rz-bindgen/doxygen/pemixed_8c_source.html

 // SPDX-FileCopyrightText: 2018 JohnPeng47 <johnpeng47@gmail.com>

 // SPDX-License-Identifier: LGPL-3.0-only


 #include <stdio.h>

 #include "pemixed.h"


 static bool check_il_only(ut32 flags);


 static int rz_bin_pemixed_init(struct rz_bin_pemixed_obj_t *bin, RzBinPEObj *pe_bin) {

     RzBinPEObj *sub_bin_dos;

     RzBinPEObj *sub_bin_native;

     RzBinPEObj *sub_bin_net;


     sub_bin_dos = rz_bin_pemixed_init_dos(pe_bin);

     if (sub_bin_dos) {

         bin->sub_bin_dos = sub_bin_dos;

     }


     sub_bin_native = rz_bin_pemixed_init_native(pe_bin);

     if (sub_bin_native) {

         bin->sub_bin_native = sub_bin_native;

     }

     sub_bin_net = pe_bin;

     bin->sub_bin_net = sub_bin_net;

     return true;

 }


 // carves out dos from original pe

 // TODO: return mz file instead pe

 RzBinPEObj *rz_bin_pemixed_init_dos(RzBinPEObj *pe_bin) {

     ut8 *tmp_buf;


     ut64 pe_hdr_off = pe_bin->dos_header->e_lfanew;


     // idk if this is the most efficient way but could not find a function to read

     // RzBuffer into another RzBuffer

     if (!(tmp_buf = malloc(pe_hdr_off))) {

         return NULL;

     }


     if ((rz_buf_read_at(pe_bin->b, 0, tmp_buf, pe_hdr_off)) == -1) {

         RZ_LOG_ERROR("Cannot read buffer\n");

         return NULL;

     }


     RzBinPEObj *sub_bin_dos = RZ_NEW0(RzBinPEObj);

     if (!(sub_bin_dos->b = rz_buf_new_with_bytes(tmp_buf, pe_hdr_off))) {

         PE_(rz_bin_pe_free)

         (sub_bin_dos);

         return NULL;

     }


     sub_bin_dos->size = pe_hdr_off;

     sub_bin_dos->dos_header = pe_bin->dos_header;


     free(tmp_buf);

     return sub_bin_dos;

 }


 RzBinPEObj *rz_bin_pemixed_init_native(RzBinPEObj *pe_bin) {

     ut8 *zero_out;


     RzBinPEObj *sub_bin_native = RZ_NEW0(RzBinPEObj);

     memcpy(sub_bin_native, pe_bin, sizeof(RzBinPEObj));


     // copy pe_bin->b and assign to sub_bin_native


     // if (!(tmp_buf = malloc (b_size))) {

     //  RZ_LOG_ERROR("bad malloc\n");

     // };


     // if (!(rz_buf_read_at (pe_bin->b, 0, tmp_buf, b_size))) {

     //  free (sub_bin_native);

     //  return NULL;

     // }


     if (!(sub_bin_native->b = rz_buf_new_with_buf(pe_bin->b))) {

         free(sub_bin_native);

         RZ_LOG_ERROR("failed to create new buffer\n");

         return NULL;

     }


     // calculate the dotnet data directory offset

     int dotnet_offset = pe_bin->dos_header->e_lfanew;

     dotnet_offset += sizeof(PE_(image_nt_headers));

     dotnet_offset -= sizeof(PE_(image_data_directory)) * 2;


     if (!(zero_out = (ut8 *)calloc(2, 4 * sizeof(ut8)))) {

         // can't call PE_(rz_bin_pe_free) since this will free the underlying pe_bin

         // object which we may need for later

         // PE_(rz_bin_pe_free) (sub_bin_native);

         rz_buf_free(sub_bin_native->b);

         free(sub_bin_native);

         return NULL;

     }


     if (rz_buf_write_at(sub_bin_native->b, dotnet_offset, zero_out, sizeof(PE_(image_data_directory))) < -1) {

         RZ_LOG_ERROR("Zeroing out dotnet offset failed\n");

         rz_buf_free(sub_bin_native->b);

         free(sub_bin_native);

         free(zero_out);

         return NULL;

     }


     free(zero_out);

     return sub_bin_native;

 }


 // this method should just return the original pe file

 //  RzBinPEObj* rz_bin_pemixed_init_net(RzBinPEObj* pe_bin) {

 //      return pe_bin;

 //  }


 // not sure if this function is nessescary

 RzBinPEObj *rz_bin_pemixed_extract(struct rz_bin_pemixed_obj_t *bin, int sub_bin) {

     if (!bin) {

         return NULL;

     }


     switch (sub_bin) {

     case SUB_BIN_DOS:

         return bin->sub_bin_dos;

     case SUB_BIN_NATIVE:

         return bin->sub_bin_native;

     case SUB_BIN_NET:

         return bin->sub_bin_net;

     }

     return NULL;

 }


 // if IL only bit is set; if true then it is pure .NET binary with no unmanaged code

 static bool check_il_only(ut32 flag) {

     ut32 check_mask = 1;

     return flag & check_mask;

 }


 void *rz_bin_pemixed_free(struct rz_bin_pemixed_obj_t *bin) {

     if (!bin) {

         return NULL;

     }

     // only one free is nessescary since they all point

     // to the same original pe struct

     // possible memleak here

     PE_(rz_bin_pe_free)

     (bin->sub_bin_net);

     if (bin->sub_bin_dos) {

         rz_buf_free(bin->sub_bin_dos->b); // dos is the only one with its own buf

     }

     free(bin->sub_bin_dos);

     free(bin->sub_bin_native);


     // PE_(rz_bin_pe_free)(bin->sub_bin_native);

     // PE_(rz_bin_pe_free)(bin->sub_bin_net);

     rz_buf_free(bin->b);

     RZ_FREE(bin);

     return NULL;

 }


 struct rz_bin_pemixed_obj_t *rz_bin_pemixed_from_bytes_new(const ut8 *buf, ut64 size) {

     struct rz_bin_pemixed_obj_t *bin = RZ_NEW0(struct rz_bin_pemixed_obj_t);

     RzBinPEObj *pe_bin;

     if (!bin || !buf) {

         return rz_bin_pemixed_free(bin);

     }

     bin->b = rz_buf_new_with_bytes(buf, size);

     if (!bin->b) {

         return rz_bin_pemixed_free(bin);

     }

     bin->size = size;

     pe_bin = PE_(rz_bin_pe_new_buf)(bin->b, true);

     if (!pe_bin) {

         PE_(rz_bin_pe_free)

         (pe_bin);

         return rz_bin_pemixed_free(bin);

     }

     if (!pe_bin->clr || !pe_bin->clr->header) {

         PE_(rz_bin_pe_free)

         (pe_bin);

         return rz_bin_pemixed_free(bin);

     }

     // check if binary only contains managed code

     // check implemented here cuz we need to intialize

     // the pe header to access the clr hdr

     if (check_il_only(pe_bin->clr->header->Flags)) {

         PE_(rz_bin_pe_free)

         (pe_bin);

         return rz_bin_pemixed_free(bin);

     }

     if (!rz_bin_pemixed_init(bin, pe_bin)) {

         PE_(rz_bin_pe_free)

         (pe_bin);

         return rz_bin_pemixed_free(bin);

     }

     return bin;

 }

NULL
#define NULL
Definition: cris-opc.c:27

ut32
uint32_t ut32
Definition: demangler_util.h:31

free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130

size
voidpf void uLong size
Definition: ioapi.h:138

buf
voidpf void * buf
Definition: ioapi.h:138

ut8
uint8_t ut8
Definition: lh5801.h:11

memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))

malloc
void * malloc(size_t size)
Definition: malloc.c:123

calloc
void * calloc(size_t number, size_t size)
Definition: malloc.c:102

rz_bin_pe_free
void *PE_() rz_bin_pe_free(RzBinPEObj *bin)
Definition: pe.c:88

rz_bin_pe_new_buf
RzBinPEObj *PE_() rz_bin_pe_new_buf(RzBuffer *buf, bool verbose)
Definition: pe.c:116

RzBinPEObj
#define RzBinPEObj
Definition: pe.h:126

PE_
#define PE_(name)
Definition: pe_specs.h:23

rz_bin_pemixed_from_bytes_new
struct rz_bin_pemixed_obj_t * rz_bin_pemixed_from_bytes_new(const ut8 *buf, ut64 size)
Definition: pemixed.c:159

rz_bin_pemixed_extract
RzBinPEObj * rz_bin_pemixed_extract(struct rz_bin_pemixed_obj_t *bin, int sub_bin)
Definition: pemixed.c:115

check_il_only
static bool check_il_only(ut32 flags)
Definition: pemixed.c:132

rz_bin_pemixed_init_dos
RzBinPEObj * rz_bin_pemixed_init_dos(RzBinPEObj *pe_bin)
Definition: pemixed.c:30

rz_bin_pemixed_free
void * rz_bin_pemixed_free(struct rz_bin_pemixed_obj_t *bin)
Definition: pemixed.c:137

rz_bin_pemixed_init
static int rz_bin_pemixed_init(struct rz_bin_pemixed_obj_t *bin, RzBinPEObj *pe_bin)
Definition: pemixed.c:9

rz_bin_pemixed_init_native
RzBinPEObj * rz_bin_pemixed_init_native(RzBinPEObj *pe_bin)
Definition: pemixed.c:60

pemixed.h

SUB_BIN_NATIVE
#define SUB_BIN_NATIVE
Definition: pemixed.h:8

SUB_BIN_DOS
#define SUB_BIN_DOS
Definition: pemixed.h:7

SUB_BIN_NET
#define SUB_BIN_NET
Definition: pemixed.h:9

rz_buf_write_at
RZ_API st64 rz_buf_write_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL const ut8 *buf, ut64 len)
Write len bytes of the buffer at the specified address.
Definition: buf.c:1197

rz_buf_new_with_buf
RZ_API RZ_OWN RzBuffer * rz_buf_new_with_buf(RzBuffer *b)
Creates a new buffer from a source buffer.
Definition: buf.c:448

rz_buf_read_at
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
Definition: buf.c:1136

rz_buf_free
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
Definition: buf.c:1253

rz_buf_new_with_bytes
RZ_API RZ_OWN RzBuffer * rz_buf_new_with_bytes(RZ_NULLABLE RZ_BORROW const ut8 *bytes, ut64 len)
Creates a new buffer with a bytes array.
Definition: buf.c:465

RZ_LOG_ERROR
#define RZ_LOG_ERROR(fmtstr,...)
Definition: rz_log.h:58

RZ_NEW0
#define RZ_NEW0(x)
Definition: rz_types.h:284

RZ_FREE
#define RZ_FREE(x)
Definition: rz_types.h:369

flags
static struct sockaddr static addrlen static backlog const void static flags void flags
Definition: sfsocketcall.h:123

bin
Definition: malloc.c:26

rz_bin_pemixed_obj_t
Definition: pemixed.h:14

ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()