blob: 493d6229df76f62c2981d79585c6da446fb97908 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
/***************************************************************/
/* perk: PE Resource Kit */
/* Copyright (C) 2015--2021 SysDeer Technologies, LLC */
/* Released under GPLv2 and GPLv3; see COPYING.PERK. */
/***************************************************************/
#include <string.h>
#include <perk/perk.h>
#include <perk/perk_consts.h>
#include <perk/perk_structs.h>
#include "perk_endian_impl.h"
#include "perk_reader_impl.h"
int pe_read_coff_header(const struct pe_raw_coff_image_hdr * p, struct pe_meta_coff_file_hdr * m)
{
if ((p->cfh_signature[0] != 'P') || (p->cfh_signature[1] != 'E')
|| p->cfh_signature[2] || p->cfh_signature[3])
return PERK_ERR_BAD_COFF_HEADER;
m->cfh_signature[0] = p->cfh_signature[0];
m->cfh_signature[1] = p->cfh_signature[1];
m->cfh_signature[2] = p->cfh_signature[2];
m->cfh_signature[3] = p->cfh_signature[3];
m->cfh_machine = pe_read_short(p->cfh_machine);
m->cfh_num_of_sections = pe_read_short(p->cfh_num_of_sections);
m->cfh_time_date_stamp = pe_read_long(p->cfh_time_date_stamp);
m->cfh_ptr_to_sym_tbl = pe_read_long(p->cfh_ptr_to_sym_tbl);
m->cfh_num_of_syms = pe_read_long(p->cfh_num_of_syms);
m->cfh_size_of_opt_hdr = pe_read_short(p->cfh_size_of_opt_hdr);
m->cfh_characteristics = pe_read_short(p->cfh_characteristics);
return 0;
}
#define PE_IMAGE_FILE_CHARACTERISTICS (\
PE_IMAGE_FILE_RELOCS_STRIPPED \
| PE_IMAGE_FILE_EXECUTABLE_IMAGE \
| PE_IMAGE_FILE_LINE_NUMS_STRIPPED \
| PE_IMAGE_FILE_LOCAL_SYMS_STRIPPED \
| PE_IMAGE_FILE_AGGRESSIVE_WS_TRIM \
| PE_IMAGE_FILE_LARGE_ADDRESS_AWARE \
| PE_IMAGE_FILE_RESERVED_CHARACTERISTIC \
| PE_IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP \
| PE_IMAGE_FILE_BYTES_REVERSED_LO \
| PE_IMAGE_FILE_32BIT_MACHINE \
| PE_IMAGE_FILE_DEBUG_STRIPPED \
| PE_IMAGE_FILE_NET_RUN_FROM_SWAP \
| PE_IMAGE_FILE_SYSTEM \
| PE_IMAGE_FILE_DLL \
| PE_IMAGE_FILE_UP_SYSTEM_ONLY \
| PE_IMAGE_FILE_BYTES_REVERSED_HI)
int pe_read_object_header(const struct pe_raw_coff_object_hdr * p, struct pe_meta_coff_file_hdr * m)
{
if (pe_read_short(p->cfh_size_of_opt_hdr))
return PERK_ERR_BAD_COFF_HEADER;
if (pe_read_short(p->cfh_characteristics) & ~PE_IMAGE_FILE_CHARACTERISTICS)
return PERK_ERR_BAD_COFF_HEADER;
switch (pe_read_short(p->cfh_machine)) {
case PE_IMAGE_FILE_MACHINE_I386:
case PE_IMAGE_FILE_MACHINE_R4000:
case PE_IMAGE_FILE_MACHINE_WCEMIPSV2:
case PE_IMAGE_FILE_MACHINE_SH3:
case PE_IMAGE_FILE_MACHINE_SH3DSP:
case PE_IMAGE_FILE_MACHINE_SH4:
case PE_IMAGE_FILE_MACHINE_SH5:
case PE_IMAGE_FILE_MACHINE_ARM:
case PE_IMAGE_FILE_MACHINE_THUMB:
case PE_IMAGE_FILE_MACHINE_ARMV7:
case PE_IMAGE_FILE_MACHINE_AM33:
case PE_IMAGE_FILE_MACHINE_POWERPC:
case PE_IMAGE_FILE_MACHINE_POWERPCFP:
case PE_IMAGE_FILE_MACHINE_IA64:
case PE_IMAGE_FILE_MACHINE_MIPS16:
case PE_IMAGE_FILE_MACHINE_MIPSFPU:
case PE_IMAGE_FILE_MACHINE_MIPSFPU16:
case PE_IMAGE_FILE_MACHINE_EBC:
case PE_IMAGE_FILE_MACHINE_AMD64:
case PE_IMAGE_FILE_MACHINE_M32R:
break;
default:
return PERK_ERR_BAD_COFF_HEADER;
}
m->cfh_signature[0] = 0;
m->cfh_signature[1] = 0;
m->cfh_signature[2] = 0;
m->cfh_signature[3] = 0;
m->cfh_machine = pe_read_short(p->cfh_machine);
m->cfh_num_of_sections = pe_read_short(p->cfh_num_of_sections);
m->cfh_time_date_stamp = pe_read_long(p->cfh_time_date_stamp);
m->cfh_ptr_to_sym_tbl = pe_read_long(p->cfh_ptr_to_sym_tbl);
m->cfh_num_of_syms = pe_read_long(p->cfh_num_of_syms);
m->cfh_size_of_opt_hdr = pe_read_short(p->cfh_size_of_opt_hdr);
m->cfh_characteristics = pe_read_short(p->cfh_characteristics);
return 0;
}
|