int patch(int argc, char **argv) { // decleration before more meaningful initialization for cleanup int ret = EXIT_FAILURE; FILE *fh = NULL; int8_t *image = NULL; FAIL_IF(argc < 2, "usage: petool patch <image> [section]\n"); uint32_t length; FAIL_IF_SILENT(open_and_read(&fh, &image, &length, argv[1], "r+b")); PIMAGE_DOS_HEADER dos_hdr = (void *)image; PIMAGE_NT_HEADERS nt_hdr = (void *)(image + dos_hdr->e_lfanew); char *section = argc > 2 ? (char *)argv[2] : ".patch"; int8_t *patch = NULL; int32_t patch_len = 0; for (int32_t i = 0; i < nt_hdr->FileHeader.NumberOfSections; i++) { PIMAGE_SECTION_HEADER sct_hdr = IMAGE_FIRST_SECTION(nt_hdr) + i; if (strcmp(section, (char *)sct_hdr->Name) == 0) { patch = image + sct_hdr->PointerToRawData; patch_len = sct_hdr->Misc.VirtualSize; break; } sct_hdr++; } if (patch == NULL) { fprintf(stderr, "Warning: No '%s' section in given PE image.\n", section); ret = EXIT_SUCCESS; goto cleanup; } for (int8_t *p = patch; p < patch + patch_len;) { uint32_t paddress = get_uint32(&p); if (paddress == 0) { fprintf(stderr, "Warning: Trailing zero address in '%s' section.\n", section); break; } uint32_t plength = get_uint32(&p); FAIL_IF_SILENT(patch_image(image, paddress, p, plength) == EXIT_FAILURE); p += plength; } /* FIXME: implement checksum calculation */ nt_hdr->OptionalHeader.CheckSum = 0; rewind(fh); FAIL_IF_PERROR(fwrite(image, length, 1, fh) != 1, "Error writing executable"); ret = EXIT_SUCCESS; cleanup: if (image) free(image); if (fh) fclose(fh); return ret; }
int main(int argc, char **argv) { FILE *exe; FILE *patch; unsigned int exe_length; unsigned int patch_length; char *exe_data; char *patch_data; char label[256]; unsigned int address = 0; unsigned int a; char *l; int i; char *map_buf; FILE *fh; char *source; char *nasm = "nasm"; char nasm_flags[1024] = { '\0' }; char *tmp_name; char *out_name; char *inc_name; char *exe_name; char buf[1024]; memset(&annotations, 0, sizeof annotations); if (argc < 3) { fprintf(stderr, "linker for ra303p git~%s (c) 2012 Toni Spets\n\n", REV); fprintf(stderr, "usage: %s <source file> <out include file> <target executable> [nasm [nasm flags]]\n", argv[0]); return 1; } inc_name = argv[2]; exe_name = argv[3]; tmp_name = tempnam(NULL, "lnkr-"); out_name = tempnam(NULL, "lnkr-"); if (argc > 3) { nasm = argv[4]; } if (argc > 4) { int i = 5; for (; i < argc; i++) { strncat(nasm_flags, " ", sizeof nasm_flags); strncat(nasm_flags, argv[i], sizeof nasm_flags); } } snprintf(buf, 1024, "%s%s -e %s", nasm, nasm_flags, argv[1]); if ((fh = popen(buf, "r")) == NULL) { fprintf(stderr, "%s\n", buf); perror(nasm); return 1; } source = read_stream(fh); if (pclose(fh) != 0) { return 1; } get_annotations(source); if ((fh = fopen(tmp_name, "w")) == NULL) { perror(tmp_name); return 1; } /* always working with 32 bit images and need to map all for linking */ fprintf(fh, "[bits 32]\n[map all]\n"); fwrite(source, strlen(source), 1, fh); fclose(fh); snprintf(buf, 1024, "%s%s -f bin %s -o %s", nasm, nasm_flags, tmp_name, out_name); if ((fh = popen(buf, "r")) == NULL) { fprintf(stderr, "%s\n", buf); perror(nasm); unlink(tmp_name); return 1; } map_buf = read_stream(fh); if (pclose(fh) != 0) { unlink(tmp_name); return 1; } unlink(tmp_name); fh = fopen(inc_name, "w"); fprintf(fh, "; generated by linker\r\n"); l = strtok(map_buf, "\n"); i = 0; do { if (l == NULL) break; if (address == 0) sscanf(l, "%X", &address); if (strstr(l, "Section .text")) i = 1; if (i && sscanf(l, "%*X %X %s", &a, label) == 2) { if (strstr(l, ".") == NULL) { fprintf(fh, "%%define %-32s 0x%08X\r\n", label, a); update_annotations(label, a); } } } while((l = strtok(NULL, "\n"))); fclose(fh); free(map_buf); if (!address) { fprintf(stderr, "linker: ORG not found in map\n"); return 1; } exe = fopen(exe_name, "rb+"); if (!exe) { perror(exe_name); return 1; } fseek(exe, 0L, SEEK_END); exe_length = ftell(exe); rewind(exe); exe_data = malloc(exe_length); if (fread(exe_data, exe_length, 1, exe) != 1) { fclose(exe); perror("linker: error reading executable"); return 1; } rewind(exe); patch = fopen(out_name, "rb"); if (!patch) { fclose(exe); perror(out_name); unlink(out_name); return 1; } fseek(patch, 0L, SEEK_END); patch_length = ftell(patch); rewind(patch); /* ignore empty patches */ if (patch_length == 0) { free(exe_data); fclose(exe); return 0; } patch_data = malloc(patch_length); if (fread(patch_data, patch_length, 1, patch) != 1) { fclose(exe); fclose(patch); unlink(out_name); perror("linker: error reading patch"); return 1; } fclose(patch); unlink(out_name); if (!patch_image(exe_data, (unsigned int)address, patch_data, patch_length)) { fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name); return 1; } printf("PATCH %8d bytes -> %8X\n", patch_length, address); /* create annotation patches */ for (i = 0; i < 512; i++) { struct annotation *ann = &annotations[i]; if (ann->type == NULL) break; if ((strcmp(ann->type, "hook") == 0 || strcmp(ann->type, "jmp") == 0) && ann->argc >= 2) { unsigned int from = strtol(ann->argv[0], NULL, 0); unsigned int to = strtol(ann->argv[1], NULL, 0); if (abs(to - from) < 128) { unsigned char buf[] = { 0xEB, 0x00 }; *(signed char *)(buf + 1) = to - from - 2; if (!patch_image(exe_data, from, buf, sizeof buf)) { fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name); return 1; } printf("%-12s %8X -> %8X\n", "JMP SHORT", from, to); } else { unsigned char buf[] = { 0xE9, 0x00, 0x00, 0x00, 0x00 }; *(signed int *)(buf + 1) = to - from - 5; if (!patch_image(exe_data, from, buf, sizeof buf)) { fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name); return 1; } printf("%-12s %8X -> %8X\n", "JMP", from, to); } } else if (strcmp(ann->type, "call") == 0 && ann->argc >= 2) { unsigned int from = strtol(ann->argv[0], NULL, 0); unsigned int to = strtol(ann->argv[1], NULL, 0); unsigned char buf[] = { 0xE8, 0x00, 0x00, 0x00, 0x00 }; *(signed int *)(buf + 1) = to - from - 5; if (!patch_image(exe_data, from, buf, sizeof buf)) { fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)address, exe_name); return 1; } printf("%-12s %8X -> %8X\n", "CALL", from, to); } else if (strcmp(ann->type, "clear") == 0 && ann->argc >= 3) { unsigned int from = strtol(ann->argv[0], NULL, 0); unsigned int character = strtol(ann->argv[1], NULL, 0); unsigned int to = strtol(ann->argv[2], NULL, 0); unsigned int length = to - from; char *zbuf = malloc(length); if (!zbuf) { fprintf(stderr, "linker: out of memory when allocating %d for zbuf\n", length); return 1; } memset(zbuf, (char)character, length); if (!patch_image(exe_data, from, zbuf, length)) { fprintf(stderr, "linker: memory address 0x%08X not found in %s\n", (unsigned int)from, exe_name); return 1; } free(zbuf); printf("CLEAR %8d bytes -> %8X\n", length, from); } else { fprintf(stderr, "linker: warning: unknown annotation \"%s\"\n", ann->type); } } if (fwrite(exe_data, exe_length, 1, exe) != 1) { perror("linker: error writing to executable file"); return 1; } free(exe_data); free(patch_data); fclose(exe); return 0; }