void PETables::setSectionHeaders(unsigned int nsecs, _IMAGE_SECTION_HEADER *ish) { num_sections = nsecs; sections = (_IMAGE_SECTION_HEADER*)malloc(num_sections * sizeof(_IMAGE_SECTION_HEADER)); if (sections == NULL) return; memcpy(sections, ish, num_sections * sizeof(_IMAGE_SECTION_HEADER)); //bss type segments are zero filled by operating system loader for (unsigned short i = 0; i < num_sections; i++) { if (sections[i].SizeOfRawData < sections[i].Misc.VirtualSize) { // if (sections[i].SizeOfRawData == 0 && sections[i].Misc.VirtualSize) { ea_t sbase = sections[i].VirtualAddress + base; segment_t *seg = getseg(sbase); if (seg) { ea_t ea; //zero from end of raw data to end of section for (ea = seg->startEA + sections[i].SizeOfRawData; ea < (seg->endEA - 3); ea += 4) { patch_long(ea, 0); } while (ea < seg->endEA) { patch_byte(ea++, 0); } } } } valid = 1; }
/* * 模式说明 * 1、MODE_ARMOP_Code -> 使用ARM指令修改CODE * 2、MODE_ARMOP_SysCall -> 注释系统调用 */ int Arm_Moudle(int inFlag){ static int Mode_Bit = MODE_ARMOPC32_JMP; static int ModeOption = 0; ea_t _ThisEa = get_screen_ea(); if (inFlag != Flag_Again) if (AskUsingForm_c(ASK_ARM_UI, &ModeOption) == 0) return NULL; if (MODE_ARMOP_Code == ModeOption){ if (inFlag != Flag_Again) if (AskUsingForm_c(ASK_CODE_UI, &Mode_Bit) == 0) return NULL; if (MODE_ARMOPC16_JMP == Mode_Bit){ _ThisEa &= 0xFFFFFFFE; patch_long(_ThisEa, 0xE7FE); } else if (MODE_ARMOPC16_NOP == Mode_Bit){ _ThisEa &= 0xFFFFFFFE; patch_word(_ThisEa, 0xC046); } else if (MODE_ARMOPC32_JMP == Mode_Bit){ _ThisEa &= 0xFFFFFFFC; patch_long(_ThisEa, 0xEAFFFFFE); } else if (MODE_ARMOPC32_NOP == Mode_Bit){ _ThisEa &= 0xFFFFFFFC; patch_long(_ThisEa, 0xE1A00000); } } else if(MODE_ARMOP_SysCall == ModeOption){ //自动获取, ulong Sys_No = get_32bit(get_screen_ea()) & 0xFFF; if (AskUsingForm_c(ASK_SYSCALL_UI, &Sys_No) == 0)return 0; if (SysCall::getName(Sys_No) != NULL){ set_cmt(get_screen_ea(), SysCall::getName(Sys_No), 1); } } return NULL; }