Miasm2
 All Classes Namespaces Files Functions Variables Typedefs Properties Macros
Public Member Functions | Public Attributes | List of all members
miasm2.jitter.loader.pe.libimp_pe Class Reference
+ Inheritance diagram for miasm2.jitter.loader.pe.libimp_pe:
+ Collaboration diagram for miasm2.jitter.loader.pe.libimp_pe:

Public Member Functions

def add_export_lib
 
def gen_new_lib
 
def lib_get_add_base
 
def lib_get_add_func
 
def check_dst_ad
 

Public Attributes

 name2off
 
 libbase2lastad
 
 libbase_ad
 
 lib_imp2ad
 
 lib_imp2dstad
 
 fad2cname
 
 fad2info
 
 all_exported_lib
 

Detailed Description

Definition at line 304 of file pe.py.

Member Function Documentation

def miasm2.jitter.loader.pe.libimp_pe.add_export_lib (   self,
  e,
  name 
)

Definition at line 306 of file pe.py.

306 
307  def add_export_lib(self, e, name):
308  self.all_exported_lib.append(e)
309  # will add real lib addresses to database
310  if name in self.name2off:
311  ad = self.name2off[name]
312  else:
313  log.debug('new lib %s', name)
314  ad = e.NThdr.ImageBase
315  libad = ad
316  self.name2off[name] = ad
317  self.libbase2lastad[ad] = ad + 0x1
318  self.lib_imp2ad[ad] = {}
319  self.lib_imp2dstad[ad] = {}
320  self.libbase_ad += 0x1000
321 
322  ads = get_export_name_addr_list(e)
323  todo = ads
324  # done = []
325  while todo:
326  # for imp_ord_or_name, ad in ads:
327  imp_ord_or_name, ad = todo.pop()
328 
329  # if export is a redirection, search redirected dll
330  # and get function real addr
331  ret = is_redirected_export(e, ad)
332  if ret:
333  exp_dname, exp_fname = ret
334  # log.debug('export redirection %s' % imp_ord_or_name)
335  # log.debug('source %s %s' % (exp_dname, exp_fname))
336  exp_dname = exp_dname + '.dll'
337  exp_dname = exp_dname.lower()
338  # if dll auto refes in redirection
339  if exp_dname == name:
340  libad_tmp = self.name2off[exp_dname]
341  if not exp_fname in self.lib_imp2ad[libad_tmp]:
342  # schedule func
343  todo = [(imp_ord_or_name, ad)] + todo
344  continue
345  elif not exp_dname in self.name2off:
346  raise ValueError('load %r first' % exp_dname)
347  c_name = canon_libname_libfunc(exp_dname, exp_fname)
348  libad_tmp = self.name2off[exp_dname]
349  ad = self.lib_imp2ad[libad_tmp][exp_fname]
350  # log.debug('%s' % hex(ad))
351  # if not imp_ord_or_name in self.lib_imp2dstad[libad]:
352  # self.lib_imp2dstad[libad][imp_ord_or_name] = set()
353  # self.lib_imp2dstad[libad][imp_ord_or_name].add(dst_ad)
354 
355  # log.debug('new imp %s %s' % (imp_ord_or_name, hex(ad)))
356  self.lib_imp2ad[libad][imp_ord_or_name] = ad
357 
358  name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
359  c_name = canon_libname_libfunc(
360  name_inv[libad], imp_ord_or_name)
361  self.fad2cname[ad] = c_name
362  self.fad2info[ad] = libad, imp_ord_or_name
miasm2.jitter.loader.pe.is_redirected_export
def is_redirected_export
Definition: pe.py:57
miasm2.jitter.loader.pe.get_export_name_addr_list
def get_export_name_addr_list
Definition: pe.py:73
miasm2.jitter.loader.pe.libimp_pe.add_export_lib
def add_export_lib
Definition: pe.py:306

+ Here is the call graph for this function:

def miasm2.jitter.loader.utils.libimp.check_dst_ad (   self)
inherited

Definition at line 76 of file utils.py.

76 
77  def check_dst_ad(self):
78  for ad in self.lib_imp2dstad:
79  all_ads = self.lib_imp2dstad[ad].values()
80  all_ads.sort()
81  for i, x in enumerate(all_ads[:-1]):
82  if x is None or all_ads[i + 1] is None:
83  return False
84  if x + 4 != all_ads[i + 1]:
85  return False
86  return True
87 
88 
def miasm2.jitter.loader.pe.libimp_pe.gen_new_lib (   self,
  target_pe,
  flt = lambda _: True 
) 
Gen a new DirImport description
@target_pe: PE instance
@flt: (boolean f(address)) restrict addresses to keep

Definition at line 363 of file pe.py.

363 
364  def gen_new_lib(self, target_pe, flt=lambda _: True):
365  """Gen a new DirImport description
366  @target_pe: PE instance
367  @flt: (boolean f(address)) restrict addresses to keep
368  """
369 
370  new_lib = []
371  for lib_name, ad in self.name2off.items():
372  # Build an IMAGE_IMPORT_DESCRIPTOR
373 
374  # Get fixed addresses
375  out_ads = dict() # addr -> func_name
376  for func_name, dst_addresses in self.lib_imp2dstad[ad].items():
377  out_ads.update({addr: func_name for addr in dst_addresses})
378 
379  # Filter available addresses according to @flt
380  all_ads = [addr for addr in out_ads.keys() if flt(addr)]
381  log.debug('ads: %s', map(hex, all_ads))
382  if not all_ads:
383  continue
384 
385  # Keep non-NULL elements
386  all_ads.sort()
387  for i, x in enumerate(all_ads):
388  if x not in [0, None]:
389  break
390  all_ads = all_ads[i:]
391 
392  while all_ads:
393  # Find libname's Import Address Table
394  othunk = all_ads[0]
395  i = 0
396  while (i + 1 < len(all_ads) and
397  all_ads[i] + target_pe._wsize / 8 == all_ads[i + 1]):
398  i += 1
399  # 'i + 1' is IAT's length
400 
401  # Effectively build an IMAGE_IMPORT_DESCRIPTOR
402  funcs = [out_ads[addr] for addr in all_ads[:i + 1]]
403  try:
404  rva = target_pe.virt2rva(othunk)
405  except pe.InvalidOffset:
406  pass
407  else:
408  new_lib.append(({"name": lib_name,
409  "firstthunk": rva},
410  funcs)
411  )
412 
413  # Update elements to handle
414  all_ads = all_ads[i + 1:]
415 
416  return new_lib
417 
# machine -> arch
miasm2.jitter.loader.pe.libimp_pe.gen_new_lib
def gen_new_lib
Definition: pe.py:363
def miasm2.jitter.loader.utils.libimp.lib_get_add_base (   self,
  name 
)
inherited

Definition at line 30 of file utils.py.

30 
31  def lib_get_add_base(self, name):
32  name = name.lower().strip(' ')
33  if not "." in name:
34  log.debug('warning adding .dll to modulename')
35  name += '.dll'
36  log.debug(name)
37 
38  if name in self.name2off:
39  ad = self.name2off[name]
40  else:
41  ad = self.libbase_ad
42  log.debug('new lib %s 0x%x', name, ad)
43  self.name2off[name] = ad
44  self.libbase2lastad[ad] = ad + 0x1
45  self.lib_imp2ad[ad] = {}
46  self.lib_imp2dstad[ad] = {}
47  self.libbase_ad += 0x1000
48  return ad
def miasm2.jitter.loader.utils.libimp.lib_get_add_func (   self,
  libad,
  imp_ord_or_name,
  dst_ad = None 
)
inherited

Definition at line 49 of file utils.py.

49 
50  def lib_get_add_func(self, libad, imp_ord_or_name, dst_ad=None):
51  if not libad in self.name2off.values():
52  raise ValueError('unknown lib base!', hex(libad))
53 
54  # test if not ordinatl
55  # if imp_ord_or_name >0x10000:
56  # imp_ord_or_name = vm_get_str(imp_ord_or_name, 0x100)
57  # imp_ord_or_name = imp_ord_or_name[:imp_ord_or_name.find('\x00')]
58 
59  #/!\ can have multiple dst ad
60  if not imp_ord_or_name in self.lib_imp2dstad[libad]:
61  self.lib_imp2dstad[libad][imp_ord_or_name] = set()
62  self.lib_imp2dstad[libad][imp_ord_or_name].add(dst_ad)
63 
64  if imp_ord_or_name in self.lib_imp2ad[libad]:
65  return self.lib_imp2ad[libad][imp_ord_or_name]
66  # log.debug('new imp %s %s' % (imp_ord_or_name, dst_ad))
67  ad = self.libbase2lastad[libad]
68  self.libbase2lastad[libad] += 0x11 # arbitrary
69  self.lib_imp2ad[libad][imp_ord_or_name] = ad
70 
71  name_inv = dict([(x[1], x[0]) for x in self.name2off.items()])
72  c_name = canon_libname_libfunc(name_inv[libad], imp_ord_or_name)
73  self.fad2cname[ad] = c_name
74  self.fad2info[ad] = libad, imp_ord_or_name
75  return ad

+ Here is the call graph for this function:

Member Data Documentation

miasm2.jitter.loader.utils.libimp.all_exported_lib
inherited

Definition at line 28 of file utils.py.

miasm2.jitter.loader.utils.libimp.fad2cname
inherited

Definition at line 26 of file utils.py.

miasm2.jitter.loader.utils.libimp.fad2info
inherited

Definition at line 27 of file utils.py.

miasm2.jitter.loader.utils.libimp.lib_imp2ad
inherited

Definition at line 24 of file utils.py.

miasm2.jitter.loader.utils.libimp.lib_imp2dstad
inherited

Definition at line 25 of file utils.py.

miasm2.jitter.loader.utils.libimp.libbase2lastad
inherited

Definition at line 22 of file utils.py.

miasm2.jitter.loader.utils.libimp.libbase_ad
inherited

Definition at line 23 of file utils.py.

miasm2.jitter.loader.utils.libimp.name2off
inherited

Definition at line 21 of file utils.py.

The documentation for this class was generated from the following file:
Generated by   doxygen 1.8.8