Beispiel #1
0
 /**
  * Loads the module containing the main function. This function should be called last for correct
  * symbol resolution.
  *
  * @param moduleFile the file to load
  * @return the ExecutableImage class for the loaded module
  * @throws IOException
  * @throws BinaryParseException
  */
 public ExecutableImage loadMainModule(File moduleFile) throws IOException, BinaryParseException {
   ExecutableImage module = loadModule(moduleFile);
   mainModule = module;
   setEntryAddress(module.getEntryPoint());
   installStubs();
   return module;
 }
Beispiel #2
0
 public AbsoluteAddress getAddressForSymbol(String symbol) {
   for (ExecutableImage module : modules) {
     AbsoluteAddress a = module.getSymbolFinder().getAddressFor(symbol);
     if (a != null) return a;
   }
   logger.error("Could not find address for symbol \"" + symbol + "\"");
   return null;
 }
Beispiel #3
0
  /**
   * Gets the assembly instruction at the specified virtual address.
   *
   * @param address a virtual address
   * @return the assembly instruction at the specified address
   */
  public final Instruction getInstruction(AbsoluteAddress address) {

    Instruction instr = assemblyMap.get(address);
    if (instr != null) {
      return instr;
    } else {
      // No real instructions in prologue/epilogue
      if (harness.contains(address) || isStub(address)) return null;

      ExecutableImage module = getModule(address);

      long fp = -1;
      if (module == null) {
        logger.error("No module for address " + address + ". Cannot disassemble instruction!");
      } else {
        fp = module.getFilePointer(address);
        // Also check whether fp is out of the int range, since the X86Disassembler actually
        // performs this cast in its implementation.
        if (fp < 0 || (int) fp < 0) {
          logger.error("Requested instruction outside of file area: " + address);
        } else {
          if (!module.isCodeArea(address)) {
            logger.error("Requested instruction outside code section: " + address);
            return null;
          }
          instr = module.getDisassembler().decodeInstruction(fp);
          if (instr == null) {
            logger.error("Instruction could not be disassembled at: " + address);
          }
        }
      }

      if (instr != null) putInstruction(address, instr);
      return instr;
    }
  }
Beispiel #4
0
  /**
   * Loads a secondary (library or stub) module for analysis. Automatically determines the correct
   * file type.
   *
   * @param moduleFile the file to load
   * @return the ExecutableImage class for the loaded module
   * @throws IOException
   * @throws BinaryParseException
   */
  public ExecutableImage loadModule(File moduleFile) throws IOException, BinaryParseException {
    // First try to load it as a PE file, then object file, ELF and finally raw binary code
    // The right thing to do would be some smart IDing of the file type, but
    // this exception chaining works for now...
    ExecutableImage module = null;
    try {
      module = new PEModule(moduleFile, getArchitecture());
      targetOS = TargetOS.WINDOWS;
    } catch (BinaryParseException e) {
      try {
        module = new ObjectFile(moduleFile, getArchitecture());
      } catch (BinaryParseException e2) {
        try {
          module = new ELFModule(moduleFile, getArchitecture());
          targetOS = TargetOS.LINUX;
        } catch (BinaryParseException e3) {
          module = new RawModule(moduleFile, getArchitecture());
        }
      }
    }

    for (ExecutableImage existingModule : modules) {
      if (existingModule.getMaxAddress().getValue() >= module.getMinAddress().getValue()
          && existingModule.getMinAddress().getValue() <= module.getMaxAddress().getValue()) {
        throw new RuntimeException("Virtual addresses of modules overlap!");
      }
    }

    modules.add(module);
    unresolvedSymbols.addAll(module.getUnresolvedSymbols());
    for (ExportedSymbol symbol : module.getExportedSymbols()) {
      exportedSymbols.put(removeDecoration(symbol.getName()), symbol);
    }
    resolveSymbols();
    return module;
  }
Beispiel #5
0
  private SymbolFinder symbolFinder(AbsoluteAddress addr) {
    if (isStub(addr)) return stubLibrary.getSymbolFinder();

    ExecutableImage module = getModule(addr);
    return (module == null) ? DummySymbolFinder.getInstance() : module.getSymbolFinder();
  }
Beispiel #6
0
 /**
  * Get the module that contains the specified virtual address at runtime.
  *
  * @param a a virtual address
  * @return the module to which the given virtual address belongs.
  */
 public ExecutableImage getModule(AbsoluteAddress a) {
   for (ExecutableImage module : modules) {
     if (module.getFilePointer(a) >= 0) return module;
   }
   return null;
 }
Beispiel #7
0
 public boolean isImport(AbsoluteAddress a) {
   if (isStub(a)) return true;
   ExecutableImage m = getModule(a);
   if (m == null) return false;
   return m.isImportArea(a);
 }