1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/*************************************************************************/
/* Copyright (c) 2015 dx, http://kaimi.ru */
/* */
/* Permission is hereby granted, free of charge, to any person */
/* obtaining a copy of this software and associated documentation */
/* files (the "Software"), to deal in the Software without */
/* restriction, including without limitation the rights to use, */
/* copy, modify, merge, publish, distribute, sublicense, and/or */
/* sell copies of the Software, and to permit persons to whom the */
/* Software is furnished to do so, subject to the following conditions: */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#pragma once
#include <vector>
#include "pe_structures.h"
#include "pe_base.h"
#include "pe_directory.h"
namespace pe_bliss
{
//Class representing image configuration information
class image_config_info
{
public:
typedef std::vector<uint32_t> se_handler_list;
typedef std::vector<uint32_t> lock_prefix_rva_list;
public:
//Default constructor
image_config_info();
//Constructors from PE structures (no checks)
template<typename ConfigStructure>
explicit image_config_info(const ConfigStructure& info);
//Returns the date and time stamp value
uint32_t get_time_stamp() const;
//Returns major version number
uint16_t get_major_version() const;
//Returns minor version number
uint16_t get_minor_version() const;
//Returns clear global flags
uint32_t get_global_flags_clear() const;
//Returns set global flags
uint32_t get_global_flags_set() const;
//Returns critical section default timeout
uint32_t get_critical_section_default_timeout() const;
//Get the size of the minimum block that
//must be freed before it is freed (de-committed), in bytes
uint64_t get_decommit_free_block_threshold() const;
//Returns the size of the minimum total memory
//that must be freed in the process heap before it is freed (de-committed), in bytes
uint64_t get_decommit_total_free_threshold() const;
//Returns VA of a list of addresses where the LOCK prefix is used
uint64_t get_lock_prefix_table_va() const;
//Returns the maximum allocation size, in bytes
uint64_t get_max_allocation_size() const;
//Returns the maximum block size that can be allocated from heap segments, in bytes
uint64_t get_virtual_memory_threshold() const;
//Returns process affinity mask
uint64_t get_process_affinity_mask() const;
//Returns process heap flags
uint32_t get_process_heap_flags() const;
//Returns service pack version (CSDVersion)
uint16_t get_service_pack_version() const;
//Returns VA of edit list (reserved by system)
uint64_t get_edit_list_va() const;
//Returns a pointer to a cookie that is used by Visual C++ or GS implementation
uint64_t get_security_cookie_va() const;
//Returns VA of the sorted table of RVAs of each valid, unique handler in the image
uint64_t get_se_handler_table_va() const;
//Returns the count of unique handlers in the table
uint64_t get_se_handler_count() const;
//Returns SE Handler RVA list
const se_handler_list& get_se_handler_rvas() const;
//Returns Lock Prefix RVA list
const lock_prefix_rva_list& get_lock_prefix_rvas() const;
public: //These functions do not change everything inside image, they are used by PE class
//Also you can use these functions to rebuild image config directory
//Adds SE Handler RVA to list
void add_se_handler_rva(uint32_t rva);
//Clears SE Handler list
void clear_se_handler_list();
//Adds Lock Prefix RVA to list
void add_lock_prefix_rva(uint32_t rva);
//Clears Lock Prefix list
void clear_lock_prefix_list();
//Sets the date and time stamp value
void set_time_stamp(uint32_t time_stamp);
//Sets major version number
void set_major_version(uint16_t major_version);
//Sets minor version number
void set_minor_version(uint16_t minor_version);
//Sets clear global flags
void set_global_flags_clear(uint32_t global_flags_clear);
//Sets set global flags
void set_global_flags_set(uint32_t global_flags_set);
//Sets critical section default timeout
void set_critical_section_default_timeout(uint32_t critical_section_default_timeout);
//Sets the size of the minimum block that
//must be freed before it is freed (de-committed), in bytes
void set_decommit_free_block_threshold(uint64_t decommit_free_block_threshold);
//Sets the size of the minimum total memory
//that must be freed in the process heap before it is freed (de-committed), in bytes
void set_decommit_total_free_threshold(uint64_t decommit_total_free_threshold);
//Sets VA of a list of addresses where the LOCK prefix is used
//If you rebuild this list, VA will be re-assigned automatically
void set_lock_prefix_table_va(uint64_t lock_prefix_table_va);
//Sets the maximum allocation size, in bytes
void set_max_allocation_size(uint64_t max_allocation_size);
//Sets the maximum block size that can be allocated from heap segments, in bytes
void set_virtual_memory_threshold(uint64_t virtual_memory_threshold);
//Sets process affinity mask
void set_process_affinity_mask(uint64_t process_affinity_mask);
//Sets process heap flags
void set_process_heap_flags(uint32_t process_heap_flags);
//Sets service pack version (CSDVersion)
void set_service_pack_version(uint16_t service_pack_version);
//Sets VA of edit list (reserved by system)
void set_edit_list_va(uint64_t edit_list_va);
//Sets a pointer to a cookie that is used by Visual C++ or GS implementation
void set_security_cookie_va(uint64_t security_cookie_va);
//Sets VA of the sorted table of RVAs of each valid, unique handler in the image
//If you rebuild this list, VA will be re-assigned automatically
void set_se_handler_table_va(uint64_t se_handler_table_va);
//Returns SE Handler RVA list
se_handler_list& get_se_handler_rvas();
//Returns Lock Prefix RVA list
lock_prefix_rva_list& get_lock_prefix_rvas();
private:
uint32_t time_stamp_;
uint16_t major_version_, minor_version_;
uint32_t global_flags_clear_, global_flags_set_;
uint32_t critical_section_default_timeout_;
uint64_t decommit_free_block_threshold_, decommit_total_free_threshold_;
uint64_t lock_prefix_table_va_;
uint64_t max_allocation_size_;
uint64_t virtual_memory_threshold_;
uint64_t process_affinity_mask_;
uint32_t process_heap_flags_;
uint16_t service_pack_version_;
uint64_t edit_list_va_;
uint64_t security_cookie_va_;
uint64_t se_handler_table_va_;
uint64_t se_handler_count_;
se_handler_list se_handlers_;
lock_prefix_rva_list lock_prefixes_;
};
//Returns image config info
//If image does not have config info, throws an exception
const image_config_info get_image_config(const pe_base& pe);
template<typename PEClassType>
const image_config_info get_image_config_base(const pe_base& pe);
//Image config directory rebuilder
//auto_strip_last_section - if true and TLS are placed in the last section, it will be automatically stripped
//If write_se_handlers = true, SE Handlers list will be written just after image config directory structure
//If write_lock_prefixes = true, Lock Prefixes address list will be written just after image config directory structure
const image_directory rebuild_image_config(pe_base& pe, const image_config_info& info, section& image_config_section, uint32_t offset_from_section_start = 0, bool write_se_handlers = true, bool write_lock_prefixes = true, bool save_to_pe_header = true, bool auto_strip_last_section = true);
template<typename PEClassType>
const image_directory rebuild_image_config_base(pe_base& pe, const image_config_info& info, section& image_config_section, uint32_t offset_from_section_start = 0, bool write_se_handlers = true, bool write_lock_prefixes = true, bool save_to_pe_header = true, bool auto_strip_last_section = true);
}
|