From feffc7263bb2fd33ae467de2dd51f1ddbbb1b895 Mon Sep 17 00:00:00 2001 From: midipix Date: Fri, 8 May 2015 23:22:07 -0400 Subject: initial commit. --- src/headers/pe_get_image_coff_hdr_addr.c | 30 ++++++++++++++++++ src/headers/pe_get_image_data_dirs_addr.c | 33 +++++++++++++++++++ src/headers/pe_get_image_dos_hdr_addr.c | 24 ++++++++++++++ src/headers/pe_get_image_entry_point_addr.c | 39 +++++++++++++++++++++++ src/headers/pe_get_image_opt_hdr_addr.c | 20 ++++++++++++ src/headers/pe_get_image_special_hdr_addr.c | 49 +++++++++++++++++++++++++++++ 6 files changed, 195 insertions(+) create mode 100644 src/headers/pe_get_image_coff_hdr_addr.c create mode 100644 src/headers/pe_get_image_data_dirs_addr.c create mode 100644 src/headers/pe_get_image_dos_hdr_addr.c create mode 100644 src/headers/pe_get_image_entry_point_addr.c create mode 100644 src/headers/pe_get_image_opt_hdr_addr.c create mode 100644 src/headers/pe_get_image_special_hdr_addr.c (limited to 'src/headers') diff --git a/src/headers/pe_get_image_coff_hdr_addr.c b/src/headers/pe_get_image_coff_hdr_addr.c new file mode 100644 index 0000000..d2ff03a --- /dev/null +++ b/src/headers/pe_get_image_coff_hdr_addr.c @@ -0,0 +1,30 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include +#include + +pe_api +struct pe_coff_file_hdr * pe_get_image_coff_hdr_addr(const void * base) +{ + struct pe_image_dos_hdr * dos; + struct pe_coff_file_hdr * coff; + uint32_t * offset; + + if (!(dos = pe_get_image_dos_hdr_addr(base))) + return 0; + + offset = (uint32_t *)(dos->dos_lfanew); + coff = (struct pe_coff_file_hdr *)pe_va_from_rva(base,*offset); + + if ((coff->signature[0] == 'P') && (coff->signature[1] == 'E') + && (coff->signature[2] == '\0') && (coff->signature[3] == '\0')) + return coff; + else + return 0; +} diff --git a/src/headers/pe_get_image_data_dirs_addr.c b/src/headers/pe_get_image_data_dirs_addr.c new file mode 100644 index 0000000..d0167c0 --- /dev/null +++ b/src/headers/pe_get_image_data_dirs_addr.c @@ -0,0 +1,33 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include +#include + +pe_api +struct pe_data_dirs * pe_get_image_data_dirs_addr(const void * base) +{ + uint16_t * magic; + union pe_opt_hdr * hdr; + + if (!(hdr = pe_get_image_opt_hdr_addr(base))) + return 0; + + magic = (uint16_t *)hdr; + + switch (*magic) { + case PE_MAGIC_PE32: + return (struct pe_data_dirs *)hdr->opt_hdr_32.rva_and_sizes; + + case PE_MAGIC_PE32_PLUS: + return (struct pe_data_dirs *)hdr->opt_hdr_64.rva_and_sizes; + + default: + return 0; + } +} diff --git a/src/headers/pe_get_image_dos_hdr_addr.c b/src/headers/pe_get_image_dos_hdr_addr.c new file mode 100644 index 0000000..279d04e --- /dev/null +++ b/src/headers/pe_get_image_dos_hdr_addr.c @@ -0,0 +1,24 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include + +#include +#include +#include + +pe_api +struct pe_image_dos_hdr * pe_get_image_dos_hdr_addr(const void * base) +{ + struct pe_image_dos_hdr * dos; + + dos = (struct pe_image_dos_hdr *)base; + + if ((dos->dos_magic[0] == 'M') && (dos->dos_magic[1] == 'Z')) + return dos; + else + return 0; +} diff --git a/src/headers/pe_get_image_entry_point_addr.c b/src/headers/pe_get_image_entry_point_addr.c new file mode 100644 index 0000000..5869633 --- /dev/null +++ b/src/headers/pe_get_image_entry_point_addr.c @@ -0,0 +1,39 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include +#include + + +pe_api +void * pe_get_image_entry_point_addr(const void * base) +{ + uint16_t * magic; + union pe_opt_hdr * hdr; + uint32_t * rva; + + if (!(hdr = pe_get_image_opt_hdr_addr(base))) + return 0; + + magic = (uint16_t *)hdr; + + switch (*magic) { + case PE_MAGIC_PE32: + rva = (uint32_t *)hdr->opt_hdr_32.entry_point; + break; + + case PE_MAGIC_PE32_PLUS: + rva = (uint32_t *)hdr->opt_hdr_64.entry_point; + break; + + default: + return 0; + } + + return pe_va_from_rva(base,*rva); +} diff --git a/src/headers/pe_get_image_opt_hdr_addr.c b/src/headers/pe_get_image_opt_hdr_addr.c new file mode 100644 index 0000000..dcb8c48 --- /dev/null +++ b/src/headers/pe_get_image_opt_hdr_addr.c @@ -0,0 +1,20 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include + +pe_api +union pe_opt_hdr * pe_get_image_opt_hdr_addr(const void * base) +{ + struct pe_coff_file_hdr * coff; + + if (!(coff = pe_get_image_coff_hdr_addr(base))) + return 0; + else + return (union pe_opt_hdr *)pe_va_from_rva(coff, sizeof(*coff)); +} diff --git a/src/headers/pe_get_image_special_hdr_addr.c b/src/headers/pe_get_image_special_hdr_addr.c new file mode 100644 index 0000000..276ec9f --- /dev/null +++ b/src/headers/pe_get_image_special_hdr_addr.c @@ -0,0 +1,49 @@ +/*****************************************************************************/ +/* pemagination: a (virtual) tour into portable bits and executable bytes */ +/* Copyright (C) 2013,2014,2015 Z. Gilboa */ +/* Released under GPLv2 and GPLv3; see COPYING.PEMAGINE. */ +/*****************************************************************************/ + +#include +#include +#include +#include +#include "pe_impl.h" + +pe_api +void * pe_get_image_special_hdr_addr(const void * base, uint32_t ordinal, uint32_t * sec_size) +{ + struct pe_data_dirs * dirs; + struct pe_block * dir; + uint32_t * count; + + if (!(dirs = pe_get_image_data_dirs_addr(base))) + return 0; + + count = (uint32_t *)dirs->rva_and_sizes; + + if (*count < (ordinal+1)) + return 0; + + dir = (struct pe_block *)dirs->export_tbl; + dir += ordinal; + + if (sec_size) + *sec_size = dir->size; + + return dir->rva + ? pe_va_from_rva(base,dir->rva) + : 0; +} + +pe_api +struct pe_export_hdr * pe_get_image_export_hdr_addr(const void * base, uint32_t * sec_size) +{ + return (struct pe_export_hdr *)pe_get_image_special_hdr_addr(base,PE_IMAGE_DATA_DIR_ORDINAL_EXPORT,sec_size); +} + +pe_api +struct pe_import_hdr * pe_get_image_import_dir_addr(const void * base, uint32_t * sec_size) +{ + return (struct pe_import_hdr *)pe_get_image_special_hdr_addr(base,PE_IMAGE_DATA_DIR_ORDINAL_IMPORT,sec_size); +} -- cgit v1.2.3