Rizin
unix-like reverse engineering framework and cli tools
libc.cpp
Go to the documentation of this file.
1 
6 #include "libc.h"
7 #include <memory>
8 #include <Ntintsafe.h>
9 
10 #pragma warning(push)
11 #pragma warning (disable : 4565)
12 
13 #ifndef _LIBC_POOL_TAG
14 #define _LIBC_POOL_TAG 'colM'
15 #endif
16 
17 // very nice for debug forensics!
18 struct MEMBLOCK
19 {
20  size_t size;
21 #pragma warning(push)
22 #pragma warning (disable : 4200)
23  __declspec(align(MEMORY_ALLOCATION_ALIGNMENT))
24  char data[0];
25 #pragma warning(pop)
26 };
27 
28 EXTERN_C
29 __drv_when(return!=0, __drv_allocatesMem(pBlock))
30 __checkReturn
31 __drv_maxIRQL(DISPATCH_LEVEL)
32 __bcount_opt(size)
33 void*
34 __cdecl malloc(
35  __in size_t size
36  )
37 {
38  /* A specially crafted size value can trigger the overflow.
39  If the sum in a value that overflows or underflows the capacity of the type,
40  the function returns nullptr. */
41  size_t number_of_bytes = 0;
42  if (!NT_SUCCESS(RtlSizeTAdd(size, sizeof(MEMBLOCK), &number_of_bytes))){
43  return nullptr;
44  }
45  MEMBLOCK *pBlock = static_cast<MEMBLOCK*>(
46  ExAllocatePoolWithTag(
47  NonPagedPoolNxCacheAligned,
48  number_of_bytes,
49  _LIBC_POOL_TAG));
50 
51  if (nullptr == pBlock)
52  return nullptr;
53 
54  pBlock->size = size;
55  return pBlock->data;
56 }
57 
58 EXTERN_C
59 __drv_when(return != 0, __drv_allocatesMem(p))
60 __checkReturn
61 __drv_maxIRQL(DISPATCH_LEVEL)
62 __bcount_opt(size * n)
63 void*
64 __cdecl calloc(size_t n, size_t size)
65 {
66  size_t total = n * size;
67  void *p = malloc(total);
68 
69  if (!p) return NULL;
70 
71  return memset(p, 0, total);
72 }
73 
74 EXTERN_C
75 __drv_when(return!=0, __drv_allocatesMem(inblock))
76 __checkReturn
77 __drv_maxIRQL(DISPATCH_LEVEL)
78 __bcount_opt(size)
79 void*
80 __cdecl realloc(
81  __in_opt void* ptr,
82  __in size_t size
83  )
84 {
85  if (!ptr)
86  return malloc(size);
87 
88  std::unique_ptr<unsigned char> inblock = std::unique_ptr<unsigned char>(static_cast<unsigned char*>(ptr));
89 
90  // alloc new block
91  void* mem = malloc(size);
92  if (!mem)
93  return nullptr;
94 
95  // copy from old one, not overflow ..
96  memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data)->size, size));
97  return mem;
98 }
99 
100 EXTERN_C
101 __drv_maxIRQL(DISPATCH_LEVEL)
102 void
103 __cdecl free(
104  __inout_opt __drv_freesMem(Mem) void* ptr
105  )
106 {
107  if (ptr)
108  ExFreePoolWithTag(CONTAINING_RECORD(ptr, MEMBLOCK, data), _LIBC_POOL_TAG);
109 }
110 
111 #pragma warning(pop)
112 
113 __drv_when(return!=0, __drv_allocatesMem(ptr))
114 __checkReturn
115 __drv_maxIRQL(DISPATCH_LEVEL)
116 __bcount_opt(size)
117 void*
118 __cdecl operator new(
119  __in size_t size
120  )
121 {
122  return malloc(size);
123 }
124 
125 __drv_maxIRQL(DISPATCH_LEVEL)
126 void
127 __cdecl operator delete(
128  __inout void* ptr
129  )
130 {
131  free(ptr);
132 }
133 
134 int
135 __cdecl vsnprintf(
136  char *buffer,
137  size_t count,
138  const char *format,
139  va_list argptr
140 )
141 {
142  return vsprintf_s(buffer, count, format, argptr);
143 }
NULL
#define NULL
Definition: cris-opc.c:27
count
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void count
Definition: sflib.h:98
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
size
voidpf void uLong size
Definition: ioapi.h:138
ExAllocatePoolWithTag
ExAllocatePoolWithTag
Definition: kernel.h:18
memset
return memset(p, 0, total)
p
void * p
Definition: libc.cpp:67
vsnprintf
int __cdecl vsnprintf(char *buffer, size_t count, const char *format, va_list argptr)
Definition: libc.cpp:135
__drv_when
EXTERN_C __drv_when(return!=0, __drv_allocatesMem(pBlock)) __checkReturn __drv_maxIRQL(DISPATCH_LEVEL) __bcount_opt(size) void *__cdecl malloc(__in size_t size)
Definition: libc.cpp:29
size
EXTERN_C size_t size
Definition: libc.cpp:65
mem
void * mem
Definition: libc.cpp:91
inblock
std::unique_ptr< unsigned char > inblock
Definition: libc.cpp:88
__drv_maxIRQL
EXTERN_C __drv_maxIRQL(DISPATCH_LEVEL) void __cdecl free(__inout_opt __drv_freesMem(Mem) void *ptr)
Definition: libc.cpp:101
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
_LIBC_POOL_TAG
#define _LIBC_POOL_TAG
Definition: libc.cpp:14
realloc
void * realloc(void *ptr, size_t size)
Definition: malloc.c:144
malloc
void * malloc(size_t size)
Definition: malloc.c:123
calloc
void * calloc(size_t number, size_t size)
Definition: malloc.c:102
n
int n
Definition: mipsasm.c:19
min
#define min(a, b)
Definition: qsort.h:83
MEMBLOCK::__declspec
__declspec(align(MEMORY_ALLOCATION_ALIGNMENT)) char data[0]
MEMBLOCK::size
size_t size
Definition: libc.cpp:20
buffer
Definition: buffer.h:15
NT_SUCCESS
#define NT_SUCCESS(status)
Definition: winapi.h:52