Implemented Section table parsing

bohdloss · Aug 8, 2021 · 22b50f5 · 22b50f5
1 parent 40780b8
commit 22b50f5
Show file tree

Hide file tree

Showing 17 changed files with 299 additions and 90 deletions.
diff --git a/Buffer.hpp b/Buffer.hpp
@@ -5,8 +5,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdexcept>
-
-#define NO_RANGE "Out of buffer range"
+#include "Defines.hpp"
+#include "Utils.hpp"
 
 class Buffer {
 public:
@@ -16,6 +16,7 @@ class Buffer {
     template<typename T>
     T get(size_t offset) {
         if(offset < 0 || offset + sizeof(T) > this->size) {
+            printf(NO_RANGE);
             throw std::range_error(NO_RANGE);
         }
         T buffer;
@@ -26,20 +27,23 @@ class Buffer {
     template<typename T>
     void set(size_t offset, T value) {
         if(offset < 0 || offset + sizeof(T) > this->size) {
+            printf(NO_RANGE);
             throw std::range_error(NO_RANGE);
         }
         memcpy(data + offset, &value, sizeof(T));
     }
 
     void copyOut(size_t offset, size_t destination, size_t size) {
         if(offset < 0 || offset + size > this->size) {
+            printf(NO_RANGE);
             throw std::range_error(NO_RANGE);
         }
         memcpy(destination, data + offset, size);
     }
 
     void copyIn(size_t offset, size_t source, size_t size) {
         if(offset < 0 || offset + size > this->size) {
+            printf(NO_RANGE);
             throw std::range_error(NO_RANGE);
         }
         memcpy(data + offset, source, size);

diff --git a/COFFHeader.cpp b/COFFHeader.cpp
@@ -15,19 +15,9 @@ void COFFHeader::parse(Buffer buffer, size_t header_offset) {
     this->time_stamp = coff_struct.time_stamp;
     this->optional_header_size = coff_struct.optional_header_size;
     this->characteristics = coff_struct.characteristics;
-    this->symbol_amount = 0;
+    this->symbol_amount = coff_struct.symbol_amount;
     this->symbol_table_ptr = 0;
 
-    if(coff_struct.symbol_amount != 0 && coff_struct.symbol_table_ptr != 0) {
-        // Debugging information is present, copy it
-        this->symbol_amount = coff_struct.symbol_amount;
-        this->symbol_table_ptr = new COFFSymbol[symbol_amount];
-
-        for(uint32_t i = 0; i < symbol_amount; i++) {
-            symbol_table_ptr[i].parse(buffer, coff_struct.symbol_table_ptr, &i);
-        }
-    }
-
     // Initialize the string table
     uint32_t string_table_offset = coff_struct.symbol_table_ptr + (symbol_amount * sizeof(COFFSymbol::nSymbol));
     uint32_t string_table_size = buffer.get<uint32_t>(string_table_offset);
@@ -65,4 +55,17 @@ void COFFHeader::parse(Buffer buffer, size_t header_offset) {
         memcpy(string_table_ptr[i], str, str_len);
         i++;
     }
+
+    // Copy raw string table too
+    this->raw_string_table_ptr = malloc(string_table_size);
+    memcpy(raw_string_table_ptr, buffer.getData() + string_table_offset, string_table_size);
+
+    if(coff_struct.symbol_amount != 0 && coff_struct.symbol_table_ptr != 0) {
+        // Debugging information is present, copy it
+        this->symbol_table_ptr = new COFFSymbol[symbol_amount];
+
+        for(uint32_t i = 0; i < symbol_amount; i++) {
+            symbol_table_ptr[i].parse(buffer, coff_struct.symbol_table_ptr, &i, this);
+        }
+    }
 }
diff --git a/COFFHeader.hpp b/COFFHeader.hpp
@@ -3,6 +3,8 @@
 #include "COFFSymbol.hpp"
 #include "Buffer.hpp"
 
+class COFFSymbol;
+
 class COFFHeader {
 public:
 #pragma pack(push, 1)
@@ -30,34 +32,42 @@ class COFFHeader {
         return machine;
     }
 
-    uint16_t getNumber_of_sections() const {
+    uint16_t getNumberOfSections() const {
         return number_of_sections;
     }
 
-    uint16_t getOptional_header_size() const {
+    uint16_t getOptionalHeaderSize() const {
         return optional_header_size;
     }
 
-    uint32_t getSymbol_amount() const {
+    uint32_t getSymbolAmount() const {
         return symbol_amount;
     }
 
-    COFFSymbol* getSymbol_table_ptr() const {
+    COFFSymbol* getSymbolTablePtr() const {
         return symbol_table_ptr;
     }
 
-    uint32_t getTime_stamp() const {
+    uint32_t getTimestamp() const {
         return time_stamp;
     }
 
-    char** getString_table_ptr() const {
+    char** getStringTablePtr() const {
         return string_table_ptr;
     }
 
-    uint32_t getString_amount() const {
+    uint32_t getStringAmount() const {
         return string_amount;
     }
 
+    void* getRawStringTablePtr() const {
+        return raw_string_table_ptr;
+    }
+
+    char* getString(size_t offset) {
+        return (char*) (raw_string_table_ptr + offset);
+    }
+
 private: 
     uint16_t machine;
     uint16_t number_of_sections;
@@ -68,4 +78,5 @@ class COFFHeader {
     uint16_t characteristics;
     char** string_table_ptr;
     uint32_t string_amount;
+    void* raw_string_table_ptr;
 };
diff --git a/COFFSymbol.cpp b/COFFSymbol.cpp
@@ -7,9 +7,32 @@ COFFSymbol::COFFSymbol() {
 COFFSymbol::~COFFSymbol() {
 }
 
-void COFFSymbol::parse(Buffer buffer, size_t symbol_table_ptr, uint32_t* index) {
+void COFFSymbol::parse(Buffer buffer, size_t symbol_table_ptr, uint32_t* index, COFFHeader* coff_header) {
     nSymbol symbol_struct = buffer.get<nSymbol>(symbol_table_ptr + (sizeof(nSymbol) * (*index)));
-    memcpy(this->name, symbol_struct.name, 8);
+    // Retrieve the name
+    if(symbol_struct.zero == 0) {
+        // The string is located in the string table
+        uint32_t offset = symbol_struct.offset;
+        char* string = coff_header->getString(offset);
+        size_t string_len = strlen(string) + 1;
+
+        // Copy it
+        this->name = new char[string_len];
+        memcpy(name, string, string_len);
+    } else {
+        // Is the string null terminated?
+        char* string = &symbol_struct.name[0];
+        bool null_term = string[7] == '\0';
+        if(null_term) {
+            size_t string_len = strlen(string) + 1;
+            this->name = new char[string_len];
+            memcpy(name, string, string_len);
+        } else {
+            this->name = new char[9];
+            memcpy(name, string, 8);
+            name[8] = '\0';
+        }
+    }
     this->value = symbol_struct.value;
     this->section_number = symbol_struct.section_number;
     this->type = symbol_struct.type;

diff --git a/COFFSymbol.hpp b/COFFSymbol.hpp
@@ -2,6 +2,9 @@
 
 #include <stdint.h>
 #include "Buffer.hpp"
+#include "COFFHeader.hpp"
+
+class COFFHeader;
 
 class COFFSymbol {
 public:
@@ -25,17 +28,17 @@ class COFFSymbol {
     COFFSymbol();
     virtual ~COFFSymbol();
 
-    void parse(Buffer buffer, size_t symbol_table_ptr, uint32_t* index);
+    void parse(Buffer buffer, size_t symbol_table_ptr, uint32_t* index, COFFHeader* coff_header);
 
     uint8_t getAuxiliary_number() const {
         return auxiliary_number;
     }
 
-    uint8_t getCclass() const {
+    uint8_t getClass() const {
         return cclass;
     }
 
-    int16_t getSection_number() const {
+    int16_t getSectionNumber() const {
         return section_number;
     }
 
@@ -48,13 +51,7 @@ class COFFSymbol {
     }
 
 private:
-    union {
-        char name[8];
-        struct {
-            uint32_t zero;
-            uint32_t offset;
-        };
-    };
+    char* name;
     uint32_t value;
     int16_t section_number;
     uint16_t type;

diff --git a/DataDirectory.hpp b/DataDirectory.hpp
@@ -17,11 +17,11 @@ class DataDirectory {
     uint32_t virtual_address;
     uint32_t size;
 
-    uint32_t GetSize() const {
+    uint32_t getSize() const {
         return size;
     }
 
-    uint32_t GetVirtual_address() const {
+    uint32_t getVirtualAddress() const {
         return virtual_address;
     }
 

diff --git a/Defines.hpp b/Defines.hpp
@@ -4,6 +4,7 @@
 #define NO_SIGNATURE "Executable file does not contain a valid signature\n"
 #define NO_MAGIC "Executable file does not contain a valid magic number in its optional header\n"
 #define NO_OPTSIZE "Optional header size differs from the one specified by the COFF header\n"
+#define NO_RANGE "Out of buffer range\n"
 
 #define IMAGE_PE32 0x10b
 #define IMAGE_PE32PLUS 0x20b