Exemplo n.º 1
0
/*
 * getPEHeader - get the header of the .EXE
 */
static int getPEHeader( HANDLE handle, pe_header *peh )
{
    WORD                data;
    WORD                sig;
    DWORD               nh_offset;

    if( !seekRead( handle, 0x00, &data, sizeof( data ) ) ) {
        return( FALSE );
    }
    if( data != DOS_SIGNATURE ) {
        return( FALSE );
    }

    if( !seekRead( handle, 0x18, &data, sizeof( data ) ) ) {
        return( FALSE );
    }

    if( !seekRead( handle, 0x3c, &nh_offset, sizeof( unsigned_32 ) ) ) {
        return( FALSE );
    }

    if( !seekRead( handle, nh_offset, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    }
    if( sig != PE_SIGNATURE ) {
        return( FALSE );
    }

    if( !seekRead( handle, nh_offset, peh, sizeof( pe_header ) ) ) {
        return( FALSE );
    }
    return( TRUE );

} /* getPEHeader */
Exemplo n.º 2
0
/*
 * GetModuleName - get the name of a module from its Export directory table
 */
char *GetModuleName( HANDLE fhdl ) {

    pe_header           header;
    pe_object           obj;
    pe_export_directory expdir;
    DWORD               lenread;
    DWORD               export_rva;
    DWORD               i;
    char                buf[_MAX_PATH];
    char                *ret;

    if( !getEXEHeader( fhdl, &header ) ) return( NULL );
    export_rva = header.table[ PE_TBL_EXPORT ].rva;
    for( i=0; i < header.num_objects; i++ ) {
        if( !ReadFile( fhdl, &obj, sizeof( obj ), &lenread, NULL )
            || lenread != sizeof( obj ) ) {
            return( NULL );
        }
        if( export_rva >= obj.rva && export_rva < obj.rva + obj.physical_size ) {
            break;
        }
    }
    if( i == header.num_objects ) return( NULL );
    if( !seekRead( fhdl, obj.physical_offset + export_rva - obj.rva , &expdir, sizeof( expdir ) ) ) {
        return( NULL );
    }
    if( !seekRead( fhdl, obj.physical_offset + expdir.name_rva - obj.rva,
                   buf, _MAX_PATH ) ) {
        return( NULL );
    }
    ret = MemAlloc( strlen( buf ) + 1 );
    strcpy( ret, buf );
    return( ret );
}
Exemplo n.º 3
0
/*
 * getEXEHeader - verify that this is a PE executable and read the header
 */
static BOOL getEXEHeader( HANDLE fhdl, pe_header *hdr ) {

    WORD        sig;
    DWORD       nh_offset;

    if( !seekRead( fhdl, 0x00, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    }
    if( sig != EXE_MZ ) {
        return( FALSE );
    }

    if( !seekRead( fhdl, 0x3c, &nh_offset, sizeof( DWORD ) ) ) {
        return( FALSE );
    }

    if( !seekRead( fhdl, nh_offset, &sig, sizeof( sig ) ) ) {
        return( FALSE );
    }
    if( sig == EXE_PE ) {
        if( !seekRead( fhdl, nh_offset, hdr, sizeof( pe_header ) ) ) {
            return( FALSE );
        }
        return( TRUE );
    }
    return( FALSE );
}
Exemplo n.º 4
0
bool File::skipMark(void)
{
	if(mReadPosition == 0)
	{
		// Skip UTF-8 BOM
		char buf[3];
		if(readData(buf, 3) == 3)
		{
			if(uint8_t(buf[0]) == 0xEF
				&& uint8_t(buf[1]) == 0xBB
				&& uint8_t(buf[2]) == 0xBF)
			{
				return true;
			}
		}

		seekRead(0);
	}

	return false;
}
Exemplo n.º 5
0
Resource::Reader::Reader(Resource *resource, const String &secret, bool nocheck) :
	mResource(resource),
	mReadPosition(0),
	mCurrentBlock(NULL),
	mNextBlock(NULL)
{
	Assert(mResource);
	
	if(!secret.empty())
	{
		if(!nocheck && mResource->salt().empty())
			throw Exception("Expected encrypted resource");
		
		Sha256().pbkdf2_hmac(secret, mResource->salt(), mKey, 32, 100000); 
	}
	else {
		if(!nocheck && !mResource->salt().empty())
			throw Exception("Expected non-encrypted resource");
	}
	
	seekRead(0);	// Initialize positions
}