From a285c8106d9a17d99af47c75a123ae1ecad71d4b Mon Sep 17 00:00:00 2001 From: vipon Date: Thu, 6 Jul 2023 23:57:51 +0200 Subject: [PATCH] Update binParser tool. Allow to parse pe binary format on every platform. issue: #35 --- .vscode/settings.json | 3 +- README.md | 2 - cTools/libs/binPrinter/binPrinter.c | 26 +++-- cTools/libs/binPrinter/binPrinter.h | 14 +++ .../libs/binPrinter/pePrinter/CMakeLists.txt | 1 + .../libs/binPrinter/pePrinter/pe64Printer.h | 18 +++- .../binPrinter/pePrinter/pe64PrinterHeaders.c | 3 +- .../binPrinter/pePrinter/pe64PrinterImports.c | 2 - cTools/tools/binParser/README.md | 27 +++--- cTools/tools/binParser/binParser.c | 96 +++++++++++++++++++ 10 files changed, 165 insertions(+), 27 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index f9dedb2..4ce1f4a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -104,7 +104,8 @@ "fatmacho64dynmod.h": "c", "binparse.h": "c", "elf32dynmod.h": "c", - "arch.h": "c" + "arch.h": "c", + "pe64parse.h": "c" }, "C_Cpp.errorSquiggles": "enabled", diff --git a/README.md b/README.md index 42fc9d9..6ba995a 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,7 @@ git clone -c core.symlinks=true https://github.com/Vipon/viponTools ## Setup environment ### Windows Scripts bellow will automatically download and install at least: -* python3, ninja, vscode, cmake, ccache, visual studio ``` -cd batch setup.bat ``` diff --git a/cTools/libs/binPrinter/binPrinter.c b/cTools/libs/binPrinter/binPrinter.c index 85a217b..af85078 100644 --- a/cTools/libs/binPrinter/binPrinter.c +++ b/cTools/libs/binPrinter/binPrinter.c @@ -24,6 +24,7 @@ #include "binParse.h" #include "binPrinter.h" +#include "pe64Printer.h" #include "macho64Printer.h" #include "fatMacho64Printer.h" @@ -35,13 +36,21 @@ BinPrinter binPrinter = {}; binPrinter.printSections = (BinPrintSections)&(type ## PrintSections); \ binPrinter.printSegments = (BinPrintSegments)&(type ## PrintSegments); -#define INIT_MACHO_PRINT_FUN(type) \ +#define INIT_MACHO_PRINT_FUNC(type) \ binPrinter.macho.printFuncStarts = (BinPrintFuncStarts)&(type ## PrintFuncStarts); \ binPrinter.macho.printLComs = (BinPrintLComs)&(type ## PrintLComs); -#define INIT_FAT_MACHO_PRINT_FUN(type) \ +#define INIT_FAT_MACHO_PRINT_FUNC(type) \ binPrinter.fatMacho.printFatHeader = (BinPrintFatHeader)&(type ## PrintHeader); +#define INIT_PE_PRINT_FUNC(type) \ + binPrinter.pe.printDosHeader = (BinPrintDosHeader)&(type ## PrintDosHeader); \ + binPrinter.pe.printFileHeader = (BinPrintFileHeader)&(type ## PrintFileHeader); \ + binPrinter.pe.printOptHeader = (BinPrintOptHeader)&(type ## PrintOptHeader); \ + binPrinter.pe.printImports = (BinPrintImports)&(type ## PrintImports); \ + binPrinter.pe.printDelayImports = (BinPrintOptHeader)&(type ## PrintDelayImports); \ + binPrinter.pe.printExports = (BinPrintExports)&(type ## PrintExports); + int initBinPrinter(const char *fn) { if (initBinParser(fn)) { @@ -51,20 +60,21 @@ int initBinPrinter(const char *fn) switch(binParser.type) { case MACHO64: INIT_BIN_PRINTER(macho64); - INIT_MACHO_PRINT_FUN(macho64); + INIT_MACHO_PRINT_FUNC(macho64); break; case FATMACHO64: INIT_BIN_PRINTER(fatMacho64); - INIT_MACHO_PRINT_FUN(fatMacho64); - INIT_FAT_MACHO_PRINT_FUN(fatMacho64); + INIT_MACHO_PRINT_FUNC(fatMacho64); + INIT_FAT_MACHO_PRINT_FUNC(fatMacho64); + break; + case PE64: + INIT_BIN_PRINTER(pe64); + INIT_PE_PRINT_FUNC(pe64); break; /* case ELF64: INIT_BIN_PRINTER(elf64); break; - case PE64: - INIT_BIN_PRINTER(pe64); - break; case ELF32: INIT_BIN_PRINTER(elf32); break; diff --git a/cTools/libs/binPrinter/binPrinter.h b/cTools/libs/binPrinter/binPrinter.h index d519173..d7d50ce 100644 --- a/cTools/libs/binPrinter/binPrinter.h +++ b/cTools/libs/binPrinter/binPrinter.h @@ -33,6 +33,12 @@ typedef void (*BinPrintSegments)(const BinFilePtr bin); typedef void (*BinPrintFuncStarts)(const BinFilePtr bin); typedef void (*BinPrintLComs)(const BinFilePtr bin); typedef void (*BinPrintFatHeader)(const BinFilePtr bin); +typedef void (*BinPrintDosHeader)(const BinFilePtr bin); +typedef void (*BinPrintFileHeader)(const BinFilePtr bin); +typedef void (*BinPrintOptHeader)(const BinFilePtr bin); +typedef void (*BinPrintImports)(const BinFilePtr bin); +typedef void (*BinPrintDelayImports)(const BinFilePtr bin); +typedef void (*BinPrintExports)(const BinFilePtr bin); typedef struct { BinPrintHeader printHeader; @@ -46,6 +52,14 @@ typedef struct { struct { BinPrintFatHeader printFatHeader; } fatMacho; + struct { + BinPrintDosHeader printDosHeader; + BinPrintFileHeader printFileHeader; + BinPrintOptHeader printOptHeader; + BinPrintImports printImports; + BinPrintDelayImports printDelayImports; + BinPrintExports printExports; + } pe; } BinPrinter; #ifdef BIN_PRINTER_SHARED_LIB diff --git a/cTools/libs/binPrinter/pePrinter/CMakeLists.txt b/cTools/libs/binPrinter/pePrinter/CMakeLists.txt index d2c45f8..f8f5fa0 100644 --- a/cTools/libs/binPrinter/pePrinter/CMakeLists.txt +++ b/cTools/libs/binPrinter/pePrinter/CMakeLists.txt @@ -26,6 +26,7 @@ set(PE64_PRINTER_SOURSES pe64PrinterSymbols.c pe64PrinterImports.c pe64PrinterDelayImports.c + pe64PrinterExports.c ) set(PE64_PRINTER_HEADERS diff --git a/cTools/libs/binPrinter/pePrinter/pe64Printer.h b/cTools/libs/binPrinter/pePrinter/pe64Printer.h index 45d6f83..551d3fd 100644 --- a/cTools/libs/binPrinter/pePrinter/pe64Printer.h +++ b/cTools/libs/binPrinter/pePrinter/pe64Printer.h @@ -25,6 +25,7 @@ #ifndef __PE64_PRINTER_H #define __PE64_PRINTER_H +#include "comdef.h" #include "pe64Parse.h" EXPORT_FUNC @@ -38,6 +39,11 @@ void pe64PrintOptHeader(const PE64File *pe); EXPORT_FUNC void pe64PrintNtHeader(const PE64File *pe); +static INLINE +void pe64PrintHeader(const PE64File *pe) +{ + pe64PrintNtHeader(pe); +} EXPORT_FUNC void pe64PrintDataDir(const DataDir *dataDir); @@ -50,22 +56,30 @@ void pe64PrintSection(const PE64File *pe, const PESection *sect); EXPORT_FUNC void pe64PrintSections(const PE64File *pe); +static INLINE +void pe64PrintSegments(const PE64File *pe) +{ + pe64PrintSections(pe); +} +/*** + * Import Name Table +*/ EXPORT_FUNC void pe64PrintINT(const PE64File *pe, ThunkData64 *INT); EXPORT_FUNC void pe64PrintImport(const PE64File *pe, const PEImport* import); - EXPORT_FUNC void pe64PrintImports(const PE64File *pe); EXPORT_FUNC void pe64PrintDelayImport(const PE64File *pe, const PEDelimp *delimp); - EXPORT_FUNC void pe64PrintDelayImports(const PE64File *pe); +EXPORT_FUNC +void pe64PrintExport(const PE64File *pe, const PEExport *exp); EXPORT_FUNC void pe64PrintExports(const PE64File *pe); diff --git a/cTools/libs/binPrinter/pePrinter/pe64PrinterHeaders.c b/cTools/libs/binPrinter/pePrinter/pe64PrinterHeaders.c index 257860b..8624e6f 100644 --- a/cTools/libs/binPrinter/pePrinter/pe64PrinterHeaders.c +++ b/cTools/libs/binPrinter/pePrinter/pe64PrinterHeaders.c @@ -731,7 +731,8 @@ void pe64PrintNtHeader(const PE64File *pe) pe64PrintNTMagic(pe->ntHeader); NEW_LINE; pe64PrintFileHeader(pe); - pe64PrintOptHeader(pe); + if (pe->type != PE64_OBJ) + pe64PrintOptHeader(pe); NEW_LINE; } diff --git a/cTools/libs/binPrinter/pePrinter/pe64PrinterImports.c b/cTools/libs/binPrinter/pePrinter/pe64PrinterImports.c index 5ee11ba..6bd7b6c 100644 --- a/cTools/libs/binPrinter/pePrinter/pe64PrinterImports.c +++ b/cTools/libs/binPrinter/pePrinter/pe64PrinterImports.c @@ -130,8 +130,6 @@ void pe64PrintImport(const PE64File *pe, const PEImport *import) uint64_t AddressOfData = INT->u1.AddressOfData; if (AddressOfData) { - - pe64PrintINT(pe, INT); NEW_LINE; } else { diff --git a/cTools/tools/binParser/README.md b/cTools/tools/binParser/README.md index e391efd..7803536 100644 --- a/cTools/tools/binParser/README.md +++ b/cTools/tools/binParser/README.md @@ -7,20 +7,25 @@ The followed table shows support platforms and binary formats. macho files forma | | MacOsX | Win | Linux | |-------|:------:|:---:|:-----:| |macho64| X | X | X | -|elf64 | X | X | X | +|elf64 | - | - | - | |PE64 | X | X | X | ## Command Line Arguments -| Short Arg | Long Arg | Description | -|----------:|:--------------|:------------| -| -h | --header | print all headers | -| -s | --symbols | print all symbols | -| -S | --sections | print all section | -| | --segments | print all segments | -| | --func-starts | macho: print info about function starts | -| -l | --lcom | macho: print load commands | -| | --fat-header | macho: print fat header information if it's | -| -m | --mcpu | set up cpu type for parser, used for fat binaries | +| Short Arg | Long Arg | Description | +|----------:|:----------------|:------------| +| -h | --header | print all headers | +| -s | --symbols | print all symbols | +| -S | --sections | print all section | +| | --segments | print all segments | +| | --func-starts | macho: print info about function starts | +| -l | --lcom | macho: print load commands | +| | --fat-header | macho: print fat header information if it's | +| -m | --mcpu | set up cpu type for parser, used for fat binaries | +| | --dos-header | pe: print dos header | +| -d | --delay-imports | pe: print delay imports | +| -e | --exports | pe: print exports | +| | --file-header | pe: print file header | +| | --opt-header | pe: print opt header | ## Examples ### Print aarch64 symbols of fat macho64 diff --git a/cTools/tools/binParser/binParser.c b/cTools/tools/binParser/binParser.c index 7d83c70..44530ea 100644 --- a/cTools/tools/binParser/binParser.c +++ b/cTools/tools/binParser/binParser.c @@ -46,6 +46,12 @@ typedef enum { FAT_HEADER, FUNC_STARTS, LCOMS, + DOS_HEADER, + FILE_HEADER, + OPT_HEADER, + IMPORTS, + DELAY_IMPORTS, + EXPORTS, NUM_FLAGS } BinParserOpt; @@ -100,6 +106,48 @@ void printLComs(const char *arg) flags[LCOMS] = true; } +static +void printDosHeader(const char *arg) +{ + UNUSED(arg); + flags[DOS_HEADER] = true; +} + +static +void printFileHeader(const char *arg) +{ + UNUSED(arg); + flags[FILE_HEADER] = true; +} + +static +void printOptHeader(const char *arg) +{ + UNUSED(arg); + flags[OPT_HEADER] = true; +} + +static +void printImports(const char *arg) +{ + UNUSED(arg); + flags[IMPORTS] = true; +} + +static +void printDelayImports(const char *arg) +{ + UNUSED(arg); + flags[DELAY_IMPORTS] = true; +} + +static +void printExports(const char *arg) +{ + UNUSED(arg); + flags[EXPORTS] = true; +} + static Arch getArchByName(const char* arch) { @@ -180,6 +228,36 @@ int main(int argc, char *argv[]) , .flags = OPTION_ARG_OPTIONAL , .doc = "set up cpu type for parser" ); + ADD_ARG(printDosHeader, .name = "dos-header" + , .key = 153 + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print dos header" + ); + ADD_ARG(printFileHeader, .name = "file-header" + , .key = 154 + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print file header" + ); + ADD_ARG(printOptHeader, .name = "opt-header" + , .key = 155 + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print opt header" + ); + ADD_ARG(printImports, .name = "imports" + , .key = 'i' + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print imports" + ); + ADD_ARG(printDelayImports, .name = "delay-imports" + , .key = 'd' + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print delay imports" + ); + ADD_ARG(printExports, .name = "exports" + , .key = 'e' + , .flags = OPTION_ARG_OPTIONAL + , .doc = "pe: print exports" + ); ARG_PARSE(argc, argv); setupBinPrinterArch(binParserArch); @@ -204,6 +282,24 @@ int main(int argc, char *argv[]) if (flags[LCOMS]) { binPrinter.macho.printLComs(binParser.bin); } + if (flags[DOS_HEADER]) { + binPrinter.pe.printDosHeader(binParser.bin); + } + if (flags[FILE_HEADER]) { + binPrinter.pe.printFileHeader(binParser.bin); + } + if (flags[OPT_HEADER]) { + binPrinter.pe.printOptHeader(binParser.bin); + } + if (flags[IMPORTS]) { + binPrinter.pe.printImports(binParser.bin); + } + if (flags[DELAY_IMPORTS]) { + binPrinter.pe.printDelayImports(binParser.bin); + } + if (flags[EXPORTS]) { + binPrinter.pe.printExports(binParser.bin); + } finiBinPrinter(); }