C++ (Cpp) RvaToPtrの例

コード例 #1

0

ファイルを表示

ファイル: PEExport.cpp プロジェクト: 601040605/WProtect

char* CPEExport::GetNameValue(int nIndex)
{
	DWORD dwNameRva=GetName(nIndex);
	if (dwNameRva)
	{
		DWORD dwNameValueRva=*(DWORD*)RvaToPtr(dwNameRva);
		return (char*)RvaToPtr(dwNameValueRva);
	}
	return NULL;
}

コード例 #2

0

ファイルを表示

ファイル: listdlls.c プロジェクト: gahr/fxite

int ListDlls(LPSTR exename, ListDllsCallback cb, void*user_data)
{
  HANDLE fh=INVALID_HANDLE_VALUE;
  HANDLE map=0;
  LPVOID base=NULL;
  LPVOID end=NULL;
  DWORD size=0;
  DWORD sizehi=0;
  PIMAGE_NT_HEADERS nt=NULL;
  PIMAGE_IMPORT_DESCRIPTOR desc=NULL;
  PIMAGE_SECTION_HEADER sect=NULL;
  DWORD imports=0;

  fh = CreateFile(exename,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
  if ( fh == INVALID_HANDLE_VALUE ) { RETURN(LISTDLL_ERR_CANT_OPEN); }

  size=GetFileSize(fh,&sizehi);
  if (sizehi) { RETURN(LISTDLL_ERR_TOO_BIG); }

  map = CreateFileMapping(fh, NULL, PAGE_READONLY, 0, 0, NULL);
  if (!map) { RETURN(LISTDLL_ERR_MAP); }

  base = MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
  if (!base) { RETURN(LISTDLL_ERR_MAPVIEW); }
  end=(char*)base+size;

  if ( ((PIMAGE_DOS_HEADER)base)->e_magic != IMAGE_DOS_SIGNATURE ) { RETURN(LISTDLL_ERR_NOT_EXE); }

  nt = (PIMAGE_NT_HEADERS) ((DWORD)base + ((PIMAGE_DOS_HEADER)base)->e_lfanew);

  if ( (void*)nt > end ) { RETURN(LISTDLL_ERR_BAD_PE); }

  if ( nt->Signature != IMAGE_NT_SIGNATURE ) { RETURN(LISTDLL_ERR_NOT_PE); }

  imports = nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
  if ( (imports==0) || (imports>(DWORD)end) ) { RETURN(LISTDLL_ERR_NO_IMP_SECT); }

  sect = RvaToHdr(base,imports,nt,end);
  if (!sect) { RETURN(LISTDLL_ERR_NO_IMP_HDR); }

  desc = (PIMAGE_IMPORT_DESCRIPTOR) RvaToPtr(base,imports,nt,end);
  if (!desc) { RETURN(LISTDLL_ERR_NO_IMP_DESC); }

  while ( within(base,desc,end) && (desc->TimeDateStamp || desc->Name) )  {
    const char*name=(const char*)RvaToPtr(base,desc->Name,nt,end);
    if (!name) { continue; }
    if (!cb(name,user_data)) { break; }
    desc++;
  }
  RETURN(LISTDLL_SUCCESS);
}

コード例 #3

0

ファイルを表示

ファイル: PEExport.cpp プロジェクト: 601040605/WProtect

DWORD CPEExport::GetFuncValue(int nIndex)
{
	DWORD dwFuncRva=GetFunc(nIndex);
	if (dwFuncRva)
	{
		return *(DWORD*)RvaToPtr(dwFuncRva);
	}
	return NULL;
}

コード例 #4

0

ファイルを表示

ファイル: PEExport.cpp プロジェクト: 601040605/WProtect

WORD CPEExport::GetNameOrdValue(int nIndex)
{
	DWORD dwNameOrdRva=GetNameOrd(nIndex);
	if (dwNameOrdRva)
	{
		return *(WORD*)RvaToPtr(dwNameOrdRva);
	}
	return NULL;
}

コード例 #5

0

ファイルを表示

ファイル: PEFile.cpp プロジェクト: dellsun/PE

void * CPEFile::GetDirectoryEntryToData(unsigned short DirectoryEntry)
{
    DWORD dwDataStartRVA;
    void * pDirData = NULL;
    PIMAGE_NT_HEADERS32 pNth = NULL;
    PIMAGE_OPTIONAL_HEADER32 pOh = NULL;

    pNth = GetNtHeader();
    if (!pNth)
        return NULL;
    dwDataStartRVA = GetDataDirectory(DirectoryEntry)->VirtualAddress;
    if (!dwDataStartRVA)
        return NULL;

    pDirData = RvaToPtr(dwDataStartRVA);
    if (!pDirData)
        return NULL;
    return pDirData;
}

コード例 #6

0

ファイルを表示

ファイル: main.cpp プロジェクト: chubbymaggie/libv

unsigned __stdcall MatchThread(void *pParam)
{
    int FLEN;
    int n = 0, n1, i;
    dbQuery sql;
    ControlFlowGraph *target_cfg;

    db.attach();

    dbCursor<LibM> cursor1;
    int thread_id = (int)pParam;
    instruction_count[thread_id] = 0;
    fn[thread_id] = 0;

    while ((i = GetM()) != -1)
    {
        int startEA = f_info[i].startEA;
        FLEN = f_info[i].len;

        // disasm
        byte *bin = (byte *)RvaToPtr(pImageNtH, stMapFile.ImageBase, startEA - pOH->ImageBase);
        if (bin == NULL)
        {
            continue;
        }

        target_cfg = (ControlFlowGraph *)disasm(bin, FLEN, false, NULL);

        if (target_cfg == NULL || target_cfg->instructions.size() < MIN_INS_LENGTH)
        {
            clean(target_cfg);
            continue;
        }

        fn[thread_id]++;

        instruction_count[thread_id] += target_cfg->instructions.size();
        target_cfg->build();

        {
            sql = "MOV_COUNT<=", target_cfg->MOV_COUNT, " and CTI_COUNT<=", target_cfg->CTI_COUNT, " and ARITHMETIC_COUNT<=", target_cfg->ARITHMETIC_COUNT, " and LOGI_COUNT<=", target_cfg->LOGI_COUNT, " and STRING_COUNT<=", target_cfg->STRING_COUNT, " and ETC_COUNT<=", target_cfg->ETC_COUNT, " and instruction_size<=", target_cfg->instructions.size(), "and block_size<=", target_cfg->bb_len, "order by instruction_size desc";
        }

        n1 = cursor1.select(sql);
        if (n1 == 0)
        {
            clean(target_cfg);
            continue;
        }

        CBitSet lib_info(target_cfg->instructions.size());
        do
        {
            ControlFlowGraph *library_cfg = (ControlFlowGraph *)(cursor1->cfg);


            target_cfg->buildDepGraph(false);
            library_cfg->buildDepGraph(true);

            library_cfg->serialize();
            library_cfg->buildVLibGraph();

            target_cfg->serialize();
            target_cfg->buildVLibGraph();

            //r0[thread_id]++;
            Graph _g(&target_cfg->vlibARGEdit);
            Graph _m(&library_cfg->vlibARGEdit);
            _m.SetNodeComparator(new InstructionComparator3);

            VF2SubState s0(&_m, &_g);
            int d[4];
            d[0] = (int)target_cfg;
            d[1] = startEA;
            d[2] = (int)cursor1->lib_name;
            d[3] = (int)&lib_info;
            Match m(&s0, my_visitor2, &d);
            m.match_serial();
        }
        while (cursor1.next());

        clean(target_cfg);
    }
    db.detach();

    printf("#%d done.\n", thread_id);
    return 0;
}

コード例 #7

0

ファイルを表示

ファイル: main.cpp プロジェクト: chubbymaggie/libv

//
// process thread
//
unsigned __stdcall MatchThreadForFull(void *pParam)
{
    int FLEN;
    int n = 0, n1, i;
    dbQuery sql;
    ControlFlowGraph *target_cfg;

    db.attach();

    dbCursor<LibM> cursor1;
    int thread_id = (int)pParam;
    instruction_count[thread_id] = 0;
    fn[thread_id] = 0;

    while ((i = GetM()) != -1)
    {
        int startEA = f_info[i].startEA;
        FLEN = f_info[i].len;

        // disasm
        byte *bin = (byte *)RvaToPtr(pImageNtH, stMapFile.ImageBase, startEA - pOH->ImageBase);
        if (bin == NULL)
        {
            continue;
        }

        target_cfg = (ControlFlowGraph *)disasm(bin, FLEN, false, NULL);

        if (target_cfg == NULL || target_cfg->instructions.size() < MIN_INS_LENGTH)
        {
            clean(target_cfg);
            continue;
        }

        fn[thread_id]++;

        instruction_count[thread_id] += target_cfg->instructions.size();
        target_cfg->build();

        {
            sql = "MOV_COUNT=", target_cfg->MOV_COUNT, " and CTI_COUNT=", target_cfg->CTI_COUNT, " and ARITHMETIC_COUNT=", target_cfg->ARITHMETIC_COUNT, " and LOGI_COUNT=", target_cfg->LOGI_COUNT, " and STRING_COUNT=", target_cfg->STRING_COUNT, " and ETC_COUNT=", target_cfg->ETC_COUNT, " and instruction_size=", target_cfg->instructions.size(), "and block_size=", target_cfg->bb_len, "order by instruction_size desc";
        }

        n1 = cursor1.select(sql);
        if (n1 == 0)
        {
            clean(target_cfg);
            continue;
        }

        CBitSet lib_info(target_cfg->instructions.size());
        do
        {
            ControlFlowGraph *library_cfg = (ControlFlowGraph *)(cursor1->cfg);

            // BBLR
            bitset<10240> t = target_cfg->bblen_set;
            t.flip();
            t &= library_cfg->bblen_set;
            if (t.any())
            {
                continue;
            }

            target_cfg->buildDepGraph(false);
            library_cfg->buildDepGraph(true);

            //if (bSerialize)
            {
                // rule5: BBSR
                if (!matchBBSF(target_cfg, library_cfg))
                {
                    //r5[thread_id]++;
                    continue;
                }
            }

            library_cfg->serialize();
            library_cfg->buildVLibGraph();

            target_cfg->serialize();
            target_cfg->buildVLibGraph();

            //r0[thread_id]++;
            Graph _g(&target_cfg->vlibARGEdit);
            Graph _m(&library_cfg->vlibARGEdit);
            _m.SetNodeComparator(new InstructionComparator3);

            VF2SubState s0(&_m, &_g);
            Match m(&s0, my_visitor1, &lib_info);
            m.match_par();
            if (m.foundFlg)
            {
                printf("%d\t1\t%X\t%s\n", thread_id, startEA, cursor1->lib_name);
            }
        }
        while (cursor1.next());

        clean(target_cfg);
    }
    db.detach();

    printf("#%d done.\n", thread_id);
    return 0;
}