IDontCode
/
Theodosius
2
1
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

added code to handle symbols that have no section and need to be

Browse Source 
allocated with zeros...
3.0
_xeroxz 3 years ago
parent 312762b3ca
commit c666bf8dbe
5 changed files with 118 additions and 71 deletions
Show Stats Download Patch File Download Diff File

9
CMakeLists.txt
Unescape View File

@ -55,8 +55,17 @@ set(Theodosius_SOURCES "")
list(APPEND Theodosius_SOURCES list(APPEND Theodosius_SOURCES
"include/comp/comp.hpp" "include/comp/comp.hpp"
"include/comp/obf.hpp"
"include/comp/reloc.hpp" "include/comp/reloc.hpp"
"include/comp/symbol_table.hpp" "include/comp/symbol_table.hpp"
"include/comp/transform/add_op.hpp"
"include/comp/transform/and_op.hpp"
"include/comp/transform/operation.hpp"
"include/comp/transform/or_op.hpp"
"include/comp/transform/rol_op.hpp"
"include/comp/transform/ror_op.hpp"
"include/comp/transform/sub_op.hpp"
"include/comp/transform/xor_op.hpp"
"include/decomp/decomp.hpp" "include/decomp/decomp.hpp"
"include/decomp/routine.hpp" "include/decomp/routine.hpp"
"include/decomp/symbol.hpp" "include/decomp/symbol.hpp"

2
src/tests/demo/main.cpp
Unescape View File

@ -47,5 +47,5 @@ int main(int argc, char* argv[]) {
spdlog::info("decomposed {} symbols...", res.value()); spdlog::info("decomposed {} symbols...", res.value());
auto entry_pnt = t.compose("EntryPoint"); auto entry_pnt = t.compose("EntryPoint");
spdlog::info("entry point address: {:X}", entry_pnt); spdlog::info("entry point address: {:X}", entry_pnt);
reinterpret_cast<void (*)()>(entry_pnt)(); // reinterpret_cast<void (*)()>(entry_pnt)();
} }

4
src/tests/demolib/main.cpp
Unescape View File

@ -1,3 +1,5 @@
#define OBF __declspec(code_seg(".obf"))
extern "C" int MessageBoxA(void* hWnd, extern "C" int MessageBoxA(void* hWnd,
char* lpText, char* lpText,
char* lpCaption, char* lpCaption,
@ -9,7 +11,7 @@ struct test_t {
test_t t = {}; test_t t = {};
extern "C" void EntryPoint() { OBF extern "C" void EntryPoint() {
t.buff[0] = 1; t.buff[0] = 1;
t.buff[1] = 2; t.buff[1] = 2;
MessageBoxA(nullptr, "Hello World", "Hello World", nullptr); MessageBoxA(nullptr, "Hello World", "Hello World", nullptr);

17
src/theo/comp/comp.cpp
Unescape View File

@ -33,6 +33,10 @@ void comp_t::allocate() {
// //
m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) { m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
if (sym.sym_type() == decomp::sym_type_t::data) { if (sym.sym_type() == decomp::sym_type_t::data) {
// if the symbol has a section then we will refer to the allocation made
// for that section...
//
if (sym.scn()) {
auto scn_sym = auto scn_sym =
m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]); m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
@ -44,6 +48,19 @@ void comp_t::allocate() {
} }
sym.allocated_at(scn_sym.value().allocated_at() + sym.offset()); sym.allocated_at(scn_sym.value().allocated_at() + sym.offset());
} else { // else if there is no section then we allocate based upon the
// size of the symbol... this is only done for symbols that are
// bss...
//
// bss is read write...
//
coff::section_characteristics_t prot = {};
prot.mem_read = true;
prot.mem_write = true;
sym.allocated_at(m_allocator(sym.size(), prot));
}
} }
}); });
} }

43
src/theo/decomp/decomp.cpp
Unescape View File

@ -48,15 +48,16 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
// if the symbol is a function then we are going to decompose it... // if the symbol is a function then we are going to decompose it...
// data symbols are handled after this... // data symbols are handled after this...
// //
if (sym->has_section() && if (sym->has_section()) {
sym->derived_type == coff::derived_type_id::function) { if (sym->derived_type == coff::derived_type_id::function) {
auto scn = img->get_section(sym->section_index - 1); auto scn = img->get_section(sym->section_index - 1);
auto dcmp_type = auto dcmp_type = scn->name.to_string(img->get_strings()) ==
scn->name.to_string(img->get_strings()) == INSTR_SPLIT_SECTION_NAME INSTR_SPLIT_SECTION_NAME
? decomp::sym_type_t::inst_split ? decomp::sym_type_t::inst_split
: decomp::sym_type_t::function; : decomp::sym_type_t::function;
auto fn_size = scn->size_raw_data; auto fn_size = scn->size_raw_data;
auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img); auto fn_bgn =
scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
spdlog::info("decomposing function: {} size: {}", spdlog::info("decomposing function: {} size: {}",
sym->name.to_string(img->get_strings()), fn_size); sym->name.to_string(img->get_strings()), fn_size);
@ -67,13 +68,13 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
auto syms = rtn.decompose(); auto syms = rtn.decompose();
spdlog::info("decomposed routine into {} symbols...", syms.size()); spdlog::info("decomposed routine into {} symbols...", syms.size());
m_syms->add_symbols(syms); m_syms->add_symbols(syms);
} else if (sym->has_section() && } else if (sym->storage_class ==
sym->storage_class == coff::storage_class_id::public_symbol) { coff::storage_class_id::public_symbol) {
auto scn = img->get_section(sym->section_index - 1); auto scn = img->get_section(sym->section_index - 1);
auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]); auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
// if the section doesnt have a symbol then make one and put it into the // if the section doesnt have a symbol then make one and put it into
// symbol table... // the symbol table...
// //
if (!scn_sym.has_value()) { if (!scn_sym.has_value()) {
auto scn_sym_name = auto scn_sym_name =
@ -102,9 +103,9 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
// create a symbol for the data... // create a symbol for the data...
// //
decomp::symbol_t new_sym(sym->name.to_string(img->get_strings()).data(), decomp::symbol_t new_sym(
sym->value, {}, scn, sym, {}, sym->name.to_string(img->get_strings()).data(), sym->value, {},
sym_type_t::data); scn, sym, {}, sym_type_t::data);
spdlog::info("adding data symbol: {} located inside of section: {}", spdlog::info("adding data symbol: {} located inside of section: {}",
new_sym.name(), new_sym.name(),
@ -114,6 +115,24 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
m_syms->add_symbol(new_sym); m_syms->add_symbol(new_sym);
} }
} else if (sym->storage_class ==
coff::storage_class_id::
external_definition) { // else if the symbol has no
// section... these symbols require
// the linker to allocate space for
// them...
// the data is init to all zeros...
//
std::vector<std::uint8_t> data(sym->value, 0);
// the symbol is data, it has no section...
//
decomp::symbol_t bss_sym(sym->name.to_string(img->get_strings()).data(),
{}, data, {}, sym, {}, sym_type_t::data);
m_syms->add_symbol(bss_sym);
}
} }
}); });

Write Preview
Loading…
Cancel
Save