void DumpROMImage( PIMAGE_ROM_HEADERS pROMHeader )
{
DumpHeader(&pROMHeader->FileHeader);
printf("\n");
DumpROMOptionalHeader(&pROMHeader->OptionalHeader);
printf("\n");
DumpSectionTable( IMAGE_FIRST_ROM_SECTION(pROMHeader),
pROMHeader->FileHeader.NumberOfSections, TRUE);
printf("\n");
// Dump COFF symbols out here. Get offsets from the header
}
bool DumpDbgFile( MPanelItem *pRoot, PIMAGE_SEPARATE_DEBUG_HEADER pImageSepDbgHeader )
{
DumpImageDbgHeader(pRoot, pImageSepDbgHeader);
pRoot->printf("\n");
DumpSectionTable( pRoot, (PIMAGE_SECTION_HEADER)(pImageSepDbgHeader+1),
pImageSepDbgHeader->NumberOfSections, TRUE);
DumpDebugDirectory(
pRoot, MakePtr(PIMAGE_DEBUG_DIRECTORY,
pImageSepDbgHeader, sizeof(IMAGE_SEPARATE_DEBUG_HEADER) +
(pImageSepDbgHeader->NumberOfSections * sizeof(IMAGE_SECTION_HEADER))
+ pImageSepDbgHeader->ExportedNamesSize),
pImageSepDbgHeader->DebugDirectorySize,
(PBYTE)pImageSepDbgHeader);
pRoot->printf("\n");
if ( g_pCOFFHeader )
{
DumpCOFFHeader( pRoot, g_pCOFFHeader );
pRoot->printf("\n");
g_pCOFFSymbolTable = new COFFSymbolTable(
MakePtr( PVOID, g_pCOFFHeader, g_pCOFFHeader->LvaToFirstSymbol),
g_pCOFFHeader->NumberOfSymbols );
DumpCOFFSymbolTable( pRoot, g_pCOFFSymbolTable );
delete g_pCOFFSymbolTable;
}
if ( g_pCVHeader )
{
DumpCVSymbolTable( pRoot, (PBYTE)g_pCVHeader, g_pMappedFileBase );
}
return true;
}
MODULE_HEADERS *
ExecPE(char *lpszName)
{
static void *BaseAddress;
IMAGE_DOS_HEADER DosHeader;
PIMAGE_SECTION_HEADER pSectionHeaders;
PIMAGE_NT_HEADERS pNTHeader;
static int nNTHeader;
int i,len;
int index = nNTHeader;
char *bp;
int ret;
HFILE hFile;
bp = lpszName;
while(*bp) {
*bp = tolower(*bp);
bp++;
}
for(i=0;i<nNTHeader;i++) {
if(strcmp(NTModules[i].modulename,lpszName) == 0) {
return &NTModules[i];
}
}
hFile = _lopen(lpszName,READ);
if(hFile == -1) {
char lpszFileName[256];
strcpy(lpszFileName,dirname);
strcat(lpszFileName,"/");
strcat(lpszFileName,lpszName);
hFile = _lopen(lpszFileName,READ);
if(hFile == -1) {
logstr(LF_ERROR,"cannot open file %s\n",lpszFileName);
return 0;
}
}
/* read the dos image header first */
ret = _lread(hFile,&DosHeader,sizeof(IMAGE_DOS_HEADER));
if(DosHeader.e_magic == IMAGE_DOS_SIGNATURE) {
/* now read in the nt header */
_llseek(hFile,DosHeader.e_lfanew,0);
pNTHeader = &NTHeader[nNTHeader];
ret = _lread(hFile,pNTHeader, sizeof(IMAGE_NT_HEADERS));
/* yes, it is a win32 header */
if (pNTHeader->Signature != IMAGE_NT_SIGNATURE) {
_lclose(hFile);
return 0;
}
bp = strrchr(lpszName,'/');
if(bp)
bp++;
else
bp = lpszName;
BaseAddress = VirtualAlloc(
(void *) pNTHeader->OptionalHeader.ImageBase,
pNTHeader->OptionalHeader.SizeOfImage,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE);
logstr(lf_console,"Load File: %s %p\n",lpszName,BaseAddress);
NTModules[nNTHeader].modulename = bp;
NTModules[nNTHeader].pNTHeader = pNTHeader;
NTModules[nNTHeader].BaseAddress = BaseAddress;
nNTHeader++;
if (nNTHeader == 1 && usebuiltins) {
NTModules[nNTHeader++].modulename = "user32.dll";
NTModules[nNTHeader++].modulename = "gdi32.dll";
NTModules[nNTHeader++].modulename = "kernel32.dll";
NTModules[nNTHeader++].modulename = "shell32.dll";
NTModules[nNTHeader++].modulename = "comctl32.dll";
NTModules[nNTHeader++].modulename = "comdlg32.dll";
NTModules[nNTHeader++].modulename = "rpcrt4.dll";
NTModules[nNTHeader++].modulename = "advapi32.dll";
}
/* show the NT header */
//if (index == 0)
DumpHeader(&pNTHeader->FileHeader);
/* show the Optional header */
//if (index == 0)
DumpOptionalHeader((PIMAGE_OPTIONAL_HEADER)
&pNTHeader->OptionalHeader);
pSectionHeaders = (PIMAGE_SECTION_HEADER)((void *)BaseAddress + sizeof(IMAGE_NT_HEADERS));
/* now read the section headers */
ret = _lread( hFile, pSectionHeaders, sizeof(IMAGE_SECTION_HEADER)*
pNTHeader->FileHeader.NumberOfSections);
for(i=0; i < pNTHeader->FileHeader.NumberOfSections; i++) {
void *LoadAddress;
LoadAddress =
RVA(BaseAddress,pSectionHeaders->VirtualAddress);
//if (index == 0)
{
DumpSectionTable( LoadAddress,pSectionHeaders,i);
}
/* load only non-BSS segments */
if(!(pSectionHeaders->Characteristics &
IMAGE_SCN_CNT_UNINITIALIZED_DATA))
{
_llseek(hFile,pSectionHeaders->PointerToRawData,SEEK_SET);
len = _lread(hFile,(char*) LoadAddress,
pSectionHeaders->SizeOfRawData);
if( len != pSectionHeaders->SizeOfRawData)
{
logstr(LF_ERROR,"Failed to load section %x %x\n", i,len);
exit(0);
}
pSectionHeaders++;
}
/* not needed, memory is zero */
if(strcmp(pSectionHeaders[i].Name, ".bss") == 0)
memset((void *)LoadAddress, 0,
pSectionHeaders[i].Misc.VirtualSize ?
pSectionHeaders[i].Misc.VirtualSize :
pSectionHeaders[i].SizeOfRawData);
}
_lclose(hFile);
// we are dependent on other modules, go get and load those
//if (index == 0)
LoadImportsSection(BaseAddress, pNTHeader,lpszName);
if (index == 0)
{
logstr(lf_header," %32s PE Header BaseAddress\n",
"FileName");
for(i=0;i<nNTHeader;i++) {
logstr(lf_header,"%.4d: %32s %p %p\n",
i,
NTModules[i].modulename,
NTModules[i].pNTHeader,
NTModules[i].BaseAddress);
}
}
if (index == 0)
LoadExportsTable(&NTModules[0],pNTHeader,lpszName);
if (index == 0)
ExecEntryPoint(
NTModules[0].BaseAddress,
NTModules[0].pNTHeader,
lpszName);
return &NTModules[index];
}
return 0;
}
