diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2021-04-05 22:59:31 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2021-04-05 23:11:48 (GMT) |
| commit | b0347ca45a08ac63bc6dd6f244b046c6d19a6cdd (patch) | |
| tree | 9af1ec9901ddcf696bd3297633faf9fb46712396 /plugins/pe/pe-int.c | |
| parent | cf0b5d5f07e8102f2c9a04012bf29cabda9d85e4 (diff) | |
Build a partial working support for the PE format.
Diffstat (limited to 'plugins/pe/pe-int.c')
| -rw-r--r-- | plugins/pe/pe-int.c | 364 |
1 files changed, 207 insertions, 157 deletions
diff --git a/plugins/pe/pe-int.c b/plugins/pe/pe-int.c index 0ce1577..db09c15 100644 --- a/plugins/pe/pe-int.c +++ b/plugins/pe/pe-int.c @@ -27,18 +27,16 @@ #include <malloc.h> #include <string.h> - -#include "../../common/endianness.h" +#include <common/endianness.h> /****************************************************************************** * * * Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * * header = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'une en-tête de programme DOS. * +* Description : Procède à la lecture d'un en-tête de programme DOS. * * * * Retour : Bilan de l'opération. * * * @@ -46,41 +44,44 @@ * * ******************************************************************************/ -bool read_dos_image_header(const GPeFormat *format, off_t *pos, image_dos_header *header) +bool read_dos_image_header(const GPeFormat *format, image_dos_header *header) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ + vmpa2t pos; /* Position de lecture */ size_t i; /* Boucle de parcours */ - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u16(&header->e_magic, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cblp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_crlc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cparhdr, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_minalloc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_maxalloc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ss, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_sp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_csum, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ip, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cs, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_lfarlc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ovno, content, pos, length, SRE_LITTLE); + result = true; + + content = G_KNOWN_FORMAT(format)->content; + + init_vmpa(&pos, 0, VMPA_NO_VIRTUAL); + + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_magic); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_cblp); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_cp); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_crlc); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_cparhdr); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_minalloc); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_maxalloc); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_ss); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_sp); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_csum); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_ip); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_cs); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_lfarlc); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_ovno); for (i = 0; i < 4 && result; i++) - result = read_u16(&header->e_res[i], content, pos, length, SRE_LITTLE); + result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_res[i]); - result &= read_u16(&header->e_oemid, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_oeminfo, content, pos, length, SRE_LITTLE); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_oemid); + if (result) result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_oeminfo); for (i = 0; i < 10 && result; i++) - result = read_u16(&header->e_res2[i], content, pos, length, SRE_LITTLE); + result = g_binary_content_read_u16(content, &pos, SRE_LITTLE, &header->e_res2[i]); - result &= read_u32(&header->e_lfanew, content, pos, length, SRE_LITTLE); + if (result) result = g_binary_content_read_u32(content, &pos, SRE_LITTLE, &header->e_lfanew); return result; @@ -93,7 +94,7 @@ bool read_dos_image_header(const GPeFormat *format, off_t *pos, image_dos_header * pos = position de début de lecture. [OUT] * * header = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'une en-tête de programme PE (1). * +* Description : Procède à la lecture d'un en-tête de programme PE (1). * * * * Retour : Bilan de l'opération. * * * @@ -101,22 +102,22 @@ bool read_dos_image_header(const GPeFormat *format, off_t *pos, image_dos_header * * ******************************************************************************/ -bool read_pe_file_header(const GPeFormat *format, off_t *pos, image_file_header *header) +bool read_pe_file_header(const GPeFormat *format, vmpa2t *pos, image_file_header *header) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ + + result = true; - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; + content = G_KNOWN_FORMAT(format)->content; - result = read_u16(&header->machine, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->number_of_sections, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->time_date_stamp, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->pointer_to_symbol_table, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->number_of_symbols, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->size_of_optional_header, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->characteristics, content, pos, length, SRE_LITTLE); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &header->machine); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &header->number_of_sections); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->time_date_stamp); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->pointer_to_symbol_table); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->number_of_symbols); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &header->size_of_optional_header); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &header->characteristics); return result; @@ -129,7 +130,7 @@ bool read_pe_file_header(const GPeFormat *format, off_t *pos, image_file_header * pos = position de début de lecture. [OUT] * * header = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'une en-tête de programme PE (2). * +* Description : Procède à la lecture d'un en-tête de programme PE (2). * * * * Retour : Bilan de l'opération. * * * @@ -137,53 +138,115 @@ bool read_pe_file_header(const GPeFormat *format, off_t *pos, image_file_header * * ******************************************************************************/ -bool read_pe_optional_header(const GPeFormat *format, off_t *pos, image_optional_header *header) +bool read_pe_optional_header(const GPeFormat *format, vmpa2t *pos, image_optional_header *header) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ + image_optional_header_32 *hdr32; /* Version 32 bits */ + image_optional_header_64 *hdr64; /* Version 64 bits */ + image_data_directory *directories; /* Répertoires à charger */ + uint32_t number_of_rva_and_sizes; /* Quantité de ces répertoires */ uint32_t i; /* Boucle de parcours */ - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u16(&header->magic, content, pos, length, SRE_LITTLE); - result &= read_u8(&header->major_linker_version, content, pos, length); - result &= read_u8(&header->minor_linker_version, content, pos, length); - result &= read_u32(&header->size_of_code, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_initialized_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_uninitialized_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->address_of_entry_point, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->base_of_code, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->base_of_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->image_base, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->section_alignment, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->file_alignment, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_operating_system_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_operating_system_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_image_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_image_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_subsystem_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_subsystem_version, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->win32_version_value, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_image, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_headers, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->checksum, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->subsystem, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->dll_characteristics, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_stack_reserve, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_stack_commit, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_heap_reserve, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_heap_commit, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->loader_flags, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->number_of_rva_and_sizes, content, pos, length, SRE_LITTLE); - - for (i = 0; i < header->number_of_rva_and_sizes && result; i++) + content = G_KNOWN_FORMAT(format)->content; + + result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &header->header_32.magic); + if (!result) goto exit; + + ((GPeFormat *)format)->loaded = true; + + if (g_pe_format_get_is_32b(format)) + { + hdr32 = &header->header_32; + + if (result) result = g_binary_content_read_u8(content, pos, &hdr32->major_linker_version); + if (result) result = g_binary_content_read_u8(content, pos, &hdr32->minor_linker_version); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_code); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_initialized_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_uninitialized_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->address_of_entry_point); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->base_of_code); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->base_of_data); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->image_base); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->section_alignment); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->file_alignment); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->major_operating_system_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->minor_operating_system_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->major_image_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->minor_image_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->major_subsystem_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->minor_subsystem_version); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->win32_version_value); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_image); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_headers); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->checksum); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->subsystem); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr32->dll_characteristics); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_stack_reserve); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_stack_commit); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_heap_reserve); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->size_of_heap_commit); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->loader_flags); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr32->number_of_rva_and_sizes); + + directories = hdr32->data_directory; + number_of_rva_and_sizes = hdr32->number_of_rva_and_sizes; + + } + else + { + hdr64 = &header->header_64; + + if (result) result = g_binary_content_read_u8(content, pos, &hdr64->major_linker_version); + if (result) result = g_binary_content_read_u8(content, pos, &hdr64->minor_linker_version); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->size_of_code); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->size_of_initialized_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->size_of_uninitialized_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->address_of_entry_point); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->base_of_code); + + if (result) result = g_binary_content_read_u64(content, pos, SRE_LITTLE, &hdr64->image_base); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->section_alignment); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->file_alignment); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->major_operating_system_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->minor_operating_system_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->major_image_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->minor_image_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->major_subsystem_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->minor_subsystem_version); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->win32_version_value); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->size_of_image); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->size_of_headers); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->checksum); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->subsystem); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &hdr64->dll_characteristics); + + if (result) result = g_binary_content_read_u64(content, pos, SRE_LITTLE, &hdr64->size_of_stack_reserve); + if (result) result = g_binary_content_read_u64(content, pos, SRE_LITTLE, &hdr64->size_of_stack_commit); + if (result) result = g_binary_content_read_u64(content, pos, SRE_LITTLE, &hdr64->size_of_heap_reserve); + if (result) result = g_binary_content_read_u64(content, pos, SRE_LITTLE, &hdr64->size_of_heap_commit); + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->loader_flags); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &hdr64->number_of_rva_and_sizes); + + directories = hdr64->data_directory; + number_of_rva_and_sizes = hdr64->number_of_rva_and_sizes; + + } + + for (i = 0; i < number_of_rva_and_sizes && result; i++) { - result = read_u32(&header->data_directory[i].virtual_address, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->data_directory[i].size, content, pos, length, SRE_LITTLE); + result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &directories[i].virtual_address); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &directories[i].size); } + exit: + return result; } @@ -192,10 +255,10 @@ bool read_pe_optional_header(const GPeFormat *format, off_t *pos, image_optional /****************************************************************************** * * * Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * * header = structure lue à retourner. [OUT] * +* next = position en fin de lecture. [OUT] * * * -* Description : Procède à la lecture d'une en-tête de programme PE. * +* Description : Procède à la lecture d'un en-tête de programme PE. * * * * Retour : Bilan de l'opération. * * * @@ -203,19 +266,26 @@ bool read_pe_optional_header(const GPeFormat *format, off_t *pos, image_optional * * ******************************************************************************/ -bool read_pe_nt_header(const GPeFormat *format, off_t *pos, image_nt_headers *header) +bool read_pe_nt_header(const GPeFormat *format, image_nt_headers *header, vmpa2t *next) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ + vmpa2t pos; /* Position de lecture */ + + result = true; + + content = G_KNOWN_FORMAT(format)->content; + + init_vmpa(&pos, format->dos_header.e_lfanew, VMPA_NO_VIRTUAL); - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; + result = g_binary_content_read_u32(content, &pos, SRE_LITTLE, &header->signature); - result = read_u32(&header->signature, content, pos, length, SRE_LITTLE); + if (result) result = read_pe_file_header(format, &pos, &header->file_header); - result &= read_pe_file_header(format, pos, &header->file_header); - result &= read_pe_optional_header(format, pos, &header->optional_header); + if (result) result = read_pe_optional_header(format, &pos, &header->optional_header); + + if (result) + copy_vmpa(next, &pos); return result; @@ -228,7 +298,7 @@ bool read_pe_nt_header(const GPeFormat *format, off_t *pos, image_nt_headers *he * pos = position de début de lecture. [OUT] * * section = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'une en-tête de section PE. * +* Description : Procède à la lecture d'un en-tête de section PE. * * * * Retour : Bilan de l'opération. * * * @@ -236,31 +306,29 @@ bool read_pe_nt_header(const GPeFormat *format, off_t *pos, image_nt_headers *he * * ******************************************************************************/ -bool read_pe_image_section_header(const GPeFormat *format, off_t *pos, image_section_header *section) +bool read_pe_image_section_header(const GPeFormat *format, vmpa2t *pos, image_section_header *section) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ size_t i; /* Boucle de parcours */ - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - result = true; + content = G_KNOWN_FORMAT(format)->content; + for (i = 0; i < IMAGE_SIZEOF_SHORT_NAME && result; i++) - result = read_u8((uint8_t *)§ion->name[i], content, pos, length); + result = g_binary_content_read_u8(content, pos, (uint8_t *)§ion->name[i]); - result &= read_u32(§ion->misc.physical_address, content, pos, length, SRE_LITTLE); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->misc.physical_address); - result &= read_u32(§ion->virtual_address, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->size_of_raw_data, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_raw_data, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_relocations, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_line_numbers, content, pos, length, SRE_LITTLE); - result &= read_u16(§ion->number_of_relocations, content, pos, length, SRE_LITTLE); - result &= read_u16(§ion->number_of_line_numbers, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->characteristics, content, pos, length, SRE_LITTLE); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->virtual_address); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->size_of_raw_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->pointer_to_raw_data); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->pointer_to_relocations); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->pointer_to_line_numbers); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, §ion->number_of_relocations); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, §ion->number_of_line_numbers); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, §ion->characteristics); return result; @@ -271,9 +339,9 @@ bool read_pe_image_section_header(const GPeFormat *format, off_t *pos, image_sec * * * Paramètres : format = informations chargées à consulter. * * pos = position de début de lecture. [OUT] * -* desc = structure lue à retourner. [OUT] * +* dir = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'un répertoire de programme PE. * +* Description : Procède à la lecture d'un répertoire d'exportations. * * * * Retour : Bilan de l'opération. * * * @@ -281,20 +349,26 @@ bool read_pe_image_section_header(const GPeFormat *format, off_t *pos, image_sec * * ******************************************************************************/ -bool read_pe_image_import_descriptor(const GPeFormat *format, off_t *pos, image_import_descriptor *desc) +bool read_pe_image_export_directory(const GPeFormat *format, vmpa2t *pos, image_export_directory *dir) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ + const GBinContent *content; /* Contenu binaire à lire */ - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; + result = true; - result = read_u32(&desc->original_first_thunk, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->time_date_stamp, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->forwarder_chain, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->module_name, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->first_thunk, content, pos, length, SRE_LITTLE); + content = G_KNOWN_FORMAT(format)->content; + + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->characteristics); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->time_date_stamp); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &dir->major_version); + if (result) result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &dir->minor_version); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->name); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->base); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->number_of_functions); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->number_of_names); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->address_of_functions); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->address_of_names); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &dir->address_of_name_ordinals); return result; @@ -305,9 +379,9 @@ bool read_pe_image_import_descriptor(const GPeFormat *format, off_t *pos, image_ * * * Paramètres : format = informations chargées à consulter. * * pos = position de début de lecture. [OUT] * -* import = structure lue à retourner. [OUT] * +* desc = structure lue à retourner. [OUT] * * * -* Description : Procède à la lecture d'une fonction importée par son nom. * +* Description : Procède à la lecture d'un répertoire de programme PE. * * * * Retour : Bilan de l'opération. * * * @@ -315,44 +389,20 @@ bool read_pe_image_import_descriptor(const GPeFormat *format, off_t *pos, image_ * * ******************************************************************************/ -bool read_pe_image_import_by_name(const GPeFormat *format, off_t *pos, image_import_by_name *import) +bool read_pe_image_import_descriptor(const GPeFormat *format, vmpa2t *pos, image_import_descriptor *desc) { bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - uint32_t link; /* Lien vers la prochaine zone */ - off_t new_pos; /* Nouvelle tête de lecture */ - size_t i; /* Boucle de parcours */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; + const GBinContent *content; /* Contenu binaire à lire */ - result = read_u32(&link, content, pos, length, SRE_LITTLE); - - if (link == 0) - memset(import, 0, sizeof(image_import_by_name)); - - else if (link % 2 == 0) - { - new_pos = link; - - result = read_u16(&import->hint, content, &new_pos, length, SRE_LITTLE); - - import->name = (char *)calloc(1, sizeof(char)); - - for (i = 0; result; i++) - { - result = read_u8((uint8_t *)&import->name[i], content, &new_pos, length); - - if (import->name[i] == '\0') - break; - - import->name = (char *)realloc(import->name, (i + 2) * sizeof(char)); + result = true; - } + content = G_KNOWN_FORMAT(format)->content; - } - else /* TODO */; + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &desc->original_first_thunk); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &desc->time_date_stamp); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &desc->forwarder_chain); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &desc->module_name); + if (result) result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &desc->first_thunk); return result; |