00001 /* 00002 * HT Editor 00003 * htpefimg.cc 00004 * 00005 * Copyright (C) 1999-2002 Stefan Weyergraf (stefan@weyergraf.de) 00006 * 00007 * This program is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License version 2 as 00009 * published by the Free Software Foundation. 00010 * 00011 * This program is distributed in the hope that it will be useful, 00012 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00013 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00014 * GNU General Public License for more details. 00015 * 00016 * You should have received a copy of the GNU General Public License 00017 * along with this program; if not, write to the Free Software 00018 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 00019 */ 00020 00021 #include "log.h" 00022 #include "formats.h" 00023 #include "htpal.h" 00024 #include "htpefimg.h" 00025 #include "htstring.h" 00026 #include "pef_analy.h" 00027 #include "pefstruc.h" 00028 #include "snprintf.h" 00029 00030 ht_view *htpefimage_init(bounds *b, ht_streamfile *file, ht_format_group *group) 00031 { 00032 ht_pef_shared_data *pef_shared=(ht_pef_shared_data *)group->get_shared_data(); 00033 00034 LOG("%s: PEF: loading image (starting analyser)...", file->get_filename()); 00035 PEFAnalyser *p = new PEFAnalyser(); 00036 p->init(pef_shared, file); 00037 00038 bounds c=*b; 00039 ht_group *g=new ht_group(); 00040 g->init(&c, VO_RESIZE, DESC_PEF_IMAGE"-g"); 00041 AnalyInfoline *head; 00042 00043 c.y+=2; 00044 c.h-=2; 00045 ht_pef_aviewer *v=new ht_pef_aviewer(); 00046 v->init(&c, DESC_PEF_IMAGE, VC_EDIT | VC_GOTO | VC_SEARCH, file, group, p, pef_shared); 00047 00048 c.y-=2; 00049 c.h=2; 00050 head=new AnalyInfoline(); 00051 head->init(&c, v, ANALY_STATUS_DEFAULT); 00052 00053 v->attachInfoline(head); 00054 00055 /* search for lowest/highest */ 00056 uint32 l=0xffffffff, h=0; 00057 PEF_SECTION_HEADER *s=pef_shared->sheaders.sheaders; 00058 for (UINT i=0; i<pef_shared->sheaders.count; i++) { 00059 if (s->defaultAddress < l) l = s->defaultAddress; 00060 if ((s->defaultAddress + s->totalSize > h) && 00061 s->totalSize && pef_phys_and_mem_section(s)) 00062 h = s->defaultAddress + s->totalSize - 1; 00063 s++; 00064 } 00065 00066 Address *low; 00067 Address *high; 00068 00069 low = p->createAddress32(l); 00070 high = p->createAddress32(h); 00071 00072 ht_analy_sub *analy=new ht_analy_sub(); 00073 analy->init(file, v, p, low, high); 00074 00075 delete low; 00076 delete high; 00077 00078 v->analy_sub = analy; 00079 v->insertsub(analy); 00080 00081 v->sendmsg(msg_complete_init, 0); 00082 00083 // Address *tmpaddr; 00084 // tmpaddr = p->createAddress32(pef_shared->pe32.header.entrypoint_address+pef_shared->pe32.header_nt.image_base); 00085 // v->gotoAddress(tmpaddr, NULL); 00086 // delete tmpaddr; 00087 00088 g->insert(head); 00089 g->insert(v); 00090 00091 g->setpalette(palkey_generic_window_default); 00092 00093 // pef_shared->v_image=v; 00094 return g; 00095 } 00096 00097 format_viewer_if htpefimage_if = { 00098 htpefimage_init, 00099 0 00100 }; 00101 00102 /*static int pe_viewer_func_rva(eval_scalar *result, eval_int *i) 00103 { 00104 ht_pe_aviewer *aviewer = (ht_pe_aviewer*)eval_get_context(); 00105 RVA rva = QWORD_GET_INT(i->value); 00106 viewer_pos p; 00107 FILEOFS ofs; 00108 if (pe_rva_to_ofs(&aviewer->pef_shared->sections, rva, &ofs) 00109 && aviewer->offset_to_pos(ofs, &p)) { 00110 Address *a; 00111 int b; 00112 aviewer->convertViewerPosToAddress(p, &a); 00113 a->putIntoArray((byte*)&b); 00114 delete a; 00115 scalar_create_int_c(result, b); 00116 return 1; 00117 } else { 00118 set_eval_error("invalid file offset or no corresponding RVA for '0%xh'", rva); 00119 } 00120 return 0; 00121 } 00122 00123 static int pe_viewer_func_section_int(eval_scalar *result, eval_int *q) 00124 { 00125 ht_pe_aviewer *aviewer = (ht_pe_aviewer*)eval_get_context(); 00126 UINT i = QWORD_GET_INT(q->value)-1; 00127 if (!QWORD_GET_HI(q->value) && (i >= 0) && 00128 (i < aviewer->pef_shared->sections.section_count)) { 00129 viewer_pos p; 00130 FILEOFS ofs; 00131 if (pe_rva_to_ofs(&aviewer->pef_shared->sections, 00132 aviewer->pef_shared->sections.sections[i].data_address, 00133 &ofs) 00134 && aviewer->offset_to_pos(ofs, &p)) { 00135 Address *a; 00136 int b; 00137 aviewer->convertViewerPosToAddress(p, &a); 00138 a->putIntoArray((byte*)&b); 00139 delete a; 00140 scalar_create_int_c(result, b); 00141 return 1; 00142 } else { 00143 // set_eval_error("invalid file offset or no corresponding RVA for '0%xh'", rva); 00144 } 00145 } else { 00146 set_eval_error("no section number %qd", &q->value); 00147 } 00148 return 0; 00149 } 00150 00151 static int pe_viewer_func_section_str(eval_scalar *result, eval_str *str) 00152 { 00153 ht_pe_aviewer *aviewer = (ht_pe_aviewer*)eval_get_context(); 00154 int section; 00155 char str2[COFF_SIZEOF_SHORT_NAME+1]; 00156 memset(str2, 0, COFF_SIZEOF_SHORT_NAME+1); 00157 memmove(str2, str->value, MIN(str->len, COFF_SIZEOF_SHORT_NAME)); 00158 if (pe_section_name_to_section(&aviewer->pef_shared->sections, str2, §ion)) { 00159 eval_scalar i; 00160 scalar_create_int_c(&i, section+1); 00161 return pe_viewer_func_section_int(result, &i.scalar.integer); 00162 } 00163 return 0; 00164 } 00165 00166 static int pe_viewer_func_section(eval_scalar *result, eval_scalar *q) 00167 { 00168 if (q->type == SCALAR_STR) 00169 return pe_viewer_func_section_str(result, &q->scalar.str); 00170 else { 00171 eval_int i; 00172 scalar_context_int(q, &i); 00173 return pe_viewer_func_section_int(result, &i); 00174 } 00175 }*/ 00176 00177 /* 00178 * CLASS ht_pef_aviewer 00179 */ 00180 void ht_pef_aviewer::init(bounds *b, char *desc, int caps, ht_streamfile *File, ht_format_group *format_group, Analyser *Analy, ht_pef_shared_data *PEF_shared) 00181 { 00182 ht_aviewer::init(b, desc, caps, File, format_group, Analy); 00183 pef_shared = PEF_shared; 00184 } 00185 00186 int ht_pef_aviewer::func_handler(eval_scalar *result, char *name, eval_scalarlist *params) 00187 { 00188 /* eval_func myfuncs[] = { 00189 {"rva", (void*)&pe_viewer_func_rva, {SCALAR_INT}, 00190 "returns address of rva"}, 00191 {"section", (void*)&pe_viewer_func_section, {SCALAR_ANY}, 00192 "returns address of section named param1 if param1 is a string\n" 00193 "returns address of section with index param1 otherwise"}, 00194 {NULL} 00195 }; 00196 if (std_eval_func_handler(result, name, params, myfuncs)) return 1;*/ 00197 return ht_aviewer::func_handler(result, name, params); 00198 } 00199 00200 void ht_pef_aviewer::setAnalyser(Analyser *a) 00201 { 00202 ((PEFAnalyser *)a)->pef_shared = pef_shared; 00203 ((PEFAnalyser *)a)->file = file; 00204 analy = a; 00205 analy_sub->setAnalyser(a); 00206 }
1.3.5