Mercurial > projects > ddmd

annotate dbg/image/PE.d @ 0:10317f0c89a5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial commit
author korDen
date Sat, 24 Oct 2009 08:42:06 +0400
parents
children 6bdecc3f4569
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
1 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
2 A simple PE/COFF image format reader.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
3
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
4 Authors:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
5 Jeremie Pelletier
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
6
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
7 References:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
8 $(LINK http://www.csn.ul.ie/~caolan/publink/winresdump/winresdump/doc/pefile.html)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
9
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
10 License:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
11 Public Domain
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
12 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
13 module dbg.image.PE;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
14
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
15 version(Windows) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
16
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
17 import std.c.string : strncmp;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
18 import dbg.Debug;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
19 import dbg.symbol.CodeView;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
20 //import dbg.symbol.COFF;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
21 //import sys.windows.FileSystem;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
22 //import sys.windows.Memory;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
23 //import sys.windows.Security : GENERIC_READ;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
24 //import sys.windows.Information : CloseHandle;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
25 //import sys.windows.Image;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
26
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
27 import win32.windows;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
28 import win32.winbase;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
29
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
30 enum IMAGE_SIZEOF_NT_OPTIONAL64_HEADER = 240;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
31
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
32 struct IMAGE_NT_HEADERS64 {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
33 DWORD Signature;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
34 IMAGE_FILE_HEADER FileHeader;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
35 IMAGE_OPTIONAL_HEADER64 OptionalHeader;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
36 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
37
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
38 auto IMAGE_FIRST_SECTION64( const(IMAGE_NT_HEADERS64*) ntheader ) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
39 return cast(PIMAGE_SECTION_HEADER) ((cast(UINT_PTR)ntheader) + IMAGE_NT_HEADERS64.OptionalHeader.offsetof + (cast(PIMAGE_NT_HEADERS64)(ntheader)).FileHeader.SizeOfOptionalHeader);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
40 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
41
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
42 auto IMAGE_FIRST_SECTION32( const(IMAGE_NT_HEADERS32*) ntheader ) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
43 return cast(PIMAGE_SECTION_HEADER)((cast(UINT_PTR)ntheader) + IMAGE_NT_HEADERS32.OptionalHeader.offsetof + (cast(PIMAGE_NT_HEADERS32)ntheader).FileHeader.SizeOfOptionalHeader);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
44 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
45
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
46 class PEImage : IExecutableImage {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
47 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
48 Loads and validate the image file.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
49
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
50 Params:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
51 fileName = Path to the image file.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
52 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
53 this(string fileName)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
54 in {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
55 assert(fileName.length && fileName.ptr);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
56 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
57 body {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
58 _filename = fileName;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
59
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
60 // Create the file mapping
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
61 _file = CreateFileA((fileName ~ '\0').ptr, GENERIC_READ, FILE_SHARE_READ,
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
62 null, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, null);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
63 if(_file == INVALID_HANDLE_VALUE) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
64
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
65 GetFileSizeEx(_file, &_fileSize);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
66
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
67 _map = CreateFileMapping(_file, null, PAGE_READONLY, 0, 0, null);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
68 if(!_map) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
69
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
70 _view = cast(const(ubyte)*)MapViewOfFile(_map, FILE_MAP_READ, 0, 0, 0);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
71 if(!_view) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
72
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
73 // Verify image headers
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
74 if(_dos.e_magic != IMAGE_DOS_SIGNATURE) goto Error;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
75 CheckOffset(_dos.e_lfanew);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
76
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
77 _nt = cast(IMAGE_NT_HEADERS32*)(_view + _dos.e_lfanew);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
78 if(_nt.Signature != IMAGE_NT_SIGNATURE) goto Error;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
79
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
80 _is64 = _nt.FileHeader.SizeOfOptionalHeader == IMAGE_SIZEOF_NT_OPTIONAL64_HEADER;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
81
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
82 if(_is64) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
83 if(_nt64.OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
84 goto Error;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
85 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
86 else {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
87 if(_nt.OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
88 goto Error;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
89 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
90
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
91 // Create the RVA lookup table
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
92 auto sections = this.sections;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
93 RVAEntry* e = void;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
94 _rvaTable.length = sections.length;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
95 foreach(i, ref s; sections) with(s) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
96 e = &_rvaTable[i];
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
97 e.start = VirtualAddress;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
98 e.end = VirtualAddress + SizeOfRawData;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
99 e.base = PointerToRawData;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
100 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
101
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
102 return;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
103
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
104 Error:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
105 throw new PEInvalidException(this);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
106 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
107
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
108 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
109 Unloads the PE file.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
110 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
111 ~this() {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
112 if(_dos && !UnmapViewOfFile(cast(void*)_dos)) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
113 if(_map && !CloseHandle(_map)) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
114 if(_file && !CloseHandle(_file)) SystemException();
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
115 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
116
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
117 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
118 Get the filename of the image
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
119 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
120 string filename() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
121 return _filename;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
122 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
123
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
124 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
125 Get whether the image uses the 64bit structures or not
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
126 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
127 bool is64() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
128 return _is64;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
129 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
130
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
131 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
132 Get the base address of the image
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
133 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
134 long imageBase() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
135 return _is64 ? _nt64.OptionalHeader.ImageBase : _nt.OptionalHeader.ImageBase;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
136 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
137
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
138 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
139 Get the raw image data
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
140 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
141 const(ubyte)[] data() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
142 return _view[0 .. cast(size_t)_fileSize.QuadPart];
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
143 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
144
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
145 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
146 Get the dos, nt or nt64 headers
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
147 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
148 const(IMAGE_DOS_HEADER)* dosHeader() const { return _dos; }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
149 const(IMAGE_NT_HEADERS32)* ntHeaders32() const { return _nt; }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
150 const(IMAGE_NT_HEADERS64)* ntHeaders64() const { return _nt64; }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
151
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
152 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
153 Get the array of data directories
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
154 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
155 const(IMAGE_DATA_DIRECTORY)[] dataDirectory() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
156 return _is64 ? _nt64.OptionalHeader.DataDirectory : _nt.OptionalHeader.DataDirectory;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
157 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
158
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
159 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
160 Get the array of section headers
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
161 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
162 const(IMAGE_SECTION_HEADER)[] sections() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
163 return (_is64 ? IMAGE_FIRST_SECTION64(_nt64) : IMAGE_FIRST_SECTION32(_nt))
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
164 [0 .. _nt.FileHeader.NumberOfSections];
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
165 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
166
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
167 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
168 Translate the given Virtual Address to its corresponding data offset.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
169 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
170 long LookupVA(long va) const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
171 return LookupRVA(va - imageBase);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
172 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
173
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
174 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
175 Translate the given Relative Virtual Address to its corresponding
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
176 data offset.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
177 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
178 long LookupRVA(long rva) const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
179 foreach(ref e; _rvaTable) with(e) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
180 if(rva >= start && rva < end) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
181 long offset = base + (rva - start);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
182 CheckOffset(offset);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
183 return offset;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
184 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
185 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
186
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
187 return 0;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
188 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
189
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
190 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
191 Get a data structure in the image from its RVA
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
192 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
193 const(T)* GetDataFromRVA(T : T*)(long rva) const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
194 long offset = LookupRVA(rva);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
195 return offset ? cast(T*)(_view + offset) : null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
196 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
197
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
198 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
199 Get a data directory in the image from its ID
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
200 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
201 const(T)* GetDirectory(T)(uint id) const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
202 const IMAGE_DATA_DIRECTORY* dir = &dataDirectory[id];
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
203 return dir.VirtualAddress && dir.Size ?
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
204 GetDataFromRVA!(T*)(dir.VirtualAddress) : null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
205 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
206
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
207 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
208 Find the first section matching the given flags mask
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
209 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
210 const(IMAGE_SECTION_HEADER)* FindSection(uint mask) const
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
211 in {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
212 assert(mask);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
213 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
214 body {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
215 foreach(ref section; sections)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
216 if(section.Characteristics & mask)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
217 return &section;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
218
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
219 return null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
220 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
221
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
222 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
223 Find a section by its name
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
224 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
225 const(IMAGE_SECTION_HEADER)* FindSection(string name) const
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
226 in {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
227 assert(name.length && name.ptr);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
228 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
229 body {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
230 foreach(ref section; sections)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
231 if(strncmp(cast(char*)section.Name.ptr, name.ptr, section.Name.length) == 0)
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
232 return &section;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
233
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
234 return null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
235 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
236
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
237 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
238 Get the offset to the code segment
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
239 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
240 uint codeOffset() const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
241 const(IMAGE_SECTION_HEADER)* section = FindSection(IMAGE_SCN_MEM_EXECUTE);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
242 return section ? section.VirtualAddress : 0;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
243 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
244
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
245 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
246 Get the symbolic debug info object for this image
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
247 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
248 ISymbolicDebugInfo debugInfo() {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
249 uint va = _nt.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
250 if(!va) return null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
251
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
252 const(IMAGE_DEBUG_DIRECTORY)* dir = void;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
253 uint size = _nt.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
254 uint offset = void;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
255
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
256 // Borland directory
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
257 const(IMAGE_SECTION_HEADER)* section = FindSection(".debug");
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
258 if(section && section.VirtualAddress == va) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
259 CheckOffset(section.PointerToRawData);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
260
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
261 dir = cast(IMAGE_DEBUG_DIRECTORY*)(_view + section.PointerToRawData);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
262 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
263 // Microsoft directory
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
264 else {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
265 section = FindSection(".rdata");
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
266 if(!section) goto NoDebug;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
267
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
268 offset = section.PointerToRawData + (va - section.VirtualAddress);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
269 CheckOffset(offset);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
270
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
271 dir = cast(IMAGE_DEBUG_DIRECTORY*)(_view + offset);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
272 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
273
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
274 const(void)* end = cast(void*)dir + size;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
275 Scan: for(; dir < end; dir++) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
276 switch(dir.Type) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
277 //case IMAGE_DEBUG_TYPE_COFF:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
278 case IMAGE_DEBUG_TYPE_CODEVIEW:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
279 // TODO: support more types
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
280 break Scan;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
281
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
282 default:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
283 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
284 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
285
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
286 if(dir >= end) goto NoDebug;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
287
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
288 offset = dir.PointerToRawData + dir.SizeOfData;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
289 CheckOffset(offset);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
290 auto debugView = _view[dir.PointerToRawData .. offset];
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
291
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
292 switch(dir.Type) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
293 //case IMAGE_DEBUG_TYPE_COFF:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
294 // return new COFFDebugInfo(debugView);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
295 case IMAGE_DEBUG_TYPE_CODEVIEW:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
296 return new CodeViewDebugInfo(debugView);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
297 default:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
298 assert(0);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
299 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
300
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
301 NoDebug:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
302 // TODO: we have no debug section or directory, but there csould still
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
303 // be external symbol files we can use.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
304 return null;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
305 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
306
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
307 private:
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
308
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
309 /**
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
310 Verify a file offset before accessing it
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
311 */
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
312 void CheckOffset(long offset) const {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
313 if(offset > _fileSize.QuadPart) throw new PECorruptedException(this);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
314 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
315
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
316 string _filename;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
317 HANDLE _file;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
318 HANDLE _map;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
319 LARGE_INTEGER _fileSize;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
320 bool _is64;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
321
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
322 union {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
323 const(ubyte)* _view;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
324 const(IMAGE_DOS_HEADER)* _dos;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
325 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
326 union {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
327 const(IMAGE_NT_HEADERS32)* _nt;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
328 const(IMAGE_NT_HEADERS64)* _nt64;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
329 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
330
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
331 struct RVAEntry {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
332 uint start;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
333 uint end;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
334 uint base;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
335 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
336
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
337 RVAEntry[] _rvaTable;
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
338 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
339
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
340 /// Thrown if file open failed.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
341 class PEException : Exception {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
342 this(string msg) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
343 super("PEImage: " ~ msg);
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
344 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
345 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
346
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
347 /// Thrown if not a valid module file
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
348 class PEInvalidException : PEException {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
349 this(in PEImage img) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
350 super("Invalid PE file.");
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
351 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
352 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
353
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
354 /// Thrown on corrupted module file.
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
355 class PECorruptedException : PEException {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
356 this(in PEImage img) {
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
357 super("Corrupted PE file.");
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
358 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
359 }
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
360
10317f0c89a5 Initial commit
korDen
parents:
diff changeset
361 } // version(Windows)