def add_export_lib(self, e, name):
self.all_exported_lib.append(e)
# will add real lib addresses to database
if name in self.name2off:
ad = self.name2off[name]
else:
log.debug('new lib %s', name)
ad = e.NThdr.ImageBase
libad = ad
self.name2off[name] = ad
self.libbase2lastad[ad] = ad + 0x1
self.lib_imp2ad[ad] = {}
self.lib_imp2dstad[ad] = {}
self.libbase_ad += 0x1000
ads = get_export_name_addr_list(e)
todo = ads
# done = []
while todo:
# for imp_ord_or_name, ad in ads:
imp_ord_or_name, ad = todo.pop()
# if export is a redirection, search redirected dll
# and get function real addr
ret = is_redirected_export(e, ad)
if ret:
exp_dname, exp_fname = ret
# log.debug('export redirection %s' % imp_ord_or_name)
# log.debug('source %s %s' % (exp_dname, exp_fname))
exp_dname = exp_dname + '.dll'
exp_dname = exp_dname.lower()
# if dll auto refes in redirection
if exp_dname == name:
libad_tmp = self.name2off[exp_dname]
if not exp_fname in self.lib_imp2ad[libad_tmp]:
# schedule func
todo = [(imp_ord_or_name, ad)] + todo
continue
elif not exp_dname in self.name2off:
raise ValueError('load %r first' % exp_dname)
c_name = canon_libname_libfunc(exp_dname, exp_fname)
libad_tmp = self.name2off[exp_dname]
ad = self.lib_imp2ad[libad_tmp][exp_fname]
# log.debug('%s' % hex(ad))
# if not imp_ord_or_name in self.lib_imp2dstad[libad]:
# self.lib_imp2dstad[libad][imp_ord_or_name] = set()
# self.lib_imp2dstad[libad][imp_ord_or_name].add(dst_ad)
# log.debug('new imp %s %s' % (imp_ord_or_name, hex(ad)))
self.lib_imp2ad[libad][imp_ord_or_name] = ad
name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
c_name = canon_libname_libfunc(name_inv[libad],
imp_ord_or_name)
self.fad2cname[ad] = c_name
self.fad2info[ad] = libad, imp_ord_or_name
def add_export_lib(self, e, name):
self.all_exported_lib.append(e)
# will add real lib addresses to database
if name in self.name2off:
ad = self.name2off[name]
else:
log.debug('new lib %s', name)
ad = e.NThdr.ImageBase
libad = ad
self.name2off[name] = ad
self.libbase2lastad[ad] = ad + 0x1
self.lib_imp2ad[ad] = {}
self.lib_imp2dstad[ad] = {}
self.libbase_ad += 0x1000
ads = get_export_name_addr_list(e)
todo = ads
# done = []
while todo:
# for imp_ord_or_name, ad in ads:
imp_ord_or_name, ad = todo.pop()
# if export is a redirection, search redirected dll
# and get function real addr
ret = is_redirected_export(e, ad)
if ret:
exp_dname, exp_fname = ret
# log.debug('export redirection %s' % imp_ord_or_name)
# log.debug('source %s %s' % (exp_dname, exp_fname))
exp_dname = exp_dname + '.dll'
exp_dname = exp_dname.lower()
# if dll auto refes in redirection
if exp_dname == name:
libad_tmp = self.name2off[exp_dname]
if not exp_fname in self.lib_imp2ad[libad_tmp]:
# schedule func
todo = [(imp_ord_or_name, ad)] + todo
continue
elif not exp_dname in self.name2off:
raise ValueError('load %r first' % exp_dname)
c_name = canon_libname_libfunc(exp_dname, exp_fname)
libad_tmp = self.name2off[exp_dname]
ad = self.lib_imp2ad[libad_tmp][exp_fname]
# log.debug('%s' % hex(ad))
# if not imp_ord_or_name in self.lib_imp2dstad[libad]:
# self.lib_imp2dstad[libad][imp_ord_or_name] = set()
# self.lib_imp2dstad[libad][imp_ord_or_name].add(dst_ad)
# log.debug('new imp %s %s' % (imp_ord_or_name, hex(ad)))
self.lib_imp2ad[libad][imp_ord_or_name] = ad
name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
c_name = canon_libname_libfunc(
name_inv[libad], imp_ord_or_name)
self.fad2cname[ad] = c_name
self.fad2info[ad] = libad, imp_ord_or_name
def preload_elf(vm, e, runtime_lib, patch_vm_imp=True, loc_db=None):
# XXX quick hack
fa = get_import_address_elf(e)
dyn_funcs = {}
for (libname, libfunc), ads in fa.items():
# Quick hack - if a symbol is already known, do not stub it
if loc_db and loc_db.get_name_location(libfunc) is not None:
continue
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
log.debug('patch 0x%x 0x%x %s', ad, ad_libfunc, libfunc)
set_endianness = {
elf_csts.ELFDATA2MSB: ">",
elf_csts.ELFDATA2LSB: "<",
elf_csts.ELFDATANONE: ""
}[e.sex]
vm.set_mem(
ad,
struct.pack(set_endianness + cstruct.size2type[e.size],
ad_libfunc))
return runtime_lib, dyn_funcs
def preload_pe(vm, e, runtime_lib, patch_vm_imp=True):
fa = get_import_address_pe(e)
dyn_funcs = {}
# log.debug('imported funcs: %s' % fa)
for (libname, libfunc), ads in fa.items():
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
vm.set_mem(ad, struct.pack(cstruct.size2type[e._wsize], ad_libfunc))
return dyn_funcs
def preload_pe(vm, e, runtime_lib, patch_vm_imp=True):
fa = get_import_address_pe(e)
dyn_funcs = {}
# log.debug('imported funcs: %s' % fa)
for (libname, libfunc), ads in fa.items():
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
vm.set_mem(
ad, struct.pack(cstruct.size2type[e._wsize], ad_libfunc))
return dyn_funcs
def preload_elf(vm, e, runtime_lib, patch_vm_imp=True):
# XXX quick hack
fa = get_import_address_elf(e)
dyn_funcs = {}
# log.debug('imported funcs: %s' % fa)
for (libname, libfunc), ads in fa.items():
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
log.debug('patch 0x%x 0x%x %s', ad, ad_libfunc, libfunc)
set_endianness = { elf_csts.ELFDATA2MSB: ">",
elf_csts.ELFDATA2LSB: "<",
elf_csts.ELFDATANONE: "" }[e.sex]
vm.set_mem(ad,
struct.pack(set_endianness +
cstruct.size2type[e.size],
ad_libfunc))
return runtime_lib, dyn_funcs
def preload_elf(vm, e, runtime_lib, patch_vm_imp=True):
# XXX quick hack
fa = get_import_address_elf(e)
dyn_funcs = {}
for (libname, libfunc), ads in fa.items():
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
log.debug('patch 0x%x 0x%x %s', ad, ad_libfunc, libfunc)
set_endianness = {
elf_csts.ELFDATA2MSB: ">",
elf_csts.ELFDATA2LSB: "<",
elf_csts.ELFDATANONE: ""
}[e.sex]
vm.set_mem(
ad,
struct.pack(set_endianness + cstruct.size2type[e.size],
ad_libfunc))
return runtime_lib, dyn_funcs
def preload_elf(vm, e, runtime_lib, patch_vm_imp=True, loc_db=None):
# XXX quick hack
fa = get_import_address_elf(e)
dyn_funcs = {}
for (libname, libfunc), ads in fa.items():
# Quick hack - if a symbol is already known, do not stub it
if loc_db and loc_db.get_name_location(libfunc) is not None:
continue
for ad in ads:
ad_base_lib = runtime_lib.lib_get_add_base(libname)
ad_libfunc = runtime_lib.lib_get_add_func(ad_base_lib, libfunc, ad)
libname_s = canon_libname_libfunc(libname, libfunc)
dyn_funcs[libname_s] = ad_libfunc
if patch_vm_imp:
log.debug('patch 0x%x 0x%x %s', ad, ad_libfunc, libfunc)
set_endianness = { elf_csts.ELFDATA2MSB: ">",
elf_csts.ELFDATA2LSB: "<",
elf_csts.ELFDATANONE: "" }[e.sex]
vm.set_mem(ad,
struct.pack(set_endianness +
cstruct.size2type[e.size],
ad_libfunc))
return runtime_lib, dyn_funcs
def add_export_lib(self, e, name):
if name in self.created_redirected_imports:
log.error("%r has previously been created due to redirect\
imports due to %r. Change the loading order.",
name, self.created_redirected_imports[name])
raise RuntimeError('Bad import: loading previously created import')
self.all_exported_lib.append(e)
# will add real lib addresses to database
if name in self.name2off:
ad = self.name2off[name]
if e is not None and name in self.fake_libs:
log.error(
"You are trying to load %r but it has been faked previously. Try loading this module earlier.", name)
raise RuntimeError("Bad import")
else:
log.debug('new lib %s', name)
ad = e.NThdr.ImageBase
libad = ad
self.name2off[name] = ad
self.libbase2lastad[ad] = ad + 0x1
self.lib_imp2ad[ad] = {}
self.lib_imp2dstad[ad] = {}
self.libbase_ad += 0x1000
ads = get_export_name_addr_list(e)
todo = ads
# done = []
while todo:
# for imp_ord_or_name, ad in ads:
imp_ord_or_name, ad = todo.pop()
# if export is a redirection, search redirected dll
# and get function real addr
ret = is_redirected_export(e, ad)
if ret:
exp_dname, exp_fname = ret
exp_dname = exp_dname + '.dll'
exp_dname = exp_dname.lower()
# if dll auto refes in redirection
if exp_dname == name:
libad_tmp = self.name2off[exp_dname]
if not exp_fname in self.lib_imp2ad[libad_tmp]:
# schedule func
todo = [(imp_ord_or_name, ad)] + todo
continue
else:
# import redirected lib from non loaded dll
if not exp_dname in self.name2off:
self.created_redirected_imports.setdefault(
exp_dname, set()).add(name)
# Ensure import entry is created
new_lib_base = self.lib_get_add_base(exp_dname)
# Ensure function entry is created
_ = self.lib_get_add_func(new_lib_base, exp_fname)
c_name = canon_libname_libfunc(exp_dname, exp_fname)
libad_tmp = self.name2off[exp_dname]
ad = self.lib_imp2ad[libad_tmp][exp_fname]
self.lib_imp2ad[libad][imp_ord_or_name] = ad
name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
c_name = canon_libname_libfunc(
name_inv[libad], imp_ord_or_name)
self.fad2cname[ad] = c_name
self.fad2info[ad] = libad, imp_ord_or_name
def add_export_lib(self, e, name):
if name in self.created_redirected_imports:
log.error(
"%r has previously been created due to redirect\
imports due to %r. Change the loading order.", name,
self.created_redirected_imports[name])
raise RuntimeError('Bad import: loading previously created import')
self.all_exported_lib.append(e)
# will add real lib addresses to database
if name in self.name2off:
ad = self.name2off[name]
if e is not None and name in self.fake_libs:
log.error(
"You are trying to load %r but it has been faked previously. Try loading this module earlier.",
name)
raise RuntimeError("Bad import")
else:
log.debug('new lib %s', name)
ad = e.NThdr.ImageBase
libad = ad
self.name2off[name] = ad
self.libbase2lastad[ad] = ad + 0x1
self.lib_imp2ad[ad] = {}
self.lib_imp2dstad[ad] = {}
self.libbase_ad += 0x1000
ads = get_export_name_addr_list(e)
todo = ads
# done = []
while todo:
# for imp_ord_or_name, ad in ads:
imp_ord_or_name, ad = todo.pop()
# if export is a redirection, search redirected dll
# and get function real addr
ret = is_redirected_export(e, ad)
if ret:
exp_dname, exp_fname = ret
exp_dname = exp_dname + '.dll'
exp_dname = exp_dname.lower()
# if dll auto refes in redirection
if exp_dname == name:
libad_tmp = self.name2off[exp_dname]
if not exp_fname in self.lib_imp2ad[libad_tmp]:
# schedule func
todo = [(imp_ord_or_name, ad)] + todo
continue
else:
# import redirected lib from non loaded dll
if not exp_dname in self.name2off:
self.created_redirected_imports.setdefault(
exp_dname, set()).add(name)
# Ensure import entry is created
new_lib_base = self.lib_get_add_base(exp_dname)
# Ensure function entry is created
_ = self.lib_get_add_func(new_lib_base, exp_fname)
c_name = canon_libname_libfunc(exp_dname, exp_fname)
libad_tmp = self.name2off[exp_dname]
ad = self.lib_imp2ad[libad_tmp][exp_fname]
self.lib_imp2ad[libad][imp_ord_or_name] = ad
name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
c_name = canon_libname_libfunc(name_inv[libad],
imp_ord_or_name)
self.fad2cname[ad] = c_name
self.fad2info[ad] = libad, imp_ord_or_name