SSIZE_T Object::objectKey( const BYTE *data, SIZE_T len, ObjectKeyType &key ) { SSIZE_T off=0; // Object key len BYTE objectKeyLen = RB(data,off); if (objectKeyLen > 4) { throw std::bad_cast(); } assert(len >= SIZE_T(1+objectKeyLen)); // Object key key = RDW( data, off ); //printf( "[dsmcc::Object] Parsing object key: len=%08lx, key=%08lx\n", len, key ); return off; }
void scan_init() { register char *p ; (void) memset(scan_code, SC_UNEXPECTED, SIZE_T(sizeof(scan_code))) ; for( p = scan_code + '0' ; p <= scan_code + '9' ; p++ ) *p = SC_DIGIT ; scan_code[0] = 0 ; scan_code[ ' ' ] = scan_code['\t'] = scan_code['\f'] = SC_SPACE ; scan_code[ '\r'] = scan_code['\013'] = SC_SPACE ; scan_code[';'] = SC_SEMI_COLON ; scan_code['\n'] = SC_NL ; scan_code['{'] = SC_LBRACE ; scan_code[ '}'] = SC_RBRACE ; scan_code['+'] = SC_PLUS ; scan_code['-'] = SC_MINUS ; scan_code['*'] = SC_MUL ; scan_code['/'] = SC_DIV ; scan_code['%'] = SC_MOD ; scan_code['^'] = SC_POW ; scan_code['('] = SC_LPAREN ; scan_code[')'] = SC_RPAREN ; scan_code['_'] = SC_IDCHAR ; scan_code['='] = SC_EQUAL ; scan_code['#'] = SC_COMMENT ; scan_code['\"'] = SC_DQUOTE ; scan_code[','] = SC_COMMA ; scan_code['!'] = SC_NOT ; scan_code['<'] = SC_LT ; scan_code['>'] = SC_GT ; scan_code['|'] = SC_OR ; scan_code['&'] = SC_AND ; scan_code['?'] = SC_QMARK ; scan_code[':'] = SC_COLON ; scan_code['['] = SC_LBOX ; scan_code[']'] = SC_RBOX ; scan_code['\\'] = SC_ESCAPE ; scan_code['.'] = SC_DOT ; scan_code['~'] = SC_MATCH ; scan_code['$'] = SC_DOLLAR ; for( p = scan_code + 'A' ; p <= scan_code + 'Z' ; p++ ) *p = *(p + 'a' - 'A') = SC_IDCHAR ; }
bool sections_virtual_to_raw(BYTE* payload, SIZE_T payload_size, OUT BYTE* destAddress, OUT SIZE_T *raw_size_ptr) { if (payload == NULL) return false; bool is64b = is64bit(payload); BYTE* payload_nt_hdr = get_nt_hrds(payload); if (payload_nt_hdr == NULL) { printf("Invalid payload: %p\n", payload); return false; } IMAGE_FILE_HEADER *fileHdr = NULL; DWORD hdrsSize = 0; LPVOID secptr = NULL; if (is64b) { IMAGE_NT_HEADERS64* payload_nt_hdr64 = (IMAGE_NT_HEADERS64*) payload_nt_hdr; fileHdr = &(payload_nt_hdr64->FileHeader); hdrsSize = payload_nt_hdr64->OptionalHeader.SizeOfHeaders; secptr = (LPVOID)((ULONGLONG)&(payload_nt_hdr64->OptionalHeader) + fileHdr->SizeOfOptionalHeader); } else { IMAGE_NT_HEADERS32* payload_nt_hdr32 = (IMAGE_NT_HEADERS32*) payload_nt_hdr; fileHdr = &(payload_nt_hdr32->FileHeader); hdrsSize = payload_nt_hdr32->OptionalHeader.SizeOfHeaders; secptr = (LPVOID)((ULONGLONG)&(payload_nt_hdr32->OptionalHeader) + fileHdr->SizeOfOptionalHeader); } if (!validate_ptr(payload, payload_size, payload, hdrsSize)) { return false; } //copy payload's headers: memcpy(destAddress, payload, hdrsSize); //copy all the sections, one by one: printf("Coping sections:\n"); SIZE_T raw_end = 0; for (WORD i = 0; i < fileHdr->NumberOfSections; i++) { PIMAGE_SECTION_HEADER next_sec = (PIMAGE_SECTION_HEADER)((ULONGLONG)secptr + (IMAGE_SIZEOF_SECTION_HEADER * i)); if (!validate_ptr(payload, payload_size, next_sec, IMAGE_SIZEOF_SECTION_HEADER)) { return false; } LPVOID section_mapped = (BYTE*) payload + next_sec->VirtualAddress; LPVOID section_raw_ptr = destAddress + next_sec->PointerToRawData; SIZE_T sec_size = next_sec->SizeOfRawData; raw_end = next_sec->SizeOfRawData + next_sec->PointerToRawData; if (next_sec->VirtualAddress + sec_size >= payload_size) { printf("[!] Virtual section size is out ouf bounds: %lx\n", sec_size); sec_size = SIZE_T(payload_size - next_sec->VirtualAddress); printf("[!] Truncated to maximal size: %lx\n", sec_size); } if (next_sec->VirtualAddress >= payload_size && sec_size != 0) { printf("[-] VirtualAddress of section is out ouf bounds: %lx\n", static_cast<SIZE_T>(next_sec->VirtualAddress)); return false; } if (next_sec->PointerToRawData + sec_size >= payload_size) { printf("[-] Raw section size is out ouf bounds: %lx\n", sec_size); return false; } printf("[+] %s to: %p\n", next_sec->Name, section_raw_ptr); memcpy(section_raw_ptr, section_mapped, sec_size); } if (raw_end > payload_size) raw_end = payload_size; if (raw_size_ptr != NULL) { (*raw_size_ptr) = raw_end; } return true; }