Пример #1
0
  public static DataEntry findNextEntry(PE pe, int pos) {
    DataEntry de = new DataEntry();

    // Check sections first
    int ns = pe.getCoffHeader().getNumberOfSections();
    for (int i = 0; i < ns; i++) {
      SectionHeader sh = pe.getSectionTable().getHeader(i);
      if (sh.getSizeOfRawData() > 0
          && sh.getPointerToRawData() >= pos
          && (de.pointer == 0 || sh.getPointerToRawData() < de.pointer)) {
        de.pointer = sh.getPointerToRawData();
        de.index = i;
        de.isSection = true;
      }
    }

    // Now check image data directories
    RVAConverter rvc = pe.getSectionTable().getRVAConverter();
    int dc = pe.getOptionalHeader().getDataDirectoryCount();
    for (int i = 0; i < dc; i++) {
      ImageDataDirectory idd = pe.getOptionalHeader().getDataDirectory(i);
      if (idd.getSize() > 0) {
        int prd = idd.getVirtualAddress();
        // Assume certificate live outside section ?
        if (i != ImageDataDirectoryType.CERTIFICATE_TABLE && isInsideSection(pe, idd)) {
          prd = rvc.convertVirtualAddressToRawDataPointer(idd.getVirtualAddress());
        }
        if (prd >= pos && (de.pointer == 0 || prd < de.pointer)) {
          de.pointer = prd;
          de.index = i;
          de.isSection = false;
        }
      }
    }

    // Check debug
    ImageData id = pe.getImageData();
    DebugDirectory dd = null;
    if (id != null) dd = id.getDebug();
    if (dd != null) {
      int prd = dd.getPointerToRawData();
      if (prd >= pos && (de.pointer == 0 || prd < de.pointer)) {
        de.pointer = prd;
        de.index = -1;
        de.isDebugRawData = true;
        de.isSection = false;
        de.baseAddress = prd;
      }
    }

    if (de.pointer == 0) return null;

    return de;
  }
Пример #2
0
  public static SectionTable readSectionHeaders(PE pe, IDataReader dr) throws IOException {
    SectionTable st = new SectionTable();
    int ns = pe.getCoffHeader().getNumberOfSections();
    for (int i = 0; i < ns; i++) {
      st.add(readSectionHeader(dr));
    }

    SectionHeader[] sorted = st.getHeadersPointerSorted();
    int[] virtualAddress = new int[sorted.length];
    int[] pointerToRawData = new int[sorted.length];
    for (int i = 0; i < sorted.length; i++) {
      virtualAddress[i] = sorted[i].getVirtualAddress();
      pointerToRawData[i] = sorted[i].getPointerToRawData();
    }

    st.setRvaConverter(new RVAConverter(virtualAddress, pointerToRawData));
    return st;
  }