/**
* Return a ptr on the symbol table
* @param file
* @param num
* @return
*/
void *elfsh_get_symtab(elfshobj_t *file, int *num)
{
elfshsect_t *s;
int strindex;
int index;
int nbr;
PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
/* Sanity checks */
if (file == NULL)
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Invalid NULL parameter", NULL);
else if (NULL == file->sht && NULL == elfsh_get_sht(file, NULL))
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Unable to get SHT", NULL);
if (file->secthash[ELFSH_SECTION_SYMTAB] == NULL)
{
//fprintf(stderr, "Loading symtab for object %s \n", file->name);
/* If symtab is already loaded, return it */
s = elfsh_get_section_by_type(file, SHT_SYMTAB,
0, &index,
&strindex, &nbr);
if (s != NULL)
{
file->secthash[ELFSH_SECTION_SYMTAB] = s;
s->data = elfsh_load_section(file, s->shdr);
if (s->data == NULL)
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Unable to load SYMTAB", NULL);
s->curend = s->shdr->sh_size;
/* Now load the string table */
s = elfsh_get_strtab(file, s->shdr->sh_link);
if (NULL == s)
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Unable to load STRTAB", NULL);
s->parent = file;
}
/*
** Fix 0 lenght syms and STT_SECTION syms
** Create a minimal .symtab if unexistant
*/
elfsh_fixup_symtab(file, &strindex);
//fprintf(stderr, "symtab FIXED for object %s \n", file->name);
}
if (num != NULL)
*num =
file->secthash[ELFSH_SECTION_SYMTAB]->curend / sizeof(elfsh_Sym);
PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__,
(file->secthash[ELFSH_SECTION_SYMTAB]->data));
}
/**
* @brief Display a PHT
* @param phdr
* @param num
* @param base
*/
void revm_pht_print(elfsh_Phdr *phdr, uint16_t num, eresi_Addr base)
{
elfsh_Shdr *shdr;
int shtnum;
int index;
int index2;
char *type;
u_int typenum;
elfshsect_t *list;
regex_t *tmp;
char buff[512];
char warnmsg[256];
char logbuf[BUFSIZ];
int check;
eresi_Addr addr;
eresi_Addr addr_end;
PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
FIRSTREGX(tmp);
/* Primary view (2 modes, depending on the quiet flag) */
for (index = 0; index < num; index++)
{
typenum = elfsh_get_segment_type(phdr + index);
type = (char *) (typenum >= ELFSH_SEGTYPE_MAX ?
revm_display_pdesc(typenum) :
elfsh_seg_type[typenum].desc);
addr = phdr[index].p_vaddr;
addr_end = phdr[index].p_vaddr + phdr[index].p_memsz;
if (elfsh_is_runtime_mode())
{
addr_end += base;
addr += base;
}
/* We check if we have a correct alignment */
check = (addr - phdr[index].p_offset) & (phdr[index].p_align - 1);
if (check != 0)
snprintf(warnmsg, 255, "Wrong alignment (%d)", check);
if (!world.state.revm_quiet)
snprintf(buff, sizeof(buff),
" %s %s -> %s %c%c%c %s%s%s "
"%s%s%s %s%s%s %s%s%s => %s %s\n",
revm_colornumber("[%02u]", index),
revm_coloraddress(XFMT, addr),
revm_coloraddress(XFMT, addr_end),
(elfsh_segment_is_readable(&phdr[index]) ? 'r' : '-'),
(elfsh_segment_is_writable(&phdr[index]) ? 'w' : '-'),
(elfsh_segment_is_executable(&phdr[index]) ? 'x' : '-'),
revm_colorfieldstr("memsz("),
revm_colornumber(UFMT, phdr[index].p_memsz),
revm_colorfieldstr(")"),
revm_colorfieldstr("foffset("),
revm_colornumber(UFMT, phdr[index].p_offset),
revm_colorfieldstr(")"),
revm_colorfieldstr("filesz("),
revm_colornumber(UFMT, phdr[index].p_filesz),
revm_colorfieldstr(")"),
revm_colorfieldstr("align("),
revm_colornumber(UFMT, phdr[index].p_align),
revm_colorfieldstr(")"),
revm_colortypestr(type),
check != 0 ? revm_colorwarn(warnmsg) : ""
);
else
snprintf(buff, sizeof(buff),
" %s %s -> %s %c%c%c %s%s%s "
"%s%s%s %s%s%s\n",
revm_colornumber("[%02u]", index),
revm_coloraddress(XFMT, addr),
revm_coloraddress(XFMT, addr_end),
(elfsh_segment_is_readable(&phdr[index]) ? 'r' : '-'),
(elfsh_segment_is_writable(&phdr[index]) ? 'w' : '-'),
(elfsh_segment_is_executable(&phdr[index]) ? 'x' : '-'),
revm_colorfieldstr("memsz("),
revm_colornumber(UFMT, phdr[index].p_memsz),
revm_colorfieldstr(")"),
revm_colorfieldstr("foffset("),
revm_colornumber(UFMT, phdr[index].p_offset),
revm_colorfieldstr(")"),
revm_colorfieldstr("filesz("),
revm_colornumber(UFMT, phdr[index].p_filesz),
revm_colorfieldstr(")"));
if (!tmp || (tmp && !regexec(tmp, buff, 0, 0, 0)))
revm_output(buff);
revm_endline();
}
snprintf(logbuf, BUFSIZ - 1,
"\n [SHT correlation]"
"\n [Object %s]\n\n", world.curjob->curfile->name);
revm_output(logbuf);
/* Retreive the sht */
if ((shdr = elfsh_get_sht(world.curjob->curfile, &shtnum)) == 0)
PROFILER_OUT(__FILE__, __FUNCTION__, __LINE__);
snprintf(logbuf, BUFSIZ - 1, " [*] SHT %s \n",
(world.curjob->curfile->shtrb ?
"has been rebuilt \n" :
"is not stripped \n"));
revm_output(logbuf);
/* Alternate View */
for (index = 0; index < num; index++, index2 = 0)
{
typenum = elfsh_get_segment_type(phdr + index);
type = (char *) (typenum >= ELFSH_SEGTYPE_MAX ?
revm_display_pname(typenum) :
elfsh_seg_type[typenum].name);
snprintf(logbuf, BUFSIZ - 1, " %s %s \t",
revm_colornumber("[%02u]", index),
revm_colortypestr_fmt("%-10s", type));
revm_output(logbuf);
revm_endline();
/* In SHT */
for (index2 = 0, list = world.curjob->curfile->sectlist;
list; list = list->next)
if (elfsh_segment_is_parent(list, phdr + index))
{
index2++;
snprintf(logbuf, BUFSIZ - 1, "%s%s ",
(list->shdr->sh_offset + list->shdr->sh_size >
phdr[index].p_offset + phdr[index].p_filesz ? "|" : ""),
revm_colorstr(elfsh_get_section_name(world.curjob->curfile, list)));
revm_output(logbuf);
revm_endline();
}
/* In RSHT */
for (index2 = 0, list = world.curjob->curfile->rsectlist;
list; list = list->next)
if (elfsh_segment_is_parent(list, phdr + index))
{
index2++;
snprintf(logbuf, BUFSIZ - 1, "%s%s ",
(list->shdr->sh_addr + list->shdr->sh_size >
phdr[index].p_vaddr + phdr[index].p_memsz ? "|" : ""),
revm_colorstr(elfsh_get_section_name(world.curjob->curfile, list)));
revm_output(logbuf);
revm_endline();
}
revm_output("\n");
}
PROFILER_OUT(__FILE__, __FUNCTION__, __LINE__);
}
/**
* Load all the part of the binary.
* This function should not be used by e2dbg
* @param file
* @return
*/
int elfsh_read_obj(elfshobj_t *file)
{
elfshsect_t *actual;
int index;
PROFILER_IN(__FILE__, __FUNCTION__, __LINE__);
if (file->read)
PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
if (file->sht == NULL && NULL == elfsh_get_sht(file, NULL))
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Unable to grab SHT", -1);
if (NULL == elfsh_get_pht(file, NULL) && file->hdr->e_type != ET_REL)
PROFILER_ERR(__FILE__, __FUNCTION__, __LINE__,
"Unable to grab PHT", -1);
#if __DEBUG_MAP__
puts("[DEBUG:read_obj] Loading all known typed sections\n");
#endif
/* Fill multiple relocation sections */
for (index = 0; NULL !=
(actual = elfsh_get_reloc(file, index, NULL));
index++);
/*
** Load sections placed after symtab
** Added for Solaris
*/
elfsh_get_comments(file);
elfsh_get_dwarf(file);
elfsh_get_stab(file, NULL);
if (file->hdr->e_type == ET_CORE)
{
elfsh_get_core_notes(file);
goto out;
}
/*
** We cannot use simply elfsh_get_anonymous_section() here
** because the object's section hash ptrs would not be filled.
*/
elfsh_get_symtab(file, NULL);
/* Fixup stuffs in the SHT */
elfsh_fixup(file);
elfsh_get_dynsymtab(file, NULL);
elfsh_get_stab(file, NULL);
elfsh_get_dynamic(file, NULL);
elfsh_get_ctors(file, NULL);
elfsh_get_dtors(file, NULL);
elfsh_get_got(file, NULL);
elfsh_get_interp(file);
elfsh_get_versymtab(file, NULL);
elfsh_get_verneedtab(file, NULL);
elfsh_get_verdeftab(file, NULL);
elfsh_get_hashtable(file, NULL);
//elfsh_get_comments(file);
elfsh_get_plt(file, NULL);
/* Fill the multiple notes sections */
for (index = 0; NULL != elfsh_get_notes(file, index); index++);
/* Loop on the section header table and load all unknown-typed sections */
for (actual = file->sectlist; actual; actual = actual->next)
{
/* Fix first section size */
if (actual->shdr->sh_size == 0 && actual->next &&
actual->next->shdr->sh_offset != actual->shdr->sh_offset &&
actual->next->shdr->sh_addr != actual->shdr->sh_addr)
actual->shdr->sh_size =
actual->next->shdr->sh_offset - actual->shdr->sh_offset;
/* If the section data has to be loaded, load it */
/* In case of bss, only load if BSS data is inserted in the file */
if (actual->data == NULL && actual->shdr->sh_size)
{
if ((actual->shdr->sh_type == SHT_NOBITS &&
actual->shdr->sh_offset == actual->next->shdr->sh_offset) ||
(actual->next != NULL && actual->next->shdr->sh_offset == actual->shdr->sh_offset))
continue;
#if __DEBUG_MAP__
printf("[LIBELFSH] Loading anonymous section %15s \n",
elfsh_get_section_name(file, actual));
#endif
elfsh_get_anonymous_section(file, actual);
}
}
/* Fixup various symbols like dynamic ones that are NULL */
/* Non fatal error */
if (file->secthash[ELFSH_SECTION_DYNSYM])
elfsh_fixup_dynsymtab(file->secthash[ELFSH_SECTION_DYNSYM]);
out:
/* We close the file descriptor after file mapping so we can open more files */
if (file->fd >= 0) {
#if __DEBUG_MAP__
printf("[LIBELFSH] Closing descriptor %d \n",
file->fd);
#endif
XCLOSE(file->fd, -1);
/* neutralize file descriptor */
file->fd = -1;
}
PROFILER_ROUT(__FILE__, __FUNCTION__, __LINE__, 0);
}
