1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/sandbox/chromium/base/win/pe_image.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,268 @@
1.4 +// Copyright (c) 2010 The Chromium Authors. All rights reserved.
1.5 +// Use of this source code is governed by a BSD-style license that can be
1.6 +// found in the LICENSE file.
1.7 +
1.8 +// This file was adapted from GreenBorder's Code.
1.9 +// To understand what this class is about (for other than well known functions
1.10 +// as GetProcAddress), a good starting point is "An In-Depth Look into the
1.11 +// Win32 Portable Executable File Format" by Matt Pietrek:
1.12 +// http://msdn.microsoft.com/msdnmag/issues/02/02/PE/default.aspx
1.13 +
1.14 +#ifndef BASE_WIN_PE_IMAGE_H_
1.15 +#define BASE_WIN_PE_IMAGE_H_
1.16 +
1.17 +#include <windows.h>
1.18 +
1.19 +#if defined(_WIN32_WINNT_WIN8)
1.20 +// The Windows 8 SDK defines FACILITY_VISUALCPP in winerror.h.
1.21 +#undef FACILITY_VISUALCPP
1.22 +#endif
1.23 +#include <DelayIMP.h>
1.24 +
1.25 +namespace base {
1.26 +namespace win {
1.27 +
1.28 +// This class is a wrapper for the Portable Executable File Format (PE).
1.29 +// It's main purpose is to provide an easy way to work with imports and exports
1.30 +// from a file, mapped in memory as image.
1.31 +class PEImage {
1.32 + public:
1.33 + // Callback to enumerate sections.
1.34 + // cookie is the value passed to the enumerate method.
1.35 + // Returns true to continue the enumeration.
1.36 + typedef bool (*EnumSectionsFunction)(const PEImage &image,
1.37 + PIMAGE_SECTION_HEADER header,
1.38 + PVOID section_start, DWORD section_size,
1.39 + PVOID cookie);
1.40 +
1.41 + // Callback to enumerate exports.
1.42 + // function is the actual address of the symbol. If forward is not null, it
1.43 + // contains the dll and symbol to forward this export to. cookie is the value
1.44 + // passed to the enumerate method.
1.45 + // Returns true to continue the enumeration.
1.46 + typedef bool (*EnumExportsFunction)(const PEImage &image, DWORD ordinal,
1.47 + DWORD hint, LPCSTR name, PVOID function,
1.48 + LPCSTR forward, PVOID cookie);
1.49 +
1.50 + // Callback to enumerate import blocks.
1.51 + // name_table and iat point to the imports name table and address table for
1.52 + // this block. cookie is the value passed to the enumerate method.
1.53 + // Returns true to continue the enumeration.
1.54 + typedef bool (*EnumImportChunksFunction)(const PEImage &image, LPCSTR module,
1.55 + PIMAGE_THUNK_DATA name_table,
1.56 + PIMAGE_THUNK_DATA iat, PVOID cookie);
1.57 +
1.58 + // Callback to enumerate imports.
1.59 + // module is the dll that exports this symbol. cookie is the value passed to
1.60 + // the enumerate method.
1.61 + // Returns true to continue the enumeration.
1.62 + typedef bool (*EnumImportsFunction)(const PEImage &image, LPCSTR module,
1.63 + DWORD ordinal, LPCSTR name, DWORD hint,
1.64 + PIMAGE_THUNK_DATA iat, PVOID cookie);
1.65 +
1.66 + // Callback to enumerate dalayed import blocks.
1.67 + // module is the dll that exports this block of symbols. cookie is the value
1.68 + // passed to the enumerate method.
1.69 + // Returns true to continue the enumeration.
1.70 + typedef bool (*EnumDelayImportChunksFunction)(const PEImage &image,
1.71 + PImgDelayDescr delay_descriptor,
1.72 + LPCSTR module,
1.73 + PIMAGE_THUNK_DATA name_table,
1.74 + PIMAGE_THUNK_DATA iat,
1.75 + PIMAGE_THUNK_DATA bound_iat,
1.76 + PIMAGE_THUNK_DATA unload_iat,
1.77 + PVOID cookie);
1.78 +
1.79 + // Callback to enumerate relocations.
1.80 + // cookie is the value passed to the enumerate method.
1.81 + // Returns true to continue the enumeration.
1.82 + typedef bool (*EnumRelocsFunction)(const PEImage &image, WORD type,
1.83 + PVOID address, PVOID cookie);
1.84 +
1.85 + explicit PEImage(HMODULE module) : module_(module) {}
1.86 + explicit PEImage(const void* module) {
1.87 + module_ = reinterpret_cast<HMODULE>(const_cast<void*>(module));
1.88 + }
1.89 +
1.90 + // Gets the HMODULE for this object.
1.91 + HMODULE module() const;
1.92 +
1.93 + // Sets this object's HMODULE.
1.94 + void set_module(HMODULE module);
1.95 +
1.96 + // Checks if this symbol is actually an ordinal.
1.97 + static bool IsOrdinal(LPCSTR name);
1.98 +
1.99 + // Converts a named symbol to the corresponding ordinal.
1.100 + static WORD ToOrdinal(LPCSTR name);
1.101 +
1.102 + // Returns the DOS_HEADER for this PE.
1.103 + PIMAGE_DOS_HEADER GetDosHeader() const;
1.104 +
1.105 + // Returns the NT_HEADER for this PE.
1.106 + PIMAGE_NT_HEADERS GetNTHeaders() const;
1.107 +
1.108 + // Returns number of sections of this PE.
1.109 + WORD GetNumSections() const;
1.110 +
1.111 + // Returns the header for a given section.
1.112 + // returns NULL if there is no such section.
1.113 + PIMAGE_SECTION_HEADER GetSectionHeader(UINT section) const;
1.114 +
1.115 + // Returns the size of a given directory entry.
1.116 + DWORD GetImageDirectoryEntrySize(UINT directory) const;
1.117 +
1.118 + // Returns the address of a given directory entry.
1.119 + PVOID GetImageDirectoryEntryAddr(UINT directory) const;
1.120 +
1.121 + // Returns the section header for a given address.
1.122 + // Use: s = image.GetImageSectionFromAddr(a);
1.123 + // Post: 's' is the section header of the section that contains 'a'
1.124 + // or NULL if there is no such section.
1.125 + PIMAGE_SECTION_HEADER GetImageSectionFromAddr(PVOID address) const;
1.126 +
1.127 + // Returns the section header for a given section.
1.128 + PIMAGE_SECTION_HEADER GetImageSectionHeaderByName(LPCSTR section_name) const;
1.129 +
1.130 + // Returns the first block of imports.
1.131 + PIMAGE_IMPORT_DESCRIPTOR GetFirstImportChunk() const;
1.132 +
1.133 + // Returns the exports directory.
1.134 + PIMAGE_EXPORT_DIRECTORY GetExportDirectory() const;
1.135 +
1.136 + // Returns a given export entry.
1.137 + // Use: e = image.GetExportEntry(f);
1.138 + // Pre: 'f' is either a zero terminated string or ordinal
1.139 + // Post: 'e' is a pointer to the export directory entry
1.140 + // that contains 'f's export RVA, or NULL if 'f'
1.141 + // is not exported from this image
1.142 + PDWORD GetExportEntry(LPCSTR name) const;
1.143 +
1.144 + // Returns the address for a given exported symbol.
1.145 + // Use: p = image.GetProcAddress(f);
1.146 + // Pre: 'f' is either a zero terminated string or ordinal.
1.147 + // Post: if 'f' is a non-forwarded export from image, 'p' is
1.148 + // the exported function. If 'f' is a forwarded export
1.149 + // then p is the special value 0xFFFFFFFF. In this case
1.150 + // RVAToAddr(*GetExportEntry) can be used to resolve
1.151 + // the string that describes the forward.
1.152 + FARPROC GetProcAddress(LPCSTR function_name) const;
1.153 +
1.154 + // Retrieves the ordinal for a given exported symbol.
1.155 + // Returns true if the symbol was found.
1.156 + bool GetProcOrdinal(LPCSTR function_name, WORD *ordinal) const;
1.157 +
1.158 + // Enumerates PE sections.
1.159 + // cookie is a generic cookie to pass to the callback.
1.160 + // Returns true on success.
1.161 + bool EnumSections(EnumSectionsFunction callback, PVOID cookie) const;
1.162 +
1.163 + // Enumerates PE exports.
1.164 + // cookie is a generic cookie to pass to the callback.
1.165 + // Returns true on success.
1.166 + bool EnumExports(EnumExportsFunction callback, PVOID cookie) const;
1.167 +
1.168 + // Enumerates PE imports.
1.169 + // cookie is a generic cookie to pass to the callback.
1.170 + // Returns true on success.
1.171 + bool EnumAllImports(EnumImportsFunction callback, PVOID cookie) const;
1.172 +
1.173 + // Enumerates PE import blocks.
1.174 + // cookie is a generic cookie to pass to the callback.
1.175 + // Returns true on success.
1.176 + bool EnumImportChunks(EnumImportChunksFunction callback, PVOID cookie) const;
1.177 +
1.178 + // Enumerates the imports from a single PE import block.
1.179 + // cookie is a generic cookie to pass to the callback.
1.180 + // Returns true on success.
1.181 + bool EnumOneImportChunk(EnumImportsFunction callback, LPCSTR module_name,
1.182 + PIMAGE_THUNK_DATA name_table, PIMAGE_THUNK_DATA iat,
1.183 + PVOID cookie) const;
1.184 +
1.185 +
1.186 + // Enumerates PE delay imports.
1.187 + // cookie is a generic cookie to pass to the callback.
1.188 + // Returns true on success.
1.189 + bool EnumAllDelayImports(EnumImportsFunction callback, PVOID cookie) const;
1.190 +
1.191 + // Enumerates PE delay import blocks.
1.192 + // cookie is a generic cookie to pass to the callback.
1.193 + // Returns true on success.
1.194 + bool EnumDelayImportChunks(EnumDelayImportChunksFunction callback,
1.195 + PVOID cookie) const;
1.196 +
1.197 + // Enumerates imports from a single PE delay import block.
1.198 + // cookie is a generic cookie to pass to the callback.
1.199 + // Returns true on success.
1.200 + bool EnumOneDelayImportChunk(EnumImportsFunction callback,
1.201 + PImgDelayDescr delay_descriptor,
1.202 + LPCSTR module_name,
1.203 + PIMAGE_THUNK_DATA name_table,
1.204 + PIMAGE_THUNK_DATA iat,
1.205 + PIMAGE_THUNK_DATA bound_iat,
1.206 + PIMAGE_THUNK_DATA unload_iat,
1.207 + PVOID cookie) const;
1.208 +
1.209 + // Enumerates PE relocation entries.
1.210 + // cookie is a generic cookie to pass to the callback.
1.211 + // Returns true on success.
1.212 + bool EnumRelocs(EnumRelocsFunction callback, PVOID cookie) const;
1.213 +
1.214 + // Verifies the magic values on the PE file.
1.215 + // Returns true if all values are correct.
1.216 + bool VerifyMagic() const;
1.217 +
1.218 + // Converts an rva value to the appropriate address.
1.219 + virtual PVOID RVAToAddr(DWORD rva) const;
1.220 +
1.221 + // Converts an rva value to an offset on disk.
1.222 + // Returns true on success.
1.223 + bool ImageRVAToOnDiskOffset(DWORD rva, DWORD *on_disk_offset) const;
1.224 +
1.225 + // Converts an address to an offset on disk.
1.226 + // Returns true on success.
1.227 + bool ImageAddrToOnDiskOffset(LPVOID address, DWORD *on_disk_offset) const;
1.228 +
1.229 + private:
1.230 + HMODULE module_;
1.231 +};
1.232 +
1.233 +// This class is an extension to the PEImage class that allows working with PE
1.234 +// files mapped as data instead of as image file.
1.235 +class PEImageAsData : public PEImage {
1.236 + public:
1.237 + explicit PEImageAsData(HMODULE hModule) : PEImage(hModule) {}
1.238 +
1.239 + virtual PVOID RVAToAddr(DWORD rva) const;
1.240 +};
1.241 +
1.242 +inline bool PEImage::IsOrdinal(LPCSTR name) {
1.243 +#pragma warning(push)
1.244 +#pragma warning(disable: 4311)
1.245 + // This cast generates a warning because it is 32 bit specific.
1.246 + return reinterpret_cast<DWORD>(name) <= 0xFFFF;
1.247 +#pragma warning(pop)
1.248 +}
1.249 +
1.250 +inline WORD PEImage::ToOrdinal(LPCSTR name) {
1.251 + return reinterpret_cast<WORD>(name);
1.252 +}
1.253 +
1.254 +inline HMODULE PEImage::module() const {
1.255 + return module_;
1.256 +}
1.257 +
1.258 +inline PIMAGE_IMPORT_DESCRIPTOR PEImage::GetFirstImportChunk() const {
1.259 + return reinterpret_cast<PIMAGE_IMPORT_DESCRIPTOR>(
1.260 + GetImageDirectoryEntryAddr(IMAGE_DIRECTORY_ENTRY_IMPORT));
1.261 +}
1.262 +
1.263 +inline PIMAGE_EXPORT_DIRECTORY PEImage::GetExportDirectory() const {
1.264 + return reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>(
1.265 + GetImageDirectoryEntryAddr(IMAGE_DIRECTORY_ENTRY_EXPORT));
1.266 +}
1.267 +
1.268 +} // namespace win
1.269 +} // namespace base
1.270 +
1.271 +#endif // BASE_WIN_PE_IMAGE_H_
