public Address ReadCodeAddress(int size, EndianImageReader rdr, ProcessorState state)
{
if (size == 4)
{
return(Address.Ptr32(rdr.ReadLeUInt32()));
}
throw new NotImplementedException();
}
private void AddExportedEntryPoints(Address addrLoad, SegmentMap imageMap, List <ImageSymbol> entryPoints)
{
EndianImageReader rdr = imgLoaded.CreateLeReader(rvaExportTable);
uint characteristics = rdr.ReadLeUInt32();
uint timestamp = rdr.ReadLeUInt32();
uint version = rdr.ReadLeUInt32();
uint binaryNameAddr = rdr.ReadLeUInt32();
uint baseOrdinal = rdr.ReadLeUInt32();
int nExports = rdr.ReadLeInt32();
int nNames = rdr.ReadLeInt32();
uint rvaApfn = rdr.ReadLeUInt32();
uint rvaNames = rdr.ReadLeUInt32();
EndianImageReader rdrAddrs = imgLoaded.CreateLeReader(rvaApfn);
EndianImageReader rdrNames = nNames != 0
? imgLoaded.CreateLeReader(rvaNames)
: null;
for (int i = 0; i < nExports; ++i)
{
ImageSymbol ep = LoadEntryPoint(addrLoad, rdrAddrs, rdrNames);
if (imageMap.IsExecutableAddress(ep.Address))
{
ImageSymbols[ep.Address] = ep;
entryPoints.Add(ep);
}
}
}
private void AddExportedEntryPoints(Address addrLoad, SegmentMap imageMap, List <ImageSymbol> entryPoints)
{
EndianImageReader rdr = imgLoaded.CreateLeReader(rvaExportTable);
rdr.ReadLeUInt32(); // Characteristics
rdr.ReadLeUInt32(); // timestamp
rdr.ReadLeUInt32(); // version.
rdr.ReadLeUInt32(); // binary name.
rdr.ReadLeUInt32(); // base ordinal
int nExports = rdr.ReadLeInt32();
int nNames = rdr.ReadLeInt32();
if (nExports != nNames)
{
throw new BadImageFormatException("Unexpected discrepancy in PE image.");
}
uint rvaApfn = rdr.ReadLeUInt32();
uint rvaNames = rdr.ReadLeUInt32();
EndianImageReader rdrAddrs = imgLoaded.CreateLeReader(rvaApfn);
EndianImageReader rdrNames = imgLoaded.CreateLeReader(rvaNames);
for (int i = 0; i < nNames; ++i)
{
ImageSymbol ep = LoadEntryPoint(addrLoad, rdrAddrs, rdrNames);
if (imageMap.IsExecutableAddress(ep.Address))
{
ImageSymbols[ep.Address] = ep;
entryPoints.Add(ep);
}
}
}
public short ReadCoffHeader(EndianImageReader rdr)
{
this.machine = rdr.ReadLeUInt16();
short expectedMagic = GetExpectedMagic(machine);
arch = CreateArchitecture(machine);
platform = CreatePlatform(machine, Services, arch);
innerLoader = CreateInnerLoader(machine);
sections = rdr.ReadLeInt16();
rdr.ReadLeUInt32(); // timestamp.
rdr.ReadLeUInt32(); // COFF symbol table.
rdr.ReadLeUInt32(); // #of symbols.
optionalHeaderSize = rdr.ReadLeInt16();
this.fileFlags = rdr.ReadLeUInt16();
rvaSectionTable = (uint)((int)rdr.Offset + optionalHeaderSize);
return(expectedMagic);
}
public override bool ResolveImportDescriptorEntry(string dllName, EndianImageReader rdrIlt, EndianImageReader rdrIat)
{
Address addrThunk = rdrIat.Address;
uint iatEntry = rdrIat.ReadLeUInt32();
uint iltEntry = rdrIlt.ReadLeUInt32();
if (iltEntry == 0)
{
return(false);
}
outer.importReferences.Add(
addrThunk,
CreateImportReference(dllName, iltEntry, addrThunk));
return(true);
}
public override Tuple <ImportReference, int> ResolveImportDescriptorEntry(string dllName, EndianImageReader rdrIlt, EndianImageReader rdrIat)
{
Address addrThunk = rdrIat.Address;
uint iatEntry = rdrIat.ReadLeUInt32();
uint iltEntry = rdrIlt.ReadLeUInt32();
if (iltEntry == 0)
{
return(null);
}
var impRef = CreateImportReference(dllName, iltEntry, addrThunk);
outer.importReferences.Add(addrThunk, impRef);
return(Tuple.Create(impRef, 4));
}
public override IEnumerable<Address> CreatePointerScanner(SegmentMap map, EndianImageReader rdr, IEnumerable<Address> knownAddresses, PointerScannerFlags flags)
{
var knownLinAddresses = knownAddresses.Select(a => a.ToUInt32()).ToHashSet();
if (flags != PointerScannerFlags.Calls)
throw new NotImplementedException(string.Format("Haven't implemented support for scanning for {0} yet.", flags));
while (rdr.IsValid)
{
uint linAddrCall = rdr.Address.ToUInt32();
var wInstr = rdr.ReadLeUInt32();
if ((wInstr & 0x0F000000) == 0x0B000000) // BL
{
int offset = ((int)wInstr << 8) >> 6;
uint target = (uint)(linAddrCall + 8 + offset);
if (knownLinAddresses.Contains(target))
yield return Address.Ptr32(linAddrCall);
}
}
}
private ImageSymbol LoadEntryPoint(Address addrLoad, EndianImageReader rdrAddrs, EndianImageReader rdrNames)
{
uint rvaAddr = rdrAddrs.ReadLeUInt32();
int iNameMin = rdrNames.ReadLeInt32();
int j;
for (j = iNameMin; imgLoaded.Bytes[j] != 0; ++j)
{
;
}
char[] chars = Encoding.ASCII.GetChars(imgLoaded.Bytes, iNameMin, j - iNameMin);
return(new ImageSymbol(addrLoad + rvaAddr)
{
Name = new string(chars),
ProcessorState = arch.CreateProcessorState(),
Type = SymbolType.Procedure,
});
}
public override Address ReadCodeAddress(int byteSize, EndianImageReader rdr, ProcessorState state) => PICProgAddress.Ptr(rdr.ReadLeUInt32());
public void ReadOptionalHeader(EndianImageReader rdr, short expectedMagic)
{
if (optionalHeaderSize <= 0)
{
throw new BadImageFormatException("Optional header size should be larger than 0 in a PE executable image file.");
}
short magic = rdr.ReadLeInt16();
if (magic != expectedMagic)
{
throw new BadImageFormatException("Not a valid PE Header.");
}
rdr.ReadByte(); // Linker major version
rdr.ReadByte(); // Linker minor version
rdr.ReadLeUInt32(); // code size (== .text section size)
rdr.ReadLeUInt32(); // size of initialized data
rdr.ReadLeUInt32(); // size of uninitialized data
rvaStartAddress = rdr.ReadLeUInt32();
uint rvaBaseOfCode = rdr.ReadLeUInt32();
preferredBaseOfImage = innerLoader.ReadPreferredImageBase(rdr);
rdr.ReadLeUInt32(); // section alignment
rdr.ReadLeUInt32(); // file alignment
rdr.ReadLeUInt16(); // OS major version
rdr.ReadLeUInt16(); // OS minor version
rdr.ReadLeUInt16(); // Image major version
rdr.ReadLeUInt16(); // Image minor version
rdr.ReadLeUInt16(); // Subsystem major version
rdr.ReadLeUInt16(); // Subsystem minor version
rdr.ReadLeUInt32(); // reserved
uint sizeOfImage = rdr.ReadLeUInt32();
uint sizeOfHeaders = rdr.ReadLeUInt32();
uint checksum = rdr.ReadLeUInt32();
ushort subsystem = rdr.ReadLeUInt16();
ushort dllFlags = rdr.ReadLeUInt16();
var stackReserve = innerLoader.ReadWord(rdr);
var stackCommit = innerLoader.ReadWord(rdr);
var heapReserve = innerLoader.ReadWord(rdr);
var heapCommit = innerLoader.ReadWord(rdr);
rdr.ReadLeUInt32(); // loader flags
uint dictionaryCount = rdr.ReadLeUInt32();
if (dictionaryCount == 0)
{
return;
}
this.rvaExportTable = rdr.ReadLeUInt32();
this.sizeExportTable = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
this.rvaImportTable = rdr.ReadLeUInt32();
uint importTableSize = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
this.rvaResources = rdr.ReadLeUInt32(); // resource address
rdr.ReadLeUInt32(); // resource size
if (--dictionaryCount == 0)
{
return;
}
this.rvaExceptionTable = rdr.ReadLeUInt32(); // exception address
this.sizeExceptionTable = rdr.ReadLeUInt32(); // exception size
if (--dictionaryCount == 0)
{
return;
}
rdr.ReadLeUInt32(); // certificate address
rdr.ReadLeUInt32(); // certificate size
if (--dictionaryCount == 0)
{
return;
}
this.rvaBaseRelocationTable = rdr.ReadLeUInt32();
this.sizeBaseRelocationTable = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaDebug = rdr.ReadLeUInt32();
uint cbDebug = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaArchitecture = rdr.ReadLeUInt32();
uint cbArchitecture = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaGlobalPointer = rdr.ReadLeUInt32();
uint cbGlobalPointer = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaTls = rdr.ReadLeUInt32();
uint cbTls = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaLoadConfig = rdr.ReadLeUInt32();
uint cbLoadConfig = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaBoundImport = rdr.ReadLeUInt32();
uint cbBoundImport = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
uint rvaIat = rdr.ReadLeUInt32();
uint cbIat = rdr.ReadLeUInt32();
if (--dictionaryCount == 0)
{
return;
}
this.rvaDelayImportDescriptor = rdr.ReadLeUInt32();
uint cbDelayImportDescriptor = rdr.ReadLeUInt32();
}
public override Address ReadPreferredImageBase(EndianImageReader rdr)
{
uint rvaBaseOfData = rdr.ReadLeUInt32(); // Only exists in PE32, not PE32+
return(Address.Ptr32(rdr.ReadLeUInt32()));
}
public override void ApplyRelocation(Address baseOfImage, uint page, EndianImageReader rdr, RelocationDictionary relocations)
{
//$TODO: where to find docs for this? :-)
rdr.ReadLeUInt32();
}
public override Address ReadCodeAddress(int byteSize, EndianImageReader rdr, ProcessorState state)
{
return(Address.Ptr32(rdr.ReadLeUInt32()));
}