diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2021-01-03 16:34:24 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2021-04-05 23:00:11 (GMT) |
commit | 636289c5397a81772a994fc5272d1fc0700a8026 (patch) | |
tree | 2b615ea5159d0eaac84dbc64d63d8c30aa05bc83 /src/format/pe/symbols.c | |
parent | e6ff9a1fa72902f86a05983a389da8a3dff7709d (diff) |
Restored raw support for the PE file format.
Diffstat (limited to 'src/format/pe/symbols.c')
-rw-r--r-- | src/format/pe/symbols.c | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/src/format/pe/symbols.c b/src/format/pe/symbols.c new file mode 100644 index 0000000..30e43b5 --- /dev/null +++ b/src/format/pe/symbols.c @@ -0,0 +1,136 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * symbols.c - gestion des symboles d'un PE + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "symbols.h" + + +#include "pe-int.h" + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge en mémoire la liste humaine des symboles importés. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_pe_imported_symbols(GPeFormat *format) +{ + bool result; /* Bilan à retourner */ + const image_data_directory *directory; /* Répertoire original */ + image_import_descriptor dll; /* DLL importée */ + off_t pos; /* Position de tête de lecture */ + off_t i; /* Boucle de parcours */ + image_import_by_name import; /* Fonction importée */ + + result = true; + + directory = &format->nt_headers.optional_header.data_directory[IMAGE_DIRECTORY_ENTRY_IMPORT]; + + /* TODO : msg si size !% sizeof(...) */ + + for (pos = directory->virtual_address; + result && pos < (directory->virtual_address + directory->size); ) + { + result = read_pe_image_import_descriptor(format, &pos, &dll); + + printf("mod orig thunk :: 0x%08x\n", dll.original_first_thunk); + printf("mod name :: 0x%08x\n", dll.module_name); + printf("mod first thunk :: 0x%08x\n", dll.first_thunk); + + i = dll.original_first_thunk; + + /* TODO : i == 0 */ + if (i == 0) continue; + + while ((result = read_pe_image_import_by_name(format, &i, &import))) + { + if (import.hint == 0 && import.name == NULL) + break; + + + + printf(" >> import '%s'\n", import.name); + + + } + + + } + + lpis_exit: + + return result; + +} + + + + + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge en mémoire la liste humaine des symboles. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_pe_symbols(GPeFormat *format) +{ + bool result; /* Bilan à retourner */ + + /* Symboles externes */ + result = load_pe_imported_symbols(format); + + /* Symboles internes */ + + return result; + +} |