public static DataEntry findNextEntry(PE pe, int pos) { DataEntry de = new DataEntry(); // Check sections first int ns = pe.getCoffHeader().getNumberOfSections(); for (int i = 0; i < ns; i++) { SectionHeader sh = pe.getSectionTable().getHeader(i); if (sh.getSizeOfRawData() > 0 && sh.getPointerToRawData() >= pos && (de.pointer == 0 || sh.getPointerToRawData() < de.pointer)) { de.pointer = sh.getPointerToRawData(); de.index = i; de.isSection = true; } } // Now check image data directories RVAConverter rvc = pe.getSectionTable().getRVAConverter(); int dc = pe.getOptionalHeader().getDataDirectoryCount(); for (int i = 0; i < dc; i++) { ImageDataDirectory idd = pe.getOptionalHeader().getDataDirectory(i); if (idd.getSize() > 0) { int prd = idd.getVirtualAddress(); // Assume certificate live outside section ? if (i != ImageDataDirectoryType.CERTIFICATE_TABLE && isInsideSection(pe, idd)) { prd = rvc.convertVirtualAddressToRawDataPointer(idd.getVirtualAddress()); } if (prd >= pos && (de.pointer == 0 || prd < de.pointer)) { de.pointer = prd; de.index = i; de.isSection = false; } } } // Check debug ImageData id = pe.getImageData(); DebugDirectory dd = null; if (id != null) dd = id.getDebug(); if (dd != null) { int prd = dd.getPointerToRawData(); if (prd >= pos && (de.pointer == 0 || prd < de.pointer)) { de.pointer = prd; de.index = -1; de.isDebugRawData = true; de.isSection = false; de.baseAddress = prd; } } if (de.pointer == 0) return null; return de; }
private static boolean isInsideSection(PE pe, ImageDataDirectory idd) { int prd = idd.getVirtualAddress(); int pex = prd + idd.getSize(); SectionTable st = pe.getSectionTable(); int ns = st.getNumberOfSections(); for (int i = 0; i < ns; i++) { SectionHeader sh = st.getHeader(i); int vad = sh.getVirtualAddress(); int vex = vad + sh.getVirtualSize(); if (prd >= vad && prd < vex && pex <= vex) return true; } return false; }
private static void readSection(PE pe, DataEntry entry, IDataReader dr) throws IOException { SectionTable st = pe.getSectionTable(); SectionHeader sh = st.getHeader(entry.index); SectionData sd = new SectionData(); // Read any preamble - store if non-zero byte[] pa = readPreambleData(sh.getPointerToRawData(), dr); if (pa != null) sd.setPreamble(pa); // Read in the raw data block dr.jumpTo(sh.getPointerToRawData()); byte[] b = new byte[sh.getSizeOfRawData()]; dr.read(b); sd.setData(b); st.put(entry.index, sd); // Check for an image directory within this section int ddc = pe.getOptionalHeader().getDataDirectoryCount(); for (int i = 0; i < ddc; i++) { if (i == ImageDataDirectoryType.CERTIFICATE_TABLE) continue; ImageDataDirectory idd = pe.getOptionalHeader().getDataDirectory(i); if (idd.getSize() > 0) { int vad = sh.getVirtualAddress(); int vex = vad + sh.getVirtualSize(); int dad = idd.getVirtualAddress(); if (dad >= vad && dad < vex) { int off = dad - vad; IDataReader idr = new ByteArrayDataReader(b, off, idd.getSize()); DataEntry de = new DataEntry(i, 0); de.baseAddress = sh.getVirtualAddress(); readImageData(pe, de, idr); } } } }
public static SectionHeader readSectionHeader(IDataReader dr) throws IOException { SectionHeader sh = new SectionHeader(); sh.setName(dr.readUtf(8)); sh.setVirtualSize(dr.readDoubleWord()); sh.setVirtualAddress(dr.readDoubleWord()); sh.setSizeOfRawData(dr.readDoubleWord()); sh.setPointerToRawData(dr.readDoubleWord()); sh.setPointerToRelocations(dr.readDoubleWord()); sh.setPointerToLineNumbers(dr.readDoubleWord()); sh.setNumberOfRelocations(dr.readWord()); sh.setNumberOfLineNumbers(dr.readWord()); sh.setCharacteristics(dr.readDoubleWord()); return sh; }