229 lines
9.1 KiB
C
229 lines
9.1 KiB
C
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
||
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
||
╞══════════════════════════════════════════════════════════════════════════════╡
|
||
│ Copyright 2020 Justine Alexandra Roberts Tunney │
|
||
│ │
|
||
│ This program is free software; you can redistribute it and/or modify │
|
||
│ it under the terms of the GNU General Public License as published by │
|
||
│ the Free Software Foundation; version 2 of the License. │
|
||
│ │
|
||
│ This program is distributed in the hope that it will be useful, but │
|
||
│ WITHOUT ANY WARRANTY; without even the implied warranty of │
|
||
│ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU │
|
||
│ General Public License for more details. │
|
||
│ │
|
||
│ You should have received a copy of the GNU General Public License │
|
||
│ along with this program; if not, write to the Free Software │
|
||
│ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA │
|
||
│ 02110-1301 USA │
|
||
╚─────────────────────────────────────────────────────────────────────────────*/
|
||
#include "libc/bits/safemacros.h"
|
||
#include "libc/calls/calls.h"
|
||
#include "libc/calls/struct/stat.h"
|
||
#include "libc/conv/conv.h"
|
||
#include "libc/nt/struct/imagentheaders.h"
|
||
#include "libc/nt/struct/imageoptionalheader.h"
|
||
#include "libc/pe.h"
|
||
#include "libc/stdio/stdio.h"
|
||
#include "libc/sysv/consts/map.h"
|
||
#include "libc/sysv/consts/o.h"
|
||
#include "libc/sysv/consts/prot.h"
|
||
#include "third_party/xed/x86.h"
|
||
#include "tool/decode/lib/asmcodegen.h"
|
||
#include "tool/decode/lib/flagger.h"
|
||
#include "tool/decode/lib/peidnames.h"
|
||
#include "tool/decode/lib/titlegen.h"
|
||
|
||
/**
|
||
* @fileoverview Portable executable metadata disassembler.
|
||
* @see https://www.aldeid.com/wiki/PE-Portable-executable
|
||
*/
|
||
|
||
static const char *path;
|
||
static struct NtImageDosHeader *mz;
|
||
static size_t mzsize;
|
||
|
||
static struct XedDecodedInst *ildreal(void *addr) {
|
||
static struct XedDecodedInst xedd;
|
||
if (xed_instruction_length_decode(
|
||
xed_decoded_inst_zero_set_mode(&xedd, XED_MACHINE_MODE_REAL), addr,
|
||
XED_MAX_INSTRUCTION_BYTES) != XED_ERROR_NONE ||
|
||
!xedd.decoded_length) {
|
||
xedd.decoded_length = 1;
|
||
}
|
||
return &xedd;
|
||
}
|
||
|
||
static void startfile(void) {
|
||
showtitle("αcτµαlly pδrταblε εxεcµταblε", "tool/decode/pe", NULL, NULL,
|
||
&kModelineAsm);
|
||
printf("#include \"libc/pe.h\"\n\n", path);
|
||
}
|
||
|
||
static void showmzheader(void) {
|
||
showtitle(basename(path), "dos", "mz header",
|
||
"\tMZ = Mark 'Zibo' Joseph Zbikowski\n"
|
||
"\te_cblp: bytes on last page\n"
|
||
"\te_cp: 512-byte pages in file\n"
|
||
"\te_crlc: reloc table entry count\n"
|
||
"\te_cparhdr: data segment file offset / 16\n"
|
||
"\te_{min,max}alloc: lowers upper bound load / 16\n"
|
||
"\te_ss: lower bound on stack segment\n"
|
||
"\te_sp: initialize stack pointer\n"
|
||
"\te_csum: ∑bₙ checksum don't bother\n"
|
||
"\te_ip: initial ip value\n"
|
||
"\te_cs: increases cs load lower bound\n"
|
||
"\te_lfarlc: reloc table offset\n"
|
||
"\te_ovno: overlay number\n"
|
||
"\te_lfanew: portable executable header rva",
|
||
NULL);
|
||
printf("\n");
|
||
show(".ascii", format(b1, "%`'.*s", 2, (const char *)&mz->e_magic),
|
||
"mz->e_magic");
|
||
showshorthex(mz->e_cblp);
|
||
showshorthex(mz->e_cp);
|
||
showshorthex(mz->e_crlc);
|
||
showshorthex(mz->e_cparhdr);
|
||
showshorthex(mz->e_minalloc);
|
||
showshorthex(mz->e_maxalloc);
|
||
showshorthex(mz->e_ss);
|
||
showshorthex(mz->e_sp);
|
||
showshorthex(mz->e_csum);
|
||
showshorthex(mz->e_ip);
|
||
showshorthex(mz->e_cs);
|
||
showshorthex(mz->e_lfarlc);
|
||
showshorthex(mz->e_ovno);
|
||
show(".short",
|
||
format(b1, "%hn,%hn,%hn,%hn", mz->e_res[0], mz->e_res[1], mz->e_res[2],
|
||
mz->e_res[3]),
|
||
"mz->e_res");
|
||
showshorthex(mz->e_oemid);
|
||
showshorthex(mz->e_oeminfo);
|
||
show(".short",
|
||
format(b1, "%hn,%hn,%hn,%hn,%hn,%hn,%hn,%hn,%hn,%hn", mz->e_res2[0],
|
||
mz->e_res2[1], mz->e_res2[2], mz->e_res2[3], mz->e_res2[4],
|
||
mz->e_res2[5], mz->e_res2[6], mz->e_res2[7], mz->e_res2[8],
|
||
mz->e_res2[9]),
|
||
"mz->e_res2");
|
||
showinthex(mz->e_lfanew);
|
||
printf("\n");
|
||
}
|
||
|
||
static void showdosstub(void) {
|
||
unsigned char *p = (unsigned char *)mz + sizeof(struct NtImageDosHeader);
|
||
unsigned char *pe = (mz->e_lfanew ? p + mz->e_lfanew : p + mzsize);
|
||
pe = min(pe, p + mzsize - XED_MAX_INSTRUCTION_BYTES);
|
||
while (p < pe) {
|
||
struct XedDecodedInst *inst = ildreal(p);
|
||
if (p + inst->decoded_length > pe) break;
|
||
printf("\t.byte\t");
|
||
for (unsigned i = 0; i < inst->decoded_length; ++i) {
|
||
if (i) printf(",");
|
||
printf("%#hhx", xed_decoded_inst_get_byte(inst, i));
|
||
}
|
||
printf("\n");
|
||
p += inst->decoded_length;
|
||
}
|
||
printf("\n");
|
||
}
|
||
|
||
static void showpeoptionalheader(struct NtImageOptionalHeader *opt) {
|
||
showtitle(basename(path), "windows", "pe \"optional\" header", NULL, NULL);
|
||
printf("\n");
|
||
show(".short",
|
||
firstnonnull(findnamebyid(kNtPeOptionalHeaderMagicNames, opt->Magic),
|
||
format(b1, "%#hx", opt->Magic)),
|
||
"opt->Magic");
|
||
showint(opt->MajorLinkerVersion);
|
||
showint(opt->MinorLinkerVersion);
|
||
showinthex(opt->SizeOfCode);
|
||
showinthex(opt->SizeOfInitializedData);
|
||
showinthex(opt->SizeOfUninitializedData);
|
||
showinthex(opt->AddressOfEntryPoint);
|
||
showinthex(opt->BaseOfCode);
|
||
showint64hex(opt->ImageBase);
|
||
showinthex(opt->SectionAlignment);
|
||
showinthex(opt->FileAlignment);
|
||
showshort(opt->MajorOperatingSystemVersion);
|
||
showshort(opt->MinorOperatingSystemVersion);
|
||
showshort(opt->MajorImageVersion);
|
||
showshort(opt->MinorImageVersion);
|
||
showshort(opt->MajorSubsystemVersion);
|
||
showshort(opt->MinorSubsystemVersion);
|
||
showint(opt->Win32VersionValue);
|
||
showinthex(opt->SizeOfImage);
|
||
showinthex(opt->SizeOfHeaders);
|
||
showinthex(opt->CheckSum);
|
||
show(".short",
|
||
firstnonnull(findnamebyid(kNtImageSubsystemNames, opt->Subsystem),
|
||
format(b1, "%#hx", opt->Subsystem)),
|
||
"opt->Subsystem");
|
||
show(".short",
|
||
firstnonnull(recreateflags(kNtImageDllcharacteristicNames,
|
||
opt->DllCharacteristics),
|
||
format(b1, "%#hx", opt->DllCharacteristics)),
|
||
"opt->DllCharacteristics");
|
||
showint64hex(opt->SizeOfStackReserve);
|
||
showint64hex(opt->SizeOfStackCommit);
|
||
showint64hex(opt->SizeOfHeapReserve);
|
||
showint64hex(opt->SizeOfHeapCommit);
|
||
showinthex(opt->LoaderFlags);
|
||
showinthex(opt->NumberOfRvaAndSizes);
|
||
}
|
||
|
||
static void showpeheader(struct NtImageNtHeaders *pe) {
|
||
showtitle(basename(path), "windows", "pe header", NULL, NULL);
|
||
printf("\n");
|
||
showorg(mz->e_lfanew);
|
||
show(".ascii", format(b1, "%`'.*s", 4, (const char *)&pe->Signature),
|
||
"pe->Signature");
|
||
show(".short",
|
||
firstnonnull(
|
||
findnamebyid(kNtImageFileMachineNames, pe->FileHeader.Machine),
|
||
format(b1, "%#hx", pe->FileHeader.Machine)),
|
||
"pe->FileHeader.Machine");
|
||
showshort(pe->FileHeader.NumberOfSections);
|
||
showinthex(pe->FileHeader.TimeDateStamp);
|
||
showinthex(pe->FileHeader.PointerToSymbolTable);
|
||
showint(pe->FileHeader.NumberOfSymbols);
|
||
showshort(pe->FileHeader.SizeOfOptionalHeader);
|
||
show(".short",
|
||
firstnonnull(recreateflags(kNtImageCharacteristicNames,
|
||
pe->FileHeader.Characteristics),
|
||
format(b1, "%#hx", pe->FileHeader.Characteristics)),
|
||
"pe->FileHeader.Characteristics");
|
||
printf("\n");
|
||
showpeoptionalheader(pecheckaddress(mz, mzsize, &pe->OptionalHeader,
|
||
pe->FileHeader.SizeOfOptionalHeader));
|
||
}
|
||
|
||
static void showall(void) {
|
||
startfile();
|
||
showmzheader();
|
||
showdosstub();
|
||
if (mz->e_lfanew) {
|
||
showpeheader(pecomputerva(mz, mzsize, mz->e_lfanew,
|
||
sizeof(struct NtImageFileHeader)));
|
||
}
|
||
}
|
||
|
||
int main(int argc, char *argv[]) {
|
||
int64_t fd;
|
||
struct stat st[1];
|
||
if (argc != 2) fprintf(stderr, "usage: %s FILE\n", argv[0]), exit(1);
|
||
if ((fd = open((path = argv[1]), O_RDONLY)) == -1 || fstat(fd, st) == -1 ||
|
||
(mz = mmap(NULL, (mzsize = st->st_size), PROT_READ, MAP_SHARED, fd, 0)) ==
|
||
MAP_FAILED) {
|
||
fprintf(stderr, "error: %'s %m\n", path);
|
||
exit(1);
|
||
}
|
||
if (mz->e_magic != kNtImageDosSignature) {
|
||
fprintf(stderr, "error: %'s not a dos executable\n", path);
|
||
exit(1);
|
||
}
|
||
showall();
|
||
munmap(mz, mzsize);
|
||
close(fd);
|
||
return 0;
|
||
}
|