private string FormatFunctionName(ImportFunction impFunc)
{
string tmp = "";
if (impFunc.Name == null) // Import by ordinal
{
if (impFunc.DLL.ToLower() == "oleaut32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.oleaut32, impFunc.Hint);
}
else if (impFunc.DLL.ToLower() == "ws2_32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.ws2_32, impFunc.Hint);
}
else if (impFunc.DLL.ToLower() == "wsock32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.wsock32, impFunc.Hint);
}
else // cannot resolve ordinal to a function name
{
tmp += "ord";
tmp += impFunc.Hint.ToString();
}
}
else // Import by name
{
tmp += impFunc.Name;
}
return(tmp.ToLower());
}
public string ToString01([PexAssumeUnderTest] ImportFunction target)
{
var result = target.ToString();
return(result);
// TODO: add assertions to method ImportFunctionTest.ToString01(ImportFunction)
}
private Rva GetFunctionAddress(ImportFunctionTable tbl, ImportFunction func)
{
uint ret = Location.Address + (uint)this.items.Count * 20 + 20;
foreach (ImportDirectoryEntry i in items)
{
ret += i.LookupTable.GetPointersSize();
}
foreach (ImportDirectoryEntry i in items)
{
foreach (ImportFunction f in i.LookupTable)
{
if (f.Type == ImportFunctionType.Name)
{
if ((i.LookupTable == tbl || i.AddressTable == tbl) && f == func)
{
return(ret);
}
else
{
ret += 2 + (uint)f.Name.Length + 1;
}
}
}
}
return(ret);
}
public void ConstructorThrowsNullReferenceException440()
{
ImportHash importHash;
ImportFunction[] importFunctions = new ImportFunction[1];
importHash = this.Constructor((ICollection <ImportFunction>)importFunctions);
}
public uint GetIATThunk(ImportFunction function)
{
const int IAT_DIRECTORY_INDEX = 12;
return((uint)this.PeFile.ImageNtHeaders.OptionalHeader.ImageBase +
this.PeFile.ImageNtHeaders.OptionalHeader.DataDirectory[IAT_DIRECTORY_INDEX].VirtualAddress +
function.IATOffset);
}
public void Constructor196()
{
ImportHash importHash;
ImportFunction[] importFunctions = new ImportFunction[0];
importHash = this.Constructor((ICollection <ImportFunction>)importFunctions);
Assert.IsNotNull((object)importHash);
Assert.AreEqual <string>((string)null, importHash.ImpHash);
}
public void ConstructorThrowsNullReferenceException553()
{
ImportHash importHash;
ImportFunction[] importFunctions = new ImportFunction[1];
ImportFunction s0 = new ImportFunction((string)null, (string)null, (ushort)0);
importFunctions[0] = s0;
importHash = this.Constructor((ICollection <ImportFunction>)importFunctions);
}
public ImportFunction Constructor(
string name,
string dll,
ushort hint
)
{
var target = new ImportFunction(name, dll, hint);
return target;
// TODO: add assertions to method ImportFunctionTest.Constructor(String, String, UInt16)
}
public ImportFunction Constructor(
string name,
string dll,
ushort hint
)
{
var target = new ImportFunction(name, dll, hint);
return(target);
// TODO: add assertions to method ImportFunctionTest.Constructor(String, String, UInt16)
}
public void Constructor75()
{
ImportHash importHash;
ImportFunction[] importFunctions = new ImportFunction[1];
ImportFunction s0 = new ImportFunction((string)null, ".", (ushort)64);
importFunctions[0] = s0;
importHash = this.Constructor((ICollection <ImportFunction>)importFunctions);
Assert.IsNotNull((object)importHash);
Assert.AreEqual <string>("92e00e2183fe762c6ccb8dc80a7c4ce4", importHash.ImpHash);
}
public void Constructor111()
{
ImportHash importHash;
ImportFunction[] importFunctions = new ImportFunction[1];
ImportFunction s0 = new ImportFunction((string)null, ".", (ushort)0);
importFunctions[0] = s0;
importHash = this.Constructor((ICollection <ImportFunction>)importFunctions);
Assert.IsNotNull((object)importHash);
Assert.AreEqual <string>("002334b9763aa85360ef9d6b14b02a4b", importHash.ImpHash);
}
public ImportFunction GetFunction(string name, UInt16 hint)
{
ImportFunction function;
if (!m_functions.TryGetValue(name, out function))
{
function = new ImportFunction(name, hint);
m_functions.Add(name, function);
}
return(function);
}
public void ToString01437()
{
string s;
ImportFunction s0 = new ImportFunction((string)null, (string)null, (ushort)0);
s = this.ToString01(s0);
Assert.AreEqual <string>
("ImportFunction\nName :\t \nDLL :\t \nHint :\t 0\n",
s);
Assert.IsNotNull((object)s0);
Assert.AreEqual <string>((string)null, s0.Name);
Assert.AreEqual <string>((string)null, s0.DLL);
Assert.AreEqual <ushort>((ushort)0, s0.Hint);
}
public void ImportFunction()
{
var function = new ImportFunction(1, new FunctionType(new[] { ValueType.I32 }, new [] { ValueType.I64 }), "module", "test",
5);
Assert.Multiple(() =>
{
Assert.That(function.Id, Is.EqualTo(1));
Assert.That(function.TypeId, Is.EqualTo(5));
Assert.That(function.Param, Is.EqualTo(new[] { ValueType.I32 }));
Assert.That(function.Return, Is.EqualTo(ValueType.I64));
Assert.That(function.Import, Is.True);
Assert.That(function.Module, Is.EqualTo("module"));
Assert.That(function.Field, Is.EqualTo("test"));
});
}
internal int Call(WebAssemblyInstance instance, ImportFunction importFunc, int[] param)
{
return(_functions[importFunc.Module + "." + importFunc.Field](instance, param));
}
/// <summary>
/// Add function to list
/// </summary>
public void AddFce(ImportFunction import)
{
this.AddFce(import.Name);
this._importFunction.Add(import);
}
private string FormatFunctionName(ImportFunction impFunc)
{
var tmp = "";
if (impFunc.Name == null) // Import by ordinal
{
if (impFunc.DLL.ToLower() == "oleaut32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.oleaut32, impFunc.Hint);
}
else if (impFunc.DLL.ToLower() == "ws2_32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.ws2_32, impFunc.Hint);
}
else if (impFunc.DLL.ToLower() == "wsock32.dll")
{
tmp += OrdinalSymbolMapping.Lookup(OrdinalSymbolMapping.Modul.wsock32, impFunc.Hint);
}
else // cannot resolve ordinal to a function name
{
tmp += "ord";
tmp += impFunc.Hint.ToString();
}
}
else // Import by name
{
tmp += impFunc.Name;
}
return tmp.ToLower();
}
public IReadable Read()
{
var peHeaderReader = (PeHeaderReader) new PeHeaderReader(_filePath).Read();
ImportTableDirectory = peHeaderReader.Is32BitPeHeader
? peHeaderReader.PeHeader32.OptionalHeader.ImportTable
: peHeaderReader.PeHeader64.OptionalHeader.ImportTable;
var address = RvaToRawFormatConverter.RvaToOffset32(ImportTableDirectory.VirtualAddress,
peHeaderReader.SectionHeaders,
peHeaderReader.Is32BitPeHeader
? peHeaderReader.PeHeader32.OptionalHeader.SectionAlignment
: peHeaderReader.PeHeader64.OptionalHeader.SectionAlignment);
using var fs = new FileStream(_filePath, FileMode.Open, FileAccess.Read);
var br = new BinaryReader(fs);
fs.Seek(address, SeekOrigin.Begin);
while (true)
{
var importDescriptor = PeBlockToStructConverter.ConvertTo <ImportDescriptor>(br);
if (importDescriptor.OriginalFirstThunk == 0 &&
importDescriptor.ForwarderChain == 0 &&
importDescriptor.Name == 0 &&
importDescriptor.FirstThunk == 0)
{
break;
}
ImportTable.Add(importDescriptor);
}
for (var i = 0; i < ImportTable.Count; i++)
{
var importFunction = new ImportFunction();
// Getting DLL name
var dllNameAddress = RvaToRawFormatConverter.RvaToOffset32(ImportTable[i].Name,
peHeaderReader.SectionHeaders,
peHeaderReader.Is32BitPeHeader
? peHeaderReader.PeHeader32.OptionalHeader.SectionAlignment
: peHeaderReader.PeHeader64.OptionalHeader.SectionAlignment);
var currentPosition = fs.Position;
importFunction.DllName = ByteArrayToAsciiStringConverter.ConvertToString(fs, dllNameAddress);
fs.Seek(currentPosition, SeekOrigin.Begin);
importFunction.TimeDateStamp = TimeDateStampToDateTimeConverter.ConvertTimeDateStamp(ImportTable[i].TimeDateStamp);
var ilt = RvaToRawFormatConverter.RvaToOffset32(ImportTable[i].OriginalFirstThunk,
peHeaderReader.SectionHeaders,
peHeaderReader.Is32BitPeHeader
? peHeaderReader.PeHeader32.OptionalHeader.SectionAlignment
: peHeaderReader.PeHeader64.OptionalHeader.SectionAlignment);
fs.Seek(ilt, SeekOrigin.Begin);
if (peHeaderReader.Is32BitPeHeader)
{
while (true)
{
var thunkData32 = PeBlockToStructConverter.ConvertTo <ThunkData32>(br);
if (thunkData32.Function == 0)
{
break;
}
var currentPosition2 = fs.Position;
if ((thunkData32.AddressOfData & (UInt32)1 << 31) == 0)
{
var functionAddress = RvaToRawFormatConverter.RvaToOffset32(thunkData32.Function,
peHeaderReader.SectionHeaders, peHeaderReader.PeHeader32.OptionalHeader.SectionAlignment);
fs.Seek(functionAddress, SeekOrigin.Begin);
var hint = br.ReadUInt16();
var byteList = new List <Byte>();
while (true)
{
var b = br.ReadByte();
if (b == 0x00)
{
break;
}
byteList.Add(b);
}
var name = Encoding.ASCII.GetString(byteList.ToArray());
importFunction.Functions.Add(new ImportFunctionInfo()
{
Hint = hint,
Name = name
});
fs.Seek(currentPosition2, SeekOrigin.Begin);
}
else
{
importFunction.Functions.Add(new ImportFunctionInfo()
{
Name = null,
Ordinal64 = null,
Ordinal32 = (thunkData32.Ordinal & (((UInt32)1 << 31) - 1))
});
}
}
}
else
{
while (true)
{
var thunkData64 = PeBlockToStructConverter.ConvertTo <ThunkData64>(br);
if (thunkData64.Function == 0)
{
break;
}
var currentPosition2 = fs.Position;
if ((thunkData64.AddressOfData & ((UInt64)1 << 63)) == 0)
{
var functionAddress = RvaToRawFormatConverter.RvaToOffset64(thunkData64.Function,
peHeaderReader.SectionHeaders, peHeaderReader.PeHeader64.OptionalHeader.SectionAlignment);
fs.Seek(functionAddress, SeekOrigin.Begin);
var hint = br.ReadUInt16();
var byteList = new List <Byte>();
while (true)
{
var b = br.ReadByte();
if (b == 0x00)
{
break;
}
byteList.Add(b);
}
var name = Encoding.ASCII.GetString(byteList.ToArray());
importFunction.Functions.Add(new ImportFunctionInfo()
{
Hint = hint,
Name = name
});
fs.Seek(currentPosition2, SeekOrigin.Begin);
}
else
{
importFunction.Functions.Add(new ImportFunctionInfo()
{
Name = null,
Ordinal32 = null,
Ordinal64 = (thunkData64.Ordinal & (((UInt64)1 << 63) - 1))
});
}
}
}
ImportFunctions.Add(importFunction);
}
return(this);
}