Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2025-03-05 04:50:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix strings and main offsets in PE

Browse Source
This commit is contained in:
pancake 2014-02-13 01:48:15 +01:00
parent a39dc8c7e8
commit 693653068e
4 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libr/bin/bin.c
View File

@ -13,6 +13,7 @@
R_LIB_VERSION(r_bin);
#define DB a->db;
#define RBINLISTFREE(x) if(x){r_list_free(x);x=NULL;}
static RBinPlugin *bin_static_plugins[] = { R_BIN_STATIC_PLUGINS };
@ -34,9 +35,8 @@ static void get_strings_range(RBinFile *arch, RList *list, int min, ut64 from, u
if (!arch->rawstr)
if (!arch->curplugin || !arch->curplugin->info)
return;
if (arch->curplugin && min==0) {
if (arch->curplugin && min==0)
min = arch->curplugin->minstrlen;
}
if (min==0)
min = 4; // defaults
if (min <= 0)
@ -78,7 +78,7 @@ static void get_strings_range(RBinFile *arch, RList *list, int min, ut64 from, u
str[matches] = '\0';
ptr->offset = i-matches;
if (scnrva) {
ptr->rva = (ptr->offset-from+scnrva);
ptr->rva = (ptr->offset+scnrva-from);
} else {
ptr->rva = ptr->offset;
}
@ -93,6 +93,7 @@ static void get_strings_range(RBinFile *arch, RList *list, int min, ut64 from, u
ptr->string[R_BIN_SIZEOF_STRINGS-1] = '\0';
//r_name_filter (ptr->string, R_BIN_SIZEOF_STRINGS-1);
r_list_append (list, ptr);
//if (!sdb_add (DB,
ctr++;
}
matches = 0;
@ -107,7 +108,7 @@ static int is_data_section(RBinFile *a, RBinSection *s) {
return 1;
#define X 1
#define ROW (4|2)
if (strstr (o->info->bclass, "PE") && s->srwx & ROW && !(s->srwx&X) )
if (strstr (o->info->bclass, "PE") && s->srwx & ROW && !(s->srwx&X) && s->size>0 )
return 1;
return 0;
}
@ -383,7 +384,6 @@ static void r_bin_file_free (RBinFile *a) {
//if (bin->cur) r_bin_bind (bin, bin->cur);
}
// XXX - This is called on everytime a new bin created
static void r_bin_free_items(RBin *bin) {

75
libr/bin/format/pe/pe.c
View File

@ -1,4 +1,4 @@
/* radare - LGPL - Copyright 2008-2013 nibble, pancake */
/* radare - LGPL - Copyright 2008-2014 nibble, pancake */
#include <stdio.h>
#include <stdlib.h>
@ -9,7 +9,7 @@
ut64 PE_(r_bin_pe_get_main_offset)(struct PE_(r_bin_pe_obj_t) *bin) {
struct r_bin_pe_addr_t *entry = PE_(r_bin_pe_get_entrypoint) (bin);
ut64 addr = 0LL;
ut64 addr = 0;
ut8 buf[512];
// option2: /x 8bff558bec83ec20
@ -22,7 +22,6 @@ ut64 PE_(r_bin_pe_get_main_offset)(struct PE_(r_bin_pe_obj_t) *bin) {
}
}
free (entry);
return addr;
}
@ -55,23 +54,20 @@ static PE_DWord PE_(r_bin_pe_offset_to_rva)(struct PE_(r_bin_pe_obj_t)* bin, PE_
}
#endif
static int PE_(r_bin_pe_get_import_dirs_count)(struct PE_(r_bin_pe_obj_t) *bin)
{
static int PE_(r_bin_pe_get_import_dirs_count)(struct PE_(r_bin_pe_obj_t) *bin) {
PE_(image_data_directory) *data_dir_import = &bin->nt_headers->optional_header.DataDirectory[PE_IMAGE_DIRECTORY_ENTRY_IMPORT];
return (int)(data_dir_import->Size / sizeof(PE_(image_import_directory)) - 1);
}
static int PE_(r_bin_pe_get_delay_import_dirs_count)(struct PE_(r_bin_pe_obj_t) *bin)
{
static int PE_(r_bin_pe_get_delay_import_dirs_count)(struct PE_(r_bin_pe_obj_t) *bin) {
PE_(image_data_directory) *data_dir_delay_import = \
&bin->nt_headers->optional_header.DataDirectory[PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT];
return (int)(data_dir_delay_import->Size / sizeof(PE_(image_delay_import_directory)) - 1);
}
static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r_bin_pe_import_t** importp, int* nimp, char* dll_name, PE_DWord OriginalFirstThunk, PE_DWord FirstThunk)
{
static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r_bin_pe_import_t** importp, int* nimp, char* dll_name, PE_DWord OriginalFirstThunk, PE_DWord FirstThunk) {
char import_name[PE_NAME_LENGTH + 1], name[PE_NAME_LENGTH + 1];
PE_Word import_hint, import_ordinal = 0;
PE_DWord import_table = 0, off = 0;
@ -82,7 +78,8 @@ static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r
return 0;
do {
if (r_buf_read_at(bin->b, off + i * sizeof(PE_DWord), (ut8*)&import_table, sizeof(PE_DWord)) == -1) {
if (r_buf_read_at (bin->b, off + i * sizeof (PE_DWord),
(ut8*)&import_table, sizeof (PE_DWord)) == -1) {
eprintf("Error: read (import table)\n");
return 0;
}
@ -94,25 +91,24 @@ static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r
} else {
import_ordinal ++;
ut64 off = PE_(r_bin_pe_rva_to_offset)(bin, import_table);
if (r_buf_read_at(bin->b, off,
(ut8*)&import_hint, sizeof(PE_Word)) == -1) {
eprintf("Error: read import hint at 0x%08"PFMT64x"\n", off);
if (r_buf_read_at (bin->b, off, (ut8*)&import_hint, sizeof (PE_Word)) == -1) {
eprintf ("Error: read import hint at 0x%08"PFMT64x"\n", off);
return 0;
}
if (r_buf_read_at(bin->b, PE_(r_bin_pe_rva_to_offset)(bin, import_table) + sizeof(PE_Word),
if (r_buf_read_at (bin->b, PE_(r_bin_pe_rva_to_offset)(bin, import_table) + sizeof(PE_Word),
(ut8*)name, PE_NAME_LENGTH) == -1) {
eprintf("Error: read (import name)\n");
eprintf ("Error: read (import name)\n");
return 0;
}
snprintf(import_name, PE_NAME_LENGTH, "%s_%s", dll_name, name);
snprintf (import_name, PE_NAME_LENGTH, "%s_%s", dll_name, name);
}
if (!(*importp = realloc(*importp, (*nimp+1) * sizeof(struct r_bin_pe_import_t)))) {
perror("realloc (import)");
if (!(*importp = realloc (*importp, (*nimp+1) * sizeof(struct r_bin_pe_import_t)))) {
perror ("realloc (import)");
return R_FALSE;
}
memcpy((*importp)[*nimp].name, import_name, PE_NAME_LENGTH);
(*importp)[*nimp].name[PE_NAME_LENGTH] = '\0';
(*importp)[*nimp].rva = FirstThunk + i * sizeof(PE_DWord);
(*importp)[*nimp].rva = FirstThunk + i * sizeof (PE_DWord);
(*importp)[*nimp].offset = PE_(r_bin_pe_rva_to_offset)(bin, FirstThunk) + i * sizeof(PE_DWord);
(*importp)[*nimp].hint = import_hint;
(*importp)[*nimp].ordinal = import_ordinal;
@ -120,7 +116,6 @@ static int PE_(r_bin_pe_parse_imports)(struct PE_(r_bin_pe_obj_t)* bin, struct r
(*nimp)++; i++;
}
} while (import_table);
return i;
}
@ -211,21 +206,24 @@ static int PE_(r_bin_pe_init_imports)(struct PE_(r_bin_pe_obj_t) *bin) {
return R_TRUE;
}
static int PE_(r_bin_pe_init_exports)(struct PE_(r_bin_pe_obj_t) *bin)
{
static int PE_(r_bin_pe_init_exports)(struct PE_(r_bin_pe_obj_t) *bin) {
PE_(image_data_directory) *data_dir_export = \
&bin->nt_headers->optional_header.DataDirectory[PE_IMAGE_DIRECTORY_ENTRY_EXPORT];
PE_DWord export_dir_offset = PE_(r_bin_pe_rva_to_offset)(bin, data_dir_export->VirtualAddress);
if (export_dir_offset == 0)
return R_FALSE;
if (!(bin->export_directory = malloc(sizeof(PE_(image_export_directory))))) {
perror("malloc (export directory)");
if (export_dir_offset == 0) {
eprintf ("Warning: Cannot find the offset of the export directory\n");
return R_FALSE;
}
if (r_buf_read_at(bin->b, export_dir_offset, (ut8*)bin->export_directory,
sizeof(PE_(image_export_directory))) == -1) {
eprintf("Error: read (export directory)\n");
//sdb_setn (DB, "hdr.exports_directory", export_dir_offset);
//eprintf ("Pexports offset at 0x%"PFMT64x"\n", export_dir_offset);
if (!(bin->export_directory = malloc(sizeof(PE_(image_export_directory))))) {
perror ("malloc (export directory)");
return R_FALSE;
}
if (r_buf_read_at (bin->b, export_dir_offset, (ut8*)bin->export_directory,
sizeof (PE_(image_export_directory))) == -1) {
eprintf ("Error: read (export directory)\n");
return R_FALSE;
}
return R_TRUE;
@ -240,11 +238,11 @@ static int PE_(r_bin_pe_init)(struct PE_(r_bin_pe_obj_t)* bin) {
bin->delay_import_directory = NULL;
bin->endian = 0; /* TODO: get endian */
if (!PE_(r_bin_pe_init_hdr)(bin)) {
eprintf("Warning: File is not PE\n");
eprintf ("Warning: File is not PE\n");
return R_FALSE;
}
if (!PE_(r_bin_pe_init_sections)(bin)) {
eprintf("Warning: Cannot initialize sections\n");
eprintf ("Warning: Cannot initialize sections\n");
return R_FALSE;
}
PE_(r_bin_pe_init_imports)(bin);
@ -288,7 +286,6 @@ char* PE_(r_bin_pe_get_arch)(struct PE_(r_bin_pe_obj_t)* bin) {
struct r_bin_pe_addr_t* PE_(r_bin_pe_get_entrypoint)(struct PE_(r_bin_pe_obj_t)* bin) {
struct r_bin_pe_addr_t *entry = NULL;
if ((entry = malloc(sizeof(struct r_bin_pe_addr_t))) == NULL) {
perror("malloc (entrypoint)");
return NULL;
@ -302,15 +299,14 @@ struct r_bin_pe_addr_t* PE_(r_bin_pe_get_entrypoint)(struct PE_(r_bin_pe_obj_t)*
struct r_bin_pe_export_t* PE_(r_bin_pe_get_exports)(struct PE_(r_bin_pe_obj_t)* bin) {
struct r_bin_pe_export_t *exports = NULL;
PE_VWord functions_offset, names_offset, ordinals_offset, function_rva, name_rva, name_offset;
PE_Word function_ordinal;
PE_VWord functions_offset, names_offset, ordinals_offset, function_rva, name_rva, name_offset;
char function_name[PE_NAME_LENGTH + 1], forwarder_name[PE_NAME_LENGTH + 1];
char dll_name[PE_NAME_LENGTH + 1], export_name[PE_NAME_LENGTH + 1];
int i;
PE_(image_data_directory) *data_dir_export = \
&bin->nt_headers->optional_header.DataDirectory[PE_IMAGE_DIRECTORY_ENTRY_EXPORT];
PE_VWord export_dir_rva = data_dir_export->VirtualAddress;
int export_dir_size = data_dir_export->Size;
int i, export_dir_size = data_dir_export->Size;
if (!bin->export_directory)
return NULL;
@ -368,18 +364,15 @@ struct r_bin_pe_export_t* PE_(r_bin_pe_get_exports)(struct PE_(r_bin_pe_obj_t)*
return exports;
}
int PE_(r_bin_pe_get_file_alignment)(struct PE_(r_bin_pe_obj_t)* bin)
{
int PE_(r_bin_pe_get_file_alignment)(struct PE_(r_bin_pe_obj_t)* bin) {
return bin->nt_headers->optional_header.FileAlignment;
}
ut64 PE_(r_bin_pe_get_image_base)(struct PE_(r_bin_pe_obj_t)* bin)
{
ut64 PE_(r_bin_pe_get_image_base)(struct PE_(r_bin_pe_obj_t)* bin) {
return (ut64)bin->nt_headers->optional_header.ImageBase;
}
struct r_bin_pe_import_t* PE_(r_bin_pe_get_imports)(struct PE_(r_bin_pe_obj_t) *bin)
{
struct r_bin_pe_import_t* PE_(r_bin_pe_get_imports)(struct PE_(r_bin_pe_obj_t) *bin) {
struct r_bin_pe_import_t *imps, *imports = NULL;
char dll_name[PE_NAME_LENGTH + 1];
int import_dirs_count = PE_(r_bin_pe_get_import_dirs_count)(bin);

8
libr/bin/p/bin_pe.c
View File

@ -22,13 +22,15 @@ static ut64 baddr(RBinFile *arch) {
}
static RBinAddr* binsym(RBinFile *arch, int type) {
ut64 addr;
RBinAddr *ret = NULL;
switch (type) {
case R_BIN_SYM_MAIN:
if (!(ret = R_NEW (RBinAddr)))
addr = PE_(r_bin_pe_get_main_offset) (arch->o->bin_obj);
if (!addr) return NULL;
if (!(ret = R_NEW0 (RBinAddr)))
return NULL;
memset (ret, '\0', sizeof (RBinAddr));
ret->offset = ret->rva = PE_(r_bin_pe_get_main_offset) (arch->o->bin_obj);
ret->offset = ret->rva = addr;
break;
}
return ret;

1
libr/include/r_bin.h
View File

@ -132,6 +132,7 @@ typedef struct r_bin_file_t {
ut64 fd;
struct r_bin_xtr_plugin_t *curxtr;
struct r_bin_plugin_t *curplugin;
Sdb *db;
} RBinFile;
typedef struct r_bin_t {