Rizin
unix-like reverse engineering framework and cli tools
Macros | Functions | Variables
bin_pe.c File Reference
#include "bin_pe.inc"

Go to the source code of this file.

Macros

#define B(x, y)   rz_buf_append_bytes(buf, (const ut8 *)(x), y)
 
#define H(x)   rz_buf_append_ut16(buf, x)
 
#define D(x)   rz_buf_append_ut32(buf, x)
 
#define Z(x)   rz_buf_append_nbytes(buf, x)
 
#define W(x, y, z)   rz_buf_write_at(buf, x, (const ut8 *)(y), z)
 
#define WZ(x, y)
 
#define ROWL(nam, siz, val, fmt)    rz_list_append(ret, rz_bin_field_new(addr, addr, siz, nam, sdb_fmt("0x%08x", val), fmt, false));
 

Functions

static bool check_buffer (RzBuffer *b)
 
static RzBuffercreate (RzBin *bin, const ut8 *code, int codelen, const ut8 *data, int datalen, RzBinArchOptions *opt)
 
static char * signature (RzBinFile *bf, bool json)
 
static RzListfields (RzBinFile *bf)
 
static void header (RzBinFile *bf)
 

Variables

RzBinPlugin rz_bin_plugin_pe
 
RZ_API RzLibStruct rizin_plugin
 

Macro Definition Documentation

◆ B

#define B (   x,
 
)    rz_buf_append_bytes(buf, (const ut8 *)(x), y)

◆ D

#define D (   x)    rz_buf_append_ut32(buf, x)

◆ H

#define H (   x)    rz_buf_append_ut16(buf, x)

◆ ROWL

#define ROWL (   nam,
  siz,
  val,
  fmt 
)     rz_list_append(ret, rz_bin_field_new(addr, addr, siz, nam, sdb_fmt("0x%08x", val), fmt, false));

◆ W

#define W (   x,
  y,
 
)    rz_buf_write_at(buf, x, (const ut8 *)(y), z)

◆ WZ

#define WZ (   x,
 
)
Value:
p_tmp = rz_buf_size(buf); \
Z(x); \
W(p_tmp, y, strlen(y))
buf
voidpf void * buf
Definition: ioapi.h:138
x
int x
Definition: mipsasm.c:20
rz_buf_size
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
Definition: buf.c:1225

◆ Z

#define Z (   x)    rz_buf_append_nbytes(buf, x)

Function Documentation

◆ check_buffer()

static bool check_buffer ( RzBuffer b)
static

Definition at line 8 of file bin_pe.c.

8  {
9  ut64 length = rz_buf_size(b);
10  if (length <= 0x3d) {
11  return false;
12  }
13 
14  ut16 idx;
15  if (!rz_buf_read_le16_at(b, 0x3c, &idx)) {
16  return false;
17  }
18 
19  if (idx + 26 < length) {
20  /* Here PE signature for usual PE files
21  * and PL signature for Phar Lap TNT DOS extender 32bit executables
22  */
23  ut8 buf[2];
24  rz_buf_read_at(b, 0, buf, sizeof(buf));
25  if (!memcmp(buf, "MZ", 2)) {
26  rz_buf_read_at(b, idx, buf, sizeof(buf));
27  // TODO: Add one more indicator, to prevent false positives
28  if (!memcmp(buf, "PL", 2)) {
29  return true;
30  }
31  if (!memcmp(buf, "PE", 2)) {
32  rz_buf_read_at(b, idx + 0x18, buf, sizeof(buf));
33  return !memcmp(buf, "\x0b\x01", 2);
34  }
35  }
36  }
37  return false;
38 }
length
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
Definition: sflib.h:133
ut16
uint16_t ut16
Definition: demangler_util.h:30
ut8
uint8_t ut8
Definition: lh5801.h:11
setup.idx
int idx
Definition: setup.py:197
rz_buf_read_le16_at
#define rz_buf_read_le16_at(b, addr, result)
Definition: rz_buf.h:270
rz_buf_read_at
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
Definition: buf.c:1136
b
#define b(i)
Definition: sha256.c:42
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()

References b, setup::idx, length, rz_buf_read_at(), rz_buf_read_le16_at, rz_buf_size(), and ut64().

◆ create()

static RzBuffer* create ( RzBin bin,
const ut8 code,
int  codelen,
const ut8 data,
int  datalen,
RzBinArchOptions opt 
)
static

Definition at line 41 of file bin_pe.c.

41  {
42  ut32 hdrsize, p_start, p_opthdr, p_sections, p_lsrlc, n;
43  ut32 baddr = 0x400000;
44  RzBuffer *buf = rz_buf_new_with_bytes(NULL, 0);
45 
46 #define B(x, y) rz_buf_append_bytes(buf, (const ut8 *)(x), y)
47 #define H(x) rz_buf_append_ut16(buf, x)
48 #define D(x) rz_buf_append_ut32(buf, x)
49 #define Z(x) rz_buf_append_nbytes(buf, x)
50 #define W(x, y, z) rz_buf_write_at(buf, x, (const ut8 *)(y), z)
51 #define WZ(x, y) \
52  p_tmp = rz_buf_size(buf); \
53  Z(x); \
54  W(p_tmp, y, strlen(y))
55 
56  B("MZ\x00\x00", 4); // MZ Header
57  B("PE\x00\x00", 4); // PE Signature
58  H(0x14c); // Machine
59  H(1); // Number of sections
60  D(0); // Timestamp (Unused)
61  D(0); // PointerToSymbolTable (Unused)
62  D(0); // NumberOfSymbols (Unused)
63  p_lsrlc = rz_buf_size(buf);
64  H(-1); // SizeOfOptionalHeader
65  H(0x103); // Characteristics
66 
67  /* Optional Header */
68  p_opthdr = rz_buf_size(buf);
69  H(0x10b); // Magic
70  B("\x08\x00", 2); // (Major/Minor)LinkerVersion (Unused)
71 
72  p_sections = rz_buf_size(buf);
73  n = p_sections - p_opthdr;
74  W(p_lsrlc, &n, 2); // Fix SizeOfOptionalHeader
75 
76  /* Sections */
77  p_start = 0x7c; // HACK: Headersize
78  hdrsize = 0x7c;
79 
80  D(RZ_ROUND(codelen, 4)); // SizeOfCode (Unused)
81  D(0); // SizeOfInitializedData (Unused)
82  D(codelen); // codesize
83  D(p_start);
84  D(codelen);
85  D(p_start);
86  D(baddr); // ImageBase
87  D(4); // SectionAlignment
88  D(4); // FileAlignment
89  H(4); // MajorOperatingSystemVersion (Unused)
90  H(0); // MinorOperatingSystemVersion (Unused)
91  H(0); // MajorImageVersion (Unused)
92  H(0); // MinorImageVersion (Unused)
93  H(4); // MajorSubsystemVersion
94  H(0); // MinorSubsystemVersion (Unused)
95  D(0); // Win32VersionValue (Unused)
96  D((RZ_ROUND(hdrsize, 4)) + (RZ_ROUND(codelen, 4))); // SizeOfImage
97  D(RZ_ROUND(hdrsize, 4)); // SizeOfHeaders
98  D(0); // CheckSum (Unused)
99  H(2); // Subsystem (Win32 GUI)
100  H(0x400); // DllCharacteristics (Unused)
101  D(0x100000); // SizeOfStackReserve (Unused)
102  D(0x1000); // SizeOfStackCommit
103  D(0x100000); // SizeOfHeapReserve
104  D(0x1000); // SizeOfHeapCommit (Unused)
105  D(0); // LoaderFlags (Unused)
106  D(0); // NumberOfRvaAndSizes (Unused)
107  B(code, codelen);
108 
109  if (data && datalen > 0) {
110  // ut32 data_section = buf->length;
111  RZ_LOG_WARN("DATA section not support for PE yet\n");
112  B(data, datalen);
113  }
114  return buf;
115 }
baddr
static ut64 baddr(RzBinFile *bf)
Definition: bin_any.c:58
W
#define W(x, y, z)
H
#define H(x)
B
#define B(x, y)
D
#define D(x)
NULL
#define NULL
Definition: cris-opc.c:27
ut32
uint32_t ut32
Definition: demangler_util.h:31
n
int n
Definition: mipsasm.c:19
rz_buf_new_with_bytes
RZ_API RZ_OWN RzBuffer * rz_buf_new_with_bytes(RZ_NULLABLE RZ_BORROW const ut8 *bytes, ut64 len)
Creates a new buffer with a bytes array.
Definition: buf.c:465
RZ_LOG_WARN
#define RZ_LOG_WARN(fmtstr,...)
Definition: rz_log.h:56
RZ_ROUND
#define RZ_ROUND(x, y)
Definition: rz_types_base.h:132
code
Definition: inftree9.h:24
rz_buf_t
Definition: rz_buf.h:43

References B, baddr(), D, H, n, NULL, rz_buf_new_with_bytes(), rz_buf_size(), RZ_LOG_WARN, RZ_ROUND, and W.

◆ fields()

static RzList* fields ( RzBinFile bf)
static

Definition at line 132 of file bin_pe.c.

132  {
133  RzList *ret = rz_list_newf((RzListFree)rz_bin_field_free);
134  if (!ret) {
135  return NULL;
136  }
137 
138 #define ROWL(nam, siz, val, fmt) \
139  rz_list_append(ret, rz_bin_field_new(addr, addr, siz, nam, sdb_fmt("0x%08x", val), fmt, false));
140 
141  struct PE_(rz_bin_pe_obj_t) *bin = bf->o->bin_obj;
142  ut64 addr = bin->rich_header_offset ? bin->rich_header_offset : 128;
143 
144  RzListIter *it;
145  Pe_image_rich_entry *rich;
146  rz_list_foreach (bin->rich_entries, it, rich) {
147  rz_list_append(ret, rz_bin_field_new(addr, addr, 0, "RICH_ENTRY_NAME", strdup(rich->productName), "s", false));
148  ROWL("RICH_ENTRY_ID", 2, rich->productId, "x");
149  addr += 2;
150  ROWL("RICH_ENTRY_VERSION", 2, rich->minVersion, "x");
151  addr += 2;
152  ROWL("RICH_ENTRY_TIMES", 4, rich->timesUsed, "x");
153  addr += 4;
154  }
155 
156  ROWL("Signature", 4, bin->nt_headers->Signature, "x");
157  addr += 4;
158  ROWL("Machine", 2, bin->nt_headers->file_header.Machine, "x");
159  addr += 2;
160  ROWL("NumberOfSections", 2, bin->nt_headers->file_header.NumberOfSections, "x");
161  addr += 2;
162  ROWL("TimeDateStamp", 4, bin->nt_headers->file_header.TimeDateStamp, "x");
163  addr += 4;
164  ROWL("PointerToSymbolTable", 4, bin->nt_headers->file_header.PointerToSymbolTable, "x");
165  addr += 4;
166  ROWL("NumberOfSymbols ", 4, bin->nt_headers->file_header.NumberOfSymbols, "x");
167  addr += 4;
168  ROWL("SizeOfOptionalHeader", 2, bin->nt_headers->file_header.SizeOfOptionalHeader, "x");
169  addr += 2;
170  ROWL("Characteristics", 2, bin->nt_headers->file_header.Characteristics, "x");
171  addr += 2;
172  ROWL("Magic", 2, bin->nt_headers->optional_header.Magic, "x");
173  addr += 2;
174  ROWL("MajorLinkerVersion", 1, bin->nt_headers->optional_header.MajorLinkerVersion, "x");
175  addr += 1;
176  ROWL("MinorLinkerVersion", 1, bin->nt_headers->optional_header.MinorLinkerVersion, "x");
177  addr += 1;
178  ROWL("SizeOfCode", 4, bin->nt_headers->optional_header.SizeOfCode, "x");
179  addr += 4;
180  ROWL("SizeOfInitializedData", 4, bin->nt_headers->optional_header.SizeOfInitializedData, "x");
181  addr += 4;
182  ROWL("SizeOfUninitializedData", 4, bin->nt_headers->optional_header.SizeOfUninitializedData, "x");
183  addr += 4;
184  ROWL("AddressOfEntryPoint", 4, bin->nt_headers->optional_header.AddressOfEntryPoint, "x");
185  addr += 4;
186  ROWL("BaseOfCode", 4, bin->nt_headers->optional_header.BaseOfCode, "x");
187  addr += 4;
188  ROWL("BaseOfData", 4, bin->nt_headers->optional_header.BaseOfData, "x");
189  addr += 4;
190  ROWL("ImageBase", 4, bin->nt_headers->optional_header.ImageBase, "x");
191  addr += 4;
192  ROWL("SectionAlignment", 4, bin->nt_headers->optional_header.SectionAlignment, "x");
193  addr += 4;
194  ROWL("FileAlignment", 4, bin->nt_headers->optional_header.FileAlignment, "x");
195  addr += 4;
196  ROWL("MajorOperatingSystemVersion", 2, bin->nt_headers->optional_header.MajorOperatingSystemVersion, "x");
197  addr += 2;
198  ROWL("MinorOperatingSystemVersion", 2, bin->nt_headers->optional_header.MinorOperatingSystemVersion, "x");
199  addr += 2;
200  ROWL("MajorImageVersion", 2, bin->nt_headers->optional_header.MajorImageVersion, "x");
201  addr += 2;
202  ROWL("MinorImageVersion", 2, bin->nt_headers->optional_header.MinorImageVersion, "x");
203  addr += 2;
204  ROWL("MajorSubsystemVersion", 2, bin->nt_headers->optional_header.MajorSubsystemVersion, "x");
205  addr += 2;
206  ROWL("MinorSubsystemVersion", 2, bin->nt_headers->optional_header.MinorSubsystemVersion, "x");
207  addr += 2;
208  ROWL("Win32VersionValue", 4, bin->nt_headers->optional_header.Win32VersionValue, "x");
209  addr += 4;
210  ROWL("SizeOfImage", 4, bin->nt_headers->optional_header.SizeOfImage, "x");
211  addr += 4;
212  ROWL("SizeOfHeaders", 4, bin->nt_headers->optional_header.SizeOfHeaders, "x");
213  addr += 4;
214  ROWL("CheckSum", 4, bin->nt_headers->optional_header.CheckSum, "x");
215  addr += 4;
216  ROWL("Subsystem", 24, bin->nt_headers->optional_header.Subsystem, "x");
217  addr += 2;
218  ROWL("DllCharacteristics", 2, bin->nt_headers->optional_header.DllCharacteristics, "x");
219  addr += 2;
220  ROWL("SizeOfStackReserve", 4, bin->nt_headers->optional_header.SizeOfStackReserve, "x");
221  addr += 4;
222  ROWL("SizeOfStackCommit", 4, bin->nt_headers->optional_header.SizeOfStackCommit, "x");
223  addr += 4;
224  ROWL("SizeOfHeapReserve", 4, bin->nt_headers->optional_header.SizeOfHeapReserve, "x");
225  addr += 4;
226  ROWL("SizeOfHeapCommit", 4, bin->nt_headers->optional_header.SizeOfHeapCommit, "x");
227  addr += 4;
228  ROWL("LoaderFlags", 4, bin->nt_headers->optional_header.LoaderFlags, "x");
229  addr += 4;
230  ROWL("NumberOfRvaAndSizes", 4, bin->nt_headers->optional_header.NumberOfRvaAndSizes, "x");
231  addr += 4;
232 
233  int i;
234  ut64 tmp = addr;
235  for (i = 0; i < PE_IMAGE_DIRECTORY_ENTRIES - 1; i++) {
236  if (bin->nt_headers->optional_header.DataDirectory[i].Size > 0) {
237  addr = tmp + i * 8;
238  switch (i) {
239  case PE_IMAGE_DIRECTORY_ENTRY_EXPORT:
240  ROWL("IMAGE_DIRECTORY_ENTRY_EXPORT", 4,
241  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
242  addr += 4;
243  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_EXPORT", 4,
244  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
245  break;
246  case PE_IMAGE_DIRECTORY_ENTRY_IMPORT:
247  ROWL("IMAGE_DIRECTORY_ENTRY_IMPORT", 4,
248  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
249  addr += 4;
250  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_IMPORT", 4,
251  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
252  break;
253  case PE_IMAGE_DIRECTORY_ENTRY_RESOURCE:
254  ROWL("IMAGE_DIRECTORY_ENTRY_RESOURCE", 4,
255  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
256  addr += 4;
257  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_RESOURCE", 4,
258  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
259  break;
260  case PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION:
261  ROWL("IMAGE_DIRECTORY_ENTRY_EXCEPTION", 4,
262  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
263  addr += 4;
264  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_EXCEPTION", 4,
265  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
266  break;
267  case PE_IMAGE_DIRECTORY_ENTRY_SECURITY:
268  ROWL("IMAGE_DIRECTORY_ENTRY_SECURITY", 4,
269  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
270  addr += 4;
271  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_SECURITY", 4,
272  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
273  break;
274  case PE_IMAGE_DIRECTORY_ENTRY_BASERELOC:
275  ROWL("IMAGE_DIRECTORY_ENTRY_BASERELOC", 4,
276  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
277  addr += 4;
278  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_BASERELOC", 4,
279  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
280  break;
281  case PE_IMAGE_DIRECTORY_ENTRY_DEBUG:
282  ROWL("IMAGE_DIRECTORY_ENTRY_DEBUG", 4,
283  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
284  addr += 4;
285  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_DEBUG", 4,
286  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
287  break;
288  case PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT:
289  ROWL("IMAGE_DIRECTORY_ENTRY_COPYRIGHT", 4,
290  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
291  addr += 4;
292  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT", 4,
293  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
294  break;
295  case PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR:
296  ROWL("IMAGE_DIRECTORY_ENTRY_GLOBALPTR", 4,
297  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
298  addr += 4;
299  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR", 4,
300  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
301  break;
302  case PE_IMAGE_DIRECTORY_ENTRY_TLS:
303  ROWL("IMAGE_DIRECTORY_ENTRY_TLS", 4,
304  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
305  addr += 4;
306  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_TLS", 4,
307  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
308  break;
309  case PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG:
310  ROWL("IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG", 4,
311  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
312  addr += 4;
313  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG", 4,
314  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
315  break;
316  case PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT:
317  ROWL("IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", 4,
318  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
319  addr += 4;
320  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT", 4,
321  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
322  break;
323  case PE_IMAGE_DIRECTORY_ENTRY_IAT:
324  ROWL("IMAGE_DIRECTORY_ENTRY_IAT", 4,
325  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
326  addr += 4;
327  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_IAT", 4,
328  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
329  break;
330  case PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT:
331  ROWL("IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT", 4,
332  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
333  addr += 4;
334  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT", 4,
335  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
336  break;
337  case PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR:
338  ROWL("IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", 4,
339  bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress, "x");
340  addr += 4;
341  ROWL("SIZE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR", 4,
342  bin->nt_headers->optional_header.DataDirectory[i].Size, "x");
343  break;
344  }
345  }
346  }
347 
348  return ret;
349 }
i
lzma_index ** i
Definition: index.h:629
rz_bin_field_free
RZ_API void rz_bin_field_free(RzBinField *field)
Definition: bin.c:950
rz_bin_field_new
RZ_API RzBinField * rz_bin_field_new(ut64 paddr, ut64 vaddr, int size, const char *name, const char *comment, const char *format, bool format_named)
Definition: bin.c:935
ROWL
#define ROWL(nam, siz, val, fmt)
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
autogen_x86imm.tmp
tmp
Definition: autogen_x86imm.py:12
PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION
#define PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION
Definition: pe_specs.h:146
PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT
#define PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT
Definition: pe_specs.h:150
PE_IMAGE_DIRECTORY_ENTRY_IMPORT
#define PE_IMAGE_DIRECTORY_ENTRY_IMPORT
Definition: pe_specs.h:144
PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
#define PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Definition: pe_specs.h:158
PE_IMAGE_DIRECTORY_ENTRY_RESOURCE
#define PE_IMAGE_DIRECTORY_ENTRY_RESOURCE
Definition: pe_specs.h:145
PE_IMAGE_DIRECTORY_ENTRY_BASERELOC
#define PE_IMAGE_DIRECTORY_ENTRY_BASERELOC
Definition: pe_specs.h:148
PE_IMAGE_DIRECTORY_ENTRY_DEBUG
#define PE_IMAGE_DIRECTORY_ENTRY_DEBUG
Definition: pe_specs.h:149
PE_IMAGE_DIRECTORY_ENTRY_SECURITY
#define PE_IMAGE_DIRECTORY_ENTRY_SECURITY
Definition: pe_specs.h:147
PE_IMAGE_DIRECTORY_ENTRY_IAT
#define PE_IMAGE_DIRECTORY_ENTRY_IAT
Definition: pe_specs.h:156
PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
#define PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT
Definition: pe_specs.h:157
PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
#define PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT
Definition: pe_specs.h:155
PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR
#define PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR
Definition: pe_specs.h:152
PE_IMAGE_DIRECTORY_ENTRIES
#define PE_IMAGE_DIRECTORY_ENTRIES
Definition: pe_specs.h:142
PE_IMAGE_DIRECTORY_ENTRY_EXPORT
#define PE_IMAGE_DIRECTORY_ENTRY_EXPORT
Definition: pe_specs.h:143
PE_IMAGE_DIRECTORY_ENTRY_TLS
#define PE_IMAGE_DIRECTORY_ENTRY_TLS
Definition: pe_specs.h:153
PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
#define PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Definition: pe_specs.h:154
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11
Pe_image_rich_entry
Definition: pe_specs.h:345
Pe_image_rich_entry::productId
ut16 productId
Definition: pe_specs.h:346
Pe_image_rich_entry::timesUsed
ut32 timesUsed
Definition: pe_specs.h:348
Pe_image_rich_entry::productName
char * productName
Definition: pe_specs.h:349
Pe_image_rich_entry::minVersion
ut16 minVersion
Definition: pe_specs.h:347
bin
Definition: malloc.c:26
rz_bin_file_t::o
RzBinObject * o
Definition: rz_bin.h:305
rz_bin_object_t::bin_obj
void * bin_obj
Definition: rz_bin.h:293
rz_list_iter_t
Definition: rz_list.h:13
rz_list_t
Definition: rz_list.h:18
addr
static int addr
Definition: z80asm.c:58

References addr, rz_bin_object_t::bin_obj, i, Pe_image_rich_entry::minVersion, NULL, rz_bin_file_t::o, PE_IMAGE_DIRECTORY_ENTRIES, PE_IMAGE_DIRECTORY_ENTRY_BASERELOC, PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT, PE_IMAGE_DIRECTORY_ENTRY_DEBUG, PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION, PE_IMAGE_DIRECTORY_ENTRY_EXPORT, PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR, PE_IMAGE_DIRECTORY_ENTRY_IAT, PE_IMAGE_DIRECTORY_ENTRY_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, PE_IMAGE_DIRECTORY_ENTRY_RESOURCE, PE_IMAGE_DIRECTORY_ENTRY_SECURITY, PE_IMAGE_DIRECTORY_ENTRY_TLS, Pe_image_rich_entry::productId, Pe_image_rich_entry::productName, ROWL, rz_bin_field_free(), rz_bin_field_new(), rz_list_append(), rz_list_newf(), strdup(), Pe_image_rich_entry::timesUsed, autogen_x86imm::tmp, and ut64().

◆ header()

static void header ( RzBinFile bf)
static

Definition at line 351 of file bin_pe.c.

351  {
352  struct PE_(rz_bin_pe_obj_t) *bin = bf->o->bin_obj;
353  struct rz_bin_t *rbin = bf->rbin;
354  rbin->cb_printf("PE file header:\n");
355  rbin->cb_printf("IMAGE_NT_HEADERS\n");
356  rbin->cb_printf(" Signature : 0x%x\n", bin->nt_headers->Signature);
357  rbin->cb_printf("IMAGE_FILE_HEADERS\n");
358  rbin->cb_printf(" Machine : 0x%x\n", bin->nt_headers->file_header.Machine);
359  rbin->cb_printf(" NumberOfSections : 0x%x\n", bin->nt_headers->file_header.NumberOfSections);
360  rbin->cb_printf(" TimeDateStamp : 0x%x\n", bin->nt_headers->file_header.TimeDateStamp);
361  rbin->cb_printf(" PointerToSymbolTable : 0x%x\n", bin->nt_headers->file_header.PointerToSymbolTable);
362  rbin->cb_printf(" NumberOfSymbols : 0x%x\n", bin->nt_headers->file_header.NumberOfSymbols);
363  rbin->cb_printf(" SizeOfOptionalHeader : 0x%x\n", bin->nt_headers->file_header.SizeOfOptionalHeader);
364  rbin->cb_printf(" Characteristics : 0x%x\n", bin->nt_headers->file_header.Characteristics);
365  rbin->cb_printf("IMAGE_OPTIONAL_HEADERS\n");
366  rbin->cb_printf(" Magic : 0x%x\n", bin->nt_headers->optional_header.Magic);
367  rbin->cb_printf(" MajorLinkerVersion : 0x%x\n", bin->nt_headers->optional_header.MajorLinkerVersion);
368  rbin->cb_printf(" MinorLinkerVersion : 0x%x\n", bin->nt_headers->optional_header.MinorLinkerVersion);
369  rbin->cb_printf(" SizeOfCode : 0x%x\n", bin->nt_headers->optional_header.SizeOfCode);
370  rbin->cb_printf(" SizeOfInitializedData : 0x%x\n", bin->nt_headers->optional_header.SizeOfInitializedData);
371  rbin->cb_printf(" SizeOfUninitializedData : 0x%x\n", bin->nt_headers->optional_header.SizeOfUninitializedData);
372  rbin->cb_printf(" AddressOfEntryPoint : 0x%x\n", bin->nt_headers->optional_header.AddressOfEntryPoint);
373  rbin->cb_printf(" BaseOfCode : 0x%x\n", bin->nt_headers->optional_header.BaseOfCode);
374  rbin->cb_printf(" BaseOfData : 0x%x\n", bin->nt_headers->optional_header.BaseOfData);
375  rbin->cb_printf(" ImageBase : 0x%x\n", bin->nt_headers->optional_header.ImageBase);
376  rbin->cb_printf(" SectionAlignment : 0x%x\n", bin->nt_headers->optional_header.SectionAlignment);
377  rbin->cb_printf(" FileAlignment : 0x%x\n", bin->nt_headers->optional_header.FileAlignment);
378  rbin->cb_printf(" MajorOperatingSystemVersion : 0x%x\n", bin->nt_headers->optional_header.MajorOperatingSystemVersion);
379  rbin->cb_printf(" MinorOperatingSystemVersion : 0x%x\n", bin->nt_headers->optional_header.MinorOperatingSystemVersion);
380  rbin->cb_printf(" MajorImageVersion : 0x%x\n", bin->nt_headers->optional_header.MajorImageVersion);
381  rbin->cb_printf(" MinorImageVersion : 0x%x\n", bin->nt_headers->optional_header.MinorImageVersion);
382  rbin->cb_printf(" MajorSubsystemVersion : 0x%x\n", bin->nt_headers->optional_header.MajorSubsystemVersion);
383  rbin->cb_printf(" MinorSubsystemVersion : 0x%x\n", bin->nt_headers->optional_header.MinorSubsystemVersion);
384  rbin->cb_printf(" Win32VersionValue : 0x%x\n", bin->nt_headers->optional_header.Win32VersionValue);
385  rbin->cb_printf(" SizeOfImage : 0x%x\n", bin->nt_headers->optional_header.SizeOfImage);
386  rbin->cb_printf(" SizeOfHeaders : 0x%x\n", bin->nt_headers->optional_header.SizeOfHeaders);
387  rbin->cb_printf(" CheckSum : 0x%x\n", bin->nt_headers->optional_header.CheckSum);
388  rbin->cb_printf(" Subsystem : 0x%x\n", bin->nt_headers->optional_header.Subsystem);
389  rbin->cb_printf(" DllCharacteristics : 0x%x\n", bin->nt_headers->optional_header.DllCharacteristics);
390  rbin->cb_printf(" SizeOfStackReserve : 0x%x\n", bin->nt_headers->optional_header.SizeOfStackReserve);
391  rbin->cb_printf(" SizeOfStackCommit : 0x%x\n", bin->nt_headers->optional_header.SizeOfStackCommit);
392  rbin->cb_printf(" SizeOfHeapReserve : 0x%x\n", bin->nt_headers->optional_header.SizeOfHeapReserve);
393  rbin->cb_printf(" SizeOfHeapCommit : 0x%x\n", bin->nt_headers->optional_header.SizeOfHeapCommit);
394  rbin->cb_printf(" LoaderFlags : 0x%x\n", bin->nt_headers->optional_header.LoaderFlags);
395  rbin->cb_printf(" NumberOfRvaAndSizes : 0x%x\n", bin->nt_headers->optional_header.NumberOfRvaAndSizes);
396  RzListIter *it;
397  Pe_image_rich_entry *entry;
398  rbin->cb_printf("RICH_FIELDS\n");
399  rz_list_foreach (bin->rich_entries, it, entry) {
400  rbin->cb_printf(" Product: %d Name: %s Version: %d Times: %d\n", entry->productId, entry->productName, entry->minVersion, entry->timesUsed);
401  }
402  int i;
403  for (i = 0; i < PE_IMAGE_DIRECTORY_ENTRIES - 1; i++) {
404  if (bin->nt_headers->optional_header.DataDirectory[i].Size > 0) {
405  switch (i) {
406  case PE_IMAGE_DIRECTORY_ENTRY_EXPORT:
407  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_EXPORT\n");
408  break;
409  case PE_IMAGE_DIRECTORY_ENTRY_IMPORT:
410  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_IMPORT\n");
411  break;
412  case PE_IMAGE_DIRECTORY_ENTRY_RESOURCE:
413  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_RESOURCE\n");
414  break;
415  case PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION:
416  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_EXCEPTION\n");
417  break;
418  case PE_IMAGE_DIRECTORY_ENTRY_SECURITY:
419  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_SECURITY\n");
420  break;
421  case PE_IMAGE_DIRECTORY_ENTRY_BASERELOC:
422  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_BASERELOC\n");
423  break;
424  case PE_IMAGE_DIRECTORY_ENTRY_DEBUG:
425  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_DEBUG\n");
426  break;
427  case PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT:
428  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_COPYRIGHT\n");
429  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_ARCHITECTURE\n");
430  break;
431  case PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR:
432  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_GLOBALPTR\n");
433  break;
434  case PE_IMAGE_DIRECTORY_ENTRY_TLS:
435  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_TLS\n");
436  break;
437  case PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG:
438  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG\n");
439  break;
440  case PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT:
441  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT\n");
442  break;
443  case PE_IMAGE_DIRECTORY_ENTRY_IAT:
444  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_IAT\n");
445  break;
446  case PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT:
447  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT\n");
448  break;
449  case PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR:
450  rbin->cb_printf("IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR\n");
451  break;
452  }
453  rbin->cb_printf(" VirtualAddress : 0x%x\n", bin->nt_headers->optional_header.DataDirectory[i].VirtualAddress);
454  rbin->cb_printf(" Size : 0x%x\n", bin->nt_headers->optional_header.DataDirectory[i].Size);
455  }
456  }
457 }
entry
Definition: zipcmp.c:77
rz_bin_file_t::rbin
struct rz_bin_t * rbin
Definition: rz_bin.h:316
rz_bin_t
Definition: rz_bin.h:328
rz_bin_t::cb_printf
PrintfCallback cb_printf
Definition: rz_bin.h:345

References rz_bin_object_t::bin_obj, rz_bin_t::cb_printf, i, rz_bin_file_t::o, PE_IMAGE_DIRECTORY_ENTRIES, PE_IMAGE_DIRECTORY_ENTRY_BASERELOC, PE_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, PE_IMAGE_DIRECTORY_ENTRY_COPYRIGHT, PE_IMAGE_DIRECTORY_ENTRY_DEBUG, PE_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_EXCEPTION, PE_IMAGE_DIRECTORY_ENTRY_EXPORT, PE_IMAGE_DIRECTORY_ENTRY_GLOBALPTR, PE_IMAGE_DIRECTORY_ENTRY_IAT, PE_IMAGE_DIRECTORY_ENTRY_IMPORT, PE_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, PE_IMAGE_DIRECTORY_ENTRY_RESOURCE, PE_IMAGE_DIRECTORY_ENTRY_SECURITY, PE_IMAGE_DIRECTORY_ENTRY_TLS, and rz_bin_file_t::rbin.

◆ signature()

static char* signature ( RzBinFile bf,
bool  json 
)
static

Definition at line 117 of file bin_pe.c.

117  {
118  if (!bf || !bf->o || !bf->o->bin_obj) {
119  return NULL;
120  }
121  struct PE_(rz_bin_pe_obj_t) *bin = bf->o->bin_obj;
122  if (json) {
123  PJ *pj = rz_pkcs7_cms_json(bin->cms);
124  if (pj) {
125  return pj_drain(pj);
126  }
127  return strdup("{}");
128  }
129  return rz_pkcs7_cms_to_string(bin->cms);
130 }
pj_drain
RZ_API char * pj_drain(PJ *j)
Definition: pj.c:50
rz_pkcs7_cms_to_string
RZ_API char * rz_pkcs7_cms_to_string(RCMS *container)
Definition: pkcs7.c:479
rz_pkcs7_cms_json
RZ_API PJ * rz_pkcs7_cms_json(RCMS *container)
Definition: pkcs7.c:592
pj_t
Definition: rz_pj.h:12

References rz_bin_object_t::bin_obj, NULL, rz_bin_file_t::o, pj_drain(), rz_pkcs7_cms_json(), rz_pkcs7_cms_to_string(), and strdup().

Referenced by check_buffer(), read_hdr(), rz_analysis_function_get_signature(), rz_core_analysis_function_signature(), rz_core_bin_signatures_print(), and RZ_PACKED().

Variable Documentation

◆ rizin_plugin

RZ_API RzLibStruct rizin_plugin
Initial value:
= {
.type = RZ_LIB_TYPE_BIN,
.data = &rz_bin_plugin_pe,
.version = RZ_VERSION
}
rz_bin_plugin_pe
RzBinPlugin rz_bin_plugin_pe
Definition: bin_pe.c:459
RZ_LIB_TYPE_BIN
@ RZ_LIB_TYPE_BIN
Definition: rz_lib.h:75
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
rz_bin_plugin_t::version
char * version
Definition: rz_bin.h:512

Definition at line 491 of file bin_pe.c.

◆ rz_bin_plugin_pe

RzBinPlugin rz_bin_plugin_pe
Initial value:
= {
.name = "pe",
.desc = "PE bin plugin",
.license = "LGPL3",
.get_sdb = &get_sdb,
.load_buffer = &load_buffer,
.destroy = &destroy,
.check_buffer = &check_buffer,
.baddr = &baddr,
.binsym = &binsym,
.entries = &entries,
.maps = &maps,
.sections = &sections,
.signature = &signature,
.symbols = &symbols,
.imports = &imports,
.strings = &strings,
.info = &info,
.header = &header,
.fields = &fields,
.libs = &libs,
.relocs = &relocs,
.minstrlen = 4,
.create = &create,
.get_offset = &get_offset,
.get_vaddr = &get_vaddr,
.hashes = &compute_hashes,
.resources = &resources,
.section_flag_to_rzlist = &PE_(section_flag_to_rzlist),
}
load_buffer
static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
Definition: bin_any.c:50
destroy
static void destroy(RzBinFile *bf)
Definition: bin_any.c:54
get_sdb
static Sdb * get_sdb(RzBinFile *bf)
Definition: bin_art.c:60
maps
static RzList * maps(RzBinFile *bf)
Definition: bin_bf.c:116
binsym
static RzBinAddr * binsym(RzBinFile *bf, RzBinSpecialSymbol sym)
Definition: bin_coff.c:47
libs
static RzList * libs(RzBinFile *bf)
Definition: bin_coff.c:379
get_offset
static ut64 get_offset(RzBinFile *bf, int type, int index)
Definition: bin_dex.c:206
entries
RzList * entries(RzBinFile *bf)
Definition: bin_ne.c:98
info
RzBinInfo * info(RzBinFile *bf)
Definition: bin_ne.c:86
symbols
RzList * symbols(RzBinFile *bf)
Definition: bin_ne.c:102
imports
RzList * imports(RzBinFile *bf)
Definition: bin_ne.c:106
sections
RzList * sections(RzBinFile *bf)
Definition: bin_ne.c:110
relocs
RzList * relocs(RzBinFile *bf)
Definition: bin_ne.c:114
get_vaddr
static ut64 get_vaddr(RzBinFile *bf, ut64 baddr, ut64 paddr, ut64 vaddr)
Definition: bin_omf.c:161
create
static RzBuffer * create(RzBin *bin, const ut8 *code, int codelen, const ut8 *data, int datalen, RzBinArchOptions *opt)
Definition: bin_pe.c:41
signature
static char * signature(RzBinFile *bf, bool json)
Definition: bin_pe.c:117
header
static void header(RzBinFile *bf)
Definition: bin_pe.c:351
fields
static RzList * fields(RzBinFile *bf)
Definition: bin_pe.c:132
check_buffer
static bool check_buffer(RzBuffer *b)
Definition: bin_pe.c:8
strings
checking print the parsed form of the magic use in n conjunction with m to debug a new magic file n before installing it n output MIME type strings(--mime-type and\n" " --mime-encoding)\n") OPT('s'
section_flag_to_rzlist
RzList *MACH0_() section_flag_to_rzlist(ut64 flag)
Definition: mach0.c:2378
PE_
#define PE_(name)
Definition: pe_specs.h:23

Definition at line 459 of file bin_pe.c.