Rizin
unix-like reverse engineering framework and cli tools
common_winkd.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2022 GustavoLCR <gugulcr@gmail.com>
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 #include "common_winkd.h"
5 #include <bin/pdb/pdb_downloader.h>
6 
7 void winkd_build_profile(WindCtx *ctx, RzTypeDB *db) {
8  ctx->profile = RZ_NEW0(Profile);
9  if (!ctx->profile) {
10  return;
11  }
12 #define O_(n) ctx->profile->f[n]
13  O_(E_ActiveProcessLinks) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ActiveProcessLinks");
14  O_(E_UniqueProcessId) = rz_type_db_struct_member_offset(db, "_EPROCESS", "UniqueProcessId");
15  O_(E_Peb) = rz_type_db_struct_member_offset(db, "_EPROCESS", "Peb");
16  O_(E_ImageFileName) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ImageFileName");
17  O_(E_VadRoot) = rz_type_db_struct_member_offset(db, "_EPROCESS", "VadRoot");
18  O_(E_ThreadListHead) = rz_type_db_struct_member_offset(db, "_EPROCESS", "ThreadListHead");
19  O_(K_DirectoryTableBase) = rz_type_db_struct_member_offset(db, "_KPROCESS", "DirectoryTableBase");
20  O_(P_ImageBaseAddress) = rz_type_db_struct_member_offset(db, "_PEB", "ImageBaseAddress");
21  O_(P_ProcessParameters) = rz_type_db_struct_member_offset(db, "_PEB", "ProcessParameters");
22  O_(RZ_ImagePathName) = rz_type_db_struct_member_offset(db, "_RTL_USER_PROCESS_PARAMETERS", "ImagePathName");
23  O_(ET_ThreadListEntry) = rz_type_db_struct_member_offset(db, "_ETHREAD", "ThreadListEntry");
24  O_(ET_Win32StartAddress) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Win32StartAddress");
25  O_(ET_Cid) = rz_type_db_struct_member_offset(db, "_ETHREAD", "Cid");
26  O_(C_UniqueThread) = rz_type_db_struct_member_offset(db, "_CLIENT_ID", "UniqueThread");
27  RZ_LOG_VERBOSE("_EPROCESS.ActiveProcessLinks: 0x%" PFMT32x "\n", O_(E_ActiveProcessLinks));
28  RZ_LOG_VERBOSE("_EPROCESS.UniqueProcessId: 0x%" PFMT32x "\n", O_(E_UniqueProcessId));
29  RZ_LOG_VERBOSE("_EPROCESS.Peb: 0x%" PFMT32x "\n", O_(E_Peb));
30  RZ_LOG_VERBOSE("_EPROCESS.ImageFileName: 0x%" PFMT32x "\n", O_(E_ImageFileName));
31  RZ_LOG_VERBOSE("_EPROCESS.VadRoot: 0x%" PFMT32x "\n", O_(E_VadRoot));
32  RZ_LOG_VERBOSE("_EPROCESS.ThreadListHead: 0x%" PFMT32x "\n", O_(E_ThreadListHead));
33  RZ_LOG_VERBOSE("_KPROCESS.DirectoryTableBase: 0x%" PFMT32x "\n", O_(K_DirectoryTableBase));
34  RZ_LOG_VERBOSE("_PEB.ImageBaseAddress: 0x%" PFMT32x "\n", O_(P_ImageBaseAddress));
35  RZ_LOG_VERBOSE("_PEB.ProcessParameters: 0x%" PFMT32x "\n", O_(P_ProcessParameters));
36  RZ_LOG_VERBOSE("_RTL_USER_PROCESS_PARAMETERS.ImagePathName: 0x%" PFMT32x "\n", O_(RZ_ImagePathName));
37  RZ_LOG_VERBOSE("_ETHREAD.ThreadListEntry: 0x%" PFMT32x "\n", O_(ET_ThreadListEntry));
38  RZ_LOG_VERBOSE("_ETHREAD.Win32StartAddress: 0x%" PFMT32x "\n", O_(ET_Win32StartAddress));
39  RZ_LOG_VERBOSE("_ETHREAD.Cid: 0x%" PFMT32x "\n", O_(ET_Cid));
40  RZ_LOG_VERBOSE("_CLIENT_ID.UniqueThread: 0x%" PFMT32x "\n", O_(C_UniqueThread));
41 #undef O_
42 }
43 
44 static char *download_pdb(const char *path, const char *symserver, const char *symstore) {
45  PJ *pj = pj_new();
46  if (!pj) {
47  return NULL;
48  }
49  RzBin *bin = NULL;
50  RzIO *io = rz_io_new();
51  if (!io) {
52  goto end;
53  }
54  bin = rz_bin_new();
55  if (!bin) {
56  goto end;
57  }
58  rz_io_bind(io, &bin->iob);
59 
60  RzBinOptions opt = { 0 };
61  bin->filter_rules = RZ_BIN_REQ_INFO;
62  if (!rz_bin_open(bin, path, &opt)) {
63  goto end;
64  }
65  pj_o(pj);
66  SPDBOptions opts = { .extract = 1, .symbol_server = symserver, .symbol_store_path = symstore };
67  rz_bin_pdb_download(bin, pj, true, &opts);
68  pj_end(pj);
69 end:
70  rz_bin_free(bin);
71  rz_io_free(io);
72  return pj_drain(pj);
73 }
74 
75 bool winkd_download_module_and_pdb(WindModule *module, const char *symserver, const char *symstore, char **exepath, char **pdbpath) {
76  if (exepath) {
77  *exepath = NULL;
78  }
79  if (pdbpath) {
80  *pdbpath = NULL;
81  }
82  char *sum = rz_str_newf("%08" PFMT32x "%" PFMT32x, module->timestamp, module->size);
83  const char *file = rz_str_rchr(module->name, NULL, '\\') + 1;
84  RZ_LOG_INFO("Downloading module and pdb for '%s'\n", file);
85  SPDBDownloaderOpt opts = {
86  .dbg_file = file, .extract = true, .guid = sum, .symbol_server = symserver, .symbol_store_path = symstore
87  };
88  char *executable = rz_bin_symserver_download(&opts);
89  free(sum);
90  if (!executable) {
91  return false;
92  }
93  char *res = download_pdb(executable, symserver, symstore);
94  if (exepath) {
95  *exepath = executable;
96  } else {
97  free(executable);
98  }
99  RzJson *json = rz_json_parse(res);
100  if (!json) {
101  return false;
102  }
103  const RzJson *pdb = rz_json_get(json, "pdb");
104  if (!pdb) {
105  return false;
106  }
107  const RzJson *ppath = rz_json_get(pdb, "path");
108  if (!ppath) {
109  return false;
110  }
111  if (pdbpath) {
112  *pdbpath = strdup(ppath->str_value);
113  }
114  rz_json_free(json);
115  free(res);
116  return true;
117 }
PFMT32x
#define PFMT32x
Definition: analysis_ppc_cs.c:28
rz_bin_new
RZ_API RzBin * rz_bin_new(void)
Definition: bin.c:716
rz_bin_open
RZ_API RzBinFile * rz_bin_open(RzBin *bin, const char *file, RzBinOptions *opt)
Definition: bin.c:200
rz_bin_free
RZ_API void rz_bin_free(RzBin *bin)
Definition: bin.c:440
winkd_build_profile
void winkd_build_profile(WindCtx *ctx, RzTypeDB *db)
Definition: common_winkd.c:7
O_
#define O_(n)
winkd_download_module_and_pdb
bool winkd_download_module_and_pdb(WindModule *module, const char *symserver, const char *symstore, char **exepath, char **pdbpath)
Definition: common_winkd.c:75
download_pdb
static char * download_pdb(const char *path, const char *symserver, const char *symstore)
Definition: common_winkd.c:44
common_winkd.h
NULL
#define NULL
Definition: cris-opc.c:27
path
static static fork const void static count static fd const char const char static newpath const char static path const char path
Definition: sflib.h:35
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
test_evm.end
end
Definition: test_evm.py:20
rz_bin_symserver_download
RZ_API RZ_OWN char * rz_bin_symserver_download(RZ_NONNULL const SPDBDownloaderOpt *options)
downloads file from symbol server
Definition: pdb_downloader.c:219
rz_bin_pdb_download
RZ_API int rz_bin_pdb_download(RZ_NONNULL RzBin *bin, RZ_NULLABLE PJ *pj, int isradjson, RZ_NONNULL SPDBOptions *options)
Download PDB file for currently opened RzBin file.
Definition: pdb_downloader.c:171
pdb_downloader.h
RZ_BIN_REQ_INFO
#define RZ_BIN_REQ_INFO
Definition: rz_bin.h:49
rz_io_free
RZ_API void rz_io_free(RzIO *io)
Definition: io.c:126
rz_io_bind
RZ_API void rz_io_bind(RzIO *io, RzIOBind *bnd)
Definition: io.c:550
rz_io_new
RZ_API RzIO * rz_io_new(void)
Definition: io.c:110
rz_json_get
RZ_API const RzJson * rz_json_get(const RzJson *json, const char *key)
Definition: json_parser.c:405
rz_json_parse
RZ_API RzJson * rz_json_parse(char *text)
Definition: json_parser.c:382
rz_json_free
RZ_API void rz_json_free(RzJson *js)
Definition: json_parser.c:45
RZ_LOG_VERBOSE
#define RZ_LOG_VERBOSE(fmtstr,...)
Definition: rz_log.h:52
RZ_LOG_INFO
#define RZ_LOG_INFO(fmtstr,...)
Definition: rz_log.h:54
pj_new
RZ_API PJ * pj_new(void)
Definition: pj.c:25
pj_drain
RZ_API char * pj_drain(PJ *j)
Definition: pj.c:50
pj_end
RZ_API PJ * pj_end(PJ *j)
Definition: pj.c:87
pj_o
RZ_API PJ * pj_o(PJ *j)
Definition: pj.c:75
rz_str_newf
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
rz_str_rchr
RZ_API const char * rz_str_rchr(const char *base, const char *p, int ch)
Definition: str.c:829
RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284
Profile
Definition: winkd.h:68
SPDBDownloaderOpt::dbg_file
const char * dbg_file
Definition: pdb_downloader.h:22
_WindCtx
Definition: winkd.h:79
bin
Definition: malloc.c:26
file
Definition: gzappend.c:170
module
Definition: sftypes.h:77
pj_t
Definition: rz_pj.h:12
rz_bin_t
Definition: rz_bin.h:328
rz_io_t
Definition: rz_io.h:59
rz_json_t
Definition: rz_json.h:38
rz_json_t::str_value
const char * str_value
Definition: rz_json.h:42
rz_type_db_t
Definition: rz_type.h:31
rz_type_db_struct_member_offset
RZ_API ut64 rz_type_db_struct_member_offset(RZ_NONNULL const RzTypeDB *typedb, RZ_NONNULL const char *name, RZ_NONNULL const char *member)
Returns the offset in bytes of the structure member if there is a match.
Definition: path.c:269
P_ProcessParameters
@ P_ProcessParameters
Definition: winkd.h:58
C_UniqueThread
@ C_UniqueThread
Definition: winkd.h:64
E_Peb
@ E_Peb
Definition: winkd.h:52
E_UniqueProcessId
@ E_UniqueProcessId
Definition: winkd.h:51
ET_Win32StartAddress
@ ET_Win32StartAddress
Definition: winkd.h:62
E_ActiveProcessLinks
@ E_ActiveProcessLinks
Definition: winkd.h:50
K_DirectoryTableBase
@ K_DirectoryTableBase
Definition: winkd.h:56
ET_Cid
@ ET_Cid
Definition: winkd.h:63
E_VadRoot
@ E_VadRoot
Definition: winkd.h:54
RZ_ImagePathName
@ RZ_ImagePathName
Definition: winkd.h:59
E_ImageFileName
@ E_ImageFileName
Definition: winkd.h:53
ET_ThreadListEntry
@ ET_ThreadListEntry
Definition: winkd.h:61
E_ThreadListHead
@ E_ThreadListHead
Definition: winkd.h:55
P_ImageBaseAddress
@ P_ImageBaseAddress
Definition: winkd.h:57
file
static int file
Definition: z80asm.c:58