40,7 → 40,6 |
|
int __stdcall strncmp(const char *s1, const char *s2, size_t n); |
|
void __export create_image(addr_t img_base, addr_t raw) asm ("CreateImage"); |
bool link_image(addr_t img_base); |
|
md_t* __fastcall load_image(const char *path); |
59,7 → 58,7 |
}; |
*/ |
|
bool validate_pe(void *raw, size_t raw_size) |
bool validate_pe(void *raw, size_t raw_size, bool is_exec) |
{ |
PIMAGE_DOS_HEADER dos; |
PIMAGE_NT_HEADERS32 nt; |
80,9 → 79,18 |
if(nt->Signature != IMAGE_NT_SIGNATURE) |
return false; |
|
if(nt->FileHeader.Machine != IMAGE_FILE_MACHINE_I386) |
return false; |
|
if(is_exec && (nt->FileHeader.Characteristics & IMAGE_FILE_DLL)) |
return false; |
|
if(nt->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC) |
return false; |
|
if( is_exec && nt->OptionalHeader.ImageBase != 0) |
return false; |
|
if(nt->OptionalHeader.SectionAlignment < PAGE_SIZE) |
{ |
if(nt->OptionalHeader.FileAlignment != nt->OptionalHeader.SectionAlignment) |
127,7 → 135,7 |
return NULL; |
}; |
|
if( ! validate_pe(raw, raw_size) ) |
if( ! validate_pe(raw, raw_size, false) ) |
{ |
DBG("invalid pe file %s\n", path); |
mem_free(raw); |
150,7 → 158,7 |
|
img_base = img_md->base; |
|
create_image(img_base, (addr_t)raw); |
create_image(img_base, (addr_t)raw, true); |
|
mem_free(raw); |
|
190,7 → 198,7 |
*/ |
|
|
void create_image(addr_t img_base, addr_t raw) |
void create_image(addr_t img_base, addr_t raw, bool force_clear) |
{ |
PIMAGE_DOS_HEADER dos; |
PIMAGE_NT_HEADERS32 nt; |
223,13 → 231,16 |
if(img_sec->SizeOfRawData) |
sec_copy(dest_ptr, src_ptr, img_sec->SizeOfRawData); |
|
if(force_clear) |
{ |
sec_size = (img_sec->Misc.VirtualSize + sec_align -1) & -sec_align; |
|
if(sec_size > img_sec->SizeOfRawData) |
sec_clear(dest_ptr + img_sec->SizeOfRawData, |
sec_size - img_sec->SizeOfRawData); |
}; |
img_sec++; |
} |
}; |
|
if(nt->OptionalHeader.DataDirectory[5].Size) |
{ |