diff options
Diffstat (limited to 'src/format/pe/pe-int.c')
| -rw-r--r-- | src/format/pe/pe-int.c | 359 |
1 files changed, 0 insertions, 359 deletions
diff --git a/src/format/pe/pe-int.c b/src/format/pe/pe-int.c deleted file mode 100644 index 0ce1577..0000000 --- a/src/format/pe/pe-int.c +++ /dev/null @@ -1,359 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * pe-int.c - structures internes du format Portable Executable - * - * Copyright (C) 2010-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "pe-int.h" - - -#include <malloc.h> -#include <string.h> - - -#include "../../common/endianness.h" - - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* header = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une en-tête de programme DOS. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dos_image_header(const GPeFormat *format, off_t *pos, image_dos_header *header) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - size_t i; /* Boucle de parcours */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u16(&header->e_magic, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cblp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_crlc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cparhdr, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_minalloc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_maxalloc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ss, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_sp, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_csum, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ip, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_cs, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_lfarlc, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_ovno, content, pos, length, SRE_LITTLE); - - for (i = 0; i < 4 && result; i++) - result = read_u16(&header->e_res[i], content, pos, length, SRE_LITTLE); - - result &= read_u16(&header->e_oemid, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->e_oeminfo, content, pos, length, SRE_LITTLE); - - for (i = 0; i < 10 && result; i++) - result = read_u16(&header->e_res2[i], content, pos, length, SRE_LITTLE); - - result &= read_u32(&header->e_lfanew, content, pos, length, SRE_LITTLE); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* header = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une en-tête de programme PE (1). * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_file_header(const GPeFormat *format, off_t *pos, image_file_header *header) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u16(&header->machine, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->number_of_sections, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->time_date_stamp, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->pointer_to_symbol_table, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->number_of_symbols, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->size_of_optional_header, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->characteristics, content, pos, length, SRE_LITTLE); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* header = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une en-tête de programme PE (2). * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_optional_header(const GPeFormat *format, off_t *pos, image_optional_header *header) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - uint32_t i; /* Boucle de parcours */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u16(&header->magic, content, pos, length, SRE_LITTLE); - result &= read_u8(&header->major_linker_version, content, pos, length); - result &= read_u8(&header->minor_linker_version, content, pos, length); - result &= read_u32(&header->size_of_code, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_initialized_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_uninitialized_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->address_of_entry_point, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->base_of_code, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->base_of_data, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->image_base, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->section_alignment, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->file_alignment, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_operating_system_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_operating_system_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_image_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_image_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->major_subsystem_version, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->minor_subsystem_version, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->win32_version_value, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_image, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_headers, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->checksum, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->subsystem, content, pos, length, SRE_LITTLE); - result &= read_u16(&header->dll_characteristics, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_stack_reserve, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_stack_commit, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_heap_reserve, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->size_of_heap_commit, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->loader_flags, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->number_of_rva_and_sizes, content, pos, length, SRE_LITTLE); - - for (i = 0; i < header->number_of_rva_and_sizes && result; i++) - { - result = read_u32(&header->data_directory[i].virtual_address, content, pos, length, SRE_LITTLE); - result &= read_u32(&header->data_directory[i].size, content, pos, length, SRE_LITTLE); - } - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* header = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une en-tête de programme PE. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_nt_header(const GPeFormat *format, off_t *pos, image_nt_headers *header) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u32(&header->signature, content, pos, length, SRE_LITTLE); - - result &= read_pe_file_header(format, pos, &header->file_header); - result &= read_pe_optional_header(format, pos, &header->optional_header); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* section = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une en-tête de section PE. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_image_section_header(const GPeFormat *format, off_t *pos, image_section_header *section) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - size_t i; /* Boucle de parcours */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = true; - - for (i = 0; i < IMAGE_SIZEOF_SHORT_NAME && result; i++) - result = read_u8((uint8_t *)§ion->name[i], content, pos, length); - - result &= read_u32(§ion->misc.physical_address, content, pos, length, SRE_LITTLE); - - result &= read_u32(§ion->virtual_address, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->size_of_raw_data, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_raw_data, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_relocations, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->pointer_to_line_numbers, content, pos, length, SRE_LITTLE); - result &= read_u16(§ion->number_of_relocations, content, pos, length, SRE_LITTLE); - result &= read_u16(§ion->number_of_line_numbers, content, pos, length, SRE_LITTLE); - result &= read_u32(§ion->characteristics, content, pos, length, SRE_LITTLE); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* desc = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'un répertoire de programme PE. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_image_import_descriptor(const GPeFormat *format, off_t *pos, image_import_descriptor *desc) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u32(&desc->original_first_thunk, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->time_date_stamp, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->forwarder_chain, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->module_name, content, pos, length, SRE_LITTLE); - result &= read_u32(&desc->first_thunk, content, pos, length, SRE_LITTLE); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* import = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une fonction importée par son nom. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_pe_image_import_by_name(const GPeFormat *format, off_t *pos, image_import_by_name *import) -{ - bool result; /* Bilan à retourner */ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - uint32_t link; /* Lien vers la prochaine zone */ - off_t new_pos; /* Nouvelle tête de lecture */ - size_t i; /* Boucle de parcours */ - - content = NULL; //G_BIN_FORMAT(format)->content; - length = 0; //G_BIN_FORMAT(format)->length; - - result = read_u32(&link, content, pos, length, SRE_LITTLE); - - if (link == 0) - memset(import, 0, sizeof(image_import_by_name)); - - else if (link % 2 == 0) - { - new_pos = link; - - result = read_u16(&import->hint, content, &new_pos, length, SRE_LITTLE); - - import->name = (char *)calloc(1, sizeof(char)); - - for (i = 0; result; i++) - { - result = read_u8((uint8_t *)&import->name[i], content, &new_pos, length); - - if (import->name[i] == '\0') - break; - - import->name = (char *)realloc(import->name, (i + 2) * sizeof(char)); - - } - - } - else /* TODO */; - - return result; - -} |