| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // This file was adapted from GreenBorder's Code. | |
| 6 // To understand what this class is about (for other than well known functions | |
| 7 // as GetProcAddress), a good starting point is "An In-Depth Look into the | |
| 8 // Win32 Portable Executable File Format" by Matt Pietrek: | |
| 9 // http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx | |
| 10 | |
| 11 #ifndef SANDBOX_SRC_PE_IMAGE_H__ | |
| 12 #define SANDBOX_SRC_PE_IMAGE_H__ | |
| 13 | |
| 14 #include <windows.h> | |
| 15 #include <DelayIMP.h> | |
| 16 | |
| 17 namespace sandbox { | |
| 18 | |
| 19 // This class is a wrapper for the Portable Executable File Format (PE). | |
| 20 // It's main purpose is to provide an easy way to work with imports and exports | |
| 21 // from a file, mapped in memory as image. | |
| 22 class PEImage { | |
| 23 public: | |
| 24 // Callback to enumerate sections. | |
| 25 // cookie is the value passed to the enumerate method. | |
| 26 // Returns true to continue the enumeration. | |
| 27 typedef bool (*EnumSectionsFunction)(const PEImage &image, | |
| 28 PIMAGE_SECTION_HEADER header, | |
| 29 PVOID section_start, DWORD section_size, | |
| 30 PVOID cookie); | |
| 31 | |
| 32 // Callback to enumerate exports. | |
| 33 // function is the actual address of the symbol. If forward is not null, it | |
| 34 // contains the dll and symbol to forward this export to. cookie is the value | |
| 35 // passed to the enumerate method. | |
| 36 // Returns true to continue the enumeration. | |
| 37 typedef bool (*EnumExportsFunction)(const PEImage &image, DWORD ordinal, | |
| 38 DWORD hint, LPCSTR name, PVOID function, | |
| 39 LPCSTR forward, PVOID cookie); | |
| 40 | |
| 41 // Callback to enumerate import blocks. | |
| 42 // name_table and iat point to the imports name table and address table for | |
| 43 // this block. cookie is the value passed to the enumerate method. | |
| 44 // Returns true to continue the enumeration. | |
| 45 typedef bool (*EnumImportChunksFunction)(const PEImage &image, LPCSTR module, | |
| 46 PIMAGE_THUNK_DATA name_table, | |
| 47 PIMAGE_THUNK_DATA iat, PVOID cookie); | |
| 48 | |
| 49 // Callback to enumerate imports. | |
| 50 // module is the dll that exports this symbol. cookie is the value passed to | |
| 51 // the enumerate method. | |
| 52 // Returns true to continue the enumeration. | |
| 53 typedef bool (*EnumImportsFunction)(const PEImage &image, LPCSTR module, | |
| 54 DWORD ordinal, LPCSTR name, DWORD hint, | |
| 55 PIMAGE_THUNK_DATA iat, PVOID cookie); | |
| 56 | |
| 57 // Callback to enumerate dalayed import blocks. | |
| 58 // module is the dll that exports this block of symbols. cookie is the value | |
| 59 // passed to the enumerate method. | |
| 60 // Returns true to continue the enumeration. | |
| 61 typedef bool (*EnumDelayImportChunksFunction)(const PEImage &image, | |
| 62 PImgDelayDescr delay_descriptor, | |
| 63 LPCSTR module, | |
| 64 PIMAGE_THUNK_DATA name_table, | |
| 65 PIMAGE_THUNK_DATA iat, | |
| 66 PIMAGE_THUNK_DATA bound_iat, | |
| 67 PIMAGE_THUNK_DATA unload_iat, | |
| 68 PVOID cookie); | |
| 69 | |
| 70 // Callback to enumerate relocations. | |
| 71 // cookie is the value passed to the enumerate method. | |
| 72 // Returns true to continue the enumeration. | |
| 73 typedef bool (*EnumRelocsFunction)(const PEImage &image, WORD type, | |
| 74 PVOID address, PVOID cookie); | |
| 75 | |
| 76 explicit PEImage(HMODULE module) : module_(module) {} | |
| 77 explicit PEImage(const void* module) { | |
| 78 module_ = reinterpret_cast<HMODULE>(const_cast<void*>(module)); | |
| 79 } | |
| 80 | |
| 81 // Gets the HMODULE for this object. | |
| 82 HMODULE module() const; | |
| 83 | |
| 84 // Sets this object's HMODULE. | |
| 85 void set_module(HMODULE module); | |
| 86 | |
| 87 // Checks if this symbol is actually an ordinal. | |
| 88 static bool IsOrdinal(LPCSTR name); | |
| 89 | |
| 90 // Converts a named symbol to the corresponding ordinal. | |
| 91 static WORD ToOrdinal(LPCSTR name); | |
| 92 | |
| 93 // Returns the DOS_HEADER for this PE. | |
| 94 PIMAGE_DOS_HEADER GetDosHeader() const; | |
| 95 | |
| 96 // Returns the NT_HEADER for this PE. | |
| 97 PIMAGE_NT_HEADERS GetNTHeaders() const; | |
| 98 | |
| 99 // Returns number of sections of this PE. | |
| 100 WORD GetNumSections() const; | |
| 101 | |
| 102 // Returns the header for a given section. | |
| 103 // returns NULL if there is no such section. | |
| 104 PIMAGE_SECTION_HEADER GetSectionHeader(UINT section) const; | |
| 105 | |
| 106 // Returns the size of a given directory entry. | |
| 107 DWORD GetImageDirectoryEntrySize(UINT directory) const; | |
| 108 | |
| 109 // Returns the address of a given directory entry. | |
| 110 PVOID GetImageDirectoryEntryAddr(UINT directory) const; | |
| 111 | |
| 112 // Returns the section header for a given address. | |
| 113 // Use: s = image.GetImageSectionFromAddr(a); | |
| 114 // Post: 's' is the section header of the section that contains 'a' | |
| 115 // or NULL if there is no such section. | |
| 116 PIMAGE_SECTION_HEADER GetImageSectionFromAddr(PVOID address) const; | |
| 117 | |
| 118 // Returns the section header for a given section. | |
| 119 PIMAGE_SECTION_HEADER GetImageSectionHeaderByName(LPCSTR section_name) const; | |
| 120 | |
| 121 // Returns the first block of imports. | |
| 122 PIMAGE_IMPORT_DESCRIPTOR GetFirstImportChunk() const; | |
| 123 | |
| 124 // Returns the exports directory. | |
| 125 PIMAGE_EXPORT_DIRECTORY GetExportDirectory() const; | |
| 126 | |
| 127 // Returns a given export entry. | |
| 128 // Use: e = image.GetExportEntry(f); | |
| 129 // Pre: 'f' is either a zero terminated string or ordinal | |
| 130 // Post: 'e' is a pointer to the export directory entry | |
| 131 // that contains 'f's export RVA, or NULL if 'f' | |
| 132 // is not exported from this image | |
| 133 PDWORD GetExportEntry(LPCSTR name) const; | |
| 134 | |
| 135 // Returns the address for a given exported symbol. | |
| 136 // Use: p = image.GetProcAddress(f); | |
| 137 // Pre: 'f' is either a zero terminated string or ordinal. | |
| 138 // Post: if 'f' is a non-forwarded export from image, 'p' is | |
| 139 // the exported function. If 'f' is a forwarded export | |
| 140 // then p is the special value 0xFFFFFFFF. In this case | |
| 141 // RVAToAddr(*GetExportEntry) can be used to resolve | |
| 142 // the string that describes the forward. | |
| 143 FARPROC GetProcAddress(LPCSTR function_name) const; | |
| 144 | |
| 145 // Retrieves the ordinal for a given exported symbol. | |
| 146 // Returns true if the symbol was found. | |
| 147 bool GetProcOrdinal(LPCSTR function_name, WORD *ordinal) const; | |
| 148 | |
| 149 // Enumerates PE sections. | |
| 150 // cookie is a generic cookie to pass to the callback. | |
| 151 // Returns true on success. | |
| 152 bool EnumSections(EnumSectionsFunction callback, PVOID cookie) const; | |
| 153 | |
| 154 // Enumerates PE exports. | |
| 155 // cookie is a generic cookie to pass to the callback. | |
| 156 // Returns true on success. | |
| 157 bool EnumExports(EnumExportsFunction callback, PVOID cookie) const; | |
| 158 | |
| 159 // Enumerates PE imports. | |
| 160 // cookie is a generic cookie to pass to the callback. | |
| 161 // Returns true on success. | |
| 162 bool EnumAllImports(EnumImportsFunction callback, PVOID cookie) const; | |
| 163 | |
| 164 // Enumerates PE import blocks. | |
| 165 // cookie is a generic cookie to pass to the callback. | |
| 166 // Returns true on success. | |
| 167 bool EnumImportChunks(EnumImportChunksFunction callback, PVOID cookie) const; | |
| 168 | |
| 169 // Enumerates the imports from a single PE import block. | |
| 170 // cookie is a generic cookie to pass to the callback. | |
| 171 // Returns true on success. | |
| 172 bool EnumOneImportChunk(EnumImportsFunction callback, LPCSTR module_name, | |
| 173 PIMAGE_THUNK_DATA name_table, PIMAGE_THUNK_DATA iat, | |
| 174 PVOID cookie) const; | |
| 175 | |
| 176 | |
| 177 // Enumerates PE delay imports. | |
| 178 // cookie is a generic cookie to pass to the callback. | |
| 179 // Returns true on success. | |
| 180 bool EnumAllDelayImports(EnumImportsFunction callback, PVOID cookie) const; | |
| 181 | |
| 182 // Enumerates PE delay import blocks. | |
| 183 // cookie is a generic cookie to pass to the callback. | |
| 184 // Returns true on success. | |
| 185 bool EnumDelayImportChunks(EnumDelayImportChunksFunction callback, | |
| 186 PVOID cookie) const; | |
| 187 | |
| 188 // Enumerates imports from a single PE delay import block. | |
| 189 // cookie is a generic cookie to pass to the callback. | |
| 190 // Returns true on success. | |
| 191 bool EnumOneDelayImportChunk(EnumImportsFunction callback, | |
| 192 PImgDelayDescr delay_descriptor, | |
| 193 LPCSTR module_name, | |
| 194 PIMAGE_THUNK_DATA name_table, | |
| 195 PIMAGE_THUNK_DATA iat, | |
| 196 PIMAGE_THUNK_DATA bound_iat, | |
| 197 PIMAGE_THUNK_DATA unload_iat, | |
| 198 PVOID cookie) const; | |
| 199 | |
| 200 // Enumerates PE relocation entries. | |
| 201 // cookie is a generic cookie to pass to the callback. | |
| 202 // Returns true on success. | |
| 203 bool EnumRelocs(EnumRelocsFunction callback, PVOID cookie) const; | |
| 204 | |
| 205 // Verifies the magic values on the PE file. | |
| 206 // Returns true if all values are correct. | |
| 207 bool VerifyMagic() const; | |
| 208 | |
| 209 // Converts an rva value to the appropriate address. | |
| 210 virtual PVOID RVAToAddr(DWORD rva) const; | |
| 211 | |
| 212 // Converts an rva value to an offset on disk. | |
| 213 // Returns true on success. | |
| 214 bool ImageRVAToOnDiskOffset(DWORD rva, DWORD *on_disk_offset) const; | |
| 215 | |
| 216 // Converts an address to an offset on disk. | |
| 217 // Returns true on success. | |
| 218 bool ImageAddrToOnDiskOffset(LPVOID address, DWORD *on_disk_offset) const; | |
| 219 | |
| 220 private: | |
| 221 HMODULE module_; | |
| 222 }; | |
| 223 | |
| 224 // This class is an extension to the PEImage class that allows working with PE | |
| 225 // files mapped as data instead of as image file. | |
| 226 class PEImageAsData : public PEImage { | |
| 227 public: | |
| 228 explicit PEImageAsData(HMODULE hModule) : PEImage(hModule) {} | |
| 229 | |
| 230 virtual PVOID RVAToAddr(DWORD rva) const; | |
| 231 }; | |
| 232 | |
| 233 inline bool PEImage::IsOrdinal(LPCSTR name) { | |
| 234 #pragma warning(push) | |
| 235 #pragma warning(disable: 4311) | |
| 236 // This cast generates a warning because it is 32 bit specific. | |
| 237 return reinterpret_cast<DWORD>(name) <= 0xFFFF; | |
| 238 #pragma warning(pop) | |
| 239 } | |
| 240 | |
| 241 inline WORD PEImage::ToOrdinal(LPCSTR name) { | |
| 242 return reinterpret_cast<WORD>(name); | |
| 243 } | |
| 244 | |
| 245 inline HMODULE PEImage::module() const { | |
| 246 return module_; | |
| 247 } | |
| 248 | |
| 249 inline PIMAGE_IMPORT_DESCRIPTOR PEImage::GetFirstImportChunk() const { | |
| 250 return reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>( | |
| 251 GetImageDirectoryEntryAddr(IMAGE_DIRECTORY_ENTRY_IMPORT)); | |
| 252 } | |
| 253 | |
| 254 inline PIMAGE_EXPORT_DIRECTORY PEImage::GetExportDirectory() const { | |
| 255 return reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>( | |
| 256 GetImageDirectoryEntryAddr(IMAGE_DIRECTORY_ENTRY_EXPORT)); | |
| 257 } | |
| 258 | |
| 259 } // namespace sandbox | |
| 260 | |
| 261 #endif // SANDBOX_SRC_PE_IMAGE_H__ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 179039:
Fix issue 8348: unfork pe_image.h / pe_image.cc (Closed)
