diff --git a/include/llodctor/llodctor_base.hpp b/include/llodctor/llodctor_base.hpp
index 1dc8277..fbc7959 100644
--- a/include/llodctor/llodctor_base.hpp
+++ b/include/llodctor/llodctor_base.hpp
@@ -28,7 +28,7 @@ namespace llo::s1
/// set raw_img to the vector passed by reference...
///
/// vector of bytes containing the raw image...
- explicit dctor_base_t( std::vector< std::uint8_t > &image,
+ explicit dctor_base_t( const std::vector< std::uint8_t > &image,
llo::s1::symbol_loader_base_t *symbol_loader = nullptr )
: raw_img{ image }, symbol_loader{ symbol_loader }
{
diff --git a/include/llodisposition/llodisposition_types.cpp b/include/llodisposition/llodisposition_types.cpp
new file mode 100644
index 0000000..5450668
--- /dev/null
+++ b/include/llodisposition/llodisposition_types.cpp
@@ -0,0 +1,8 @@
+#include
+
+std::shared_ptr< llo::disposition_t > llo::disposition_t::make( const llo::utils::hash_t< std::string > &iff_name,
+ const llo::utils::hash_t< std::string > §ion_name,
+ std::uint32_t section_offset )
+{
+ return std::make_shared< disposition_t >( iff_name, section_name, section_offset );
+}
\ No newline at end of file
diff --git a/include/llodisposition/llodisposition_types.hpp b/include/llodisposition/llodisposition_types.hpp
index c78f5ce..4cee73c 100644
--- a/include/llodisposition/llodisposition_types.hpp
+++ b/include/llodisposition/llodisposition_types.hpp
@@ -6,24 +6,19 @@ namespace llo
{
class disposition_t
{
- llo::utils::hash_t< std::string > iff_name;
- llo::utils::hash_t< std::string > section_name;
- std::uint32_t offset;
-
public:
- explicit disposition_t( llo::utils::hash_t< std::string > &iff_name,
- llo::utils::hash_t< std::string > §ion_name, std::uint32_t section_offset )
+ explicit disposition_t( const llo::utils::hash_t< std::string > &iff_name,
+ const llo::utils::hash_t< std::string > §ion_name, std::uint32_t section_offset )
: iff_name( iff_name ), section_name( section_name ), offset( offset )
{
}
- disposition_t( llo::utils::hash_t< std::string > &&iff_name, llo::utils::hash_t< std::string > &§ion_name,
- std::uint32_t section_offset )
- : iff_name( iff_name ), section_name( section_name ), offset( offset )
- {
- }
+ static std::shared_ptr< disposition_t > make( const llo::utils::hash_t< std::string > &iff_name,
+ const llo::utils::hash_t< std::string > §ion_name,
+ std::uint32_t section_offset );
- llo::utils::hash_t< std::string > get_section() const;
- std::uint32_t get_offset() const;
+ llo::utils::hash_t< std::string > iff_name;
+ llo::utils::hash_t< std::string > section_name;
+ std::uint32_t offset;
};
} // namespace llo
\ No newline at end of file
diff --git a/include/lloiff.hpp b/include/lloiff.hpp
index cfc842f..9103f0c 100644
--- a/include/lloiff.hpp
+++ b/include/lloiff.hpp
@@ -9,48 +9,68 @@
namespace llo
{
+ ///
+ /// lloiff class which contains all of the information for representing a file format in a IL format...
+ ///
class lloiff_t
{
public:
- class section_t
+ ///
+ /// iff section struct containing IL information about a section...
+ ///
+ struct iff_section_t
{
- public:
+ ///
+ /// section name, hashed so that there can be multiple...
+ ///
llo::utils::hash_t< std::string > section_name;
+
+ ///
+ /// opaque value, lifted from the original file format...
+ /// this is should only be used by code that understands what the underlying file
+ /// format was...
+ ///
std::uint64_t characteristics;
- std::vector< std::shared_ptr< llo::symbol::symbol_base_t > > symbols;
- std::vector< std::uint8_t > section_raw;
- };
- explicit lloiff_t( std::string &&file_name ) : file_name( file_name )
- {
- }
+ ///
+ /// vector of symbols for this section...
+ ///
+ std::vector< std::shared_ptr< llo::symbol::symbol_base_t > > symbols;
- lloiff_t( std::string &file_name ) : file_name( file_name )
- {
- }
+ ///
+ /// vector of raw bytes containing the original bytes of this section...
+ ///
+ std::vector< std::uint8_t > raw;
+ };
- llo::utils::hash_t< std::string > get_name() const
+ ///
+ /// explicit constructor, must pass a name and the original file as a vector of bytes...
+ ///
+ /// name for this iff object...
+ /// vector of raw bytes containing the original file...
+ explicit lloiff_t( const std::string &name, const std::vector< std::uint8_t > &raw ) : name( name ), raw( raw )
{
- return file_name;
}
- std::vector< section_t > get_sections() const
- {
- return sections;
- }
+ ///
+ /// entry point, where code execution begins....
+ /// this is lifted from the underlying file format...
+ ///
+ std::shared_ptr< disposition_t > entry;
- void add_section( section_t &§ion )
- {
- sections.push_back( section );
- }
+ ///
+ /// name of the iff file, hashed so there can be unique objects...
+ ///
+ llo::utils::hash_t< std::string > name;
- void add_section( section_t §ion )
- {
- sections.push_back( section );
- }
+ ///
+ /// vector of iff sections...
+ ///
+ std::vector< iff_section_t > sections;
- private:
- llo::utils::hash_t< std::string > file_name;
- std::vector< section_t > sections;
+ ///
+ /// vector of bytes containing the entire original file...
+ ///
+ std::vector< std::uint8_t > raw;
};
} // namespace llo
\ No newline at end of file
diff --git a/include/llosymbol/llosymbol_base.hpp b/include/llosymbol/llosymbol_base.hpp
index a62d250..764730e 100644
--- a/include/llosymbol/llosymbol_base.hpp
+++ b/include/llosymbol/llosymbol_base.hpp
@@ -21,12 +21,8 @@ namespace llo::symbol
std::size_t symbol_size;
public:
- explicit symbol_base_t( llo::utils::hash_t< std::string > &&symbol_name, llo::disposition_t &&disposition )
- : disposition( disposition ), symbol_name( symbol_name )
- {
- }
-
- symbol_base_t( llo::utils::hash_t< std::string > &symbol_name, llo::disposition_t &disposition )
+ explicit symbol_base_t( const llo::utils::hash_t< std::string > &symbol_name,
+ const llo::disposition_t &disposition )
: disposition( disposition ), symbol_name( symbol_name )
{
}
diff --git a/include/llosymbol_loader/llosymbol_loader_base.hpp b/include/llosymbol_loader/llosymbol_loader_base.hpp
index 5020cc6..050aa93 100644
--- a/include/llosymbol_loader/llosymbol_loader_base.hpp
+++ b/include/llosymbol_loader/llosymbol_loader_base.hpp
@@ -12,14 +12,9 @@ namespace llo::s1
std::string symbols_path;
public:
- explicit symbol_loader_base_t( std::string &&path ) : symbols_path{ path }
+ explicit symbol_loader_base_t( const std::string &path ) : symbols_path{ path }
{
}
-
- symbol_loader_base_t( std::string &path ) : symbols_path{ path }
- {
- }
-
- virtual void load( llo::lloiff_t &) = 0;
+ virtual void load( llo::lloiff_t & ) = 0;
};
} // namespace llo::s1
\ No newline at end of file
diff --git a/llo-s1.vcxproj b/llo-s1.vcxproj
index d2fc82a..3329818 100644
--- a/llo-s1.vcxproj
+++ b/llo-s1.vcxproj
@@ -105,6 +105,7 @@
+
diff --git a/llo-s1.vcxproj.filters b/llo-s1.vcxproj.filters
index 79255d5..9957344 100644
--- a/llo-s1.vcxproj.filters
+++ b/llo-s1.vcxproj.filters
@@ -327,5 +327,8 @@
Source Files
+
+ Source Files
+
\ No newline at end of file
diff --git a/src/llodctor_pe.cpp b/src/llodctor_pe.cpp
index 1ac9a1b..0de7078 100644
--- a/src/llodctor_pe.cpp
+++ b/src/llodctor_pe.cpp
@@ -5,18 +5,25 @@ void llo::s1::dctor_pe_t::generate( lloiff_t &iff )
auto dos_header = reinterpret_cast< win::dos_header_t * >( raw_img.data() );
auto sections = dos_header->get_nt_headers()->get_sections();
auto section_count = dos_header->get_nt_headers()->file_header.num_sections;
+ auto entry_point = dos_header->get_nt_headers()->optional_header.entry_point;
+ // lift section information to iff...
for ( auto idx = 0u; idx < section_count; ++idx )
{
- llo::utils::hash_t< std::string > section_name{ std::string( sections[idx].name.to_string() ) };
- llo::lloiff_t::section_t section{ section_name };
- section.characteristics = sections[idx].characteristics.flags;
+ llo::utils::hash_t< std::string > section_name{ std::string( sections[ idx ].name.to_string() ) };
+ llo::lloiff_t::iff_section_t section{ section_name };
+ section.characteristics = sections[ idx ].characteristics.flags;
- // copy the sections raw bytes...
- section.section_raw.insert( section.section_raw.begin(), raw_img.data(),
- raw_img.data() + sections[ idx ].ptr_raw_data );
+ // check to see if this section contains the entry point of the module...
+ if ( entry_point >= sections[ idx ].virtual_address &&
+ entry_point < sections[ idx ].virtual_address + sections[ idx ].virtual_size )
+ // lift entry point to iff...
+ iff.entry =
+ llo::disposition_t::make( iff.name, section_name, sections[ idx ].virtual_address - entry_point );
- iff.add_section( section );
+ // copy the sections raw bytes...
+ section.raw.insert( section.raw.begin(), raw_img.data(), raw_img.data() + sections[ idx ].ptr_raw_data );
+ iff.sections.push_back( section );
}
if ( symbol_loader )
diff --git a/src/main.cpp b/src/main.cpp
index d9b4159..05e00ca 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -28,9 +28,9 @@ int __cdecl main( int argc, const char *argv[] )
return -1;
}
- auto file_name{ cli_parser.get< std::string >( "input" ) };
+ auto name{ cli_parser.get< std::string >( "input" ) };
- if ( !std::filesystem::exists( file_name ) )
+ if ( !std::filesystem::exists( name ) )
{
std::printf( "[!] input file does not exist...\n" );
return -1;
@@ -38,7 +38,7 @@ int __cdecl main( int argc, const char *argv[] )
std::vector< std::uint8_t > image;
- if ( !llo::utils::open_binary_file( file_name, image ) )
+ if ( !llo::utils::open_binary_file( name, image ) )
{
std::printf( "[!] failed to read file off disk...\n" );
return -1;
@@ -61,7 +61,7 @@ int __cdecl main( int argc, const char *argv[] )
}
std::shared_ptr< llo::s1::dctor_base_t > file_dctor = nullptr;
- std::filesystem::path file_path{ file_name };
+ std::filesystem::path file_path{ name };
if ( file_path.extension().compare( ".exe" ) || file_path.extension().compare( ".dll" ) ||
file_path.extension().compare( ".sys" ) )
@@ -79,16 +79,18 @@ int __cdecl main( int argc, const char *argv[] )
return -1;
}
- llo::lloiff_t iff( file_name );
+ llo::lloiff_t iff( name, image );
file_dctor->generate( iff );
- const auto §ions = iff.get_sections();
- std::printf( "> number of sections = %d\n", sections.size() );
+ std::printf( "> number of sections = %d\n", iff.sections.size() );
+ if ( iff.entry )
+ std::printf( "> entry section name = %s, section offest = 0x%x\n", iff.entry->section_name.get_data().c_str(),
+ iff.entry->offset );
- for ( auto §ion : sections )
+ for ( auto §ion : iff.sections )
{
std::printf( "> section name = %s\n", section.section_name.get_data().c_str() );
- std::printf( "> size of raw section = %d\n", section.section_raw.size() );
+ std::printf( "> size of raw section = %d\n", section.raw.size() );
std::printf( "> number of symbols = %d\n", section.symbols.size() );
}
}
\ No newline at end of file