From 4ae524cd27c6aa6f95dd62a7e6eb4a02acdfd4d6 Mon Sep 17 00:00:00 2001
From: midipix <writeonce@midipix.org>
Date: Sat, 17 Nov 2018 23:43:18 -0500
Subject: pe_get_image_meta(), pe_read_import_lookup(): follow correct lookup
 semantics.

---
 src/logic/pe_get_image_meta.c      | 21 +++------------------
 src/reader/pe_read_import_header.c | 19 +++++++++++++++++--
 2 files changed, 20 insertions(+), 20 deletions(-)

(limited to 'src')

diff --git a/src/logic/pe_get_image_meta.c b/src/logic/pe_get_image_meta.c
index 7ec2b0b..f554870 100644
--- a/src/logic/pe_get_image_meta.c
+++ b/src/logic/pe_get_image_meta.c
@@ -443,14 +443,8 @@ int pe_get_image_meta(
 							- m->h_idata->sh_virtual_addr);
 
 			/* items */
-			uint32_t * hint;
-			m->m_idata[i].ih_count = 0;
-
 			if (m->m_idata[i].ih_import_lookup_tbl_rva) {
-				pitem = m->m_idata[i].ih_aitems;
-				hint  = (uint32_t *)pitem->ii_hint_name_tbl_rva;
-
-				for (; *hint; hint=(uint32_t *)((++pitem)->ii_hint_name_tbl_rva))
+				for (pitem = m->m_idata[i].ih_aitems; pe_read_long(pitem->ii_import_lookup_entry_32); pitem++)
 					m->m_idata[i].ih_count++;
 
 				if (!(m->m_idata[i].ih_items = calloc(m->m_idata[i].ih_count,sizeof(*(m->m_idata[i].ih_items)))))
@@ -466,21 +460,12 @@ int pe_get_image_meta(
 					return pe_free_image_meta_impl(
 						m,PERK_CUSTOM_ERROR(dctx,ret));
 
-				switch (m->m_opt.oh_std.coh_magic) {
-					case PE_MAGIC_PE32:
-						m->m_idata[i].ih_items[j].ii_flag = m->m_idata[i].ih_items[j].u.ii_import_lookup_entry_32 >> 31;
-						break;
-
-					case PE_MAGIC_PE32_PLUS:
-						m->m_idata[i].ih_items[j].ii_flag = (m->m_idata[i].ih_items[j].u.ii_import_lookup_entry_64 >> 63);
-						break;
-				}
-
 				if (!m->m_idata[i].ih_items[j].ii_flag) {
 					struct pe_raw_hint_name_entry * pentry =
 						(struct pe_raw_hint_name_entry *)(base + m->h_idata->sh_ptr_to_raw_data
-							+ m->m_idata[i].ih_items[j].u.ii_hint_name_tbl_rva - m->h_idata->sh_virtual_addr);
+							+ m->m_idata[i].ih_items[j].ii_hint_name_tbl_rva - m->h_idata->sh_virtual_addr);
 
+					m->m_idata[i].ih_items[j].ii_hint = pe_read_short(pentry->ii_hint);
 					m->m_idata[i].ih_items[j].ii_name = (char *)pentry->ii_name;
 				}
 			}
diff --git a/src/reader/pe_read_import_header.c b/src/reader/pe_read_import_header.c
index 9450ca4..cc212af 100644
--- a/src/reader/pe_read_import_header.c
+++ b/src/reader/pe_read_import_header.c
@@ -32,13 +32,28 @@ int pe_read_import_lookup(
 	switch (magic) {
 		case PE_MAGIC_PE32:
 			m->u.ii_import_lookup_entry_64 = pe_read_long(p->ii_import_lookup_entry_32);
-			return 0;
+			m->ii_flag = (uint32_t)m->u.ii_import_lookup_entry_64 >> 31;
+			break;
 
 		case PE_MAGIC_PE32_PLUS:
 			m->u.ii_import_lookup_entry_64 = pe_read_quad(p->ii_import_lookup_entry_64);
-			return 0;
+			m->ii_flag = m->u.ii_import_lookup_entry_64 >> 63;
+			break;
 
 		default:
 			return PERK_ERR_BAD_IMAGE_TYPE;
 	}
+
+	if (m->ii_flag) {
+		m->ii_ordinal           = m->u.ii_import_lookup_entry_32 & 0x7fff;
+		m->ii_hint_name_tbl_rva = 0;
+	} else {
+		m->ii_ordinal           = 0;
+		m->ii_hint_name_tbl_rva = m->u.ii_import_lookup_entry_32 & 0x7fffffff;
+	}
+
+	m->ii_hint = 0;
+	m->ii_name = 0;
+
+	return 0;
 }
-- 
cgit v1.2.3