public static Elf64_PHdr Load(ImageReader rdr)
{
var hdr = new Elf64_PHdr
{
p_type = (ProgramHeaderType)rdr.ReadUInt32(),
p_flags = rdr.ReadUInt32(),
p_offset = rdr.ReadUInt64(),
p_vaddr = rdr.ReadUInt64(),
p_paddr = rdr.ReadUInt64(),
p_filesz = rdr.ReadUInt64(),
p_pmemsz = rdr.ReadUInt64(),
p_align = rdr.ReadUInt64(),
};
return hdr;
}
public static Elf64_SHdr Load(ImageReader rdr)
{
return new Elf64_SHdr
{
sh_name = rdr.ReadUInt32(),
sh_type = (SectionHeaderType)rdr.ReadUInt32(),
sh_flags = rdr.ReadUInt64(),
sh_addr = rdr.ReadUInt64(), // Address
sh_offset = rdr.ReadUInt64(),
sh_size = rdr.ReadUInt64(),
sh_link = rdr.ReadUInt32(),
sh_info = rdr.ReadUInt32(),
sh_addralign = rdr.ReadUInt64(),
sh_entsize = rdr.ReadUInt64(),
};
}
public ushort e_shstrndx; // section name string table index
public static Elf32_EHdr Load(ImageReader rdr)
{
return new Elf32_EHdr
{
e_type = rdr.ReadUInt16(),
e_machine = rdr.ReadUInt16(),
e_version = rdr.ReadUInt32(),
e_entry = rdr.ReadUInt32(),
e_phoff = rdr.ReadUInt32(),
e_shoff = rdr.ReadUInt32(),
e_flags = rdr.ReadUInt32(),
e_ehsize = rdr.ReadUInt16(),
e_phentsize = rdr.ReadUInt16(),
e_phnum = rdr.ReadUInt16(),
e_shentsize = rdr.ReadUInt16(),
e_shnum = rdr.ReadUInt16(),
e_shstrndx = rdr.ReadUInt16(),
};
}
public override ProcedureBase GetTrampolineDestination(ImageReader rdr, IRewriterHost host)
{
var dasm = new PowerPcDisassembler(
(PowerPcArchitecture64) Architecture,
rdr,
PrimitiveType.Word64);
PowerPcInstruction instr;
ImmediateOperand immOp;
MemoryOperand memOp;
//addi r12,r0,0000
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.addi)
return null;
//oris r12,r12,0006
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.oris)
return null;
immOp = (ImmediateOperand) instr.op3;
uint aFuncDesc = immOp.Value.ToUInt32() << 16;
//lwz r12,nnnn(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
memOp = (MemoryOperand)instr.op2;
int offset = memOp.Offset.ToInt32();
aFuncDesc = (uint)(aFuncDesc + offset);
//std r2,40(r1)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.std)
return null;
//lwz r0,0(r12)
// Have a pointer to a trampoline
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
//lwz r2,4(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
// mtctr r0
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.mtctr)
return null;
// bcctr 14,00
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.bcctr)
return null;
// Read the function pointer from the function descriptor.
offset = (int)aFuncDesc - (int)rdr.Address.ToUInt32();
rdr.Offset = (ulong) (((long)rdr.Offset) + offset);
var aFn = rdr.ReadUInt32();
return null;
}
public static object ReadPointer(Type pointerType, int size, ImageReader rdr, ReaderContext ctx)
{
Debug.Print("Reading pointer at offset {0}, size {1}", rdr.Offset, size);
uint newOffset;
switch (size)
{
default:
throw new InvalidOperationException("Field size must be > 0.");
case 1: newOffset = rdr.ReadByte(); break;
case 2: newOffset = rdr.ReadUInt16(); break;
case 4: newOffset = rdr.ReadUInt32(); break;
}
Debug.Print("Structure of type {0} must start at offset {1:X}", pointerType.Name, newOffset);
rdr = rdr.Clone();
rdr.Offset = newOffset;
var dst = Activator.CreateInstance(pointerType);
var sr = new StructureReader(dst);
sr.Read(rdr);
return dst;
}
