unsigned char* IntelCoffFile::getAddrPtr(ADDRESS a, ADDRESS range)
{
for ( int iSection = 0; iSection < m_iNumSections; iSection++ )
{
PSectionInfo psi = GetSectionInfo(iSection);
if ( a >= psi->uNativeAddr && (a+range) < (psi->uNativeAddr + psi->uSectionSize) )
{
return (unsigned char*)(psi->uHostAddr + (a-psi->uNativeAddr));
}
}
return 0;
}
ULONG_PTR SearchIATEnd(ULONG_PTR BaseAddress, ULONG_PTR SearchStart)
{
DWORD VirtualAddr;
DWORD VirtualSize;
ULONG_PTR SectionEnd;
DWORD dwBlankSpace = 0;
VirtualAddr = (DWORD)GetSectionInfo(BaseAddress, SearchStart - BaseAddress, SEC_VIRT_ADDR);
if (VirtualAddr == 0) {
DbgMsg("[-] SearchIATStart - GetSectionInfo failed\n");
return 0;
}
VirtualSize = (DWORD)GetSectionInfo(BaseAddress, SearchStart - BaseAddress, SEC_VIRT_SIZE);
if (VirtualSize == 0) {
DbgMsg("[-] SearchIATStart - GetSectionInfo failed\n");
return 0;
}
SectionEnd = VirtualAddr + BaseAddress + VirtualSize;
while (SearchStart < SectionEnd) {
if (dwBlankSpace == 2)
break;
SearchStart = SearchStart + SIZE_IMPORT_ENTRY;
if (!IsBadReadMemory((PVOID)SearchStart, SIZE_IMPORT_ENTRY)) {
if (IsBadReadMemory(*(PVOID*)SearchStart, SIZE_IMPORT_ENTRY)) {
dwBlankSpace += 1;
continue;
}
dwBlankSpace = 0;
}
else {
break;
}
}
if (SearchStart == SectionEnd)
return SearchStart;
return SearchStart - (SIZE_IMPORT_ENTRY * 2);
}
void vmsDownloadMgrEx::GetSplittedSectionsList(std::vector <vmsSectionInfo> &v)
{
try
{
std::vector <vmsSectionInfo> vBtSects;
if (m_spBtMgr)
m_spBtMgr->GetSectionsInfo (vBtSects);
v.clear ();
size_t num = GetNumberOfSections ();
vmsSectionInfo *sectLast = NULL;
for (size_t i = 0; i < num; i++)
{
vmsSectionInfo sect;
if (m_spBtMgr)
sect = vBtSects [i];
else
GetSectionInfo (i, §);
if (sectLast != NULL &&
(sectLast->uDCurrent == sect.uDStart || sectLast->uDCurrent+1 == sect.uDStart))
{
sectLast->uDEnd = sect.uDEnd;
sectLast->uDCurrent = sect.uDCurrent;
}
else
{
v.push_back (sect);
std::vector <vmsSectionInfo>::iterator itLastSect = v.end () - 1;
sectLast = &(*itLastSect);
}
}
}
catch (const std::exception& ex)
{
ASSERT (FALSE);
vmsLogger::WriteLog(_T("vmsDownloadMgrEx::GetSplittedSectionsList ") + tstringFromString(ex.what()));
v.clear ();
}
catch (...)
{
ASSERT (FALSE);
vmsLogger::WriteLog(_T("vmsDownloadMgrEx::GetSplittedSectionsList unknown exception"));
v.clear ();
}
}
void CMarmaladeMainOptionsHolder::SetExpertMode(bool bExpert)
{
const int count = GetSectionCount();
for (int i = 0; i < count; i++)
{
const SECTION_RECORD* pRec = GetSectionInfo(i);
if (NULL == pRec)
continue;
CMarmaladeSettingsSection* pSection = dynamic_cast<CMarmaladeSettingsSection*>(pRec->pSection);
if (NULL != pSection)
{
if (pSection->IsDetailed())
{
ShowSection(i, bExpert);
}
else
{
ShowSection(i, !bExpert);
}
}
}
}
BOOL SearchAutoIAT(ULONG_PTR BaseAddress, ULONG_PTR SearchStart, DWORD SearchSize)
{
PBYTE pActual;
ULONG_PTR Addr;
ULONG_PTR DestAddr;
ULONG_PTR IATStart;
ULONG_PTR IATEnd;
for (pActual = (PBYTE)SearchStart; pActual < (PBYTE)(SearchStart + SearchSize - 1); pActual++) {
#ifdef _WIN64
if ((pActual[0] == 0xFF) && ((pActual[1] == 0x25) || (pActual[1] == 0x15) || (pActual[1] == 0x35))) {
/*
call qword ptr[rip+delta]
jmp qword ptr[rip+delta]
push qword ptr[rip+delta]
*/
Addr = *(PDWORD)(pActual + 2) + (ULONG_PTR)pActual + 6;
#else
if ((pActual[0] == 0xFF) && ((pActual[1] == 0x25) || (pActual[1] == 0x15))) {
Addr = *(PDWORD)(pActual + 2);
#endif
if ((!IsBadReadMemory((PVOID)Addr, sizeof (ULONG_PTR))) && (!IsBadReadMemory((PVOID)*(PULONG_PTR)Addr, sizeof (ULONG_PTR)))) {
DestAddr = *(PULONG_PTR)Addr;
if (IsAnExport(DestAddr) == TRUE) {
DisasOne(pActual, (ULONG_PTR)pActual, NULL);
IATStart = SearchIATStart(BaseAddress, Addr);
DbgMsg("[+] IATStart : "HEX_FORMAT"\n", IATStart);
IATEnd = SearchIATEnd(BaseAddress, Addr);
DbgMsg("[+] IATEnd : "HEX_FORMAT"\n", IATEnd);
DbgMsg("[+] windbg : dps "HEX_FORMAT" L((("HEX_FORMAT" - "HEX_FORMAT") / %d) + 1)\n", IATStart, IATEnd, IATStart, sizeof (ULONG_PTR));
pinfo.Importer.StartIATRVA = (IATStart - BaseAddress);
BuildNewImport(IATStart, IATEnd);
//DebugBreak();
break;
}
}
}
}
return TRUE;
}
ULONG_PTR SearchIATStart(ULONG_PTR BaseAddress, ULONG_PTR SearchStart)
{
DWORD VirtualAddr;
ULONG_PTR SectionStart;
DWORD dwBlankSpace = 0;
VirtualAddr = (DWORD)GetSectionInfo(BaseAddress, SearchStart - BaseAddress, SEC_VIRT_ADDR);
if (VirtualAddr == 0) {
DbgMsg("[-] SearchIATStart - GetSectionInfo failed\n");
return 0;
}
SectionStart = VirtualAddr + BaseAddress;
while (SearchStart > SectionStart) {
if (dwBlankSpace == 2)
break;
SearchStart = SearchStart - SIZE_IMPORT_ENTRY;
if (!IsBadReadMemory((PVOID)SearchStart, SIZE_IMPORT_ENTRY)) {
if (IsBadReadMemory(*(PVOID*)SearchStart, SIZE_IMPORT_ENTRY)) {
dwBlankSpace += 1;
continue;
}
dwBlankSpace = 0;
}
else {
break;
}
}
if (SearchStart == SectionStart)
return SearchStart;
return SearchStart + (SIZE_IMPORT_ENTRY * 2);
}
bool IntelCoffFile::RealLoad(const char *sName)
{
printf("IntelCoffFile::RealLoad('%s') called\n", sName);
m_pFilename = sName;
m_fd = open (sName, O_RDWR);
if (m_fd == -1) return 0;
printf("IntelCoffFile opened successful.\n");
if ( sizeof m_Header != read(m_fd, &m_Header, sizeof m_Header) )
return false;
printf("Read COFF header\n");
// Skip the optional header, if present
if ( m_Header.coff_opthead_size )
{
printf("Skipping optional header of %d bytes.\n", (int)m_Header.coff_opthead_size);
if ( (off_t)-1 == lseek(m_fd, m_Header.coff_opthead_size, SEEK_CUR) )
return false;
}
struct struc_coff_sect *psh = (struct struc_coff_sect *)malloc(sizeof *psh * m_Header.coff_sections);
if ( !psh )
return false;
if ( static_cast<signed long>(sizeof *psh * m_Header.coff_sections) != read(m_fd, psh, sizeof *psh * m_Header.coff_sections) )
{
free(psh);
return false;
}
for ( int iSection = 0; iSection < m_Header.coff_sections; iSection++ )
{
// assert(0 == psh[iSection].sch_virtaddr);
// assert(0 == psh[iSection].sch_physaddr);
char sectname[sizeof psh->sch_sectname + 1];
strncpy(sectname, psh[iSection].sch_sectname, sizeof psh->sch_sectname);
sectname[sizeof psh->sch_sectname] = '\0';
PSectionInfo psi = NULL;
int sidx = GetSectionIndexByName(sectname);
if ( -1 == sidx )
{
SectionInfo si;
si.bCode = 0 != (psh[iSection].sch_flags & 0x20);
si.bData = 0 != (psh[iSection].sch_flags & 0x40);
si.bBss = 0 != (psh[iSection].sch_flags & 0x80);
si.bReadOnly = 0 != (psh[iSection].sch_flags & 0x1000);
si.pSectionName = strdup(sectname);
sidx = m_iNumSections;
psi = AddSection(&si);
}
else
{
psi = GetSectionInfo(sidx);
}
psh[iSection].sch_virtaddr = psi->uSectionSize;
psh[iSection].sch_physaddr = sidx;
psi->uSectionSize += psh[iSection].sch_sectsize;
}
printf("Loaded %d section headers\n", (int)m_Header.coff_sections);
ADDRESS a = 0x40000000;
for ( int sidx = 0; sidx < m_iNumSections; sidx++ )
{
PSectionInfo psi = GetSectionInfo(sidx);
if ( psi->uSectionSize > 0 )
{
void *pData = malloc(psi->uSectionSize);
if ( !pData )
return false;
psi->uHostAddr = (ADDRESS)pData;
psi->uNativeAddr = a;
a += psi->uSectionSize;
}
}
printf("Allocated %d segments. a=%08x", m_iNumSections, a);
for ( int iSection = 0; iSection < m_Header.coff_sections; iSection++ )
{
printf("Loading section %d of %hd\n", iSection+1, m_Header.coff_sections);
PSectionInfo psi = GetSectionInfo(psh[iSection].sch_physaddr);
if ( (off_t)psh[iSection].sch_sectptr != lseek(m_fd, (off_t)psh[iSection].sch_sectptr, SEEK_SET) )
return false;
char *pData = (char*)psi->uHostAddr + psh[iSection].sch_virtaddr;
if ( !(psh[iSection].sch_flags & 0x80) )
{
if ( static_cast<signed long>(psh[iSection].sch_sectsize) != read(m_fd, pData, psh[iSection].sch_sectsize) )
return false;
}
}
// Load the symbol table
printf("Load symbol table\n");
if ( static_cast<signed long>(m_Header.coff_symtab_ofs) != lseek(m_fd, m_Header.coff_symtab_ofs, SEEK_SET) )
return false;
struct coff_symbol *pSymbols = (struct coff_symbol *)malloc(m_Header.coff_num_syment * sizeof (struct coff_symbol));
if ( !pSymbols )
return false;
if ( static_cast<signed long>(m_Header.coff_num_syment * sizeof (struct coff_symbol)) != read(m_fd, pSymbols, m_Header.coff_num_syment * sizeof (struct coff_symbol)) )
return false;
// TODO: Groesse des Abschnittes vorher bestimmen
char *pStrings = (char*)malloc(0x8000);
read(m_fd, pStrings, 0x8000);
// Run the symbol table
ADDRESS fakeForImport = (ADDRESS)0xfffe0000;
printf("Size of one symbol: %u\n", sizeof pSymbols[0]);
for (unsigned int iSym = 0; iSym < m_Header.coff_num_syment; iSym += pSymbols[iSym].csym_numaux+1)
{
char tmp_name[9]; tmp_name[8] = 0;
char* name = tmp_name;
if ( pSymbols[iSym].csym_zeros == 0 )
{
// TODO: the symbol is found in a string table behind the symbol table at offset csym_offset
// snprintf(tmp_name, 8, "n%07lx", pSymbols[iSym].csym_offset);
name = pStrings + pSymbols[iSym].csym_offset;
}
else
memcpy(tmp_name, pSymbols[iSym].csym_name, 8);
if ( !(pSymbols[iSym].csym_loadclass & 0x60) && (pSymbols[iSym].csym_sectnum <= m_Header.coff_sections) )
{
if ( pSymbols[iSym].csym_sectnum > 0 )
{
PSectionInfo psi = GetSectionInfo(psh[pSymbols[iSym].csym_sectnum-1].sch_physaddr);
pSymbols[iSym].csym_value += psh[pSymbols[iSym].csym_sectnum-1].sch_virtaddr + psi->uNativeAddr;
if ( strcmp(name, ".strip.") )
m_Symbols.Add(pSymbols[iSym].csym_value, name);
if ( pSymbols[iSym].csym_type & 0x20 && psi->bCode )
{
PSectionInfo si = new SectionInfo();
*si = *psi;
si->uNativeAddr = pSymbols[iSym].csym_value;
si->uHostAddr = psi->uHostAddr + psh[pSymbols[iSym].csym_sectnum-1].sch_virtaddr;
// si->uSectionSize -= pSymbols[iSym].csym_value - psi->uNativeAddr;
// si->uSectionSize = 1;
si->uSectionSize = 0x10000;
m_EntryPoints.push_back(si);
// printf("Made '%s' an entry point.\n", name);
}
}
else
{
if ( pSymbols[iSym].csym_type & 0x20 )
{
pSymbols[iSym].csym_value = fakeForImport; // TODO: external reference
fakeForImport -= 0x10000;
m_Symbols.Add(pSymbols[iSym].csym_value, name);
}
else if ( pSymbols[iSym].csym_value != 0 )
assert(false); // pSymbols[iSym].csym_value = ield_1C->SetName(var_8, 0, this, field_4[var_4].csym_value);
else
{
pSymbols[iSym].csym_value = fakeForImport; // TODO: external reference
fakeForImport -= 0x10000;
m_Symbols.Add(pSymbols[iSym].csym_value, name);
}
}
}
printf("Symbol %d: %s %08lx\n", iSym, name, pSymbols[iSym].csym_value);
}
for ( int iSection = 0; iSection < m_Header.coff_sections; iSection++ )
{
// printf("Relocating section %d of %hd\n", iSection+1, m_Header.coff_sections);
PSectionInfo psi = GetSectionInfo(psh[iSection].sch_physaddr);
char *pData = (char*)psi->uHostAddr + psh[iSection].sch_virtaddr;
if ( !psh[iSection].sch_nreloc ) continue;
//printf("Relocation table at %08lx\n", psh[iSection].sch_relptr);
if (static_cast<signed long>(psh[iSection].sch_relptr) != lseek(m_fd, psh[iSection].sch_relptr, SEEK_SET) )
return false;
struct struct_coff_rel *pRel = (struct struct_coff_rel *)malloc(sizeof (struct struct_coff_rel) * psh[iSection].sch_nreloc);
if ( !pRel )
return false;
if (static_cast<signed long>(sizeof (struct struct_coff_rel) * psh[iSection].sch_nreloc) != read(m_fd, pRel, sizeof (struct struct_coff_rel) * psh[iSection].sch_nreloc) )
return false;
for ( int iReloc = 0; iReloc < psh[iSection].sch_nreloc; iReloc++ )
{
struct struct_coff_rel *tRel = pRel + iReloc;
struct coff_symbol* pSym = pSymbols+tRel->r_symndx;
ulong *pPatch = (ulong*)(pData + tRel->r_vaddr);
//printf("Relocating at %08lx: type %d, dest %08lx\n", tRel->r_vaddr + psi->uNativeAddr + psh[iSection].sch_virtaddr, (int)tRel->r_type, pSym->csym_value);
switch ( tRel->r_type )
{
case RELOC_ADDR32:
case RELOC_ADDR32+1:
// TODO: Handle external references
//printf("Relocating at %08lx absulute to %08lx\n", tRel->r_vaddr + psi->uNativeAddr + psh[iSection].sch_virtaddr, pSym->csym_value);
*pPatch += pSym->csym_value;
m_Relocations.push_back(tRel->r_vaddr);
break;
case RELOC_REL32:
// TODO: Handle external references
//printf("Relocating at %08lx relative to %08lx\n", tRel->r_vaddr + psi->uNativeAddr + psh[iSection].sch_virtaddr, pSym->csym_value);
//printf("Value before relocation: %08lx\n", *pPatch);
*pPatch += pSym->csym_value - (unsigned long)(tRel->r_vaddr + psi->uNativeAddr + psh[iSection].sch_virtaddr + 4);
//printf("Value after relocation: %08lx\n", *pPatch);
m_Relocations.push_back(tRel->r_vaddr);
break;
}
}
free(pRel);
/*
if ( iSection == 0 )
{
for ( int i = 0; i < psh[iSection].sch_sectsize ; i += 8 )
{
printf("%08x", i);
for ( int j=0; j < 8; j++ )
printf(" %02x", pData[i+j] & 0xff);
printf("\n");
}
}
*/
}
// TODO: Perform relocation
// TODO: Define symbols (internal, exported, imported)
return true;
}
