예제 #1
0
void
VirtualTableSection::printOutVirtualFunctionTableInformation ( VirtualFunctionTableAddress vTableAddress )
{
    ROSE_ASSERT(virtualFunctionTable != NULL);
    size_t section_address_base  = virtualFunctionTable->get_mapped_preferred_rva();
    size_t offset                = vTableAddress - section_address_base;
    size_t size                  = virtualFunctionTable->get_size();

    ROSE_ASSERT(offset < size);

    printf ("In printOutVirtualFunctionTableInformation(%p): offset = %p (size = %p) \n",(void*)vTableAddress,(void*)offset,(void*)size);

    printf ("START -- Virtual function table: \n");

    SgAsmGenericHeader *hdr = virtualFunctionTable->get_header();
    SgAsmGenericFormat::ByteOrder sex = hdr->get_sex();
    size_t wordsize = hdr->get_word_size();
    size_t virtualTableSize = (size-offset) / wordsize;
    printf ("size = %zu offset = %zu wordsize = %zu virtualTableSize = %zu \n",size,offset,wordsize,virtualTableSize);
    for (size_t i=0; i < virtualTableSize; i++)
    {
        uint64_t functionPointer; /*type must support 64-bit specimen pointers in a 32-bit ROSE library*/
        // printf ("i = %zu \n",i);
        switch (wordsize)
        {
        case 4:
        {
            uint32_t ptr_disk;
            // virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            // virtualFunctionTable->read_content_local(i*wordsize, &ptr_disk, sizeof ptr_disk);
            virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            functionPointer = SgAsmExecutableFileFormat::disk_to_host(sex, ptr_disk);
            break;
        }
        case 8:
        {
            uint64_t ptr_disk;
            // virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            // virtualFunctionTable->read_content_local(i*wordsize, &ptr_disk, sizeof ptr_disk);
            virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            functionPointer = SgAsmExecutableFileFormat::disk_to_host(sex, ptr_disk);
            break;
        }
        default:
            ROSE_ASSERT(!"unsupported word size");
        }

        string sectionName;
        SgAsmElfSection* asmElfSection = getSection(project,functionPointer);
        if (asmElfSection != NULL)
        {
            sectionName = asmElfSection->get_name()->get_string();
        }
        else
        {
            sectionName = "NOT CONTAINED IN EXECUTABLE";

            // At the first sign of a pointer that is not in the executable then quit, this should be the end of the table.
            // Alternatively it appears that the end of the table has a code  0x4231 (for the first table).
            break;
        }

        printf ("Pointer 0x%"PRIx64" is to data in the %s section \n",functionPointer,sectionName.c_str());
    }

    printf ("END -- Virtual function table: \n");
}
예제 #2
0
// Constructor
VirtualFunctionTable::VirtualFunctionTable ( SgProject* project, SgAsmElfSection* virtualFunctionTable, size_t vTableAddress )
    : virtualFunctionTablePosition(vTableAddress)
{
    printf ("Building virtual function table for position %p \n",(void*)virtualFunctionTablePosition);

    // Get the boundaries of the section where the virtual function tables are located.
    ROSE_ASSERT(virtualFunctionTable != NULL);
    size_t section_address_base  = virtualFunctionTable->get_mapped_preferred_rva();

    // Compute the offset for the input virtual function table into the section.
    size_t offset                = vTableAddress - section_address_base;

    // This is the upper bound on the size of the table (stay within the section)
    size_t size                  = virtualFunctionTable->get_size();

    ROSE_ASSERT(offset < size);

    printf ("In printOutVirtualFunctionTableInformation(%p): offset = %p (size = %p) \n",(void*)vTableAddress,(void*)offset,(void*)size);

    printf ("START -- Virtual function table: \n");

    // Get the architecture specifici information required to the raw data in the section.
    SgAsmGenericHeader *hdr = virtualFunctionTable->get_header();
    SgAsmGenericFormat::ByteOrder sex = hdr->get_sex();
    size_t wordsize = hdr->get_word_size();
    size_t virtualTableSize = (size-offset) / wordsize;
    printf ("size = %zu offset = %zu wordsize = %zu virtualTableSize = %zu \n",size,offset,wordsize,virtualTableSize);

    for (size_t i=0; i < virtualTableSize; i++)
    {
        uint64_t functionPointer; /*type must support 64-bit specimen pointers in a 32-bit ROSE library*/
        // printf ("i = %zu \n",i);
        switch (wordsize)
        {
        case 4:
        {
            uint32_t ptr_disk;
            // virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            // virtualFunctionTable->read_content_local(i*wordsize, &ptr_disk, sizeof ptr_disk);
            virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            functionPointer = SgAsmExecutableFileFormat::disk_to_host(sex, ptr_disk);
            break;
        }

        case 8:
        {
            uint64_t ptr_disk;
            // virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            // virtualFunctionTable->read_content_local(i*wordsize, &ptr_disk, sizeof ptr_disk);
            virtualFunctionTable->read_content_local(offset+i*wordsize, &ptr_disk, sizeof ptr_disk);
            functionPointer = SgAsmExecutableFileFormat::disk_to_host(sex, ptr_disk);
            break;
        }

        default:
            ROSE_ASSERT(!"unsupported word size");
        }

        string sectionName;
        SgAsmElfSection* asmElfSection = getSection(project,functionPointer);
        if (asmElfSection != NULL)
        {
            sectionName = asmElfSection->get_name()->get_string();
        }
        else
        {
            sectionName = "NOT CONTAINED IN EXECUTABLE";

            // At the first sign of a pointer that is not in the executable then quit, this should be the end of the table.
            // Alternatively it appears that the end of the table has a code  0x4231 (for the first table).
            break;
        }

        printf ("Pointer 0x%"PRIx64" is to data in the %s section \n",functionPointer,sectionName.c_str());

        string name = "virtual_function_" + StringUtility::numberToString(i);

        VirtualFunction* virtualFunction = new VirtualFunction(name,functionPointer);
        ROSE_ASSERT(virtualFunction != NULL);
        virtualFunctionList.push_back(virtualFunction);
    }

    printf ("END -- Virtual function table: \n");

#if 0
    printf ("Exiting in VirtualFunctionTable constructor \n");
    ROSE_ASSERT(false);
#endif
}