3 * Written by Jan Roeloffzen
5 * - Image functions for symbol info
15 #include "log2lines.h"
17 static PIMAGE_SECTION_HEADER
18 find_rossym_section(PIMAGE_FILE_HEADER PEFileHeader
, PIMAGE_SECTION_HEADER PESectionHeaders
)
21 for (i
= 0; i
< PEFileHeader
->NumberOfSections
; i
++)
23 if (0 == strcmp((char *)PESectionHeaders
[i
].Name
, ".rossym"))
24 return &PESectionHeaders
[i
];
30 fixup_offset(size_t ImageBase
, size_t offset
)
32 if (offset
> ABS_TRESHOLD
)
38 find_offset(void *data
, size_t offset
)
40 PSYMBOLFILE_HEADER RosSymHeader
= (PSYMBOLFILE_HEADER
)data
;
41 PROSSYM_ENTRY Entries
= (PROSSYM_ENTRY
)((char *)data
+ RosSymHeader
->SymbolsOffset
);
42 size_t symbols
= RosSymHeader
->SymbolsLength
/ sizeof(ROSSYM_ENTRY
);
45 for (i
= 0; i
< symbols
; i
++)
47 if (Entries
[i
].Address
> offset
)
59 get_sectionheader(const void *FileData
)
61 PIMAGE_DOS_HEADER PEDosHeader
;
62 PIMAGE_FILE_HEADER PEFileHeader
;
63 PIMAGE_OPTIONAL_HEADER PEOptHeader
;
64 PIMAGE_SECTION_HEADER PESectionHeaders
;
65 PIMAGE_SECTION_HEADER PERosSymSectionHeader
;
68 /* Check if MZ header exists */
69 PEDosHeader
= (PIMAGE_DOS_HEADER
)FileData
;
70 if (PEDosHeader
->e_magic
!= IMAGE_DOS_MAGIC
|| PEDosHeader
->e_lfanew
== 0L)
72 l2l_dbg(0, "Input file is not a PE image.\n");
77 /* Locate PE file header */
78 /* sizeof(ULONG) = sizeof(MAGIC) */
79 PEFileHeader
= (PIMAGE_FILE_HEADER
)((char *)FileData
+ PEDosHeader
->e_lfanew
+ sizeof(ULONG
));
81 /* Locate optional header */
82 PEOptHeader
= (PIMAGE_OPTIONAL_HEADER
)(PEFileHeader
+ 1);
83 ImageBase
= PEOptHeader
->ImageBase
;
85 /* Locate PE section headers */
86 PESectionHeaders
= (PIMAGE_SECTION_HEADER
)((char *)PEOptHeader
+ PEFileHeader
->SizeOfOptionalHeader
);
88 /* find rossym section */
89 PERosSymSectionHeader
= find_rossym_section(PEFileHeader
, PESectionHeaders
);
90 if (!PERosSymSectionHeader
)
92 l2l_dbg(0, "Couldn't find rossym section in executable\n");
97 return PERosSymSectionHeader
;
101 get_ImageBase(char *fname
, size_t *ImageBase
)
103 IMAGE_DOS_HEADER PEDosHeader
;
104 IMAGE_FILE_HEADER PEFileHeader
;
105 IMAGE_OPTIONAL_HEADER PEOptHeader
;
111 *ImageBase
= INVALID_BASE
;
112 fr
= fopen(fname
, "rb");
115 l2l_dbg(3, "get_ImageBase, cannot open '%s' (%s)\n", fname
, strerror(errno
));
119 readLen
= fread(&PEDosHeader
, sizeof(IMAGE_DOS_HEADER
), 1, fr
);
122 l2l_dbg(1, "get_ImageBase %s, read error IMAGE_DOS_HEADER (%s)\n", fname
, strerror(errno
));
127 /* Check if MZ header exists */
128 if (PEDosHeader
.e_magic
!= IMAGE_DOS_MAGIC
|| PEDosHeader
.e_lfanew
== 0L)
130 l2l_dbg(2, "get_ImageBase %s, MZ header missing\n", fname
);
135 /* Locate PE file header */
136 res
= fseek(fr
, PEDosHeader
.e_lfanew
+ sizeof(ULONG
), SEEK_SET
);
137 readLen
= fread(&PEFileHeader
, sizeof(IMAGE_FILE_HEADER
), 1, fr
);
140 l2l_dbg(1, "get_ImageBase %s, read error IMAGE_FILE_HEADER (%s)\n", fname
, strerror(errno
));
145 /* Locate optional header */
146 readLen
= fread(&PEOptHeader
, sizeof(IMAGE_OPTIONAL_HEADER
), 1, fr
);
149 l2l_dbg(1, "get_ImageBase %s, read error IMAGE_OPTIONAL_HEADER (%s)\n", fname
, strerror(errno
));
154 /* Check if it's really an IMAGE_OPTIONAL_HEADER we are interested in */
155 if (PEOptHeader
.Magic
!= IMAGE_NT_OPTIONAL_HDR32_MAGIC
&&
156 PEOptHeader
.Magic
!= IMAGE_NT_OPTIONAL_HDR64_MAGIC
)
158 l2l_dbg(2, "get_ImageBase %s, not an IMAGE_NT_OPTIONAL_HDR 32/64 bit\n", fname
);
163 *ImageBase
= PEOptHeader
.ImageBase
;