summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2009-01-29 21:08:53 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2009-01-29 21:08:53 (GMT)
commit14abff97c2ba0940c2dcf2e37eb080ebdb923c6f (patch)
tree60f9bc40853754d126bb0d547fbf8d5c00146012
parent21493170bb188ad9548820c830c3e8d7055e3f46 (diff)
Begun to support PE binaries.
git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@47 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
-rw-r--r--ChangeLog20
-rw-r--r--configure.ac3
-rw-r--r--src/Makefile.am2
-rw-r--r--src/binary.c4
-rw-r--r--src/format/Makefile.am2
-rwxr-xr-xsrc/format/pe/Makefile.am15
-rw-r--r--src/format/pe/e_pe.c138
-rw-r--r--src/format/pe/e_pe.h47
-rw-r--r--src/format/pe/pe-int.h118
9 files changed, 345 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 9c68616..9aed5fd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2009-01-29 Cyrille Bagard <nocbos@gmail.com>
+
+ * configure.ac:
+ Add the new Makefile from 'src/format/pe/' directories to AC_CONFIG_FILES.
+
+ * src/binary.c:
+ Update code.
+
+ * src/format/Makefile.am:
+ Add pe to SUBDIRS.
+
+ * src/format/pe/e_pe.c:
+ * src/format/pe/e_pe.h:
+ * src/format/pe/Makefile.am:
+ * src/format/pe/pe-int.h:
+ New entries: begin to support PE binaries.
+
+ * src/Makefile.am:
+ Update openida_LDADD.
+
2009-01-25 Cyrille Bagard <nocbos@gmail.com>
* configure.ac:
diff --git a/configure.ac b/configure.ac
index 44b68cb..7ef720a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -187,7 +187,8 @@ AC_CONFIG_FILES([Makefile
src/format/Makefile
src/format/dwarf/Makefile
src/format/elf/Makefile
- src/format/java/Makefile])
+ src/format/java/Makefile
+ src/format/pe/Makefile])
AC_OUTPUT
diff --git a/src/Makefile.am b/src/Makefile.am
index 5a0a565..8048f66 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -25,7 +25,7 @@ AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS)
openida_LDFLAGS = $(LIBGTK_LIBS) -L/usr/X11R6/lib -ldl -lm $(LIBXML_LIBS) `pkg-config --libs gthread-2.0`
-openida_LDADD = $(LIBINTL) arch/libarch.a arch/x86/libarchx86.a format/libformat.a format/dwarf/libformatdwarf.a format/elf/libformatelf.a format/java/libformatjava.a common/libcommon.a
+openida_LDADD = $(LIBINTL) arch/libarch.a arch/x86/libarchx86.a format/libformat.a format/dwarf/libformatdwarf.a format/elf/libformatelf.a format/java/libformatjava.a format/pe/libformatpe.a common/libcommon.a
SUBDIRS = arch common format
diff --git a/src/binary.c b/src/binary.c
index 6bfa551..df64a1a 100644
--- a/src/binary.c
+++ b/src/binary.c
@@ -44,6 +44,7 @@
#include "format/elf/e_elf.h"
#include "format/dwarf/d_dwarf.h"
#include "format/java/e_java.h"
+#include "format/pe/e_pe.h"
#ifndef _
@@ -392,6 +393,7 @@ void fill_snippet(GtkSnippet *snippet, GtkWidget *panel, GtkWidget *panel2)
register_exe_format(_("Java"), java_is_matching, load_java);
+ register_exe_format(_("Portable Executable"), pe_is_matching, load_pe);
bin_data = map_binary_file("/tmp/hello", &length);
@@ -407,7 +409,7 @@ void fill_snippet(GtkSnippet *snippet, GtkWidget *panel, GtkWidget *panel2)
printf(" --> ok ? %p\n", format);
- exit(0);
+ //exit(0);
return;
diff --git a/src/format/Makefile.am b/src/format/Makefile.am
index 6f49822..67b3737 100644
--- a/src/format/Makefile.am
+++ b/src/format/Makefile.am
@@ -16,4 +16,4 @@ AM_CPPFLAGS =
AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS)
-SUBDIRS = dwarf elf java
+SUBDIRS = dwarf elf java pe
diff --git a/src/format/pe/Makefile.am b/src/format/pe/Makefile.am
new file mode 100755
index 0000000..853e3f5
--- /dev/null
+++ b/src/format/pe/Makefile.am
@@ -0,0 +1,15 @@
+
+lib_LIBRARIES = libformatpe.a
+
+libformatpe_a_SOURCES = \
+ e_pe.h e_pe.c \
+ pe-int.h
+
+libformatpe_a_CFLAGS = $(AM_CFLAGS)
+
+
+INCLUDES =
+
+AM_CPPFLAGS =
+
+AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS)
diff --git a/src/format/pe/e_pe.c b/src/format/pe/e_pe.c
new file mode 100644
index 0000000..a10f075
--- /dev/null
+++ b/src/format/pe/e_pe.c
@@ -0,0 +1,138 @@
+
+/* OpenIDA - Outil d'analyse de fichiers binaires
+ * e_pe.c - support du format Portable Executable
+ *
+ * Copyright (C) 2008 Cyrille Bagard
+ *
+ * This file is part of OpenIDA.
+ *
+ * OpenIDA is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenIDA is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#include "e_pe.h"
+
+
+#include <malloc.h>
+#include <string.h>
+
+
+#include "pe-int.h"
+
+
+
+/******************************************************************************
+* *
+* Paramètres : content = contenu binaire à parcourir. *
+* length = taille du contenu en question. *
+* *
+* Description : Indique si le format peut être pris en charge ici. *
+* *
+* Retour : true si la réponse est positive, false sinon. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+bool pe_is_matching(const uint8_t *content, off_t length)
+{
+ bool result; /* Bilan à faire connaître */
+ image_dos_header dos_header; /* En-tête DOS */
+
+ result = false;
+
+ if (length >= 2)
+ {
+ result = (strncmp((const char *)content, "\x4d\x5a" /* MZ */, 2) == 0);
+ result &= length >= sizeof(image_dos_header);
+ }
+
+ if (result)
+ {
+ memcpy(&dos_header, content, sizeof(image_dos_header));
+
+ result = length >= (dos_header.e_lfanew + 4);
+
+ result &= (strncmp((const char *)&content[dos_header.e_lfanew],
+ "\x50\x45\x00\x00" /* PE00 */, 4) == 0);
+
+ }
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : content = contenu binaire à parcourir. *
+* length = taille du contenu en question. *
+* *
+* Description : Prend en charge une nouvelle classe PE. *
+* *
+* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.*
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+exe_format *load_pe(const uint8_t *content, off_t length)
+{
+ pe_format *result; /* Adresse à retourner */
+ off_t pos; /* Point d'analyse */
+
+ result = (pe_format *)calloc(1, sizeof(pe_format));
+
+ EXE_FORMAT(result)->content = content;
+ EXE_FORMAT(result)->length = length;
+
+ pos = 0;
+
+
+
+
+
+
+ return EXE_FORMAT(result);
+
+ ldp_error:
+
+ unload_pe(result);
+
+ return NULL;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : format = description de l'exécutable à supprimer. *
+* *
+* Description : Efface la prise en charge une nouvelle classe PE. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void unload_pe(pe_format *format)
+{
+
+
+
+
+ free(format);
+
+}
diff --git a/src/format/pe/e_pe.h b/src/format/pe/e_pe.h
new file mode 100644
index 0000000..54820e2
--- /dev/null
+++ b/src/format/pe/e_pe.h
@@ -0,0 +1,47 @@
+
+/* OpenIDA - Outil d'analyse de fichiers binaires
+ * e_pe.h - prototypes pour le support du format Portable Executable
+ *
+ * Copyright (C) 2008 Cyrille Bagard
+ *
+ * This file is part of OpenIDA.
+ *
+ * OpenIDA is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenIDA is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _FORMAT_PE_E_PE_H
+#define _FORMAT_PE_E_PE_H
+
+
+#include "../exe_format.h"
+
+
+
+/* Description du format Pe */
+typedef struct _pe_format pe_format;
+
+
+/* Indique si le format peut être pris en charge ici. */
+bool pe_is_matching(const uint8_t *, off_t);
+
+/* Prend en charge une nouvelle classe PE. */
+exe_format *load_pe(const uint8_t *, off_t);
+
+/* Efface la prise en charge une nouvelle classe PE. */
+void unload_pe(pe_format *);
+
+
+
+#endif /* _FORMAT_PE_E_PE_H */
diff --git a/src/format/pe/pe-int.h b/src/format/pe/pe-int.h
new file mode 100644
index 0000000..8b18055
--- /dev/null
+++ b/src/format/pe/pe-int.h
@@ -0,0 +1,118 @@
+
+/* OpenIDA - Outil d'analyse de fichiers binaires
+ * pe-int.h - prototypes pour les structures internes du format Portable Executable
+ *
+ * Copyright (C) 2008 Cyrille Bagard
+ *
+ * This file is part of OpenIDA.
+ *
+ * OpenIDA is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenIDA is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Foobar. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+
+#ifndef _FORMAT_PE_E_PE_INT_H
+#define _FORMAT_PE_E_PE_INT_H
+
+
+#include "../exe_format-int.h"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+/* ---------------------------- DESCRIPTION DU FORMAT PE ---------------------------- */
+
+
+/* En-tête DOS */
+typedef struct _image_dos_header
+{
+ uint16_t e_magic; /* Numéro magique */
+ uint16_t e_cblp; /* Octets de la dernière page */
+ uint16_t e_cp; /* Pages dans le fichier */
+ uint16_t e_crlc; /* Relocalisations */
+ uint16_t e_cparhdr; /* Taille en paragraphes */
+ uint16_t e_minalloc; /* Nb min de paragraphes requis*/
+ uint16_t e_maxalloc; /* Nb max de paragraphes requis*/
+ uint16_t e_ss; /* Valeur (relative) SS init. */
+ uint16_t e_sp; /* Valeur SP initiale */
+ uint16_t e_csum; /* Empreinte */
+ uint16_t e_ip; /* Valeur IP initiale */
+ uint16_t e_cs; /* Valeur (relative) CS init. */
+ uint16_t e_lfarlc; /* Position de table de reloc. */
+ uint16_t e_ovno; /* Nombre d'overlay */
+ uint16_t e_res[4]; /* Mots réservés */
+ uint16_t e_oemid; /* Identifiant OEM */
+ uint16_t e_oeminfo; /* Infos OEM pour e_oemid */
+ uint16_t e_res2[10]; /* Mots réservés */
+ uint32_t e_lfanew; /* Décallage de bonne en-tête */
+
+} image_dos_header;
+
+/* Archtecture supportées */
+#define IMAGE_FILE_MACHINE_I386 0x014c /* x86 */
+#define IMAGE_FILE_MACHINE_IA64 0x0200 /* Intel IPF */
+#define IMAGE_FILE_MACHINE_AMD64 0x8664 /* x64 */
+
+/* Caractéristiques de l'image */
+#define IMAGE_FILE_RELOCS_STRIPPED 0x0001 /* Pas de relocalisation */
+#define IMAGE_FILE_EXECUTABLE_IMAGE 0x0002 /* Fichier exécutable */
+#define IMAGE_FILE_LINE_NUMS_STRIPPED 0x0004 /* Pas de ligne COFF */
+#define IMAGE_FILE_LOCAL_SYMS_STRIPPED 0x0008 /* Pas de table de symboles COFF */
+#define IMAGE_FILE_AGGRESIVE_WS_TRIM 0x0010 /* Aggressively trim the working set. This value is obsolete as of Windows 2000. */
+#define IMAGE_FILE_LARGE_ADDRESS_AWARE 0x0020 /* Adressage > 2 Go */
+#define IMAGE_FILE_BYTES_REVERSED_LO 0x0080 /* Octets inv. ; obsolète */
+#define IMAGE_FILE_32BIT_MACHINE 0x0100 /* Machine 32 bits */
+#define IMAGE_FILE_DEBUG_STRIPPED 0x0200 /* Pas d'infos de débogage */
+#define IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 0x0400 /* ...support amovible */
+#define IMAGE_FILE_NET_RUN_FROM_SWAP 0x0800 /* Ficher issu du réseau */
+#define IMAGE_FILE_SYSTEM 0x1000 /* Fichier système */
+#define IMAGE_FILE_DLL 0x2000 /* Fichier DLL */
+#define IMAGE_FILE_UP_SYSTEM_ONLY 0x4000 /* Mono-proc. seulement */
+#define IMAGE_FILE_BYTES_REVERSED_HI 0x8000 /* Octets inv. ; obsolète */
+
+/* Première en-tête du "vrai" format */
+typedef struct _image_file_header
+{
+ uint16_t machine; /* Type de machine visée */
+ uint16_t number_of_sections; /* Nombre de sections */
+ uint32_t time_date_stamp; /* Date de la liaison */
+ uint32_t pointer_to_symbol_table; /* Position de ladite table */
+ uint32_t number_of_symbols; /* Nombre de symboles */
+ uint16_t size_of_optional_header; /* Taille de l'en-tête n°2 */
+ uint16_t characteristics; /* Propriétés de l'image */
+
+} image_file_header;
+
+
+/* Description du format Portable Executable */
+struct _pe_format
+{
+
+ int a;
+
+
+};
+
+
+
+#endif /* _FORMAT_PE_E_PE_INT_H */