IDontCode
/
Theodosius
2
1
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

added code to handle symbols that have no section and need to be

Browse Source 
allocated with zeros...
3.0
_xeroxz 3 years ago
parent 312762b3ca
commit c666bf8dbe
5 changed files with 118 additions and 71 deletions
Show Stats Download Patch File Download Diff File

9
CMakeLists.txt
Unescape View File

@ -55,8 +55,17 @@ set(Theodosius_SOURCES "")
list(APPEND Theodosius_SOURCES
"include/comp/comp.hpp"
"include/comp/obf.hpp"
"include/comp/reloc.hpp"
"include/comp/symbol_table.hpp"
"include/comp/transform/add_op.hpp"
"include/comp/transform/and_op.hpp"
"include/comp/transform/operation.hpp"
"include/comp/transform/or_op.hpp"
"include/comp/transform/rol_op.hpp"
"include/comp/transform/ror_op.hpp"
"include/comp/transform/sub_op.hpp"
"include/comp/transform/xor_op.hpp"
"include/decomp/decomp.hpp"
"include/decomp/routine.hpp"
"include/decomp/symbol.hpp"

2
src/tests/demo/main.cpp
Unescape View File

@ -47,5 +47,5 @@ int main(int argc, char* argv[]) {
spdlog::info("decomposed {} symbols...", res.value());
auto entry_pnt = t.compose("EntryPoint");
spdlog::info("entry point address: {:X}", entry_pnt);
reinterpret_cast<void (*)()>(entry_pnt)();
// reinterpret_cast<void (*)()>(entry_pnt)();
}

4
src/tests/demolib/main.cpp
Unescape View File

@ -1,3 +1,5 @@
#define OBF __declspec(code_seg(".obf"))
extern "C" int MessageBoxA(void* hWnd,
char* lpText,
char* lpCaption,
@ -9,7 +11,7 @@ struct test_t {
test_t t = {};
extern "C" void EntryPoint() {
OBF extern "C" void EntryPoint() {
t.buff[0] = 1;
t.buff[1] = 2;
MessageBoxA(nullptr, "Hello World", "Hello World", nullptr);

33
src/theo/comp/comp.cpp
Unescape View File

@ -33,17 +33,34 @@ void comp_t::allocate() {
//
m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
if (sym.sym_type() == decomp::sym_type_t::data) {
auto scn_sym =
m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
// if the symbol has a section then we will refer to the allocation made
// for that section...
//
if (sym.scn()) {
auto scn_sym =
m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
if (!scn_sym.has_value()) {
spdlog::error("failed to locate section: {} for symbol: {}",
sym.scn()->name.to_string(), sym.name());
if (!scn_sym.has_value()) {
spdlog::error("failed to locate section: {} for symbol: {}",
sym.scn()->name.to_string(), sym.name());
assert(scn_sym.has_value());
}
assert(scn_sym.has_value());
}
sym.allocated_at(scn_sym.value().allocated_at() + sym.offset());
} else { // else if there is no section then we allocate based upon the
// size of the symbol... this is only done for symbols that are
// bss...
//
sym.allocated_at(scn_sym.value().allocated_at() + sym.offset());
// bss is read write...
//
coff::section_characteristics_t prot = {};
prot.mem_read = true;
prot.mem_write = true;
sym.allocated_at(m_allocator(sym.size(), prot));
}
}
});
}

141
src/theo/decomp/decomp.cpp
Unescape View File

@ -48,71 +48,90 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
// if the symbol is a function then we are going to decompose it...
// data symbols are handled after this...
//
if (sym->has_section() &&
sym->derived_type == coff::derived_type_id::function) {
auto scn = img->get_section(sym->section_index - 1);
auto dcmp_type =
scn->name.to_string(img->get_strings()) == INSTR_SPLIT_SECTION_NAME
? decomp::sym_type_t::inst_split
: decomp::sym_type_t::function;
auto fn_size = scn->size_raw_data;
auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
spdlog::info("decomposing function: {} size: {}",
sym->name.to_string(img->get_strings()), fn_size);
std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
decomp::routine_t rtn(sym, img, scn, fn, dcmp_type);
auto syms = rtn.decompose();
spdlog::info("decomposed routine into {} symbols...", syms.size());
m_syms->add_symbols(syms);
} else if (sym->has_section() &&
sym->storage_class == coff::storage_class_id::public_symbol) {
auto scn = img->get_section(sym->section_index - 1);
auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
// if the section doesnt have a symbol then make one and put it into the
// symbol table...
//
if (!scn_sym.has_value()) {
auto scn_sym_name =
std::string(scn->name.to_string(img->get_strings()))
.append("#")
.append(std::to_string(sym->section_index - 1))
.append("!")
.append(std::to_string(img->file_header.timedate_stamp));
std::vector<std::uint8_t> scn_data(
reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data,
reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data +
scn->size_raw_data);
decomp::symbol_t new_scn_sym(scn_sym_name, 0, scn_data, scn, {}, {},
sym_type_t::section);
spdlog::info(
"generating symbol for section: {} sym name: {} hash: {:X} "
"section size: {}",
scn->name.to_string(img->get_strings()), new_scn_sym.name(),
new_scn_sym.hash(), scn->size_raw_data);
m_syms->add_symbol(new_scn_sym);
if (sym->has_section()) {
if (sym->derived_type == coff::derived_type_id::function) {
auto scn = img->get_section(sym->section_index - 1);
auto dcmp_type = scn->name.to_string(img->get_strings()) ==
INSTR_SPLIT_SECTION_NAME
? decomp::sym_type_t::inst_split
: decomp::sym_type_t::function;
auto fn_size = scn->size_raw_data;
auto fn_bgn =
scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
spdlog::info("decomposing function: {} size: {}",
sym->name.to_string(img->get_strings()), fn_size);
std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
decomp::routine_t rtn(sym, img, scn, fn, dcmp_type);
auto syms = rtn.decompose();
spdlog::info("decomposed routine into {} symbols...", syms.size());
m_syms->add_symbols(syms);
} else if (sym->storage_class ==
coff::storage_class_id::public_symbol) {
auto scn = img->get_section(sym->section_index - 1);
auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
// if the section doesnt have a symbol then make one and put it into
// the symbol table...
//
if (!scn_sym.has_value()) {
auto scn_sym_name =
std::string(scn->name.to_string(img->get_strings()))
.append("#")
.append(std::to_string(sym->section_index - 1))
.append("!")
.append(std::to_string(img->file_header.timedate_stamp));
std::vector<std::uint8_t> scn_data(
reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data,
reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data +
scn->size_raw_data);
decomp::symbol_t new_scn_sym(scn_sym_name, 0, scn_data, scn, {}, {},
sym_type_t::section);
spdlog::info(
"generating symbol for section: {} sym name: {} hash: {:X} "
"section size: {}",
scn->name.to_string(img->get_strings()), new_scn_sym.name(),
new_scn_sym.hash(), scn->size_raw_data);
m_syms->add_symbol(new_scn_sym);
}
// create a symbol for the data...
//
decomp::symbol_t new_sym(
sym->name.to_string(img->get_strings()).data(), sym->value, {},
scn, sym, {}, sym_type_t::data);
spdlog::info("adding data symbol: {} located inside of section: {}",
new_sym.name(),
m_syms->sym_from_hash(m_scn_hash_tbl[new_sym.scn()])
.value()
.name());
m_syms->add_symbol(new_sym);
}
// create a symbol for the data...
} else if (sym->storage_class ==
coff::storage_class_id::
external_definition) { // else if the symbol has no
// section... these symbols require
// the linker to allocate space for
// them...
// the data is init to all zeros...
//
decomp::symbol_t new_sym(sym->name.to_string(img->get_strings()).data(),
sym->value, {}, scn, sym, {},
sym_type_t::data);
std::vector<std::uint8_t> data(sym->value, 0);
spdlog::info("adding data symbol: {} located inside of section: {}",
new_sym.name(),
m_syms->sym_from_hash(m_scn_hash_tbl[new_sym.scn()])
.value()
.name());
// the symbol is data, it has no section...
//
decomp::symbol_t bss_sym(sym->name.to_string(img->get_strings()).data(),
{}, data, {}, sym, {}, sym_type_t::data);
m_syms->add_symbol(new_sym);
m_syms->add_symbol(bss_sym);
}
}
});

Write Preview
Loading…
Cancel
Save