diff options
Diffstat (limited to 'plugins/winordinals/cache_wsock32.c')
-rw-r--r-- | plugins/winordinals/cache_wsock32.c | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/plugins/winordinals/cache_wsock32.c b/plugins/winordinals/cache_wsock32.c new file mode 100644 index 0000000..d3b98cf --- /dev/null +++ b/plugins/winordinals/cache_wsock32.c @@ -0,0 +1,137 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * cache_wsock32.c - fourniture des ordinaux du fichier wsock32.dll + * + * Copyright (C) 2021 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "cache_wsock32.h" + + +#include <stddef.h> + + + +/** + * Empreintes du fichier wsock32.dll : + * + * - MD5 : 2afbb671a865f43c0476d685dc77b4df + * - SHA1 : 233125ad8fd18a65d5939b80160ce3e5c19c0184 + * - SHA256 : 0c310f70350ba9801f0421c2da2595beaa3fef55d43d6928d53a674dfcd6e9fb + */ + + +/* Liste des ordinaux référencés */ +static const char *_wsock32_ordinals[1143] = { + [1] = "accept", + [2] = "bind", + [3] = "closesocket", + [4] = "connect", + [5] = "getpeername", + [6] = "getsockname", + [7] = "getsockopt", + [8] = "htonl", + [9] = "htons", + [10] = "inet_addr", + [11] = "inet_ntoa", + [12] = "ioctlsocket", + [13] = "listen", + [14] = "ntohl", + [15] = "ntohs", + [16] = "recv", + [17] = "recvfrom", + [18] = "select", + [19] = "send", + [20] = "sendto", + [21] = "setsockopt", + [22] = "shutdown", + [23] = "socket", + [51] = "gethostbyaddr", + [52] = "gethostbyname", + [53] = "getprotobyname", + [54] = "getprotobynumber", + [55] = "getservbyname", + [56] = "getservbyport", + [101] = "WSAAsyncSelect", + [102] = "WSAAsyncGetHostByAddr", + [103] = "WSAAsyncGetHostByName", + [104] = "WSAAsyncGetProtoByNumber", + [105] = "WSAAsyncGetProtoByName", + [106] = "WSAAsyncGetServByPort", + [107] = "WSAAsyncGetServByName", + [108] = "WSACancelAsyncRequest", + [109] = "WSASetBlockingHook", + [110] = "WSAUnhookBlockingHook", + [111] = "WSAGetLastError", + [112] = "WSASetLastError", + [113] = "WSACancelBlockingCall", + [114] = "WSAIsBlocking", + [115] = "WSAStartup", + [1100] = "inet_network", + [1101] = "getnetbyname", + [1102] = "rcmd", + [1103] = "rexec", + [1104] = "rresvport", + [1105] = "sethostname", + [1106] = "dn_expand", + [1107] = "WSARecvEx", + [1108] = "s_perror", + [1109] = "GetAddressByNameA", + [1110] = "GetAddressByNameW", + [1111] = "EnumProtocolsA", + [1112] = "EnumProtocolsW", + [1113] = "GetTypeByNameA", + [1114] = "GetTypeByNameW", + [1115] = "GetNameByTypeA", + [1116] = "GetNameByTypeW", + [1117] = "SetServiceA", + [1118] = "SetServiceW", + [1119] = "GetServiceA", + [1140] = "TransmitFile", + [1141] = "AcceptEx", + [1142] = "GetAcceptExSockaddrs", +}; + + + +/****************************************************************************** +* * +* Paramètres : ordinal = valeur ordinale à considérer. * +* * +* Description : Fournit le nom du symbole associé à un ordinal donné. * +* * +* Retour : Désignation du symbole trouvé ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char *find_wsock32_name_for_ordinal(uint16_t ordinal) +{ + const char *result; /* Désignation à renvoyer */ + + if (ordinal >= 1143) + result = NULL; + + else + result = _wsock32_ordinals[ordinal]; + + return result; + +} |