int patch(int argc, char **argv)
{
// decleration before more meaningful initialization for cleanup
int ret = EXIT_FAILURE;
FILE *fh = NULL;
int8_t *image = NULL;
FAIL_IF(argc < 2, "usage: petool patch <image> [section]\n");
uint32_t length;
FAIL_IF_SILENT(open_and_read(&fh, &image, &length, argv[1], "r+b"));
PIMAGE_DOS_HEADER dos_hdr = (void *)image;
PIMAGE_NT_HEADERS nt_hdr = (void *)(image + dos_hdr->e_lfanew);
char *section = argc > 2 ? (char *)argv[2] : ".patch";
int8_t *patch = NULL;
int32_t patch_len = 0;
for (int32_t i = 0; i < nt_hdr->FileHeader.NumberOfSections; i++)
{
PIMAGE_SECTION_HEADER sct_hdr = IMAGE_FIRST_SECTION(nt_hdr) + i;
if (strcmp(section, (char *)sct_hdr->Name) == 0)
{
patch = image + sct_hdr->PointerToRawData;
patch_len = sct_hdr->Misc.VirtualSize;
break;
}
sct_hdr++;
}
if (patch == NULL)
{
fprintf(stderr, "Warning: No '%s' section in given PE image.\n", section);
ret = EXIT_SUCCESS;
goto cleanup;
}
for (int8_t *p = patch; p < patch + patch_len;)
{
uint32_t paddress = get_uint32(&p);
if (paddress == 0)
{
fprintf(stderr, "Warning: Trailing zero address in '%s' section.\n", section);
break;
}
uint32_t plength = get_uint32(&p);
FAIL_IF_SILENT(patch_image(image, paddress, p, plength) == EXIT_FAILURE);
p += plength;
}
/* FIXME: implement checksum calculation */
nt_hdr->OptionalHeader.CheckSum = 0;
rewind(fh);
FAIL_IF_PERROR(fwrite(image, length, 1, fh) != 1, "Error writing executable");
ret = EXIT_SUCCESS;
cleanup:
if (image) free(image);
if (fh) fclose(fh);
return ret;
}
int main(int argc, char **argv)
{
FILE *exe;
FILE *patch;
unsigned int exe_length;
unsigned int patch_length;
char *exe_data;
char *patch_data;
char label[256];
unsigned int address = 0;
unsigned int a;
char *l;
int i;
char *map_buf;
FILE *fh;
char *source;
char *nasm = "nasm";
char nasm_flags[1024] = { '\0' };
char *tmp_name;
char *out_name;
char *inc_name;
char *exe_name;
char buf[1024];
memset(&annotations, 0, sizeof annotations);
if (argc < 3)
{
fprintf(stderr, "linker for ra303p git~%s (c) 2012 Toni Spets\n\n", REV);
fprintf(stderr, "usage: %s <source file> <out include file> <target executable> [nasm [nasm flags]]\n", argv[0]);
return 1;
}
inc_name = argv[2];
exe_name = argv[3];
tmp_name = tempnam(NULL, "lnkr-");
out_name = tempnam(NULL, "lnkr-");
if (argc > 3)
{
nasm = argv[4];
}
if (argc > 4)
{
int i = 5;
for (; i < argc; i++)
{
strncat(nasm_flags, " ", sizeof nasm_flags);
strncat(nasm_flags, argv[i], sizeof nasm_flags);
}
}
snprintf(buf, 1024, "%s%s -e %s", nasm, nasm_flags, argv[1]);
if ((fh = popen(buf, "r")) == NULL)
{
fprintf(stderr, "%s\n", buf);
perror(nasm);
return 1;
}
source = read_stream(fh);
if (pclose(fh) != 0)
{
return 1;
}
get_annotations(source);
if ((fh = fopen(tmp_name, "w")) == NULL)
{
perror(tmp_name);
return 1;
}
/* always working with 32 bit images and need to map all for linking */
fprintf(fh, "[bits 32]\n[map all]\n");
fwrite(source, strlen(source), 1, fh);
fclose(fh);
snprintf(buf, 1024, "%s%s -f bin %s -o %s", nasm, nasm_flags, tmp_name, out_name);
if ((fh = popen(buf, "r")) == NULL)
{
fprintf(stderr, "%s\n", buf);
perror(nasm);
unlink(tmp_name);
return 1;
}
map_buf = read_stream(fh);
if (pclose(fh) != 0)
{
unlink(tmp_name);
return 1;
}
unlink(tmp_name);
fh = fopen(inc_name, "w");
fprintf(fh, "; generated by linker\r\n");
l = strtok(map_buf, "\n");
i = 0;
do {
if (l == NULL)
break;
if (address == 0)
sscanf(l, "%X", &address);
if (strstr(l, "Section .text"))
i = 1;
if (i && sscanf(l, "%*X %X %s", &a, label) == 2)
{
if (strstr(l, ".") == NULL)
{
fprintf(fh, "%%define %-32s 0x%08X\r\n", label, a);
update_annotations(label, a);
}
}
} while((l = strtok(NULL, "\n")));
fclose(fh);
free(map_buf);
if (!address)
{
fprintf(stderr, "linker: ORG not found in map\n");
return 1;
}
exe = fopen(exe_name, "rb+");
if (!exe)
{
perror(exe_name);
return 1;
}
fseek(exe, 0L, SEEK_END);
exe_length = ftell(exe);
rewind(exe);
exe_data = malloc(exe_length);
if (fread(exe_data, exe_length, 1, exe) != 1)
{
fclose(exe);
perror("linker: error reading executable");
return 1;
}
rewind(exe);
patch = fopen(out_name, "rb");
if (!patch)
{
fclose(exe);
perror(out_name);
unlink(out_name);
return 1;
}
fseek(patch, 0L, SEEK_END);
patch_length = ftell(patch);
rewind(patch);
/* ignore empty patches */
if (patch_length == 0)
{
free(exe_data);
fclose(exe);
return 0;
}
patch_data = malloc(patch_length);
if (fread(patch_data, patch_length, 1, patch) != 1)
{
fclose(exe);
fclose(patch);
unlink(out_name);
perror("linker: error reading patch");
return 1;
}
fclose(patch);
unlink(out_name);
if (!patch_image(exe_data, (unsigned int)address, patch_data, patch_length))
{
fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
return 1;
}
printf("PATCH %8d bytes -> %8X\n", patch_length, address);
/* create annotation patches */
for (i = 0; i < 512; i++)
{
struct annotation *ann = &annotations[i];
if (ann->type == NULL)
break;
if ((strcmp(ann->type, "hook") == 0 || strcmp(ann->type, "jmp") == 0) && ann->argc >= 2)
{
unsigned int from = strtol(ann->argv[0], NULL, 0);
unsigned int to = strtol(ann->argv[1], NULL, 0);
if (abs(to - from) < 128)
{
unsigned char buf[] = { 0xEB, 0x00 };
*(signed char *)(buf + 1) = to - from - 2;
if (!patch_image(exe_data, from, buf, sizeof buf))
{
fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
return 1;
}
printf("%-12s %8X -> %8X\n", "JMP SHORT", from, to);
}
else
{
unsigned char buf[] = { 0xE9, 0x00, 0x00, 0x00, 0x00 };
*(signed int *)(buf + 1) = to - from - 5;
if (!patch_image(exe_data, from, buf, sizeof buf))
{
fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
return 1;
}
printf("%-12s %8X -> %8X\n", "JMP", from, to);
}
}
else if (strcmp(ann->type, "call") == 0 && ann->argc >= 2)
{
unsigned int from = strtol(ann->argv[0], NULL, 0);
unsigned int to = strtol(ann->argv[1], NULL, 0);
unsigned char buf[] = { 0xE8, 0x00, 0x00, 0x00, 0x00 };
*(signed int *)(buf + 1) = to - from - 5;
if (!patch_image(exe_data, from, buf, sizeof buf))
{
fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
return 1;
}
printf("%-12s %8X -> %8X\n", "CALL", from, to);
}
else if (strcmp(ann->type, "clear") == 0 && ann->argc >= 3)
{
unsigned int from = strtol(ann->argv[0], NULL, 0);
unsigned int character = strtol(ann->argv[1], NULL, 0);
unsigned int to = strtol(ann->argv[2], NULL, 0);
unsigned int length = to - from;
char *zbuf = malloc(length);
if (!zbuf)
{
fprintf(stderr, "linker: out of memory when allocating %d for zbuf\n", length);
return 1;
}
memset(zbuf, (char)character, length);
if (!patch_image(exe_data, from, zbuf, length))
{
fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)from, exe_name);
return 1;
}
free(zbuf);
printf("CLEAR %8d bytes -> %8X\n", length, from);
}
else
{
fprintf(stderr, "linker: warning: unknown annotation \"%s\"\n", ann->type);
}
}
if (fwrite(exe_data, exe_length, 1, exe) != 1)
{
perror("linker: error writing to executable file");
return 1;
}
free(exe_data);
free(patch_data);
fclose(exe);
return 0;
}
