00001 /* 00002 * Copyright (C) 2000, The University of Queensland 00003 * Copyright (C) 2001, Sun Microsystems, Inc 00004 * 00005 * See the file "LICENSE.TERMS" for information on usage and 00006 * redistribution of this file, and for a DISCLAIMER OF ALL 00007 * WARRANTIES. 00008 * 00009 */ 00010 00011 /* File: Win32BinaryFile.h 00012 * Desc: This file contains the definition of the class Win32BinaryFile. 00013 */ 00014 00015 #ifndef __WIN32BINARYFILE_H__ 00016 #define __WIN32BINARYFILE_H_ 00017 00018 #include "BinaryFile.h" 00019 #include <string> 00020 00021 /* $Revision: 1.20 $ 00022 * This file contains the definition of the Win32BinaryFile class, and some 00023 * other definitions specific to the exe version of the BinaryFile object 00024 */ 00025 /* At present, there is no support for a symbol table. Win32 files do 00026 not use dynamic linking, but it is possible that some files may 00027 have debug symbols (in Microsoft Codeview or Borland formats), 00028 and these may be implemented in the future. The debug info may 00029 even be exposed as another pseudo section 00030 * 02 Jun 00 - Mike: Added LMMH for 32 bit endianness conversions 00031 * 16 Apr 01 - Brian: Removed redefinition of the LH macro. LH is now 00032 * defined in BinaryFile.h. 00033 */ 00034 00035 // Given a little endian value x, load its value assuming little endian order 00036 // Note: must be able to take address of x 00037 // Note: Unlike the LH macro in BinaryFile.h, the parameter is not a pointer 00038 #define LMMH(x) ((unsigned)((Byte *)(&x))[0] + ((unsigned)((Byte *)(&x))[1] << 8) + \ 00039 ((unsigned)((Byte *)(&x))[2] << 16) + ((unsigned)((Byte *)(&x))[3] << 24)) 00040 // With this one, x is a pointer to unsigned 00041 #define LMMH2(x) ((unsigned)((Byte *)(x))[0] + ((unsigned)((Byte *)(x))[1] << 8) + \ 00042 ((unsigned)((Byte *)(x))[2] << 16) + ((unsigned)((Byte *)(x))[3] << 24)) 00043 00044 typedef struct { /* exe file header, just the signature really */ 00045 Byte sigLo; /* .EXE signature: 0x4D 0x5A */ 00046 Byte sigHi; 00047 } Header; 00048 00049 //#ifdef WIN32 00050 #pragma pack(1) 00051 //#endif 00052 00053 typedef struct { 00054 Byte sigLo; 00055 Byte sigHi; 00056 SWord sigver; 00057 SWord cputype; 00058 SWord numObjects; 00059 DWord TimeDate; 00060 DWord Reserved1; 00061 DWord Reserved2; 00062 SWord NtHdrSize; 00063 SWord Flags; 00064 SWord Reserved3; 00065 Byte LMajor; 00066 Byte LMinor; 00067 DWord Reserved4; 00068 DWord Reserved5; 00069 DWord Reserved6; 00070 DWord EntrypointRVA; 00071 DWord Reserved7; 00072 DWord Reserved8; 00073 DWord Imagebase; 00074 DWord ObjectAlign; 00075 DWord FileAlign; 00076 SWord OSMajor; 00077 SWord OSMinor; 00078 SWord UserMajor; 00079 SWord UserMinor; 00080 SWord SubsysMajor; 00081 SWord SubsysMinor; 00082 DWord Reserved9; 00083 DWord ImageSize; 00084 DWord HeaderSize; 00085 DWord FileChecksum; 00086 SWord Subsystem; 00087 SWord DLLFlags; 00088 DWord StackReserveSize; 00089 DWord StackCommitSize; 00090 DWord HeapReserveSize; 00091 DWord HeapCommitSize; 00092 DWord Reserved10; 00093 DWord nInterestingRVASizes; 00094 DWord ExportTableRVA; 00095 DWord TotalExportDataSize; 00096 DWord ImportTableRVA; 00097 DWord TotalImportDataSize; 00098 DWord ResourceTableRVA; 00099 DWord TotalResourceDataSize; 00100 DWord ExceptionTableRVA; 00101 DWord TotalExceptionDataSize; 00102 DWord SecurityTableRVA; 00103 DWord TotalSecurityDataSize; 00104 DWord FixupTableRVA; 00105 DWord TotalFixupDataSize; 00106 DWord DebugTableRVA; 00107 DWord TotalDebugDirectories; 00108 DWord ImageDescriptionRVA; 00109 DWord TotalDescriptionSize; 00110 DWord MachineSpecificRVA; 00111 DWord MachineSpecificSize; 00112 DWord ThreadLocalStorageRVA; 00113 DWord TotalTLSSize; 00114 } PEHeader; 00115 00116 typedef struct { // The real Win32 name of this struct is IMAGE_SECTION_HEADER 00117 char ObjectName[8]; // Name 00118 DWord VirtualSize; 00119 DWord RVA; // VirtualAddress 00120 DWord PhysicalSize; // SizeOfRawData 00121 DWord PhysicalOffset; // PointerToRawData 00122 DWord Reserved1; // PointerToRelocations 00123 DWord Reserved2; // PointerToLinenumbers 00124 DWord Reserved3; // WORD NumberOfRelocations; WORD NumberOfLinenumbers; 00125 DWord Flags; // Characteristics 00126 } PEObject; 00127 00128 typedef struct { 00129 DWord originalFirstThunk; // 0 for end of array; also ptr to hintNameArray 00130 DWord preSnapDate; // Time and date the import data was pre-snapped 00131 // or zero if not pre-snapped 00132 SWord verMajor; // Major version number of dll being ref'd 00133 SWord verMinor; // Minor " " 00134 DWord name; // RVA of dll name (asciz) 00135 DWord firstThunk; // RVA of start of import address table (IAT) 00136 } PEImportDtor; 00137 00138 typedef struct { 00139 DWord flags; // Reserved; 0 00140 DWord stamp; // Time/date stamp export data was created 00141 SWord verMajor; // Version number can be ... 00142 SWord verMinor; // ... set by user 00143 DWord name; // RVA of the ascii string containing the name of 00144 // the DLL 00145 DWord base; // Starting ordinal number for exports in this 00146 // image. Usually set to 1. 00147 DWord numEatEntries; // Number of entries in EAT (Export ADdress Table) 00148 DWord numNptEntries; // Number of entries in NPT (Name Pointer Table) 00149 // (also #entries in the Ordinal Table) 00150 DWord eatRVA; // RVA of the EAT 00151 DWord nptRVA; // RVA of the NPT 00152 DWord otRVA; // RVA of the OT 00153 } PEExportDtor; 00154 00155 //#ifdef WIN32 00156 #pragma pack(4) 00157 //#endif 00158 00159 class Win32BinaryFile : public BinaryFile 00160 { 00161 public: 00162 Win32BinaryFile(); // Default constructor 00163 virtual ~Win32BinaryFile(); // Destructor 00164 virtual bool Open(const char* sName); // Open the file for r/w; ??? 00165 virtual void Close(); // Close file opened with Open() 00166 virtual void UnLoad(); // Unload the image 00167 virtual LOAD_FMT GetFormat() const; // Get format (i.e. 00168 // LOADFMT_Win32) 00169 virtual MACHINE GetMachine() const; // Get machine (i.e. 00170 // MACHINE_Pentium) 00171 virtual const char* getFilename() const { return m_pFileName; } 00172 virtual bool isLibrary() const; 00173 virtual std::list<const char *> getDependencyList(); 00174 virtual ADDRESS getImageBase(); 00175 virtual size_t getImageSize(); 00176 00177 virtual std::list<SectionInfo*>& GetEntryPoints(const char* pEntry = "main"); 00178 virtual ADDRESS GetMainEntryPoint(); 00179 virtual ADDRESS GetEntryPoint(); 00180 DWord getDelta(); 00181 virtual const char* SymbolByAddress(ADDRESS dwAddr); // Get sym from addr 00182 virtual ADDRESS GetAddressByName(const char* name, bool bNoTypeOK = false); // Find addr given name 00183 virtual void AddSymbol(ADDRESS uNative, const char *pName); 00184 void dumpSymbols(); // For debugging 00185 00186 // 00187 // -- -- -- -- -- -- -- -- -- 00188 // 00189 // Internal information 00190 // Dump headers, etc 00191 virtual bool DisplayDetails(const char* fileName, FILE* f = stdout); 00192 00193 protected: 00194 00195 int win32Read2(short *ps) const; // Read 2 bytes from native addr 00196 int win32Read4(int *pi) const; // Read 4 bytes from native addr 00197 00198 public: 00199 00200 virtual int readNative1(ADDRESS a); // Read 1 bytes from native addr 00201 virtual int readNative2(ADDRESS a); // Read 2 bytes from native addr 00202 virtual int readNative4(ADDRESS a); // Read 4 bytes from native addr 00203 virtual QWord readNative8(ADDRESS a); // Read 8 bytes from native addr 00204 virtual float readNativeFloat4(ADDRESS a); // Read 4 bytes as float 00205 virtual double readNativeFloat8(ADDRESS a); // Read 8 bytes as float 00206 00207 virtual bool IsDynamicLinkedProcPointer(ADDRESS uNative); 00208 virtual bool IsStaticLinkedLibProc(ADDRESS uNative); 00209 virtual ADDRESS IsJumpToAnotherAddr(ADDRESS uNative); 00210 virtual const char *GetDynamicProcName(ADDRESS uNative); 00211 00212 bool IsMinGWsAllocStack(ADDRESS uNative); 00213 bool IsMinGWsFrameInit(ADDRESS uNative); 00214 bool IsMinGWsFrameEnd(ADDRESS uNative); 00215 bool IsMinGWsCleanupSetup(ADDRESS uNative); 00216 bool IsMinGWsMalloc(ADDRESS uNative); 00217 00218 virtual std::map<ADDRESS, std::string> &getSymbols() { return dlprocptrs; } 00219 00220 bool hasDebugInfo() { return haveDebugInfo; } 00221 00222 protected: 00223 virtual bool RealLoad(const char* sName); // Load the file; pure virtual 00224 00225 private: 00226 00227 bool PostLoad(void* handle); // Called after archive member loaded 00228 void findJumps(ADDRESS curr);// Find names for jumps to IATs 00229 00230 Header* m_pHeader; // Pointer to header 00231 PEHeader* m_pPEHeader; // Pointer to pe header 00232 int m_cbImage; // Size of image 00233 int m_cReloc; // Number of relocation entries 00234 DWord* m_pRelocTable; // The relocation table 00235 char * base; // Beginning of the loaded image 00236 // Map from address of dynamic pointers to library procedure names: 00237 std::map<ADDRESS, std::string> dlprocptrs; 00238 const char *m_pFileName; 00239 bool haveDebugInfo; 00240 bool mingw_main; 00241 00242 }; 00243 00244 //#ifdef WIN32 00245 #pragma pack() 00246 //#endif 00247 #endif // ifndef __WIN32BINARYFILE_H__
1.4.6