/** * Returns the address of the given procedure within the given library. Procedures present within * the analyzed modules are given precedence over stub functions. * * @param library * @param procedure * @return the virtual address of the procedure */ public AbsoluteAddress getProcAddress(String library, String procedure) { ExportedSymbol expSymbol = exportedSymbols.get(procedure); if (expSymbol != null) { return expSymbol.getAddress(); } else { return stubLibrary.resolveSymbol(library, procedure); } }
/** Resolves symbols between the loaded modules. */ private void resolveSymbols() { Iterator<UnresolvedSymbol> sIter = unresolvedSymbols.iterator(); while (sIter.hasNext()) { UnresolvedSymbol unresolvedSymbol = sIter.next(); ExportedSymbol symbol = exportedSymbols.get(removeDecoration(unresolvedSymbol.getName())); if (symbol != null) { logger.debug("Resolving symbol " + unresolvedSymbol.getName()); unresolvedSymbol.resolve(symbol.getAddress()); sIter.remove(); } } }
/** * Loads a secondary (library or stub) module for analysis. Automatically determines the correct * file type. * * @param moduleFile the file to load * @return the ExecutableImage class for the loaded module * @throws IOException * @throws BinaryParseException */ public ExecutableImage loadModule(File moduleFile) throws IOException, BinaryParseException { // First try to load it as a PE file, then object file, ELF and finally raw binary code // The right thing to do would be some smart IDing of the file type, but // this exception chaining works for now... ExecutableImage module = null; try { module = new PEModule(moduleFile, getArchitecture()); targetOS = TargetOS.WINDOWS; } catch (BinaryParseException e) { try { module = new ObjectFile(moduleFile, getArchitecture()); } catch (BinaryParseException e2) { try { module = new ELFModule(moduleFile, getArchitecture()); targetOS = TargetOS.LINUX; } catch (BinaryParseException e3) { module = new RawModule(moduleFile, getArchitecture()); } } } for (ExecutableImage existingModule : modules) { if (existingModule.getMaxAddress().getValue() >= module.getMinAddress().getValue() && existingModule.getMinAddress().getValue() <= module.getMaxAddress().getValue()) { throw new RuntimeException("Virtual addresses of modules overlap!"); } } modules.add(module); unresolvedSymbols.addAll(module.getUnresolvedSymbols()); for (ExportedSymbol symbol : module.getExportedSymbols()) { exportedSymbols.put(removeDecoration(symbol.getName()), symbol); } resolveSymbols(); return module; }