Пример #1
0
int patch(int argc, char **argv)
{
    // decleration before more meaningful initialization for cleanup
    int     ret   = EXIT_FAILURE;
    FILE   *fh    = NULL;
    int8_t *image = NULL;

    FAIL_IF(argc < 2, "usage: petool patch <image> [section]\n");

    uint32_t length;
    FAIL_IF_SILENT(open_and_read(&fh, &image, &length, argv[1], "r+b"));

    PIMAGE_DOS_HEADER dos_hdr = (void *)image;
    PIMAGE_NT_HEADERS nt_hdr = (void *)(image + dos_hdr->e_lfanew);

    char *section = argc > 2 ? (char *)argv[2] : ".patch";
    int8_t *patch = NULL;
    int32_t patch_len = 0;

    for (int32_t i = 0; i < nt_hdr->FileHeader.NumberOfSections; i++)
    {
        PIMAGE_SECTION_HEADER sct_hdr = IMAGE_FIRST_SECTION(nt_hdr) + i;

        if (strcmp(section, (char *)sct_hdr->Name) == 0)
        {
            patch = image + sct_hdr->PointerToRawData;
            patch_len = sct_hdr->Misc.VirtualSize;
            break;
        }

        sct_hdr++;
    }

    if (patch == NULL)
    {
        fprintf(stderr, "Warning: No '%s' section in given PE image.\n", section);
        ret = EXIT_SUCCESS;
        goto cleanup;
    }

    for (int8_t *p = patch; p < patch + patch_len;)
    {
        uint32_t paddress = get_uint32(&p);
        if (paddress == 0)
        {
            fprintf(stderr, "Warning: Trailing zero address in '%s' section.\n", section);
            break;
        }

        uint32_t plength = get_uint32(&p);
        FAIL_IF_SILENT(patch_image(image, paddress, p, plength) == EXIT_FAILURE);

        p += plength;
    }

    /* FIXME: implement checksum calculation */
    nt_hdr->OptionalHeader.CheckSum = 0;

    rewind(fh);
    FAIL_IF_PERROR(fwrite(image, length, 1, fh) != 1, "Error writing executable");

    ret = EXIT_SUCCESS;
cleanup:
    if (image) free(image);
    if (fh)    fclose(fh);
    return ret;
}
Пример #2
0
int main(int argc, char **argv)
{
    FILE *exe;
    FILE *patch;
    unsigned int exe_length;
    unsigned int patch_length;
    char *exe_data;
    char *patch_data;

    char label[256];
    unsigned int address = 0;
    unsigned int a;
    char *l;
    int i;
    char *map_buf;
    FILE *fh;
    char *source;
    char *nasm = "nasm";
    char nasm_flags[1024] = { '\0' };
    char *tmp_name;
    char *out_name;
    char *inc_name;
    char *exe_name;
    char buf[1024];

    memset(&annotations, 0, sizeof annotations);

    if (argc < 3)
    {
        fprintf(stderr, "linker for ra303p git~%s (c) 2012 Toni Spets\n\n", REV);
        fprintf(stderr, "usage: %s <source file> <out include file> <target executable> [nasm [nasm flags]]\n", argv[0]);
        return 1;
    }

    inc_name = argv[2];
    exe_name = argv[3];
    tmp_name = tempnam(NULL, "lnkr-");
    out_name = tempnam(NULL, "lnkr-");

    if (argc > 3)
    {
        nasm = argv[4];
    }

    if (argc > 4)
    {
        int i = 5;
        for (; i < argc; i++)
        {
            strncat(nasm_flags, " ", sizeof nasm_flags);
            strncat(nasm_flags, argv[i], sizeof nasm_flags);
        }
    }

    snprintf(buf, 1024, "%s%s -e %s", nasm, nasm_flags, argv[1]);

    if ((fh = popen(buf, "r")) == NULL)
    {
        fprintf(stderr, "%s\n", buf);
        perror(nasm);
        return 1;
    }

    source = read_stream(fh);

    if (pclose(fh) != 0)
    {
        return 1;
    }

    get_annotations(source);

    if ((fh = fopen(tmp_name, "w")) == NULL)
    {
        perror(tmp_name);
        return 1;
    }

    /* always working with 32 bit images and need to map all for linking */
    fprintf(fh, "[bits 32]\n[map all]\n");
    fwrite(source, strlen(source), 1, fh);
    fclose(fh);

    snprintf(buf, 1024, "%s%s -f bin %s -o %s", nasm, nasm_flags, tmp_name, out_name);

    if ((fh = popen(buf, "r")) == NULL)
    {
        fprintf(stderr, "%s\n", buf);
        perror(nasm);
        unlink(tmp_name);
        return 1;
    }

    map_buf = read_stream(fh);

    if (pclose(fh) != 0)
    {
        unlink(tmp_name);
        return 1;
    }

    unlink(tmp_name);

    fh = fopen(inc_name, "w");
    fprintf(fh, "; generated by linker\r\n");

    l = strtok(map_buf, "\n");
    i = 0;
    do {
        if (l == NULL)
            break;

        if (address == 0)
            sscanf(l, "%X", &address);

        if (strstr(l, "Section .text"))
            i = 1;

        if (i && sscanf(l, "%*X %X  %s", &a, label) == 2)
        {
            if (strstr(l, ".") == NULL)
            {
                fprintf(fh, "%%define %-32s 0x%08X\r\n", label, a);
                update_annotations(label, a);
            }
        }
    } while((l = strtok(NULL, "\n")));

    fclose(fh);

    free(map_buf);

    if (!address)
    {
        fprintf(stderr, "linker: ORG not found in map\n");
        return 1;
    }

    exe = fopen(exe_name, "rb+");
    if (!exe)
    {
        perror(exe_name);
        return 1;
    }

    fseek(exe, 0L, SEEK_END);
    exe_length = ftell(exe);
    rewind(exe);

    exe_data = malloc(exe_length);

    if (fread(exe_data, exe_length, 1, exe) != 1)
    {
        fclose(exe);
        perror("linker: error reading executable");
        return 1;
    }

    rewind(exe);

    patch = fopen(out_name, "rb");
    if (!patch)
    {
        fclose(exe);
        perror(out_name);
        unlink(out_name);
        return 1;
    }

    fseek(patch, 0L, SEEK_END);
    patch_length = ftell(patch);
    rewind(patch);

    /* ignore empty patches */
    if (patch_length == 0)
    {
        free(exe_data);
        fclose(exe);
        return 0;
    }

    patch_data = malloc(patch_length);

    if (fread(patch_data, patch_length, 1, patch) != 1)
    {
        fclose(exe);
        fclose(patch);
        unlink(out_name);
        perror("linker: error reading patch");
        return 1;
    }

    fclose(patch);
    unlink(out_name);

    if (!patch_image(exe_data, (unsigned int)address, patch_data, patch_length))
    {
        fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
        return 1;
    }

    printf("PATCH  %8d bytes -> %8X\n", patch_length, address);

    /* create annotation patches */
    for (i = 0; i < 512; i++)
    {
        struct annotation *ann = &annotations[i];
        if (ann->type == NULL)
            break;

        if ((strcmp(ann->type, "hook") == 0 || strcmp(ann->type, "jmp") == 0) && ann->argc >= 2)
        {
            unsigned int from = strtol(ann->argv[0], NULL, 0);
            unsigned int to = strtol(ann->argv[1], NULL, 0);

            if (abs(to - from) < 128)
            {
                unsigned char buf[] = { 0xEB, 0x00 };
                *(signed char *)(buf + 1) = to - from - 2;
                if (!patch_image(exe_data, from, buf, sizeof buf))
                {
                    fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
                    return 1;
                }

                printf("%-12s %8X -> %8X\n", "JMP SHORT", from, to);
            }
            else
            {
                unsigned char buf[] = { 0xE9, 0x00, 0x00, 0x00, 0x00 };
                *(signed int *)(buf + 1) = to - from - 5;
                if (!patch_image(exe_data, from, buf, sizeof buf))
                {
                    fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
                    return 1;
                }

                printf("%-12s %8X -> %8X\n", "JMP", from, to);
            }
        }
        else if (strcmp(ann->type, "call") == 0 && ann->argc >= 2)
        {
            unsigned int from = strtol(ann->argv[0], NULL, 0);
            unsigned int to = strtol(ann->argv[1], NULL, 0);
            unsigned char buf[] = { 0xE8, 0x00, 0x00, 0x00, 0x00 };
            *(signed int *)(buf + 1) = to - from - 5;
            if (!patch_image(exe_data, from, buf, sizeof buf))
            {
                fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name);
                return 1;
            }

            printf("%-12s %8X -> %8X\n", "CALL", from, to);
        }
        else if (strcmp(ann->type, "clear") == 0 && ann->argc >= 3)
        {
            unsigned int from = strtol(ann->argv[0], NULL, 0);
            unsigned int character = strtol(ann->argv[1], NULL, 0);
            unsigned int to = strtol(ann->argv[2], NULL, 0);
            unsigned int length = to - from;
            char *zbuf = malloc(length);

            if (!zbuf)
            {
                fprintf(stderr, "linker: out of memory when allocating %d for zbuf\n", length);
                return 1;
            }

            memset(zbuf, (char)character, length);

            if (!patch_image(exe_data, from, zbuf, length))
            {
                fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)from, exe_name);
                return 1;
            }

            free(zbuf);

            printf("CLEAR  %8d bytes -> %8X\n", length, from);
        }
        else
        {
            fprintf(stderr, "linker: warning: unknown annotation \"%s\"\n", ann->type);
        }
    }

    if (fwrite(exe_data, exe_length, 1, exe) != 1)
    {
        perror("linker: error writing to executable file");
        return 1;
    }

    free(exe_data);
    free(patch_data);

    fclose(exe);

    return 0;
}