mirror of
https://github.com/Alukym/VMProtect-Source.git
synced 2025-06-26 13:47:53 -05:00
Initial commit
This commit is contained in:
Alukym
925
core/pefile.h
Normal file
925
core/pefile.h
Normal file
@ -0,0 +1,925 @@
|
||||
/**
|
||||
* Support of PE executable files.
|
||||
*/
|
||||
|
||||
#ifndef PEFILE_H
|
||||
#define PEFILE_H
|
||||
|
||||
class PEArchitecture;
|
||||
class PEDirectoryList;
|
||||
class PESegmentList;
|
||||
class PEImportList;
|
||||
class PEFixupList;
|
||||
class PERelocationList;
|
||||
class PELoadConfigDirectory;
|
||||
class PERuntimeFunctionList;
|
||||
|
||||
class PEDirectory : public BaseLoadCommand
|
||||
{
|
||||
public:
|
||||
explicit PEDirectory(PEDirectoryList *owner, uint32_t type);
|
||||
explicit PEDirectory(PEDirectoryList *owner, const PEDirectory &src);
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual uint32_t size() const { return size_; }
|
||||
virtual uint32_t type() const { return type_; }
|
||||
uint32_t physical_size() const { return physical_size_ ? physical_size_ : size_; }
|
||||
void set_physical_size(uint32_t physical_size) { physical_size_ = physical_size; }
|
||||
virtual std::string name() const;
|
||||
void ReadFromFile(PEArchitecture &file);
|
||||
void WriteToFile(PEArchitecture &file) const;
|
||||
virtual PEDirectory *Clone(ILoadCommandList *owner) const;
|
||||
void clear();
|
||||
void set_address(uint64_t address) { address_ = address; }
|
||||
void set_size(uint32_t size) { size_ = size; }
|
||||
void Rebase(uint64_t delta_base);
|
||||
virtual bool visible() const { return (address_ || size_); }
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
private:
|
||||
uint64_t address_;
|
||||
uint32_t size_;
|
||||
uint32_t type_;
|
||||
uint32_t physical_size_;
|
||||
};
|
||||
|
||||
class PEDirectoryList : public BaseCommandList
|
||||
{
|
||||
public:
|
||||
explicit PEDirectoryList(PEArchitecture *owner);
|
||||
explicit PEDirectoryList(PEArchitecture *owner, const PEDirectoryList &src);
|
||||
PEDirectoryList *Clone(PEArchitecture *owner) const;
|
||||
PEDirectory *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &file, uint32_t count);
|
||||
void WriteToFile(PEArchitecture &file) const;
|
||||
PEDirectory *GetCommandByType(uint32_t type) const;
|
||||
PEDirectory *GetCommandByAddress(uint64_t address) const;
|
||||
private:
|
||||
PEDirectory *Add(uint32_t type);
|
||||
};
|
||||
|
||||
class PESegment : public BaseSection
|
||||
{
|
||||
public:
|
||||
explicit PESegment(PESegmentList *owner);
|
||||
explicit PESegment(PESegmentList *owner, uint64_t address, uint32_t size, uint32_t physical_offset,
|
||||
uint32_t physical_size, uint32_t flags, const std::string &name);
|
||||
explicit PESegment(PESegmentList *owner, const PESegment &src);
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual uint64_t size() const { return size_; }
|
||||
virtual uint32_t physical_offset() const { return physical_offset_; }
|
||||
virtual uint32_t physical_size() const { return physical_size_; }
|
||||
virtual std::string name() const { return name_; }
|
||||
virtual uint32_t memory_type() const;
|
||||
virtual uint32_t flags() const { return flags_; }
|
||||
void set_flags(uint32_t flags) { flags_ = flags; }
|
||||
void set_size(uint32_t size) { size_ = size; }
|
||||
void set_physical_size(uint32_t size) { physical_size_ = size; }
|
||||
void set_physical_offset(uint32_t offset) { physical_offset_ = offset; }
|
||||
void set_name(const std::string &name) { name_ = name; }
|
||||
void ReadFromFile(PEArchitecture &file);
|
||||
void WriteToFile(PEArchitecture &file) const;
|
||||
virtual PESegment *Clone(ISectionList *owner) const;
|
||||
virtual void update_type(uint32_t mt);
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
private:
|
||||
std::string name_;
|
||||
uint64_t address_;
|
||||
uint32_t size_;
|
||||
uint32_t physical_offset_;
|
||||
uint32_t physical_size_;
|
||||
uint32_t flags_;
|
||||
};
|
||||
|
||||
class PESegmentList : public BaseSectionList
|
||||
{
|
||||
public:
|
||||
explicit PESegmentList(PEArchitecture *owner);
|
||||
explicit PESegmentList(PEArchitecture *owner, const PESegmentList &src);
|
||||
~PESegmentList();
|
||||
PESegmentList *Clone(PEArchitecture *owner) const;
|
||||
PESegment *item(size_t index) const;
|
||||
PESegment *GetSectionByAddress(uint64_t address) const;
|
||||
void ReadFromFile(PEArchitecture &file, uint32_t count);
|
||||
void WriteToFile(PEArchitecture &file) const;
|
||||
PESegment *last() const;
|
||||
PESegment *Add(uint64_t address, uint32_t size, uint32_t physical_offset, uint32_t physical_size, uint32_t flags, const std::string &name);
|
||||
PESegment *header_segment() const { return header_segment_; }
|
||||
private:
|
||||
PESegment *Add();
|
||||
|
||||
PESegment *header_segment_;
|
||||
|
||||
// no copy ctr or assignment op
|
||||
PESegmentList(const PESegmentList &);
|
||||
PESegmentList &operator =(const PESegmentList &);
|
||||
};
|
||||
|
||||
class PESectionList;
|
||||
|
||||
class PESection : public BaseSection
|
||||
{
|
||||
public:
|
||||
explicit PESection(PESectionList *owner, PESegment *parent, uint64_t address, uint64_t size, const std::string &name);
|
||||
explicit PESection(PESectionList *owner, const PESection &src);
|
||||
virtual std::string name() const { return name_; }
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual uint64_t size() const { return size_; }
|
||||
virtual uint32_t physical_offset() const { return parent_->physical_offset() + static_cast<uint32_t>(address_ - parent_->address()); }
|
||||
virtual uint32_t physical_size() const { return static_cast<uint32_t>(size_); }
|
||||
virtual uint32_t memory_type() const { return parent_->memory_type(); }
|
||||
virtual uint32_t flags() const { return 0; }
|
||||
virtual void update_type(uint32_t mt) {}
|
||||
virtual PESection *Clone(ISectionList *owner) const;
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
virtual PESegment *parent() const { return parent_; }
|
||||
void set_parent(PESegment *parent) { parent_ = parent; }
|
||||
private:
|
||||
std::string name_;
|
||||
uint64_t address_;
|
||||
uint64_t size_;
|
||||
PESegment *parent_;
|
||||
};
|
||||
|
||||
class PESectionList : public BaseSectionList
|
||||
{
|
||||
public:
|
||||
explicit PESectionList(PEArchitecture *owner);
|
||||
explicit PESectionList(PEArchitecture *owner, const PESectionList &src);
|
||||
virtual PESectionList *Clone(PEArchitecture *owner) const;
|
||||
PESection *item(size_t index) const;
|
||||
PESection *Add(PESegment *parent, uint64_t address, uint64_t size, const std::string &name);
|
||||
};
|
||||
|
||||
class PEImport;
|
||||
|
||||
class PEImportFunction : public BaseImportFunction
|
||||
{
|
||||
public:
|
||||
explicit PEImportFunction(PEImport *owner);
|
||||
explicit PEImportFunction(PEImport *owner, const std::string &name);
|
||||
explicit PEImportFunction(PEImport *owner, uint64_t address, APIType type, MapFunction *map_function);
|
||||
explicit PEImportFunction(PEImport *owner, const PEImportFunction &src);
|
||||
virtual PEImportFunction *Clone(IImport *owner) const;
|
||||
bool ReadFromFile(PEArchitecture &arch, uint32_t &rva);
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual std::string name() const { return name_; }
|
||||
bool is_ordinal() const { return is_ordinal_; }
|
||||
uint32_t ordinal() const { return ordinal_; }
|
||||
void FreeByManager(MemoryManager &manager, bool free_iat);
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
virtual std::string display_name(bool show_ret = true) const;
|
||||
bool IsInternal(const CompileContext &ctx) const;
|
||||
private:
|
||||
std::string name_;
|
||||
uint64_t name_address_;
|
||||
uint64_t address_;
|
||||
bool is_ordinal_;
|
||||
uint32_t ordinal_;
|
||||
};
|
||||
|
||||
class PEImport : public BaseImport
|
||||
{
|
||||
public:
|
||||
explicit PEImport(PEImportList *owner);
|
||||
explicit PEImport(PEImportList *owner, bool is_sdk);
|
||||
explicit PEImport(PEImportList *owner, const std::string &name);
|
||||
explicit PEImport(PEImportList *owner, const PEImport &src);
|
||||
virtual PEImport *Clone(IImportList *owner) const;
|
||||
PEImportFunction *item(size_t index) const;
|
||||
bool ReadFromFile(PEArchitecture &file);
|
||||
void WriteToFile(PEArchitecture &file) const;
|
||||
virtual std::string name() const { return name_; }
|
||||
virtual bool is_sdk() const { return is_sdk_; }
|
||||
bool FreeByManager(MemoryManager &manager, bool free_iat);
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
void set_name(const std::string &name) { name_ = name; }
|
||||
protected:
|
||||
virtual PEImportFunction *Add(uint64_t address, APIType type, MapFunction *map_function);
|
||||
private:
|
||||
std::string name_;
|
||||
uint64_t name_address_;
|
||||
bool is_sdk_;
|
||||
uint64_t original_first_thunk_address_;
|
||||
uint64_t first_thunk_address_;
|
||||
uint32_t time_stamp_;
|
||||
uint32_t forwarder_chain_;
|
||||
};
|
||||
|
||||
class PEImportList : public BaseImportList
|
||||
{
|
||||
public:
|
||||
explicit PEImportList(PEArchitecture *owner);
|
||||
explicit PEImportList(PEArchitecture *owner, const PEImportList &src);
|
||||
virtual PEImportList *Clone(PEArchitecture *owner) const;
|
||||
PEImport *item(size_t index) const;
|
||||
virtual PEImportFunction *GetFunctionByAddress(uint64_t address) const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &dir);
|
||||
void FreeByManager(MemoryManager &manager, bool free_iat);
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
void WriteToFile(PEArchitecture &file, bool skip_sdk = false) const;
|
||||
protected:
|
||||
virtual PEImport *AddSDK();
|
||||
private:
|
||||
uint64_t address_;
|
||||
};
|
||||
|
||||
class PEDelayImport;
|
||||
class PEDelayImportList;
|
||||
|
||||
class PEDelayImportFunction : public IObject
|
||||
{
|
||||
public:
|
||||
explicit PEDelayImportFunction(PEDelayImport *owner);
|
||||
explicit PEDelayImportFunction(PEDelayImport *owner, const PEDelayImportFunction &src);
|
||||
~PEDelayImportFunction();
|
||||
PEDelayImportFunction *Clone(PEDelayImport *owner) const;
|
||||
bool ReadFromFile(PEArchitecture &file, uint64_t add_value);
|
||||
std::string name() const { return name_; }
|
||||
bool is_ordinal() const { return is_ordinal_; }
|
||||
uint32_t ordinal() const { return ordinal_; }
|
||||
private:
|
||||
PEDelayImport *owner_;
|
||||
|
||||
std::string name_;
|
||||
bool is_ordinal_;
|
||||
uint32_t ordinal_;
|
||||
};
|
||||
|
||||
class PEDelayImport : public ObjectList<PEDelayImportFunction>
|
||||
{
|
||||
public:
|
||||
explicit PEDelayImport(PEDelayImportList *owner);
|
||||
explicit PEDelayImport(PEDelayImportList *owner, const PEDelayImport &src);
|
||||
~PEDelayImport();
|
||||
PEDelayImport *Clone(PEDelayImportList *owner) const;
|
||||
bool ReadFromFile(PEArchitecture &file);
|
||||
virtual std::string name() const { return name_; }
|
||||
uint32_t flags() const { return flags_; }
|
||||
uint64_t module() const { return module_; }
|
||||
uint64_t iat() const { return iat_; }
|
||||
uint64_t bound_iat() const { return bound_iat_; }
|
||||
uint64_t unload_iat() const { return unload_iat_; }
|
||||
uint32_t time_stamp() const { return time_stamp_; }
|
||||
private:
|
||||
PEDelayImportList *owner_;
|
||||
|
||||
std::string name_;
|
||||
uint32_t flags_;
|
||||
uint64_t module_;
|
||||
uint64_t iat_;
|
||||
uint64_t bound_iat_;
|
||||
uint64_t unload_iat_;
|
||||
uint32_t time_stamp_;
|
||||
};
|
||||
|
||||
class PEDelayImportList : public ObjectList<PEDelayImport>
|
||||
{
|
||||
public:
|
||||
explicit PEDelayImportList();
|
||||
explicit PEDelayImportList(const PEDelayImportList &src);
|
||||
PEDelayImportList *Clone() const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &dir);
|
||||
};
|
||||
|
||||
class PEExportList;
|
||||
|
||||
class PEExport : public BaseExport
|
||||
{
|
||||
public:
|
||||
explicit PEExport(PEExportList *owner, uint64_t address, uint32_t ordinal);
|
||||
explicit PEExport(PEExportList *owner, const PEExport &src);
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual std::string name() const { return name_; }
|
||||
virtual std::string forwarded_name() const { return forwarded_name_; }
|
||||
virtual std::string display_name(bool show_ret = true) const;
|
||||
uint32_t ordinal() const { return ordinal_; }
|
||||
void set_name(const std::string &name) { name_ = name; }
|
||||
void set_forwarded_name(const std::string &forwarded_name) { forwarded_name_ = forwarded_name; }
|
||||
virtual PEExport *Clone(IExportList *owner) const;
|
||||
/*virtual*/ int CompareWith(const IObject &obj) const;
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
void ReadFromFile(PEArchitecture &file, uint64_t address_of_name, bool is_forwarded);
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
private:
|
||||
uint64_t address_;
|
||||
uint32_t ordinal_;
|
||||
uint64_t address_of_name_;
|
||||
std::string name_;
|
||||
std::string forwarded_name_;
|
||||
};
|
||||
|
||||
class PEExportList : public BaseExportList
|
||||
{
|
||||
public:
|
||||
explicit PEExportList(PEArchitecture *owner);
|
||||
explicit PEExportList(PEArchitecture *owner, const PEExportList &src);
|
||||
virtual PEExportList *Clone(PEArchitecture *owner) const;
|
||||
virtual std::string name() const { return name_; }
|
||||
void set_name(const std::string &name) { name_ = name; }
|
||||
uint32_t characteristics() const { return characteristics_; }
|
||||
uint32_t time_date_stamp() const { return time_date_stamp_; }
|
||||
uint16_t major_version() const { return major_version_; }
|
||||
uint16_t minor_version() const { return minor_version_; }
|
||||
PEExport *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &arch, PEDirectory &dir);
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
virtual void ReadFromBuffer(Buffer &buffer, IArchitecture &file);
|
||||
uint32_t WriteToData(IFunction &data, uint64_t image_base);
|
||||
void AddAntidebug();
|
||||
protected:
|
||||
virtual PEExport *Add(uint64_t address) { return Add(address, 0); }
|
||||
private:
|
||||
PEExport *Add(uint64_t address, uint32_t ordinal);
|
||||
PEExport *GetExportByOrdinal(uint32_t ordinal);
|
||||
|
||||
uint64_t address_;
|
||||
uint64_t name_address_;
|
||||
uint32_t characteristics_;
|
||||
uint32_t time_date_stamp_;
|
||||
uint16_t major_version_;
|
||||
uint16_t minor_version_;
|
||||
std::string name_;
|
||||
uint32_t number_of_functions_;
|
||||
uint64_t address_of_functions_;
|
||||
uint32_t number_of_names_;
|
||||
uint64_t address_of_names_;
|
||||
uint64_t address_of_name_ordinals_;
|
||||
|
||||
struct NameInfo {
|
||||
uint32_t ordinal_index;
|
||||
uint32_t address_of_name;
|
||||
bool operator == (uint16_t ordinal_index_) const
|
||||
{
|
||||
return (ordinal_index == ordinal_index_);
|
||||
}
|
||||
};
|
||||
|
||||
struct ExportInfo {
|
||||
PEExport *export_function;
|
||||
ExportInfo(PEExport *export_function_) : export_function(export_function_) {}
|
||||
bool operator< (const ExportInfo &obj) const
|
||||
{
|
||||
return (export_function->name().compare(obj.export_function->name()) < 0);
|
||||
}
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
class PEFixup : public BaseFixup
|
||||
{
|
||||
public:
|
||||
explicit PEFixup(PEFixupList *owner, uint64_t address, uint8_t type);
|
||||
explicit PEFixup(PEFixupList *owner, const PEFixup &src);
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual FixupType type() const;
|
||||
virtual OperandSize size() const;
|
||||
virtual PEFixup *Clone(IFixupList *owner) const;
|
||||
uint8_t internal_type() const { return type_; }
|
||||
virtual void set_address(uint64_t address) { address_ = address; }
|
||||
virtual void Rebase(IArchitecture &file, uint64_t delta_base);
|
||||
private:
|
||||
uint64_t address_;
|
||||
uint8_t type_;
|
||||
};
|
||||
|
||||
class PEFixupList : public BaseFixupList
|
||||
{
|
||||
public:
|
||||
explicit PEFixupList();
|
||||
explicit PEFixupList(const PEFixupList &src);
|
||||
virtual PEFixupList *Clone() const;
|
||||
PEFixup *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &dir);
|
||||
void WriteToData(Data &data, uint64_t image_base);
|
||||
size_t WriteToFile(PEArchitecture &file);
|
||||
virtual IFixup *AddDefault(OperandSize cpu_address_size, bool is_code);
|
||||
private:
|
||||
PEFixup *Add(uint64_t address, uint8_t type);
|
||||
|
||||
// no assignment op
|
||||
PEFixupList &operator =(const PEFixupList &);
|
||||
};
|
||||
|
||||
class PERelocation : public BaseRelocation
|
||||
{
|
||||
public:
|
||||
explicit PERelocation(PERelocationList *owner, uint64_t address, uint64_t source, OperandSize size, uint32_t addend);
|
||||
explicit PERelocation(PERelocationList *owner, const PERelocation &src);
|
||||
virtual PERelocation *Clone(IRelocationList *owner) const;
|
||||
uint64_t source() const { return source_; }
|
||||
uint32_t addend() const { return addend_; }
|
||||
virtual ISymbol *symbol() const { return NULL; }
|
||||
private:
|
||||
uint64_t source_;
|
||||
uint32_t addend_;
|
||||
};
|
||||
|
||||
class PERelocationList : public BaseRelocationList
|
||||
{
|
||||
public:
|
||||
explicit PERelocationList();
|
||||
explicit PERelocationList(const PERelocationList &src);
|
||||
virtual PERelocationList *Clone() const;
|
||||
PERelocation *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &file);
|
||||
void WriteToData(Data &data, uint64_t image_base);
|
||||
private:
|
||||
void ParseMinGW(PEArchitecture &file, uint64_t address, uint64_t start, uint64_t end);
|
||||
PERelocation *Add(uint64_t address, uint64_t source, OperandSize size, uint32_t addend);
|
||||
uint64_t address_;
|
||||
uint64_t mem_address_;
|
||||
|
||||
// no assignment op
|
||||
PERelocationList &operator =(const PERelocationList &);
|
||||
};
|
||||
|
||||
class PESEHandler : public BaseSEHandler
|
||||
{
|
||||
public:
|
||||
explicit PESEHandler(ISEHandlerList *owner, uint64_t address);
|
||||
explicit PESEHandler(ISEHandlerList *owner, const PESEHandler &src);
|
||||
virtual PESEHandler *Clone(ISEHandlerList *owner) const;
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual void set_address(uint64_t address) { address_ = address; }
|
||||
virtual bool is_deleted() const { return deleted_; }
|
||||
virtual void set_deleted(bool deleted) { deleted_ = deleted; }
|
||||
void Rebase(uint64_t delta_base);
|
||||
private:
|
||||
uint64_t address_;
|
||||
bool deleted_;
|
||||
};
|
||||
|
||||
class PESEHandlerList : public BaseSEHandlerList
|
||||
{
|
||||
public:
|
||||
explicit PESEHandlerList();
|
||||
explicit PESEHandlerList(const PESEHandlerList &src);
|
||||
virtual PESEHandlerList *Clone() const;
|
||||
PESEHandler *item(size_t index) const;
|
||||
virtual PESEHandler *Add(uint64_t address);
|
||||
void Rebase(uint64_t delta_base);
|
||||
void Pack();
|
||||
};
|
||||
|
||||
class PECFGAddressTable;
|
||||
|
||||
class PECFGAddress : public IObject
|
||||
{
|
||||
public:
|
||||
explicit PECFGAddress(PECFGAddressTable *owner, uint64_t address);
|
||||
explicit PECFGAddress(PECFGAddressTable *owner, const PECFGAddress &src);
|
||||
~PECFGAddress();
|
||||
PECFGAddress *Clone(PECFGAddressTable *owner) const;
|
||||
void Rebase(uint64_t delta_base);
|
||||
uint64_t address() const { return address_; }
|
||||
void set_data(std::vector<uint8_t> value) { data_ = value; }
|
||||
std::vector<uint8_t> data() const { return data_; }
|
||||
private:
|
||||
PECFGAddressTable *owner_;
|
||||
uint64_t address_;
|
||||
std::vector<uint8_t> data_;
|
||||
};
|
||||
|
||||
class PECFGAddressTable : public ObjectList<PECFGAddress>
|
||||
{
|
||||
public:
|
||||
explicit PECFGAddressTable();
|
||||
explicit PECFGAddressTable(const PECFGAddressTable &src);
|
||||
PECFGAddressTable *Clone() const;
|
||||
PECFGAddress *Add(uint64_t address);
|
||||
void Rebase(uint64_t delta_base);
|
||||
};
|
||||
|
||||
class PELoadConfigDirectory : public IObject
|
||||
{
|
||||
public:
|
||||
explicit PELoadConfigDirectory();
|
||||
explicit PELoadConfigDirectory(const PELoadConfigDirectory &src);
|
||||
~PELoadConfigDirectory();
|
||||
virtual PELoadConfigDirectory *Clone() const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &dir);
|
||||
size_t WriteToFile(PEArchitecture &file);
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
void Rebase(uint64_t delta_base);
|
||||
uint64_t security_cookie() const { return security_cookie_; }
|
||||
void set_security_cookie(uint64_t value) { security_cookie_ = value; }
|
||||
uint64_t cfg_check_function() const { return cfg_check_function_; }
|
||||
void set_cfg_check_function(uint64_t value) { cfg_check_function_ = value; }
|
||||
PESEHandlerList *seh_handler_list() const { return seh_handler_list_; }
|
||||
PECFGAddressTable *cfg_address_list() const { return cfg_address_list_; }
|
||||
uint64_t seh_table_address() const { return seh_table_address_; }
|
||||
uint64_t cfg_table_address() const { return cfg_table_address_; }
|
||||
private:
|
||||
uint64_t seh_table_address_;
|
||||
uint64_t security_cookie_;
|
||||
uint64_t cfg_table_address_;
|
||||
uint64_t cfg_check_function_;
|
||||
uint32_t guard_flags_;
|
||||
PESEHandlerList *seh_handler_list_;
|
||||
PECFGAddressTable *cfg_address_list_;
|
||||
|
||||
// no assignment op
|
||||
PELoadConfigDirectory &operator =(const PELoadConfigDirectory &);
|
||||
};
|
||||
|
||||
enum PEResourceType {
|
||||
rtUnknown,
|
||||
rtCursor = 1,
|
||||
rtBitmap = 2,
|
||||
rtIcon = 3,
|
||||
rtMenu = 4,
|
||||
rtDialog = 5,
|
||||
rtStringTable = 6,
|
||||
rtFontDir = 7,
|
||||
rtFont = 8,
|
||||
rtAccelerators = 9,
|
||||
rtRCData = 10,
|
||||
rtMessageTable = 11,
|
||||
rtGroupCursor = 12,
|
||||
rtGroupIcon = 14,
|
||||
rtVersionInfo = 16,
|
||||
rtDlgInclude = 17,
|
||||
rtPlugPlay = 19,
|
||||
rtVXD = 20,
|
||||
rtAniCursor = 21,
|
||||
rtAniIcon = 22,
|
||||
rtHTML = 23,
|
||||
rtManifest = 24,
|
||||
rtDialogInit = 240,
|
||||
rtToolbar = 241
|
||||
};
|
||||
|
||||
class PEResource : public BaseResource
|
||||
{
|
||||
public:
|
||||
explicit PEResource(IResource *owner, PEResourceType type, uint32_t name_offset, uint32_t data_offset);
|
||||
explicit PEResource(IResource *owner, const PEResource &src);
|
||||
virtual PEResource *Clone(IResource *owner) const;
|
||||
PEResource *item(size_t index) const;
|
||||
virtual uint32_t type() const { return type_; }
|
||||
virtual uint64_t address() const { return is_directory() ? 0 : address_; }
|
||||
virtual size_t size() const { return is_directory() ? 0 : data_.item.Size; }
|
||||
virtual std::string name() const { return has_name() ? "\"" + name_ + "\"" : name_; }
|
||||
virtual bool is_directory() const { return (data_offset_ & IMAGE_RESOURCE_DATA_IS_DIRECTORY) != 0; }
|
||||
virtual PEResource *GetResourceByName(const std::string &name) const;
|
||||
void set_name(const std::string &name) { name_ = name; }
|
||||
bool has_name() const { return (name_offset_ & IMAGE_RESOURCE_NAME_IS_STRING) != 0; }
|
||||
bool need_store() const;
|
||||
virtual std::string id() const;
|
||||
void ReadFromFile(PEArchitecture &file, uint64_t root_address);
|
||||
// PE format
|
||||
void WriteHeader(Data &data);
|
||||
void WriteEntry(Data &data);
|
||||
void WriteName(Data &data);
|
||||
size_t WriteData(Data &data, PEArchitecture &file);
|
||||
// ResourceManager format
|
||||
void WriteHeader(IFunction &data);
|
||||
void WriteEntry(IFunction &data);
|
||||
void WriteName(IFunction &data, size_t root_index, uint32_t key);
|
||||
void WriteData(IFunction &data, PEArchitecture &file, uint32_t key);
|
||||
private:
|
||||
PEResource *Add(PEResourceType type, uint32_t name_offset, uint32_t data_offset);
|
||||
|
||||
PEResourceType type_;
|
||||
uint32_t name_offset_;
|
||||
uint32_t data_offset_;
|
||||
union {
|
||||
IMAGE_RESOURCE_DIRECTORY dir;
|
||||
IMAGE_RESOURCE_DATA_ENTRY item;
|
||||
} data_;
|
||||
std::string name_;
|
||||
uint64_t address_;
|
||||
size_t entry_offset_;
|
||||
size_t data_entry_offset_;
|
||||
};
|
||||
|
||||
class PEResourceList : public BaseResourceList
|
||||
{
|
||||
public:
|
||||
explicit PEResourceList(PEArchitecture *owner);
|
||||
explicit PEResourceList(PEArchitecture *owner, const PEResourceList &src);
|
||||
|
||||
using BaseResourceList::Clone;
|
||||
PEResourceList *Clone(PEArchitecture *owner) const;
|
||||
PEResource *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &dir);
|
||||
size_t WriteToFile(PEArchitecture &file, uint64_t address);
|
||||
void Compile(PEArchitecture &file, bool for_packing);
|
||||
size_t size() const { return data_.size(); }
|
||||
size_t store_size() const { return store_size_; }
|
||||
void WritePackData(Data &data);
|
||||
void CreateCommands(PEArchitecture &file, IFunction &data);
|
||||
private:
|
||||
PEResource *Add(PEResourceType type, uint32_t name_offset, uint32_t data_offset);
|
||||
IMAGE_RESOURCE_DIRECTORY dir_;
|
||||
Data data_;
|
||||
std::vector<size_t> link_list_;
|
||||
size_t store_size_;
|
||||
};
|
||||
|
||||
class PERuntimeFunction : public BaseRuntimeFunction
|
||||
{
|
||||
public:
|
||||
explicit PERuntimeFunction(PERuntimeFunctionList *owner, uint64_t address, uint64_t begin, uint64_t end, uint64_t unwind_address);
|
||||
explicit PERuntimeFunction(PERuntimeFunctionList *owner, const PERuntimeFunction &src);
|
||||
virtual PERuntimeFunction *Clone(IRuntimeFunctionList *owner) const;
|
||||
virtual uint64_t address() const { return address_; }
|
||||
virtual uint64_t begin() const { return begin_; }
|
||||
virtual uint64_t end() const { return end_; }
|
||||
virtual uint64_t unwind_address() const { return unwind_address_; }
|
||||
virtual void set_begin(uint64_t begin) { begin_ = begin; }
|
||||
virtual void set_end(uint64_t end) { end_ = end; }
|
||||
virtual void set_unwind_address(uint64_t unwind_address) { unwind_address_ = unwind_address; }
|
||||
virtual void Rebase(uint64_t delta_base);
|
||||
virtual void Parse(IArchitecture &file, IFunction &dest);
|
||||
private:
|
||||
uint64_t address_;
|
||||
uint64_t begin_;
|
||||
uint64_t end_;
|
||||
uint64_t unwind_address_;
|
||||
};
|
||||
|
||||
class PERuntimeFunctionList : public BaseRuntimeFunctionList
|
||||
{
|
||||
public:
|
||||
explicit PERuntimeFunctionList();
|
||||
explicit PERuntimeFunctionList(const PERuntimeFunctionList &src);
|
||||
PERuntimeFunctionList *Clone() const;
|
||||
PERuntimeFunction *item(size_t index) const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &directory);
|
||||
size_t WriteToFile(PEArchitecture &file);
|
||||
virtual PERuntimeFunction *Add(uint64_t address, uint64_t begin, uint64_t end, uint64_t unwind_address, IRuntimeFunction *source, const std::vector<uint8_t> &call_frame_instructions);
|
||||
virtual PERuntimeFunction *GetFunctionByAddress(uint64_t address) const;
|
||||
void RebaseByFile(IArchitecture &file, uint64_t target_image_base, uint64_t delta_base);
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
uint64_t address() const { return address_; }
|
||||
private:
|
||||
uint64_t RebaseDWord(IArchitecture &file, uint32_t delta_base);
|
||||
uint64_t address_;
|
||||
|
||||
// no assignment op
|
||||
PERuntimeFunctionList &operator =(const PERuntimeFunctionList &);
|
||||
};
|
||||
|
||||
class PETLSDirectory : public ReferenceList
|
||||
{
|
||||
public:
|
||||
explicit PETLSDirectory();
|
||||
explicit PETLSDirectory(const PETLSDirectory &src);
|
||||
PETLSDirectory *Clone() const;
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &directory);
|
||||
void FreeByManager(MemoryManager &manager);
|
||||
uint64_t address() const { return address_; }
|
||||
uint64_t start_address_of_raw_data() const { return start_address_of_raw_data_; }
|
||||
uint64_t end_address_of_raw_data() const { return end_address_of_raw_data_; }
|
||||
uint64_t address_of_index() const { return address_of_index_; }
|
||||
uint64_t address_of_call_backs() const { return address_of_call_backs_; }
|
||||
uint32_t size_of_zero_fill() const { return size_of_zero_fill_; }
|
||||
uint32_t characteristics() const { return characteristics_; }
|
||||
void set_start_address_of_raw_data(uint64_t value) { start_address_of_raw_data_ = value; }
|
||||
void set_end_address_of_raw_data(uint64_t value) { end_address_of_raw_data_ = value; }
|
||||
private:
|
||||
uint64_t address_;
|
||||
uint64_t start_address_of_raw_data_;
|
||||
uint64_t end_address_of_raw_data_;
|
||||
uint64_t address_of_index_;
|
||||
uint64_t address_of_call_backs_;
|
||||
uint32_t size_of_zero_fill_;
|
||||
uint32_t characteristics_;
|
||||
|
||||
// no assignment op
|
||||
PETLSDirectory &operator =(const PETLSDirectory &);
|
||||
};
|
||||
|
||||
class PEDebugDirectory;
|
||||
|
||||
class PEDebugData : public IObject
|
||||
{
|
||||
public:
|
||||
explicit PEDebugData(PEDebugDirectory *owner);
|
||||
explicit PEDebugData(PEDebugDirectory *owner, const PEDebugData &src);
|
||||
~PEDebugData();
|
||||
PEDebugData *Clone(PEDebugDirectory *owner) const;
|
||||
void ReadFromFile(PEArchitecture &file);
|
||||
void WriteToFile(PEArchitecture &file);
|
||||
uint64_t address() const { return address_; }
|
||||
uint32_t offset() const { return offset_; }
|
||||
uint32_t size() const { return size_; }
|
||||
uint32_t type() const { return type_; }
|
||||
void set_address(uint64_t address) { address_ = address; }
|
||||
void set_offset(uint32_t offset) { offset_ = offset; }
|
||||
private:
|
||||
PEDebugDirectory *owner_;
|
||||
uint32_t characteristics_;
|
||||
uint32_t time_date_stamp_;
|
||||
uint16_t major_version_;
|
||||
uint16_t minor_version_;
|
||||
uint32_t type_;
|
||||
uint32_t size_;
|
||||
uint64_t address_;
|
||||
uint32_t offset_;
|
||||
};
|
||||
|
||||
class PEDebugDirectory : public ObjectList<PEDebugData>
|
||||
{
|
||||
public:
|
||||
explicit PEDebugDirectory();
|
||||
explicit PEDebugDirectory(const PEDebugDirectory &src);
|
||||
PEDebugDirectory *Clone() const;
|
||||
uint64_t address() const { return address_; }
|
||||
void ReadFromFile(PEArchitecture &file, PEDirectory &directory);
|
||||
void WriteToFile(PEArchitecture &file);
|
||||
void FreeByManager(MemoryManager &manager) const;
|
||||
private:
|
||||
PEDebugData *Add();
|
||||
uint64_t address_;
|
||||
|
||||
// not impl
|
||||
PEDebugDirectory &operator =(const PEDebugDirectory &);
|
||||
};
|
||||
|
||||
class pdb_reader;
|
||||
|
||||
class PDBFile : public BaseMapFile
|
||||
{
|
||||
public:
|
||||
explicit PDBFile();
|
||||
virtual bool Parse(const char *file_name, const std::vector<uint64_t> &segments);
|
||||
virtual std::string file_name() const { return file_name_; }
|
||||
virtual uint64_t time_stamp() const { return time_stamp_; }
|
||||
std::vector<uint8_t> guid() const { return guid_; }
|
||||
void set_time_stamp(uint64_t value) { time_stamp_ = value; }
|
||||
private:
|
||||
bool ReadSymbols(pdb_reader &reader);
|
||||
void codeview_dump_symbols(const std::vector<uint8_t> &root, size_t offset);
|
||||
std::string GetTypeName(size_t type, const std::string &name);
|
||||
void AddSymbol(size_t segment, size_t offset, const std::string &name);
|
||||
void AddSection(size_t segment, size_t offset, uint64_t size, const std::string &name);
|
||||
|
||||
std::string file_name_;
|
||||
uint64_t time_stamp_;
|
||||
std::vector<uint8_t> guid_;
|
||||
std::vector<uint64_t> segments_;
|
||||
size_t types_first_index_;
|
||||
std::vector<uint8_t> types_data_;
|
||||
std::vector<const union codeview_type *> types_offset_;
|
||||
std::set<std::pair<uint64_t, std::string> > map_;
|
||||
};
|
||||
|
||||
class COFFStringTable
|
||||
{
|
||||
public:
|
||||
std::string GetString(uint32_t pos) const;
|
||||
void ReadFromFile(PEArchitecture &file);
|
||||
void ReadFromFile(FileStream &file);
|
||||
private:
|
||||
std::vector<char> data_;
|
||||
};
|
||||
|
||||
class COFFFile : public BaseMapFile
|
||||
{
|
||||
public:
|
||||
bool Parse(const char *file_name, const std::vector<uint64_t> &segments);
|
||||
virtual std::string file_name() const { return file_name_; }
|
||||
virtual uint64_t time_stamp() const { return time_stamp_; }
|
||||
private:
|
||||
void AddSymbol(size_t segment, size_t offset, const std::string &name);
|
||||
uint64_t time_stamp_;
|
||||
std::string file_name_;
|
||||
std::vector<uint64_t> segments_;
|
||||
};
|
||||
|
||||
class PEFile;
|
||||
|
||||
enum ImageType {
|
||||
itExe,
|
||||
itLibrary,
|
||||
itDriver
|
||||
};
|
||||
|
||||
class PEArchitecture : public BaseArchitecture
|
||||
{
|
||||
public:
|
||||
explicit PEArchitecture(PEFile *owner, uint64_t offset, uint64_t size);
|
||||
explicit PEArchitecture(PEFile *owner, const PEArchitecture &src);
|
||||
virtual ~PEArchitecture();
|
||||
virtual PEArchitecture *Clone(IFile *file) const;
|
||||
OpenStatus ReadFromFile(uint32_t mode);
|
||||
virtual void ReadFromBuffer(Buffer &buffer);
|
||||
void WriteCheckSum();
|
||||
virtual bool WriteToFile();
|
||||
virtual bool is_executable() const;
|
||||
virtual std::string name() const;
|
||||
virtual uint32_t type() const { return cpu_; }
|
||||
virtual OperandSize cpu_address_size() const { return cpu_address_size_; }
|
||||
virtual uint64_t entry_point() const { return entry_point_; }
|
||||
void set_entry_point(uint64_t entry_point) { entry_point_ = entry_point; }
|
||||
virtual uint32_t segment_alignment() const { return segment_alignment_; }
|
||||
virtual uint32_t file_alignment() const { return file_alignment_; }
|
||||
virtual uint64_t image_base() const { return image_base_; }
|
||||
virtual PEDirectoryList *command_list() const { return directory_list_; }
|
||||
virtual PESegmentList *segment_list() const { return segment_list_; }
|
||||
virtual PESectionList *section_list() const { return section_list_; }
|
||||
virtual PEImportList *import_list() const { return import_list_; }
|
||||
virtual PEExportList *export_list() const { return export_list_; }
|
||||
virtual PEFixupList *fixup_list() const { return fixup_list_; }
|
||||
virtual PERelocationList *relocation_list() const { return relocation_list_; }
|
||||
virtual PEResourceList *resource_list() const { return resource_list_; }
|
||||
virtual PESEHandlerList *seh_handler_list() const { return load_config_directory_->seh_handler_list(); }
|
||||
PETLSDirectory *tls_directory() const { return tls_directory_; }
|
||||
PELoadConfigDirectory *load_config_directory() const { return load_config_directory_; }
|
||||
PEDelayImportList *delay_import_list() const { return delay_import_list_; }
|
||||
virtual IFunctionList *function_list() const { return function_list_; }
|
||||
virtual IVirtualMachineList *virtual_machine_list() const { return virtual_machine_list_; }
|
||||
virtual PERuntimeFunctionList *runtime_function_list() const { return runtime_function_list_; }
|
||||
virtual bool Compile(CompileOptions &options, IArchitecture *runtime);
|
||||
virtual void Save(CompileContext &ctx);
|
||||
ImageType image_type() const { return image_type_; }
|
||||
void Rebase(uint64_t target_image_base, uint64_t delta_base);
|
||||
virtual CallingConvention calling_convention() const { return (cpu_address_size() == osDWord) ? ccStdcall : ccMSx64; }
|
||||
virtual uint64_t time_stamp() const { return time_stamp_; }
|
||||
PESegment *resource_section() const { return resource_section_; }
|
||||
PESegment *fixup_section() const { return fixup_section_; }
|
||||
uint32_t header_offset() const { return header_offset_; }
|
||||
uint32_t header_size() const { return header_size_; }
|
||||
virtual std::string ANSIToUTF8(const std::string &str) const;
|
||||
uint16_t dll_characteristics() const { return dll_characteristics_; }
|
||||
std::string pdb_file_name() const;
|
||||
uint32_t operating_system_version() const { return operating_system_version_; }
|
||||
protected:
|
||||
virtual bool Prepare(CompileContext &ctx);
|
||||
virtual bool ReadMapFile(IMapFile &map_file);
|
||||
private:
|
||||
enum {
|
||||
MIN_HEADER_OFFSET = 0x80
|
||||
};
|
||||
PEDirectoryList *directory_list_;
|
||||
PESegmentList *segment_list_;
|
||||
PESectionList *section_list_;
|
||||
PEImportList *import_list_;
|
||||
PEExportList *export_list_;
|
||||
PEFixupList *fixup_list_;
|
||||
PERelocationList *relocation_list_;
|
||||
IFunctionList *function_list_;
|
||||
PEResourceList *resource_list_;
|
||||
PELoadConfigDirectory *load_config_directory_;
|
||||
IVirtualMachineList *virtual_machine_list_;
|
||||
PERuntimeFunctionList *runtime_function_list_;
|
||||
PETLSDirectory *tls_directory_;
|
||||
PEDebugDirectory *debug_directory_;
|
||||
PEDelayImportList *delay_import_list_;
|
||||
uint32_t cpu_;
|
||||
OperandSize cpu_address_size_;
|
||||
uint64_t time_stamp_;
|
||||
uint64_t entry_point_;
|
||||
uint64_t image_base_;
|
||||
uint32_t header_offset_;
|
||||
uint32_t header_size_;
|
||||
uint32_t segment_alignment_;
|
||||
uint32_t file_alignment_;
|
||||
PESegment *resource_section_;
|
||||
PESegment *fixup_section_;
|
||||
size_t optimized_section_count_;
|
||||
ImageType image_type_;
|
||||
uint16_t characterictics_;
|
||||
uint32_t check_sum_;
|
||||
uint32_t low_resize_header_;
|
||||
uint32_t resize_header_;
|
||||
uint32_t operating_system_version_;
|
||||
uint32_t subsystem_version_;
|
||||
uint16_t dll_characteristics_;
|
||||
|
||||
// no copy ctr or assignment op
|
||||
PEArchitecture(const PEArchitecture &);
|
||||
PEArchitecture &operator =(const PEArchitecture &);
|
||||
};
|
||||
|
||||
class NETArchitecture;
|
||||
|
||||
class PEFile : public IFile
|
||||
{
|
||||
public:
|
||||
explicit PEFile(ILog *log = NULL);
|
||||
explicit PEFile(const PEFile &src, const char *file_name);
|
||||
virtual ~PEFile();
|
||||
virtual std::string format_name() const;
|
||||
virtual PEFile *Clone(const char *file_name) const;
|
||||
virtual bool Compile(CompileOptions &options);
|
||||
virtual std::string version() const;
|
||||
virtual bool is_executable() const;
|
||||
virtual uint32_t disable_options() const;
|
||||
bool GetCheckSum(uint32_t *check_sum);
|
||||
PEArchitecture *arch_pe() const { return count() > 0 ? dynamic_cast<PEArchitecture *>(item(0)) : NULL; }
|
||||
virtual std::string exec_command() const;
|
||||
protected:
|
||||
virtual OpenStatus ReadHeader(uint32_t open_mode);
|
||||
bool WriteHeader();
|
||||
virtual IFile *runtime() const { return runtime_; };
|
||||
private:
|
||||
PEFile *runtime_;
|
||||
|
||||
// no copy ctr or assignment op
|
||||
PEFile(const PEFile &);
|
||||
PEFile &operator =(const PEFile &);
|
||||
};
|
||||
|
||||
#endif
|
||||
Reference in New Issue
Block a user