/* Parser */
SgAsmPESectionTable*
SgAsmPESectionTable::parse()
{
SgAsmGenericSection::parse();
SgAsmPEFileHeader *fhdr = dynamic_cast<SgAsmPEFileHeader*>(get_header());
ROSE_ASSERT(fhdr!=NULL);
/* Parse section table and construct section objects, but do not parse the sections yet. */
SgAsmGenericSectionPtrList pending;
const size_t entsize = sizeof(SgAsmPESectionTableEntry::PESectionTableEntry_disk);
for (size_t i=0; i<fhdr->get_e_nsections(); i++) {
SgAsmPESectionTableEntry::PESectionTableEntry_disk disk;
if (entsize!=read_content_local(i * entsize, &disk, entsize, false))
fprintf(stderr, "SgAsmPESectionTable::parse: warning: section table entry %" PRIuPTR " at file offset 0x%08"PRIx64
" extends beyond end of defined section table.\n",
i, get_offset()+i*entsize);
SgAsmPESectionTableEntry *entry = new SgAsmPESectionTableEntry(&disk);
SgAsmPESection *section = NULL;
if (entry->get_name() == ".idata") {
section = new SgAsmPEImportSection(fhdr);
} else {
section = new SgAsmPESection(fhdr);
}
section->init_from_section_table(entry, i+1);
pending.push_back(section);
}
/* Build the memory mapping like the real loader would do. This is the same code used by
* SgAsmExecutableFileFormat::parseBinaryFormat() except we're doing it here early because we need it in the rest of the
* PE parser. */
ROSE_ASSERT(NULL==fhdr->get_loader_map());
BinaryLoader *loader = BinaryLoader::lookup(fhdr); /*no need to clone; we're not changing any settings*/
ROSE_ASSERT(loader!=NULL);
MemoryMap *loader_map = new MemoryMap;
loader->remap(loader_map, fhdr);
fhdr->set_loader_map(loader_map);
/* Parse each section after the loader map is created */
for (size_t i=0; i<pending.size(); i++)
pending[i]->parse();
return this;
}
/* Writes the section table back to disk. */
void
SgAsmPESectionTable::unparse(std::ostream &f) const
{
SgAsmPEFileHeader *fhdr = dynamic_cast<SgAsmPEFileHeader*>(get_header());
ROSE_ASSERT(fhdr != NULL);
SgAsmGenericSectionPtrList sections = fhdr->get_sections()->get_sections();
for (size_t i = 0; i < sections.size(); i++) {
if (sections[i]->get_id()>=0) {
SgAsmPESection *section = isSgAsmPESection(sections[i]);
ROSE_ASSERT(section!=NULL);
/* Write the table entry */
ROSE_ASSERT(section->get_id() > 0); /*ID's are 1-origin in PE*/
size_t slot = section->get_id() - 1;
SgAsmPESectionTableEntry *shdr = section->get_section_entry();
SgAsmPESectionTableEntry::PESectionTableEntry_disk disk;
shdr->encode(&disk);
write(f, slot*sizeof(disk), sizeof disk, &disk);
}
}
}
/* Change size of PE header based on word size */
bool
SgAsmPEFileHeader::reallocate()
{
bool reallocated = SgAsmGenericHeader::reallocate();
/* Resize if necessary */
rose_addr_t need = sizeof(PEFileHeader_disk);
if (4==get_word_size()) {
need += sizeof(PE32OptHeader_disk);
} else if (8==get_word_size()) {
need += sizeof(PE64OptHeader_disk);
} else {
throw FormatError("unsupported PE word size");
}
need += p_rvasize_pairs->get_pairs().size() * sizeof(SgAsmPERVASizePair::RVASizePair_disk);
if (need<get_size()) {
if (is_mapped()) {
ROSE_ASSERT(get_mapped_size()==get_size());
set_mapped_size(need);
}
set_size(need);
reallocated = true;
} else if (need>get_size()) {
get_file()->shift_extend(this, 0, need-get_size(), SgAsmGenericFile::ADDRSP_ALL, SgAsmGenericFile::ELASTIC_HOLE);
reallocated = true;
}
/* Make sure the RVA/Size pairs at the end of the header are consistent with the sections to which they point. Reallocate()
* has already been called recursively for the sections. */
update_rvasize_pairs();
/* Make sure header is consistent with sections. Reallocate() has already been called recursively for the sections.
* Count the number of sections in the table and update the header's e_nsections member. */
if (p_section_table) {
ROSE_ASSERT(p_section_table->get_header()==this);
SgAsmGenericSectionList *all = get_sections();
p_e_nsections = 0;
for (size_t i=0; i<all->get_sections().size(); i++) {
SgAsmPESection *pesec = dynamic_cast<SgAsmPESection*>(all->get_sections()[i]);
if (pesec && pesec->get_section_entry()!=NULL)
p_e_nsections++;
}
rose_addr_t header_size = ALIGN_UP(p_section_table->get_offset() + p_section_table->get_size(),
p_e_file_align>0 ? p_e_file_align : 1);
#if 1
/* The PE Specification regarding e_header_size (known as "SizeOfHeader" on page 14 of "Microsoft Portable Executable
* and Common Object File Format Specification: Revision 8.1 February 15, 2008" is not always followed. We recompute
* it here as being the minimum RVA from all the sections defined in the PE Section Table, but not smaller
* than the value according to the specification. This alternate value is kept if it's already in the parse tree,
* otherwise we use the correct value. (RPM 2008-10-21) */
rose_addr_t min_offset = 0;
for (size_t i=0, nfound=0; i<all->get_sections().size(); i++) {
SgAsmPESection *pesec = dynamic_cast<SgAsmPESection*>(all->get_sections()[i]);
if (pesec && pesec->get_section_entry()!=NULL) {
if (0==nfound++) {
min_offset = pesec->get_offset();
} else {
min_offset = std::min(min_offset, pesec->get_offset() );
}
}
}
rose_addr_t header_size2 = std::max(header_size, min_offset);
if (p_e_header_size==header_size2)
header_size = header_size2;
/* If the original header size was zero then don't change that--leave it at zero. Some tiny executables have a zero
* value here and as a result, since this is near the end of the NT Optional Header, they can truncate the file and
* the loader will fill the optional header with zeros when reading. (RPM 2008-11-11) */
if (p_e_header_size==0)
header_size = 0;
#endif
p_e_header_size = header_size;
}
/* The size of the optional header. If there's a section table then we use its offset to calculate the optional header
* size in order to be compatible with the PE loader. Otherwise use the actual optional header size. */
if (p_section_table) {
ROSE_ASSERT(p_section_table->get_offset() >= get_offset() + sizeof(PEFileHeader_disk));
p_e_nt_hdr_size = p_section_table->get_offset() - (get_offset() + sizeof(PEFileHeader_disk));
} else if (4==get_word_size()) {
p_e_nt_hdr_size = sizeof(PE32OptHeader_disk);
} else if (8==get_word_size()) {
p_e_nt_hdr_size = sizeof(PE64OptHeader_disk);
} else {
throw FormatError("invalid PE word size");
}
/* Update COFF symbol table related data members in the file header */
if (get_coff_symtab()) {
ROSE_ASSERT(get_coff_symtab()->get_header()==this);
set_e_coff_symtab(get_coff_symtab()->get_offset());
set_e_coff_nsyms(get_coff_symtab()->get_nslots());
}
/* Update some additional header fields */
set_e_num_rvasize_pairs(get_rvasize_pairs()->get_pairs().size());
set_e_opt_magic(4==get_word_size() ? 0x010b : 0x020b);
set_e_lmajor((get_exec_format()->get_version() >> 16) & 0xffff);
set_e_lminor(get_exec_format()->get_version() & 0xffff);
/* Adjust the COFF Header's e_nt_hdr_size to accommodate the NT Optional Header in such a way that EXEs from tinype.com
* don't change (i.e., don't increase e_nt_hdr_size if the bytes beyond it are zero anyway, and if they aren't then adjust
* it as little as possible. The RVA/Size pairs are considered to be part of the NT Optional Header. */
size_t oh_size = p_rvasize_pairs->get_pairs().size() * sizeof(SgAsmPERVASizePair::RVASizePair_disk);
size_t rvasize_offset; /*offset with respect to "oh" buffer allocated below*/
if (4==get_word_size()) {
oh_size += sizeof(PE32OptHeader_disk);
} else if (8==get_word_size()) {
oh_size += sizeof(PE64OptHeader_disk);
} else {
throw FormatError("unsupported PE word size");
}
unsigned char *oh = new unsigned char[oh_size];
if (4==get_word_size()) {
encode((PE32OptHeader_disk*)oh);
rvasize_offset = sizeof(PE32OptHeader_disk);
} else if (8==get_word_size()) {
encode((PE64OptHeader_disk*)oh);
rvasize_offset = sizeof(PE64OptHeader_disk);
} else {
delete[] oh;
throw FormatError("unsupported PE word size");
}
while (oh_size>p_e_nt_hdr_size) {
if (0!=oh[oh_size-1]) break;
--oh_size;
}
set_e_nt_hdr_size(oh_size);
return reallocated;
}
