예제 #1
0
        private uint FindReference(uint pointer, Elf32_Shdr search)
        {
            var searchend = search.sh_offset + search.sh_size;

            Position = search.sh_offset;
            while (Position < searchend)
            {
                if (ReadUInt32() == pointer)
                {
                    return((uint)Position - search.sh_offset + search.sh_addr); //VirtualAddress
                }
            }
            return(0);
        }
예제 #2
0
        private uint FindCodeRegistration(int count, Elf32_Shdr search, Elf32_Shdr search2, Elf32_Shdr range)
        {
            var searchend  = search.sh_offset + search.sh_size;
            var rangeend   = range.sh_addr + range.sh_size;
            var search2end = search2 == null ? 0 : search2.sh_offset + search2.sh_size;

            Position = search.sh_offset;
            while (Position < searchend)
            {
                var add = Position;
                if (ReadUInt32() == count)
                {
                    try
                    {
                        uint pointers = MapVATR(ReadUInt32());
                        if (pointers >= search.sh_offset && pointers <= searchend)
                        {
                            var np   = Position;
                            var temp = ReadClassArray <uint>(pointers, count);
                            var r    = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
                            if (r == -1)
                            {
                                return((uint)add - search.sh_offset + search.sh_addr); //VirtualAddress
                            }
                            Position = np;
                        }
                        else if (search2 != null && pointers >= search2.sh_offset && pointers <= search2end)
                        {
                            var np   = Position;
                            var temp = ReadClassArray <uint>(pointers, count);
                            var r    = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
                            if (r == -1)
                            {
                                return((uint)add - search.sh_offset + search.sh_addr); //VirtualAddress
                            }
                            Position = np;
                        }
                    }
                    catch
                    {
                        // ignored
                    }
                }
            }
            return(0);
        }
예제 #3
0
        private uint FindMetadataRegistration(int typeDefinitionsCount, Elf32_Shdr search, Elf32_Shdr search2, Elf32_Shdr range)
        {
            var searchend  = search.sh_offset + search.sh_size;
            var rangeend   = range.sh_addr + range.sh_size;
            var search2end = search2 == null ? 0 : search2.sh_offset + search2.sh_size;

            Position = search.sh_offset;
            while (Position < searchend)
            {
                var add = Position;
                if (ReadUInt32() == typeDefinitionsCount)
                {
                    try
                    {
                        var np = Position;
                        Position += 8;
                        uint pointers = MapVATR(ReadUInt32());
                        if (pointers >= search.sh_offset && pointers <= searchend)
                        {
                            var temp = ReadClassArray <uint>(pointers, maxmetadataUsages);
                            var r    = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
                            if (r == -1)
                            {
                                return((uint)add - 48u - search.sh_offset + search.sh_addr);//MapRATV
                            }
                        }
                        else if (search2 != null && pointers >= search2.sh_offset && pointers <= search2end)
                        {
                            var temp = ReadClassArray <uint>(pointers, maxmetadataUsages);
                            var r    = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
                            if (r == -1)
                            {
                                return((uint)add - 48u - search.sh_offset + search.sh_addr);//MapRATV
                            }
                        }
                        Position = np;
                    }
                    catch
                    {
                        // ignored
                    }
                }
            }
            return(0);
        }
예제 #4
0
        private uint FindPointersDesc(long readCount, Elf32_Shdr search, Elf32_Shdr range)
        {
            var add       = 0;
            var searchend = search.sh_offset + search.sh_size;
            var rangeend  = range.sh_addr + range.sh_size;

            while (searchend + add > search.sh_offset)
            {
                var temp = ReadClassArray <int>(searchend + add - 4 * readCount, readCount);
                var r    = Array.FindIndex(temp, x => x <range.sh_addr || x> rangeend);
                if (r != -1)
                {
                    add -= (int)((readCount - r) * 4);
                }
                else
                {
                    return((uint)(search.sh_addr + search.sh_size + add - 4 * readCount)); //VirtualAddress
                }
            }
            return(0);
        }
예제 #5
0
        private uint FindPointersAsc(long readCount, Elf32_Shdr search, Elf32_Shdr range)
        {
            var add       = 0;
            var searchend = search.sh_offset + search.sh_size;
            var rangeend  = range.sh_addr + range.sh_size;

            while (search.sh_offset + add < searchend)
            {
                var temp = ReadClassArray <int>(search.sh_offset + add, readCount);
                var r    = Array.FindLastIndex(temp, x => x <range.sh_addr || x> rangeend);
                if (r != -1)
                {
                    add += ++r * 4;
                }
                else
                {
                    return(search.sh_addr + (uint)add); //VirtualAddress
                }
            }
            return(0);
        }
예제 #6
0
 public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
 {
     if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
     {
         var        datarelro      = sectionWithName[".data.rel.ro"];
         var        text           = sectionWithName[".text"];
         var        bss            = sectionWithName[".bss"];
         Elf32_Shdr datarelrolocal = null;
         if (sectionWithName.ContainsKey(".data.rel.ro.local"))
         {
             datarelrolocal = sectionWithName[".data.rel.ro.local"];
         }
         uint codeRegistration     = 0;
         uint metadataRegistration = 0;
         codeRegistration = FindCodeRegistration(methodCount, datarelro, datarelrolocal, text);
         if (codeRegistration == 0 && datarelrolocal != null)
         {
             codeRegistration = FindCodeRegistration(methodCount, datarelrolocal, datarelrolocal, text);
         }
         metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, maxmetadataUsages, datarelro, datarelrolocal, bss);
         if (metadataRegistration == 0 && datarelrolocal != null)
         {
             metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, maxmetadataUsages, datarelrolocal, datarelrolocal, bss);
         }
         if (codeRegistration != 0 && metadataRegistration != 0)
         {
             Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
             Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
             Init(codeRegistration, metadataRegistration);
             return(true);
         }
     }
     else
     {
         Console.WriteLine("ERROR: The necessary section is missing.");
     }
     return(false);
 }
예제 #7
0
 public override bool AdvancedSearch(int methodCount)
 {
     if (sectionWithName.ContainsKey(".data.rel.ro") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss"))
     {
         var        datarelro            = sectionWithName[".data.rel.ro"];
         var        text                 = sectionWithName[".text"];
         var        bss                  = sectionWithName[".bss"];
         uint       codeRegistration     = 0;
         uint       metadataRegistration = 0;
         Elf32_Shdr datarelrolocal       = null;
         if (sectionWithName.ContainsKey(".data.rel.ro.local"))
         {
             datarelrolocal = sectionWithName[".data.rel.ro.local"];
         }
         var pmethodPointers = FindPointersAsc(methodCount, datarelro, text);
         if (pmethodPointers == 0 && datarelrolocal != null)
         {
             pmethodPointers = FindPointersAsc(methodCount, datarelrolocal, text);
         }
         if (pmethodPointers != 0)
         {
             codeRegistration = FindReference(pmethodPointers, datarelro);
             if (codeRegistration == 0 && datarelrolocal != null)
             {
                 codeRegistration = FindReference(pmethodPointers, datarelrolocal);
             }
             if (codeRegistration == 0)
             {
                 pmethodPointers = FindPointersDesc(methodCount, datarelro, text);
                 if (pmethodPointers == 0 && datarelrolocal != null)
                 {
                     pmethodPointers = FindPointersDesc(methodCount, datarelrolocal, text);
                 }
                 if (pmethodPointers != 0)
                 {
                     codeRegistration = FindReference(pmethodPointers, datarelro);
                     if (codeRegistration == 0 && datarelrolocal != null)
                     {
                         codeRegistration = FindReference(pmethodPointers, datarelrolocal);
                     }
                 }
             }
         }
         var pmetadataUsages = FindPointersAsc(maxMetadataUsages, datarelro, bss);
         if (pmetadataUsages == 0 && datarelrolocal != null)
         {
             pmetadataUsages = FindPointersAsc(maxMetadataUsages, datarelrolocal, bss);
         }
         if (pmetadataUsages != 0)
         {
             metadataRegistration = FindReference(pmetadataUsages, datarelro);
             if (metadataRegistration == 0 && datarelrolocal != null)
             {
                 metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
             }
             if (metadataRegistration == 0)
             {
                 pmetadataUsages = FindPointersDesc(maxMetadataUsages, datarelro, bss);
                 if (pmetadataUsages == 0 && datarelrolocal != null)
                 {
                     pmetadataUsages = FindPointersDesc(maxMetadataUsages, datarelrolocal, bss);
                 }
                 if (pmetadataUsages != 0)
                 {
                     metadataRegistration = FindReference(pmetadataUsages, datarelro);
                     if (metadataRegistration == 0 && datarelrolocal != null)
                     {
                         metadataRegistration = FindReference(pmetadataUsages, datarelrolocal);
                     }
                 }
             }
         }
         if (codeRegistration != 0 && metadataRegistration != 0)
         {
             codeRegistration     -= 8u;
             metadataRegistration -= 64u;
             Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
             Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
             Init(codeRegistration, metadataRegistration);
             return(true);
         }
     }
     else
     {
         Console.WriteLine("ERROR: This file has been protected.");
     }
     return(false);
 }
예제 #8
0
        public override bool Search()
        {
            if (version < 21)
            {
                Console.WriteLine("ERROR: Auto mode not support this version.");
                return(false);
            }
            //取.dynamic
            var dynamic    = new Elf32_Shdr();
            var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);

            dynamic.sh_offset = PT_DYNAMIC.p_offset;
            dynamic.sh_size   = PT_DYNAMIC.p_filesz;
            //从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
            uint _GLOBAL_OFFSET_TABLE_ = 0;
            var  init_array            = new Elf32_Shdr();

            Position = dynamic.sh_offset;
            var dynamicend = dynamic.sh_offset + dynamic.sh_size;

            while (Position < dynamicend)
            {
                var tag = ReadInt32();
                switch (tag)
                {
                case 3:
                    _GLOBAL_OFFSET_TABLE_ = ReadUInt32();
                    break;

                case 25:
                    init_array.sh_offset = MapVATR(ReadUInt32());
                    break;

                case 27:
                    init_array.sh_size = ReadUInt32();
                    break;

                default:
                    Position += 4;
                    break;
                }
            }
            if (_GLOBAL_OFFSET_TABLE_ != 0)
            {
                //从.init_array获取函数
                var addrs = ReadClassArray <uint>(init_array.sh_offset, init_array.sh_size / 4u);
                foreach (var i in addrs)
                {
                    if (i > 0)
                    {
                        Position = i;
                        if (elf_header.e_machine == 0x28) //ARM
                        {
                            var buff = ReadBytes(12);
                            if (ARMFeatureBytes.SequenceEqual(buff))
                            {
                                Position = i + 0x2c;
                                var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Position         = subaddr + 0x28;
                                codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
                                Position = subaddr + 0x2C;
                                var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Position             = MapVATR(ptr);
                                metadataRegistration = ReadUInt32();
                                Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
                                Init(codeRegistration, metadataRegistration);
                                return(true);
                            }
                        }
                        else if (elf_header.e_machine == 0x3) //x86
                        {
                            Position = i + 22;
                            var buff = ReadBytes(2);
                            if (X86FeatureBytes1.SequenceEqual(buff))
                            {
                                Position = i + 28;
                                buff     = ReadBytes(6);
                                if (X86FeatureBytes2.SequenceEqual(buff))
                                {
                                    Position = i + 0x18;
                                    var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    Position         = subaddr + 0x2C;
                                    codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
                                    Position = subaddr + 0x20;
                                    var temp = ReadUInt16();
                                    metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    if (temp == 0x838B)//mov
                                    {
                                        Position             = MapVATR(metadataRegistration);
                                        metadataRegistration = ReadUInt32();
                                    }
                                    Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
                                    Init(codeRegistration, metadataRegistration);
                                    return(true);
                                }
                            }
                        }
                        else
                        {
                            Console.WriteLine("ERROR: Automatic processing does not support this ELF file.");
                        }
                    }
                }
            }
            else
            {
                Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
            }
            return(false);
        }
예제 #9
0
        private bool Searchv21()
        {
            //取.dynamic
            var dynamic    = new Elf32_Shdr();
            var PT_DYNAMIC = program_table_element.First(x => x.p_type == 2u);

            dynamic.sh_offset = PT_DYNAMIC.p_offset;
            dynamic.sh_size   = PT_DYNAMIC.p_filesz;
            //从.dynamic获取_GLOBAL_OFFSET_TABLE_和.init_array
            uint _GLOBAL_OFFSET_TABLE_ = 0;
            var  init_array            = new Elf32_Shdr();

            Position = dynamic.sh_offset;
            var dynamicend = dynamic.sh_offset + dynamic.sh_size;

            while (Position < dynamicend)
            {
                var tag = ReadInt32();
                if (tag == 3)//DT_PLTGOT
                {
                    _GLOBAL_OFFSET_TABLE_ = ReadUInt32();
                }
                else if (tag == 25)//DT_INIT_ARRAY
                {
                    init_array.sh_offset = MapVATR(ReadUInt32());
                }
                else if (tag == 27)//DT_INIT_ARRAYSZ
                {
                    init_array.sh_size = ReadUInt32();
                }
                else
                {
                    Position += 4;//skip
                }
            }
            if (_GLOBAL_OFFSET_TABLE_ != 0)
            {
                //从.init_array获取函数
                var addrs = ReadClassArray <uint>(init_array.sh_offset, (int)init_array.sh_size / 4);
                foreach (var i in addrs)
                {
                    if (i > 0)
                    {
                        Position = i;
                        if (elf_header.e_machine == 0x28)
                        {
                            var buff = ReadBytes(12);
                            if (ARMFeatureBytes.SequenceEqual(buff))
                            {
                                Position = i + 0x2c;
                                var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Position = subaddr + 0x28;
                                var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
                                Position = subaddr + 0x2C;
                                var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                Position = MapVATR(ptr);
                                var metadataRegistration = ReadUInt32();
                                Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
                                Init(codeRegistration, metadataRegistration);
                                return(true);
                            }
                        }
                        else if (elf_header.e_machine == 0x3)
                        {
                            Position = i + 22;
                            var buff = ReadBytes(2);
                            if (X86FeatureBytes1.SequenceEqual(buff))
                            {
                                Position = i + 28;
                                buff     = ReadBytes(6);
                                if (X86FeatureBytes2.SequenceEqual(buff))
                                {
                                    Position = i + 0x18;
                                    var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    Position = subaddr + 0x2C;
                                    var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    Console.WriteLine("CodeRegistration : {0:x}", codeRegistration);
                                    Position = subaddr + 0x20;
                                    var  temp = ReadUInt16();
                                    uint metadataRegistration;
                                    if (temp == 0x838D)//lea
                                    {
                                        metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                    }
                                    else//mov
                                    {
                                        var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_;
                                        Position             = MapVATR(ptr);
                                        metadataRegistration = ReadUInt32();
                                    }
                                    Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration);
                                    Init(codeRegistration, metadataRegistration);
                                    return(true);
                                }
                            }
                        }
                        else
                        {
                            Console.WriteLine("ERROR: Automatic processing does not support this ELF file.");
                        }
                    }
                }
            }
            else
            {
                Console.WriteLine("ERROR: Unable to get GOT form PT_DYNAMIC.");
            }
            return(false);
        }