]

addrs = [SyscallTable(0, 0, 0), SyscallTable(0, 0, 0)]

values = [SyscallTable(0, 0, 0), SyscallTable(0, 0, 0)]

if len(sys.argv) != 3:
    print >> sys.stderr, "usage: %s <exe> <pdb>" % sys.argv[0]
    sys.exit(1)

pe = PE(sys.argv[1])
pdb = pdbparse.parse(sys.argv[2])
sects = Sections.parse(pdb.streams[10].data)
orig_sects = Sections.parse(pdb.streams[13].data)
gsyms = pdb.streams[pdb.streams[3].gsym_file]
omap = Omap(pdb.streams[12].data)
omap_rev = Omap(pdb.streams[11].data)

print gsyms.globals

for tbl, addr in zip(names, addrs):
    for sym in gsyms.globals:
        try:
            virt_base = sects[sym.segment - 1].VirtualAddress
        except IndexError:
            continue
        off = sym.offset

        if tbl.ServiceTable in sym.name:
            value = omap.remap(off + virt_base)
            addr.ServiceTable = value
Exemple #2
0
parser = OptionParser()
parser.add_option("-n", "--no-omap",
                  action="store_false", dest="omap", default=True,
                  help="don't try to make use of OMAP information")
(opts, args) = parser.parse_args()

if len(args) != 3:
    parser.error("Need filename, base address, and first section offset")

pdb = pdbparse.parse(args[0])
imgbase = int(args[1], 0)
secbase = int(args[2], 0)
sects = Sections.parse(pdb.streams[secbase].data)
gsyms = pdb.streams[pdb.streams[3].gsym_file]

if opts.omap:
    omap = Omap(pdb.streams[secbase+2].data)
else:
    class Dummy: pass
    omap = Dummy()
    omap.remap = lambda x: x

for sym in gsyms.globals:
    try:
        off = sym.offset
        virt_base = sects[sym.segment-1].VirtualAddress
        nm = cstring(sects[sym.segment-1].Name)
        print "%s,%#x,%d,%s" % (sym.name,imgbase+omap.remap(off+virt_base),sym.symtype,nm)
    except IndexError,e:
        print >> sys.stderr, "Skipping %s, segment %d does not exist" % (sym.name,sym.segment-1)
Exemple #3
0
# Set this to the first PDB section that contains section headers
# Common bases:
#   ntdll: 8
#   ntoskrnl: 10
# BASE = 

for pdbname,basestr,BASE in mods:
    pdbbase = os.path.basename(pdbname).split('.')[0]
    print "Loading symbols for %s..." % pdbbase
    pdb = pdbparse.parse(pdbname)
    base = int(basestr,0)
    sects = Sections.parse(pdb.streams[BASE].data)
    orig_sects = Sections.parse(pdb.streams[BASE+3].data)
    gsyms = pdb.streams[pdb.streams[3].gsym_file]
    omap = Omap(pdb.streams[BASE+2].data)
    omap_rev = Omap(pdb.streams[BASE+1].data)

    last_sect = max(sects, key=attrgetter('VirtualAddress'))
    limit = base + last_sect.VirtualAddress + last_sect.Misc.VirtualSize

    addrs[base,limit] = {}
    addrs[base,limit]['name'] = pdbbase
    addrs[base,limit]['addrs'] = []
    for sym in gsyms.globals:
        off = sym.offset
        try:
            virt_base = sects[sym.segment-1].VirtualAddress
        except IndexError:
            continue