diff --git a/Examples/Theodosius-Kernel/Theodosius-MSREXEC/Theodosius.lib b/Examples/Theodosius-Kernel/Theodosius-MSREXEC/Theodosius.lib index 9f02572..2759b62 100644 Binary files a/Examples/Theodosius-Kernel/Theodosius-MSREXEC/Theodosius.lib and b/Examples/Theodosius-Kernel/Theodosius-MSREXEC/Theodosius.lib differ diff --git a/Examples/Theodosius-Kernel/Theodosius-VDM/Theodosius.lib b/Examples/Theodosius-Kernel/Theodosius-VDM/Theodosius.lib index 9f02572..2759b62 100644 Binary files a/Examples/Theodosius-Kernel/Theodosius-VDM/Theodosius.lib and b/Examples/Theodosius-Kernel/Theodosius-VDM/Theodosius.lib differ diff --git a/Examples/Theodosius-Usermode/Theodosius.lib b/Examples/Theodosius-Usermode/Theodosius.lib index 9f02572..2759b62 100644 Binary files a/Examples/Theodosius-Usermode/Theodosius.lib and b/Examples/Theodosius-Usermode/Theodosius.lib differ diff --git a/Theodosius/linker/linker.cpp b/Theodosius/linker/linker.cpp index 7036827..d99d49a 100644 --- a/Theodosius/linker/linker.cpp +++ b/Theodosius/linker/linker.cpp @@ -151,7 +151,7 @@ namespace lnk const auto string_table = reinterpret_cast( reinterpret_cast(symbol_table) + - (coff_header->NumberOfSymbols * sizeof IMAGE_SYMBOL)); + (coff_header->NumberOfSymbols * sizeof IMAGE_SYMBOL)); std::vector result; for (auto idx = 0u; idx < coff_header->NumberOfSections; ++idx) @@ -171,23 +171,25 @@ namespace lnk continue; // skip both the .pdata and the .xdata sections... these are used for exceptions... - if (!strncmp((char*)section_headers[idx].Name, ".pdata", strlen(".pdata") - 1)) + if (!strncmp(reinterpret_cast( + section_headers[idx].Name), ".pdata", strlen(".pdata") - 1)) continue; - if (!strncmp((char*)section_headers[idx].Name, ".xdata", strlen(".xdata") - 1)) + if (!strncmp(reinterpret_cast( + section_headers[idx].Name), ".xdata", strlen(".xdata") - 1)) continue; - const auto reloc_dir = + const auto reloc_dir = reinterpret_cast( section_headers[idx].PointerToRelocations + obj.data()); - for (auto reloc_idx = 0u; reloc_idx < + for (auto reloc_idx = 0u; reloc_idx < section_headers[idx].NumberOfRelocations; ++reloc_idx) { image_reloc_t entry; - entry.file_offset = - reloc_dir[reloc_idx].VirtualAddress + - section_headers[idx].PointerToRawData; + entry.file_offset = + reloc_dir[reloc_idx].VirtualAddress + + section_headers[idx].PointerToRawData; if (symbol_table[reloc_dir[reloc_idx].SymbolTableIndex].N.Name.Short) entry.resolve_symbol_name = @@ -198,6 +200,10 @@ namespace lnk string_table + symbol_table[reloc_dir[ reloc_idx].SymbolTableIndex].N.Name.Long); + if (entry.resolve_symbol_name.empty() || + entry.resolve_symbol_name.c_str()[0] == '.') + continue; + entry.type = reloc_dir[reloc_idx].Type; result.push_back(entry); } @@ -222,15 +228,25 @@ namespace lnk const auto string_table = reinterpret_cast( reinterpret_cast(symbol_table) + - (coff_header->NumberOfSymbols * sizeof IMAGE_SYMBOL)); + (coff_header->NumberOfSymbols * sizeof IMAGE_SYMBOL)); std::vector result; for (auto idx = 0u; idx < coff_header->NumberOfSymbols; ++idx) { + symbol_t symbol; + if (symbol_table[idx].N.Name.Short) + symbol.symbol_name = + std::string((char*)symbol_table[idx].N.ShortName); + else + symbol.symbol_name = + std::string(string_table + + symbol_table[idx].N.Name.Long); + // skip section symbols... we only want // .data, .rdata, and executable (function) symbols... - if (symbol_table[idx].StorageClass != IMAGE_SYM_CLASS_EXTERNAL - || !symbol_table[idx].SectionNumber) + if (symbol.symbol_name.empty() || + symbol.symbol_name.c_str()[0] == '.' || + symbol_table[idx].SectionNumber < 1) { if (symbol_table[idx].NumberOfAuxSymbols) idx += symbol_table[idx].NumberOfAuxSymbols; @@ -238,17 +254,8 @@ namespace lnk continue; } - symbol_t symbol; - if (symbol_table[idx].N.Name.Short) - symbol.symbol_name = - std::string((char*)symbol_table[idx].N.ShortName); - else - symbol.symbol_name = - std::string(string_table + - symbol_table[idx].N.Name.Long); - - symbol.file_offset = section_headers[symbol_table[ - idx].SectionNumber - 1].PointerToRawData + symbol_table[idx].Value; + symbol.file_offset = section_headers[symbol_table[idx] + .SectionNumber - 1].PointerToRawData + symbol_table[idx].Value; symbol.section_number = symbol_table[idx].SectionNumber; symbol.section_offset = symbol_table[idx].Value; diff --git a/Theodosius/theo.cpp b/Theodosius/theo.cpp index a85e1a9..522e023 100644 --- a/Theodosius/theo.cpp +++ b/Theodosius/theo.cpp @@ -96,9 +96,10 @@ namespace theo { if (reloc.type != IMAGE_REL_AMD64_ADDR64) { - std::printf("[!] error... unsupported relocation at file offset = 0x%x\n\t> symbol = %s\n", - reloc.file_offset, reloc.resolve_symbol_name.c_str()); - + std::printf("[!] error... unsupported relocation at file offset = 0x%x\n", reloc.file_offset); + std::printf("\t> symbol = %s\n", reloc.resolve_symbol_name.c_str()); + std::printf("\t> reloc type = 0x%x\n", reloc.type); + std::printf("\t> object size = 0x%x\n", obj.size()); return false; } @@ -109,9 +110,9 @@ namespace theo // check obj symbol table for this relocation... if (mapped_symbols[reloc.resolve_symbol_name]) { - std::printf(" > resolving internal symbol...\n"); - std::printf(" > address = 0x%p\n", mapped_symbols[reloc.resolve_symbol_name]); - std::printf(" > symbol = %s\n", reloc.resolve_symbol_name.c_str()); + std::printf("\t> resolving internal symbol...\n"); + std::printf("\t\t> address = 0x%p\n", mapped_symbols[reloc.resolve_symbol_name]); + std::printf("\t\t> symbol = %s\n", reloc.resolve_symbol_name.c_str()); *reloc_addr = mapped_symbols[reloc.resolve_symbol_name]; } else // else check external symbol table... @@ -130,9 +131,9 @@ namespace theo *reloc_addr = extern_symbol; } - std::printf(" > resolving external symbol...\n"); - std::printf(" > address = 0x%p\n", *reloc_addr); - std::printf(" > symbol = %s\n", reloc.resolve_symbol_name.c_str()); + std::printf("\t> resolving external symbol...\n"); + std::printf("\t\t> address = 0x%p\n", *reloc_addr); + std::printf("\t\t> symbol = %s\n", reloc.resolve_symbol_name.c_str()); } } return true;