From 4ae524cd27c6aa6f95dd62a7e6eb4a02acdfd4d6 Mon Sep 17 00:00:00 2001 From: midipix Date: Sat, 17 Nov 2018 23:43:18 -0500 Subject: pe_get_image_meta(), pe_read_import_lookup(): follow correct lookup semantics. --- include/perk/perk_meta.h | 4 ++-- include/perk/perk_structs.h | 2 -- src/logic/pe_get_image_meta.c | 21 +++------------------ src/reader/pe_read_import_header.c | 19 +++++++++++++++++-- 4 files changed, 22 insertions(+), 24 deletions(-) diff --git a/include/perk/perk_meta.h b/include/perk/perk_meta.h index 7467c44..eeed089 100644 --- a/include/perk/perk_meta.h +++ b/include/perk/perk_meta.h @@ -240,11 +240,11 @@ struct pe_meta_import_lookup { union { uint64_t ii_import_lookup_entry_64; uint32_t ii_import_lookup_entry_32; - uint32_t ii_hint_name_tbl_rva; - uint16_t ii_ordinal_number; } u; + uint32_t ii_hint_name_tbl_rva; uint32_t ii_flag; + uint16_t ii_ordinal; uint16_t ii_hint; char * ii_name; }; diff --git a/include/perk/perk_structs.h b/include/perk/perk_structs.h index 094dae6..4dd2ffc 100644 --- a/include/perk/perk_structs.h +++ b/include/perk/perk_structs.h @@ -299,8 +299,6 @@ struct pe_raw_import_name { union pe_raw_import_lookup { unsigned char ii_import_lookup_entry_64 [0x08]; /* 0x00 */ unsigned char ii_import_lookup_entry_32 [0x04]; /* 0x00 */ - unsigned char ii_hint_name_tbl_rva [0x04]; /* 0x00 */ - unsigned char ii_ordinal_number [0x02]; /* 0x00 */ }; diff --git a/src/logic/pe_get_image_meta.c b/src/logic/pe_get_image_meta.c index 7ec2b0b..f554870 100644 --- a/src/logic/pe_get_image_meta.c +++ b/src/logic/pe_get_image_meta.c @@ -443,14 +443,8 @@ int pe_get_image_meta( - m->h_idata->sh_virtual_addr); /* items */ - uint32_t * hint; - m->m_idata[i].ih_count = 0; - if (m->m_idata[i].ih_import_lookup_tbl_rva) { - pitem = m->m_idata[i].ih_aitems; - hint = (uint32_t *)pitem->ii_hint_name_tbl_rva; - - for (; *hint; hint=(uint32_t *)((++pitem)->ii_hint_name_tbl_rva)) + for (pitem = m->m_idata[i].ih_aitems; pe_read_long(pitem->ii_import_lookup_entry_32); pitem++) m->m_idata[i].ih_count++; if (!(m->m_idata[i].ih_items = calloc(m->m_idata[i].ih_count,sizeof(*(m->m_idata[i].ih_items))))) @@ -466,21 +460,12 @@ int pe_get_image_meta( return pe_free_image_meta_impl( m,PERK_CUSTOM_ERROR(dctx,ret)); - switch (m->m_opt.oh_std.coh_magic) { - case PE_MAGIC_PE32: - m->m_idata[i].ih_items[j].ii_flag = m->m_idata[i].ih_items[j].u.ii_import_lookup_entry_32 >> 31; - break; - - case PE_MAGIC_PE32_PLUS: - m->m_idata[i].ih_items[j].ii_flag = (m->m_idata[i].ih_items[j].u.ii_import_lookup_entry_64 >> 63); - break; - } - if (!m->m_idata[i].ih_items[j].ii_flag) { struct pe_raw_hint_name_entry * pentry = (struct pe_raw_hint_name_entry *)(base + m->h_idata->sh_ptr_to_raw_data - + m->m_idata[i].ih_items[j].u.ii_hint_name_tbl_rva - m->h_idata->sh_virtual_addr); + + m->m_idata[i].ih_items[j].ii_hint_name_tbl_rva - m->h_idata->sh_virtual_addr); + m->m_idata[i].ih_items[j].ii_hint = pe_read_short(pentry->ii_hint); m->m_idata[i].ih_items[j].ii_name = (char *)pentry->ii_name; } } diff --git a/src/reader/pe_read_import_header.c b/src/reader/pe_read_import_header.c index 9450ca4..cc212af 100644 --- a/src/reader/pe_read_import_header.c +++ b/src/reader/pe_read_import_header.c @@ -32,13 +32,28 @@ int pe_read_import_lookup( switch (magic) { case PE_MAGIC_PE32: m->u.ii_import_lookup_entry_64 = pe_read_long(p->ii_import_lookup_entry_32); - return 0; + m->ii_flag = (uint32_t)m->u.ii_import_lookup_entry_64 >> 31; + break; case PE_MAGIC_PE32_PLUS: m->u.ii_import_lookup_entry_64 = pe_read_quad(p->ii_import_lookup_entry_64); - return 0; + m->ii_flag = m->u.ii_import_lookup_entry_64 >> 63; + break; default: return PERK_ERR_BAD_IMAGE_TYPE; } + + if (m->ii_flag) { + m->ii_ordinal = m->u.ii_import_lookup_entry_32 & 0x7fff; + m->ii_hint_name_tbl_rva = 0; + } else { + m->ii_ordinal = 0; + m->ii_hint_name_tbl_rva = m->u.ii_import_lookup_entry_32 & 0x7fffffff; + } + + m->ii_hint = 0; + m->ii_name = 0; + + return 0; } -- cgit v1.2.3