash = WaterboxUtils.Hash(fileData);
            _elf     = ELFReader.Load <ulong>(new MemoryStream(fileData, false), true);

            var loadsegs = _elf.Segments.Where(s => s.Type == SegmentType.Load);
            var start    = loadsegs.Min(s => s.Address);

            start = WaterboxUtils.AlignDown(start);
            var end = loadsegs.Max(s => s.Address + s.Size);

            end = WaterboxUtils.AlignUp(end);
            var size = end - start;

            if (start != assumedStart)
                throw new InvalidOperationException($"{nameof(assumedStart)} did not match actual origin in elf file");

            if (_elf.Sections.Any(s => s.Name.StartsWith(".rel")))
                throw new InvalidOperationException("Elf has relocations!");

            _allSymbols = ((ISymbolTable)_elf.GetSection(".symtab"))
                          .Cast <SymbolEntry <ulong> >()

            _sectionsByName = _elf.Sections
                              .ToDictionary(s => s.Name);

            _sectionsByName.TryGetValue(".wbxsyscall", out _imports);
            if (_imports == null)
                // Likely cause:  This is a valid elf file, but it was not compiled by our toolchain at all
                throw new InvalidOperationException("Missing .wbxsyscall section!");
            _sectionsByName.TryGetValue(".sealed", out _sealed);
            _sectionsByName.TryGetValue(".invis", out _invisible);

            _visibleSymbols = _allSymbols
                              .Where(s => s.Binding == SymbolBinding.Global && s.Visibility == SymbolVisibility.Default)
                              .ToDictionary(s => s.Name);

            _importSymbols = _allSymbols
                             // TODO: No matter what attributes I provide, I seem to end up with Local and/or Hidden symbols in
                             // .wbxsyscall a lot of the time on heavily optimized release builds.
                             // Fortunately, there's nothing else in .wbxsyscall so we can just not filter at all.
                             .Where(s => s.PointedSection == _imports)

            Memory = MemoryBlock.Create(start, size);
            Memory.Protect(Memory.Start, Memory.Size, MemoryBlock.Protection.RW);

            foreach (var seg in loadsegs)
                var data = seg.GetFileContents();
                Marshal.Copy(data, 0, Z.US(seg.Address), Math.Min((int)seg.Size, (int)seg.FileSize));

                // Compute RW boundaries

                var allocated = _elf.Sections
                                .Where(s => (s.Flags & SectionFlags.Allocatable) != 0);
                var writable = allocated
                               .Where(s => (s.Flags & SectionFlags.Writable) != 0);
                var postSealWritable = writable
                                       .Where(s => !IsSpecialReadonlySection(s));
                var saveable = postSealWritable
                               .Where(s => s != _invisible);
                var executable = allocated
                                 .Where(s => (s.Flags & SectionFlags.Executable) != 0);

                _writeStart         = WaterboxUtils.AlignDown(writable.Min(s => s.LoadAddress));
                _postSealWriteStart = WaterboxUtils.AlignDown(postSealWritable.Min(s => s.LoadAddress));
                _execEnd            = WaterboxUtils.AlignUp(executable.Max(s => s.LoadAddress + s.Size));

                // validate; this may require linkscript cooperation
                // due to the segment limitations, the only thing we'd expect to catch is a custom eventually readonly section
                // in the wrong place (because the linkscript doesn't know "eventually readonly")
                if (_execEnd > _writeStart)
                    throw new InvalidOperationException($"ElfLoader: Executable data to {_execEnd:X16} overlaps writable data from {_writeStart}");
