/* Chrysalide - Outil d'analyse de fichiers binaires * symbols.c - gestion des symboles d'un PE * * Copyright (C) 2010-2017 Cyrille Bagard * * This file is part of Chrysalide. * * Chrysalide is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * Chrysalide is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Chrysalide. If not, see . */ #include "symbols.h" #include "pe-int.h" /****************************************************************************** * * * Paramètres : format = description de l'exécutable à compléter. * * * * Description : Charge en mémoire la liste humaine des symboles importés. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ bool load_pe_imported_symbols(GPeFormat *format) { bool result; /* Bilan à retourner */ const image_data_directory *directory; /* Répertoire original */ image_import_descriptor dll; /* DLL importée */ off_t pos; /* Position de tête de lecture */ off_t i; /* Boucle de parcours */ image_import_by_name import; /* Fonction importée */ result = true; directory = &format->nt_headers.optional_header.data_directory[IMAGE_DIRECTORY_ENTRY_IMPORT]; /* TODO : msg si size !% sizeof(...) */ for (pos = directory->virtual_address; result && pos < (directory->virtual_address + directory->size); ) { result = read_pe_image_import_descriptor(format, &pos, &dll); printf("mod orig thunk :: 0x%08x\n", dll.original_first_thunk); printf("mod name :: 0x%08x\n", dll.module_name); printf("mod first thunk :: 0x%08x\n", dll.first_thunk); i = dll.original_first_thunk; /* TODO : i == 0 */ if (i == 0) continue; while ((result = read_pe_image_import_by_name(format, &i, &import))) { if (import.hint == 0 && import.name == NULL) break; printf(" >> import '%s'\n", import.name); } } lpis_exit: return result; } /****************************************************************************** * * * Paramètres : format = description de l'exécutable à compléter. * * * * Description : Charge en mémoire la liste humaine des symboles. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ bool load_pe_symbols(GPeFormat *format) { bool result; /* Bilan à retourner */ /* Symboles externes */ result = load_pe_imported_symbols(format); /* Symboles internes */ return result; }