public void VisitPointer(Pointer ptr)
{
switch (ptr.Size)
{
case 2:
fmt.WriteKeyword("dw");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X4}", rdr.ReadByte()));
fmt.WriteLine();
return;
case 4:
fmt.WriteKeyword("dd");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X8}", rdr.ReadUInt32()));
fmt.WriteLine();
return;
case 8:
fmt.WriteKeyword("dq");
fmt.Write("\t");
fmt.Write(string.Format("0x{0:X16}", rdr.ReadUInt32()));
fmt.WriteLine();
return;
}
}
public List<ProgramResource> ReadLanguageDirectory(ImageReader rdr, uint resourceType, string resourceId)
{
const uint DIR_MASK = 0x80000000;
var flags = rdr.ReadUInt32();
var date = rdr.ReadUInt32();
var version = rdr.ReadUInt32();
var cNameEntries = rdr.ReadUInt16();
var cIdEntries = rdr.ReadUInt16();
var entries = new List<ProgramResource>();
for (int i = 0; i < cNameEntries; ++i)
{
var rvaName = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) != 0)
throw new BadImageFormatException();
entries.Add(ReadResourceEntry(subRdr, resourceId, ReadResourceString(rvaName), resourceType));
}
for (int i = 0; i < cIdEntries; ++i)
{
var id = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) != 0)
throw new BadImageFormatException();
entries.Add(ReadResourceEntry(subRdr, resourceId, id.ToString(), resourceType));
}
return entries;
}
public static Elf32_Sym Load(ImageReader rdr)
{
var sym = new Elf32_Sym();
sym.st_name = rdr.ReadUInt32();
sym.st_value = rdr.ReadUInt32();
sym.st_size = rdr.ReadUInt32();
sym.st_info = rdr.ReadByte();
sym.st_other = rdr.ReadByte();
sym.st_shndx = rdr.ReadUInt16();
return sym;
}
public static Elf32_Rela Read(ImageReader rdr)
{
var o = rdr.ReadUInt32();
var i = rdr.ReadUInt32();
var a = rdr.ReadInt32();
return new Elf32_Rela
{
r_offset = o,
r_info = i,
r_addend = a
};
}
public static Elf64_PHdr Load(ImageReader rdr)
{
var hdr = new Elf64_PHdr
{
p_type = (ProgramHeaderType)rdr.ReadUInt32(),
p_flags = rdr.ReadUInt32(),
p_offset = rdr.ReadUInt64(),
p_vaddr = rdr.ReadUInt64(),
p_paddr = rdr.ReadUInt64(),
p_filesz = rdr.ReadUInt64(),
p_pmemsz = rdr.ReadUInt64(),
p_align = rdr.ReadUInt64(),
};
return hdr;
}
public static object ReadPointer(Type pointerType, int size, ImageReader rdr, ReaderContext ctx)
{
Debug.Print("Reading pointer at offset {0}, size {1}", rdr.Offset, size);
uint newOffset;
switch (size)
{
default:
throw new InvalidOperationException("Field size must be > 0.");
case 1: newOffset = rdr.ReadByte(); break;
case 2: newOffset = rdr.ReadUInt16(); break;
case 4: newOffset = rdr.ReadUInt32(); break;
}
Debug.Print("Structure of type {0} must start at offset {1:X}", pointerType.Name, newOffset);
rdr = rdr.Clone();
rdr.Offset = newOffset;
var dst = Activator.CreateInstance(pointerType);
var sr = new StructureReader(dst);
sr.Read(rdr);
return(dst);
}
public static Elf64_SHdr Load(ImageReader rdr)
{
return new Elf64_SHdr
{
sh_name = rdr.ReadUInt32(),
sh_type = (SectionHeaderType)rdr.ReadUInt32(),
sh_flags = rdr.ReadUInt64(),
sh_addr = rdr.ReadUInt64(), // Address
sh_offset = rdr.ReadUInt64(),
sh_size = rdr.ReadUInt64(),
sh_link = rdr.ReadUInt32(),
sh_info = rdr.ReadUInt32(),
sh_addralign = rdr.ReadUInt64(),
sh_entsize = rdr.ReadUInt64(),
};
}
public ushort e_shstrndx; // section name string table index
public static Elf32_EHdr Load(ImageReader rdr)
{
return new Elf32_EHdr
{
e_type = rdr.ReadUInt16(),
e_machine = rdr.ReadUInt16(),
e_version = rdr.ReadUInt32(),
e_entry = rdr.ReadUInt32(),
e_phoff = rdr.ReadUInt32(),
e_shoff = rdr.ReadUInt32(),
e_flags = rdr.ReadUInt32(),
e_ehsize = rdr.ReadUInt16(),
e_phentsize = rdr.ReadUInt16(),
e_phnum = rdr.ReadUInt16(),
e_shentsize = rdr.ReadUInt16(),
e_shnum = rdr.ReadUInt16(),
e_shstrndx = rdr.ReadUInt16(),
};
}
public List<ProgramResource> ReadResourceDirectory(ImageReader rdr)
{
const uint DIR_MASK = 0x80000000;
var flags = rdr.ReadUInt32();
var date = rdr.ReadUInt32();
var version = rdr.ReadUInt32();
var cNameEntries = rdr.ReadUInt16();
var cIdEntries = rdr.ReadUInt16();
var entries = new List<ProgramResource>();
for (int i = 0; i < cNameEntries; ++i)
{
var rvaName = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
throw new BadImageFormatException();
if ((rvaName & DIR_MASK) != 0)
{
var e = new ProgramResourceGroup
{
//Name = ReadResourceString(rvaName),
Name = ReadResourceUtf16leString(rvaResources + (rvaName & ~DIR_MASK)),
};
e.Resources.AddRange(ReadNameDirectory(subRdr, 0));
entries.Add(e);
}
}
for (int i = 0; i < cIdEntries; ++i)
{
var id = rdr.ReadUInt32();
var rvaEntry = rdr.ReadUInt32();
var subRdr = new LeImageReader(imgLoaded, rvaResources + (rvaEntry & ~DIR_MASK));
if ((rvaEntry & DIR_MASK) == 0)
throw new BadImageFormatException();
var e = new ProgramResourceGroup
{
Name = GenerateResourceName(id),
};
e.Resources.AddRange(ReadNameDirectory(subRdr, id));
entries.Add(e);
}
return entries;
}
public static Elf32_SHdr Load(ImageReader rdr)
{
try
{
return new Elf32_SHdr
{
sh_name = rdr.ReadUInt32(),
sh_type = (SectionHeaderType)rdr.ReadUInt32(),
sh_flags = rdr.ReadUInt32(),
sh_addr = rdr.ReadUInt32(), // Address
sh_offset = rdr.ReadUInt32(),
sh_size = rdr.ReadUInt32(),
sh_link = rdr.ReadUInt32(),
sh_info = rdr.ReadUInt32(),
sh_addralign = rdr.ReadUInt32(),
sh_entsize = rdr.ReadUInt32(),
};
} catch
{
//$TODO: report error?
return null;
}
}
/// <summary>
/// Reads the ELF header.
/// </summary>
/// <returns></returns>
private Elf32_Ehdr ReadElfHeaderStart()
{
var rdr = new ImageReader(RawImage, 0);
var h = new Elf32_Ehdr();
h.e_ident = rdr.ReadBeUInt32();
h.e_class = rdr.ReadByte();
h.endianness = rdr.ReadByte();
h.version = rdr.ReadByte();
h.osAbi = rdr.ReadByte();
rdr.Seek(8); // 8 bytes of padding.
// Now that we know the endianness, read the remaining fields in endian mode.
rdr = CreateImageReader(h.endianness, rdr.Offset);
h.e_type = rdr.ReadInt16();
h.e_machine = rdr.ReadInt16();
h.e_version = rdr.ReadInt32();
h.e_entry = rdr.ReadUInt32();
h.e_phoff = rdr.ReadUInt32();
h.e_shoff = rdr.ReadUInt32();
h.e_flags = rdr.ReadInt32();
h.e_ehsize = rdr.ReadInt16();
h.e_phentsize = rdr.ReadInt16();
h.e_phnum = rdr.ReadInt16();
h.e_shentsize = rdr.ReadInt16();
h.e_shnum = rdr.ReadInt16();
h.e_shstrndx = rdr.ReadInt16();
Dump("e_type: {0}", h.e_type);
Dump("e_machine: {0}", (MachineType) h.e_machine);
Dump("e_version: {0}", h.e_version);
Dump("e_entry: {0:X}", h.e_entry);
Dump("e_phoff: {0:X}", h.e_phoff);
Dump("e_shoff: {0:X}", h.e_shoff);
Dump("e_flags: {0:X}", h.e_flags);
Dump("e_ehsize: {0}", h.e_ehsize);
Dump("e_phentsize: {0}", h.e_phentsize);
Dump("e_phnum: {0}", h.e_phnum);
Dump("e_shentsize: {0}", h.e_shentsize);
Dump("e_shnum: {0}", h.e_shnum);
Dump("e_shstrndx: {0}", h.e_shstrndx);
return h;
}
public override ProcedureBase GetTrampolineDestination(ImageReader rdr, IRewriterHost host)
{
var dasm = new PowerPcDisassembler(
(PowerPcArchitecture64) Architecture,
rdr,
PrimitiveType.Word64);
PowerPcInstruction instr;
ImmediateOperand immOp;
MemoryOperand memOp;
//addi r12,r0,0000
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.addi)
return null;
//oris r12,r12,0006
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.oris)
return null;
immOp = (ImmediateOperand) instr.op3;
uint aFuncDesc = immOp.Value.ToUInt32() << 16;
//lwz r12,nnnn(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
memOp = (MemoryOperand)instr.op2;
int offset = memOp.Offset.ToInt32();
aFuncDesc = (uint)(aFuncDesc + offset);
//std r2,40(r1)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.std)
return null;
//lwz r0,0(r12)
// Have a pointer to a trampoline
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
//lwz r2,4(r12)
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.lwz)
return null;
// mtctr r0
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.mtctr)
return null;
// bcctr 14,00
instr = dasm.DisassembleInstruction();
if (instr.Opcode != Opcode.bcctr)
return null;
// Read the function pointer from the function descriptor.
offset = (int)aFuncDesc - (int)rdr.Address.ToUInt32();
rdr.Offset = rdr.Offset + offset;
var aFn = rdr.ReadUInt32();
return null;
}
void parseFunctionStarts(ImageReader rdr)
{
uint dataoff;
uint datasize;
if (!rdr.TryReadUInt32(out dataoff) ||
!rdr.TryReadUInt32(out datasize))
{
throw new BadImageFormatException("Couldn't read LC_FUNCTIONSTARTS command");
}
Debug.Print(" LC_FUNCTIONSTARTS {0:X8} {1:X8}", dataoff, datasize);
rdr.Offset = dataoff;
var endoff = dataoff + datasize;
while (rdr.Offset < endoff)
{
uint fn = rdr.ReadUInt32();
Debug.Print(" fn: {0:X}", fn);
}
}
public ProgramResourceInstance ReadResourceEntry(ImageReader rdr, string resourceId, string langId, uint resourceType)
{
var rvaData = rdr.ReadUInt32();
var size = rdr.ReadUInt32();
var codepage = rdr.ReadUInt32();
var padding = rdr.ReadUInt32();
var abResource = new byte[size];
Array.Copy(imgLoaded.Bytes, (int)rvaData, abResource, 0, abResource.Length);
if (resourceType == RT_BITMAP)
{
abResource = PostProcessBitmap(abResource);
}
return new ProgramResourceInstance
{
Name = string.Format("{0}:{1}", resourceId, langId),
Type = GetResourceType(resourceType),
Bytes = abResource,
};
}
public static object ReadPointer(Type pointerType, int size, ImageReader rdr, ReaderContext ctx)
{
Debug.Print("Reading pointer at offset {0}, size {1}", rdr.Offset, size);
uint newOffset;
switch (size)
{
default:
throw new InvalidOperationException("Field size must be > 0.");
case 1: newOffset = rdr.ReadByte(); break;
case 2: newOffset = rdr.ReadUInt16(); break;
case 4: newOffset = rdr.ReadUInt32(); break;
}
Debug.Print("Structure of type {0} must start at offset {1:X}", pointerType.Name, newOffset);
rdr = rdr.Clone();
rdr.Offset = newOffset;
var dst = Activator.CreateInstance(pointerType);
var sr = new StructureReader(dst);
sr.Read(rdr);
return dst;
}
