metasploit-framework/external/source/byakugan/symPort.cpp

107 lines
2.9 KiB
C++

#include "byakugan.h"
#include "symport.h"
HRESULT addSymbol(ULONG64 address, char *symbolName) {
HRESULT retVal;
if (S_OK != (retVal = g_ExtSymbols->AddSyntheticSymbol(address, 1,
symbolName, DEBUG_ADDSYNTHSYM_DEFAULT, NULL))) {
dprintf("[S] Failed to add synthetic symbol: %s\n", symbolName);
return (-1);
}
printf("[S] Successfully added symbol!\n");
return (S_OK);
}
ULONG64 getBase(char *imageName) {
ULONG64 baseAddress;
DWORD index;
if (S_OK != g_ExtSymbols->GetModuleByModuleName2(imageName, 0, 0, &index, &baseAddress))
return (0);
return (baseAddress);
}
void parseMapLine(char *mapBuf, ULONG64 *symAddress, char **symbolName, BYTE *state) {
char *startAddr;
DWORD lineLen = strlen(mapBuf);
if (*state & MAP_STATE_ENTRYPOINT)
return;
if (*state & MAP_STATE_LOCALSYM) {
// parse up local symbol section
if (strstr(mapBuf, "Program entry")) {
*state |= MAP_STATE_ENTRYPOINT;
return;
}
// MEAT OF THE FUNCTION - Get the Addr and Name from the line
if ((startAddr = strchr(mapBuf, ':')) == NULL)
return;
if ((startAddr - mapBuf + 10) > lineLen) {
dprintf("[S] Malformed map line: %s\n", mapBuf);
return;
}
startAddr[9] = '\x00';
*symAddress = _strtoui64(startAddr+1, NULL, 16);
startAddr += 10;
while (*startAddr == ' ' && (startAddr - mapBuf) < lineLen)
startAddr++;
if ((startAddr - mapBuf) >= lineLen) {
dprintf("[S] Malformed map line: %s\n", mapBuf);
return;
}
*symbolName = startAddr;
startAddr = strchr(*symbolName, '\n');
if (startAddr)
*startAddr = '\x00';
} else if (!(*state)) {
// Look for start of LOCALSYM section
if (strstr(mapBuf, "Publics by Value"))
*state |= MAP_STATE_LOCALSYM;
}
}
HRESULT addMapFile(char *imageName, char *mapPath) {
HANDLE mapFile;
DWORD readOut = 1, i = 0, symCount = 0;
ULONG64 symAddress, imageBase;
char mapBuf[MAP_BUF_SIZE+1], *symbolName = NULL, out = ' ';
BYTE state = 0;
if (0 == (imageBase = getBase(imageName))) {
dprintf("[S] Failed to get base address for module %s\n", imageName);
return (-1);
}
dprintf("[S] Adjusting symbols to base address of: 0x%16y\n", imageBase);
if((mapFile = CreateFile(mapPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE) {
dprintf("[S] Unable to open map file: %s\n", mapPath);
return (-1);
}
while (readOut > 0 && i < MAP_BUF_SIZE) {
ReadFile(mapFile, &out, 1, &readOut, NULL);
if (out == '\n') {
mapBuf[i] = '\x00';
i = 0;
parseMapLine(mapBuf, &symAddress, &symbolName, &state);
symAddress += imageBase;
if (symbolName != NULL) {
//dprintf("Addr: 0x%16y\tName: %s\n", symAddress, symbolName);
if (S_OK == addSymbol(symAddress, symbolName))
symCount++;
symAddress = 0; symbolName = NULL;
}
} else {
mapBuf[i++] = out;
}
}
dprintf("[S] Successfully imported %d symbols.\n", symCount);
return (S_OK);
}