diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2021-04-06 21:46:59 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2021-04-06 21:46:59 (GMT) |
| commit | c4d2e0fa48eab453d5c43a3c0938427617449a6a (patch) | |
| tree | 6717960d8eeebe05a8a33b9a6e4dd618c1258be9 /plugins/winordinals/ordinals.c | |
| parent | b0347ca45a08ac63bc6dd6f244b046c6d19a6cdd (diff) | |
Inject known names for PE imports by ordinals.
Diffstat (limited to 'plugins/winordinals/ordinals.c')
| -rw-r--r-- | plugins/winordinals/ordinals.c | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/plugins/winordinals/ordinals.c b/plugins/winordinals/ordinals.c new file mode 100644 index 0000000..fd2d27f --- /dev/null +++ b/plugins/winordinals/ordinals.c @@ -0,0 +1,109 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ordinals.c - accès à l'ensemble des ordinaux enregistrés + * + * Copyright (C) 2021 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "ordinals.h" + + +#include <ctype.h> +#include <malloc.h> +#include <string.h> + + +#include "cache_oleaut32.h" +#include "cache_ws2_32.h" +#include "cache_wsock32.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Indique la liste de bibliothèques enregistrées avec ordinaux.* +* * +* Retour : Liste de fichiers DLL pris en charge. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char **list_register_dlls_for_ordinals(void) +{ + const char **result; /* Liste à retourner */ + + result = malloc(3 * sizeof(char *)); + + result[0] = strdup("oleaut32.dll"); + result[1] = strdup("ws2_32.dll"); + result[2] = strdup("wsock32.dll"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Indique la liste de bibliothèques enregistrées avec ordinaux.* +* * +* Retour : Liste de fichiers DLL pris en charge. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char *get_symbol_by_ordinal(const char *dll, uint16_t ordinal) +{ + const char *result; /* Désignation à retourner */ + size_t len; /* Taille de la chaîne */ + char *lower_dll; /* Version en minuscules */ + size_t i; /* Boucle de parcours */ + + len = strlen(dll); + + lower_dll = malloc(len + 1); + + for (i = 0; i < len; i++) + lower_dll[i] = tolower(dll[i]); + + lower_dll[len] = '\0'; + + if (strcmp(lower_dll, "oleaut32.dll") == 0) + result = find_oleaut32_name_for_ordinal(ordinal); + + else if (strcmp(lower_dll, "ws2_32.dll") == 0) + result = find_ws2_32_name_for_ordinal(ordinal); + + else if (strcmp(lower_dll, "wsock32.dll") == 0) + result = find_wsock32_name_for_ordinal(ordinal); + + else + result = NULL; + + free(lower_dll); + + return result; + +} |