示例#1
0
 /**
  * Returns the address of the given procedure within the given library. Procedures present within
  * the analyzed modules are given precedence over stub functions.
  *
  * @param library
  * @param procedure
  * @return the virtual address of the procedure
  */
 public AbsoluteAddress getProcAddress(String library, String procedure) {
   ExportedSymbol expSymbol = exportedSymbols.get(procedure);
   if (expSymbol != null) {
     return expSymbol.getAddress();
   } else {
     return stubLibrary.resolveSymbol(library, procedure);
   }
 }
示例#2
0
  /** Resolves symbols between the loaded modules. */
  private void resolveSymbols() {
    Iterator<UnresolvedSymbol> sIter = unresolvedSymbols.iterator();
    while (sIter.hasNext()) {
      UnresolvedSymbol unresolvedSymbol = sIter.next();
      ExportedSymbol symbol = exportedSymbols.get(removeDecoration(unresolvedSymbol.getName()));

      if (symbol != null) {
        logger.debug("Resolving symbol " + unresolvedSymbol.getName());
        unresolvedSymbol.resolve(symbol.getAddress());
        sIter.remove();
      }
    }
  }
示例#3
0
  /**
   * Loads a secondary (library or stub) module for analysis. Automatically determines the correct
   * file type.
   *
   * @param moduleFile the file to load
   * @return the ExecutableImage class for the loaded module
   * @throws IOException
   * @throws BinaryParseException
   */
  public ExecutableImage loadModule(File moduleFile) throws IOException, BinaryParseException {
    // First try to load it as a PE file, then object file, ELF and finally raw binary code
    // The right thing to do would be some smart IDing of the file type, but
    // this exception chaining works for now...
    ExecutableImage module = null;
    try {
      module = new PEModule(moduleFile, getArchitecture());
      targetOS = TargetOS.WINDOWS;
    } catch (BinaryParseException e) {
      try {
        module = new ObjectFile(moduleFile, getArchitecture());
      } catch (BinaryParseException e2) {
        try {
          module = new ELFModule(moduleFile, getArchitecture());
          targetOS = TargetOS.LINUX;
        } catch (BinaryParseException e3) {
          module = new RawModule(moduleFile, getArchitecture());
        }
      }
    }

    for (ExecutableImage existingModule : modules) {
      if (existingModule.getMaxAddress().getValue() >= module.getMinAddress().getValue()
          && existingModule.getMinAddress().getValue() <= module.getMaxAddress().getValue()) {
        throw new RuntimeException("Virtual addresses of modules overlap!");
      }
    }

    modules.add(module);
    unresolvedSymbols.addAll(module.getUnresolvedSymbols());
    for (ExportedSymbol symbol : module.getExportedSymbols()) {
      exportedSymbols.put(removeDecoration(symbol.getName()), symbol);
    }
    resolveSymbols();
    return module;
  }