void DumpROMImage( PIMAGE_ROM_HEADERS pROMHeader ) { DumpHeader(&pROMHeader->FileHeader); printf("\n"); DumpROMOptionalHeader(&pROMHeader->OptionalHeader); printf("\n"); DumpSectionTable( IMAGE_FIRST_ROM_SECTION(pROMHeader), pROMHeader->FileHeader.NumberOfSections, TRUE); printf("\n"); // Dump COFF symbols out here. Get offsets from the header }
bool DumpDbgFile( MPanelItem *pRoot, PIMAGE_SEPARATE_DEBUG_HEADER pImageSepDbgHeader ) { DumpImageDbgHeader(pRoot, pImageSepDbgHeader); pRoot->printf("\n"); DumpSectionTable( pRoot, (PIMAGE_SECTION_HEADER)(pImageSepDbgHeader+1), pImageSepDbgHeader->NumberOfSections, TRUE); DumpDebugDirectory( pRoot, MakePtr(PIMAGE_DEBUG_DIRECTORY, pImageSepDbgHeader, sizeof(IMAGE_SEPARATE_DEBUG_HEADER) + (pImageSepDbgHeader->NumberOfSections * sizeof(IMAGE_SECTION_HEADER)) + pImageSepDbgHeader->ExportedNamesSize), pImageSepDbgHeader->DebugDirectorySize, (PBYTE)pImageSepDbgHeader); pRoot->printf("\n"); if ( g_pCOFFHeader ) { DumpCOFFHeader( pRoot, g_pCOFFHeader ); pRoot->printf("\n"); g_pCOFFSymbolTable = new COFFSymbolTable( MakePtr( PVOID, g_pCOFFHeader, g_pCOFFHeader->LvaToFirstSymbol), g_pCOFFHeader->NumberOfSymbols ); DumpCOFFSymbolTable( pRoot, g_pCOFFSymbolTable ); delete g_pCOFFSymbolTable; } if ( g_pCVHeader ) { DumpCVSymbolTable( pRoot, (PBYTE)g_pCVHeader, g_pMappedFileBase ); } return true; }
MODULE_HEADERS * ExecPE(char *lpszName) { static void *BaseAddress; IMAGE_DOS_HEADER DosHeader; PIMAGE_SECTION_HEADER pSectionHeaders; PIMAGE_NT_HEADERS pNTHeader; static int nNTHeader; int i,len; int index = nNTHeader; char *bp; int ret; HFILE hFile; bp = lpszName; while(*bp) { *bp = tolower(*bp); bp++; } for(i=0;i<nNTHeader;i++) { if(strcmp(NTModules[i].modulename,lpszName) == 0) { return &NTModules[i]; } } hFile = _lopen(lpszName,READ); if(hFile == -1) { char lpszFileName[256]; strcpy(lpszFileName,dirname); strcat(lpszFileName,"/"); strcat(lpszFileName,lpszName); hFile = _lopen(lpszFileName,READ); if(hFile == -1) { logstr(LF_ERROR,"cannot open file %s\n",lpszFileName); return 0; } } /* read the dos image header first */ ret = _lread(hFile,&DosHeader,sizeof(IMAGE_DOS_HEADER)); if(DosHeader.e_magic == IMAGE_DOS_SIGNATURE) { /* now read in the nt header */ _llseek(hFile,DosHeader.e_lfanew,0); pNTHeader = &NTHeader[nNTHeader]; ret = _lread(hFile,pNTHeader, sizeof(IMAGE_NT_HEADERS)); /* yes, it is a win32 header */ if (pNTHeader->Signature != IMAGE_NT_SIGNATURE) { _lclose(hFile); return 0; } bp = strrchr(lpszName,'/'); if(bp) bp++; else bp = lpszName; BaseAddress = VirtualAlloc( (void *) pNTHeader->OptionalHeader.ImageBase, pNTHeader->OptionalHeader.SizeOfImage, MEM_COMMIT, PAGE_EXECUTE_READWRITE); logstr(lf_console,"Load File: %s %p\n",lpszName,BaseAddress); NTModules[nNTHeader].modulename = bp; NTModules[nNTHeader].pNTHeader = pNTHeader; NTModules[nNTHeader].BaseAddress = BaseAddress; nNTHeader++; if (nNTHeader == 1 && usebuiltins) { NTModules[nNTHeader++].modulename = "user32.dll"; NTModules[nNTHeader++].modulename = "gdi32.dll"; NTModules[nNTHeader++].modulename = "kernel32.dll"; NTModules[nNTHeader++].modulename = "shell32.dll"; NTModules[nNTHeader++].modulename = "comctl32.dll"; NTModules[nNTHeader++].modulename = "comdlg32.dll"; NTModules[nNTHeader++].modulename = "rpcrt4.dll"; NTModules[nNTHeader++].modulename = "advapi32.dll"; } /* show the NT header */ //if (index == 0) DumpHeader(&pNTHeader->FileHeader); /* show the Optional header */ //if (index == 0) DumpOptionalHeader((PIMAGE_OPTIONAL_HEADER) &pNTHeader->OptionalHeader); pSectionHeaders = (PIMAGE_SECTION_HEADER)((void *)BaseAddress + sizeof(IMAGE_NT_HEADERS)); /* now read the section headers */ ret = _lread( hFile, pSectionHeaders, sizeof(IMAGE_SECTION_HEADER)* pNTHeader->FileHeader.NumberOfSections); for(i=0; i < pNTHeader->FileHeader.NumberOfSections; i++) { void *LoadAddress; LoadAddress = RVA(BaseAddress,pSectionHeaders->VirtualAddress); //if (index == 0) { DumpSectionTable( LoadAddress,pSectionHeaders,i); } /* load only non-BSS segments */ if(!(pSectionHeaders->Characteristics & IMAGE_SCN_CNT_UNINITIALIZED_DATA)) { _llseek(hFile,pSectionHeaders->PointerToRawData,SEEK_SET); len = _lread(hFile,(char*) LoadAddress, pSectionHeaders->SizeOfRawData); if( len != pSectionHeaders->SizeOfRawData) { logstr(LF_ERROR,"Failed to load section %x %x\n", i,len); exit(0); } pSectionHeaders++; } /* not needed, memory is zero */ if(strcmp(pSectionHeaders[i].Name, ".bss") == 0) memset((void *)LoadAddress, 0, pSectionHeaders[i].Misc.VirtualSize ? pSectionHeaders[i].Misc.VirtualSize : pSectionHeaders[i].SizeOfRawData); } _lclose(hFile); // we are dependent on other modules, go get and load those //if (index == 0) LoadImportsSection(BaseAddress, pNTHeader,lpszName); if (index == 0) { logstr(lf_header," %32s PE Header BaseAddress\n", "FileName"); for(i=0;i<nNTHeader;i++) { logstr(lf_header,"%.4d: %32s %p %p\n", i, NTModules[i].modulename, NTModules[i].pNTHeader, NTModules[i].BaseAddress); } } if (index == 0) LoadExportsTable(&NTModules[0],pNTHeader,lpszName); if (index == 0) ExecEntryPoint( NTModules[0].BaseAddress, NTModules[0].pNTHeader, lpszName); return &NTModules[index]; } return 0; }