src/ldso/pe_open_image_from_addr.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

/*****************************************************************************/
/*  pemagination: a (virtual) tour into portable bits and executable bytes   */
/*  Copyright (C) 2013--2017  Z. Gilboa                                      */
/*  Released under GPLv2 and GPLv3; see COPYING.PEMAGINE.                    */
/*****************************************************************************/

#include <psxtypes/psxtypes.h>
#include <pemagine/pemagine.h>
#include <pemagine/pe_structs.h>
#include "pe_os.h"

pe_api int32_t pe_open_image_from_addr(
	__out	void **			himage,
	__in	void *			addr,
	__out	uintptr_t *		buffer,
	__in	size_t			bufsize,
	__in	uint32_t		oattr,
	__in	uint32_t		desired_access,
	__in	uint32_t		share_access,
	__in	uint32_t		open_options)
{
	struct os_oa			oa;
	struct os_iosb			iosb;
	void *				hntdll;
	os_zw_open_file *		zw_open_file;
	struct pe_unicode_str		path;
	struct pe_ldr_tbl_entry *	lentry;
	wchar16_t *			name;
	wchar16_t *			cap;
	wchar16_t *			src;
	wchar16_t *			dst;
	wchar16_t *			mark;

	/* init */
	if (!(hntdll = pe_get_ntdll_module_handle()))
		return OS_STATUS_INTERNAL_ERROR;

	if (!(zw_open_file = (os_zw_open_file *)pe_get_procedure_address(
			hntdll,"ZwOpenFile")))
		return OS_STATUS_INTERNAL_ERROR;

	/* native path of image containing addr */
	if (!(lentry = pe_get_ldr_entry_from_addr(addr)))
		return OS_STATUS_INTERNAL_ERROR;

	if (bufsize - 4*sizeof(wchar16_t) < lentry->full_dll_name.strlen)
		return OS_STATUS_BUFFER_TOO_SMALL;

	name = lentry->full_dll_name.buffer;
	mark = (wchar16_t *)buffer;
	dst  = mark;

	if (name[1] == ':') {
		*dst++ = '\\';
		*dst++ = '?';
		*dst++ = '?';
		*dst++ = '\\';
	}

	src = name;
	cap  = &dst[lentry->full_dll_name.strlen / sizeof(wchar16_t)];

	for (; dst<cap; )
		*dst++ = *src++;

	*dst = 0;

	path.strlen = sizeof(wchar16_t) * (cap - mark);
	path.maxlen = 0;
	path.buffer = mark;

	/* oa */
	oa.len      = sizeof(struct os_oa);
	oa.root_dir = 0;
	oa.obj_name = &path;
	oa.obj_attr = oattr;
	oa.sec_desc = 0;
	oa.sec_qos  = 0;

	/* default access */
	desired_access = desired_access
		? desired_access
		: OS_SEC_SYNCHRONIZE | OS_FILE_READ_ATTRIBUTES | OS_FILE_READ_ACCESS;

	/* open image */
	return zw_open_file(
		himage,
		desired_access,
		&oa,&iosb,
		share_access,
		open_options | OS_FILE_NON_DIRECTORY_FILE);
}