int LAR_AppendFile(struct LAR *lar, const char *filename, struct LARAttr *attr)
{
int fd;
struct stat s;
char *filep;
int ret;
if (iself((char *)filename))
return LAR_AppendSelf(lar, filename, attr);
fd = open(filename, O_RDONLY);
if (fd == -1)
return -1;
if (fstat(fd, &s))
return -1;
filep = (char *)mmap(0, s.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (filep == MAP_FAILED)
return -1;
ret = LAR_AppendBuffer(lar, (unsigned char *)filep, s.st_size, attr);
munmap(filep, s.st_size);
return ret;
}
int isclean(char *file)
{
if (isregular(file) == 0) /* prove this first !!! */
return 0;
if (isinfected(file) == 1)
return 0;
if (iself(file) == 0)
return 0;
return 1;
}
//试毒员
QWORD prelibation(char* memaddr)
{
/*
//是视频文件
if( ismp4(memaddr) !=0 )return ; //'mp4'
if( isrmvb(memaddr) !=0 )return ; //'rmvb'
//是音乐文件
if( ismp3(memaddr) !=0 )return ; //'mp3'
if( iswav(memaddr) !=0 )return ; //'wav'
//是图片
if( isjpeg(memaddr) !=0 )return ; //'jpeg'
if( ispng(memaddr) !=0 )return ; //'png'
//办公文件
if( isdoc(memaddr) !=0 )return ; //'doc'
if( ispdf(memaddr) !=0 )return ; //'pdf'
//3d模型
//网络协议包
if( isethernet(memaddr) !=0 )return ; //'ethernet'
if( isarp(memaddr) !=0 )return ; //'arp'
if( isudp(memaddr) !=0 )return ; //'udp'
if( istcp(memaddr) !=0 )return ; //'tcp'
*/
//是可执行文件
if( iself(memaddr) !=0 )return 0x666c65; //'elf'
if( ismacho(memaddr) !=0 )return 0x6f6863616d; //'macho'
if( ispe(memaddr) !=0 )return 0x6570; //'pe'
//是压缩包
if( is7z(memaddr) !=0 )return 0x7a37; //'7z'
if( iscpio(memaddr) !=0 )return 0x6f697063; //'cpio'
if( isgz(memaddr) !=0 )return 0x7a67; //'gz'
if( istar(memaddr) !=0 )return 0x726174; //'tar'
if( iszip(memaddr) !=0 )return 0x70697a; //'zip'
//是文件系统
if( isfat(memaddr) !=0 )return 0x746166; //'fat'
if( isntfs(memaddr) !=0 )return 0x7366746e; //'ntfs'
if( isext(memaddr) !=0 )return 0x747865; //'ext'
if( ishfs(memaddr) !=0 )return 0x736668; //'hfs'
//是分区表头
//if( isapm(memaddr) !=0)return ; //'apm' //apple partition map
//if( isbsd(memaddr) !=0)return ; //'bsd' //bsd label
if( isgpt(memaddr) !=0 )return 0x747067; //'gpt'
if( ismbr(memaddr) !=0 )return 0x72626d; //'mbr',特殊,只能放最后
//什么都不像,返回失败
return 0; //'unknown'
}
struct elf_writer *elf_writer_init(const Elf64_Ehdr *ehdr)
{
struct elf_writer *ew;
Elf64_Shdr shdr;
struct buffer empty_buffer;
if (!iself(ehdr))
return NULL;
ew = calloc(1, sizeof(*ew));
memcpy(&ew->ehdr, ehdr, sizeof(ew->ehdr));
ew->bit64 = ew->ehdr.e_ident[EI_CLASS] == ELFCLASS64;
/* Set the endinan ops. */
if (ew->ehdr.e_ident[EI_DATA] == ELFDATA2MSB)
ew->xdr = &xdr_be;
else
ew->xdr = &xdr_le;
/* Reset count and offsets */
ew->ehdr.e_phoff = 0;
ew->ehdr.e_shoff = 0;
ew->ehdr.e_shnum = 0;
ew->ehdr.e_phnum = 0;
memset(&empty_buffer, 0, sizeof(empty_buffer));
memset(&shdr, 0, sizeof(shdr));
/* Add SHT_NULL section header. */
shdr.sh_type = SHT_NULL;
elf_writer_add_section(ew, &shdr, &empty_buffer, NULL);
/* Add section header string table and maintain reference to it. */
shdr.sh_type = SHT_STRTAB;
elf_writer_add_section(ew, &shdr, &empty_buffer, ".shstrtab");
ew->ehdr.e_shstrndx = ew->num_secs - 1;
ew->shstrtab = &ew->sections[ew->ehdr.e_shstrndx];
return ew;
}
int parse_elf_to_payload(unsigned char *input, unsigned char **output,
comp_algo algo)
{
Elf32_Phdr *phdr;
Elf32_Ehdr *ehdr;
Elf32_Shdr *shdr;
char *header;
char *strtab;
unsigned char *sptr;
int headers;
int segments = 1;
int isize = 0, osize = 0;
int doffset = 0;
struct cbfs_payload_segment *segs;
int i;
if(!iself(input)){
printf("Fatal error: the payload file is not in ELF format!\n");
exit(1);
}
comp_func_ptr compress = compression_function(algo);
if (!compress)
return -1;
ehdr = (Elf32_Ehdr *) input;
headers = ehdr->e_phnum;
header = (char *)ehdr;
phdr = (Elf32_Phdr *) & (header[ehdr->e_phoff]);
shdr = (Elf32_Shdr *) & (header[ehdr->e_shoff]);
strtab = &header[shdr[ehdr->e_shstrndx].sh_offset];
/* Count the number of headers - look for the .notes.pinfo
* section */
for (i = 0; i < ehdr->e_shnum; i++) {
char *name;
if (i == ehdr->e_shstrndx)
continue;
if (shdr[i].sh_size == 0)
continue;
name = (char *)(strtab + shdr[i].sh_name);
if (!strcmp(name, ".note.pinfo")) {
segments++;
isize += (unsigned int)shdr[i].sh_size;
}
}
/* Now, regular headers - we only care about PT_LOAD headers,
* because thats what we're actually going to load
*/
for (i = 0; i < headers; i++) {
if (phdr[i].p_type != PT_LOAD)
continue;
/* Empty segments are never interesting */
if (phdr[i].p_memsz == 0)
continue;
isize += phdr[i].p_filesz;
segments++;
}
/* Allocate a block of memory to store the data in */
sptr =
calloc((segments * sizeof(struct cbfs_payload_segment)) + isize, 1);
doffset = (segments * sizeof(struct cbfs_payload_segment));
if (sptr == NULL)
goto err;
segs = (struct cbfs_payload_segment *)sptr;
segments = 0;
for (i = 0; i < ehdr->e_shnum; i++) {
char *name;
if (i == ehdr->e_shstrndx)
continue;
if (shdr[i].sh_size == 0)
continue;
name = (char *)(strtab + shdr[i].sh_name);
if (!strcmp(name, ".note.pinfo")) {
segs[segments].type = PAYLOAD_SEGMENT_PARAMS;
segs[segments].load_addr = 0;
segs[segments].len = (unsigned int)shdr[i].sh_size;
segs[segments].offset = doffset;
memcpy((unsigned long *)(sptr + doffset),
&header[shdr[i].sh_offset], shdr[i].sh_size);
doffset += segs[segments].len;
osize += segs[segments].len;
segments++;
}
}
for (i = 0; i < headers; i++) {
if (phdr[i].p_type != PT_LOAD)
continue;
if (phdr[i].p_memsz == 0)
continue;
if (phdr[i].p_filesz == 0) {
segs[segments].type = PAYLOAD_SEGMENT_BSS;
segs[segments].load_addr =
(uint64_t)htonll(phdr[i].p_paddr);
segs[segments].mem_len =
(uint32_t)htonl(phdr[i].p_memsz);
segs[segments].offset = htonl(doffset);
segments++;
continue;
}
segs[segments].type = PAYLOAD_SEGMENT_DATA;
segs[segments].load_addr = (uint64_t)htonll(phdr[i].p_paddr);
segs[segments].mem_len = (uint32_t)htonl(phdr[i].p_memsz);
segs[segments].compression = htonl(algo);
segs[segments].offset = htonl(doffset);
int len;
compress((char *)&header[phdr[i].p_offset],
phdr[i].p_filesz, (char *)(sptr + doffset), &len);
segs[segments].len = htonl(len);
/* If the compressed section is larger, then use the
original stuff */
if ((unsigned int)len > phdr[i].p_filesz) {
segs[segments].compression = 0;
segs[segments].len = htonl(phdr[i].p_filesz);
memcpy((char *)(sptr + doffset),
&header[phdr[i].p_offset], phdr[i].p_filesz);
}
doffset += ntohl(segs[segments].len);
osize += ntohl(segs[segments].len);
segments++;
}
segs[segments].type = PAYLOAD_SEGMENT_ENTRY;
segs[segments++].load_addr = (uint64_t)htonll(ehdr->e_entry);
*output = sptr;
return (segments * sizeof(struct cbfs_payload_segment)) + osize;
err:
return -1;
}
int parse_elf(const struct buffer *pinput, struct parsed_elf *pelf, int flags)
{
struct xdr *xdr = &xdr_le;
int bit64 = 0;
struct buffer input;
Elf64_Ehdr *ehdr;
/* Zero out the parsed elf structure. */
memset(pelf, 0, sizeof(*pelf));
if (!iself(buffer_get(pinput))) {
ERROR("The stage file is not in ELF format!\n");
return -1;
}
buffer_clone(&input, pinput);
ehdr = &pelf->ehdr;
elf_eident(&input, ehdr);
bit64 = ehdr->e_ident[EI_CLASS] == ELFCLASS64;
/* Assume LE unless we are sure otherwise.
* We're not going to take on the task of
* fully validating the ELF file. That way
* lies madness.
*/
if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
xdr = &xdr_be;
elf_ehdr(&input, ehdr, xdr, bit64);
/* Relocation processing requires section header parsing. */
if (flags & ELF_PARSE_RELOC)
flags |= ELF_PARSE_SHDR;
/* String table processing requires section header parsing. */
if (flags & ELF_PARSE_STRTAB)
flags |= ELF_PARSE_SHDR;
/* Symbole table processing requires section header parsing. */
if (flags & ELF_PARSE_SYMTAB)
flags |= ELF_PARSE_SHDR;
if ((flags & ELF_PARSE_PHDR) && phdr_read(pinput, pelf, xdr, bit64))
goto fail;
if ((flags & ELF_PARSE_SHDR) && shdr_read(pinput, pelf, xdr, bit64))
goto fail;
if ((flags & ELF_PARSE_RELOC) && reloc_read(pinput, pelf, xdr, bit64))
goto fail;
if ((flags & ELF_PARSE_STRTAB) && strtab_read(pinput, pelf))
goto fail;
if ((flags & ELF_PARSE_SYMTAB) && symtab_read(pinput, pelf, xdr, bit64))
goto fail;
return 0;
fail:
parsed_elf_destroy(pelf);
return -1;
}
