3 * Bill Paul <wpaul@windriver.com>. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. All advertising materials mentioning features or use of this software
14 * must display the following acknowledgement:
15 * This product includes software developed by Bill Paul.
16 * 4. Neither the name of the author nor the names of any co-contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
30 * THE POSSIBILITY OF SUCH DAMAGE.
32 * $FreeBSD: src/sys/compat/ndis/subr_pe.c,v 1.15 2009/11/02 11:07:42 rpaulo Exp $
36 * This file contains routines for relocating and dynamically linking
37 * executable object code files in the Windows(r) PE (Portable Executable)
38 * format. In Windows, anything with a .EXE, .DLL or .SYS extention is
39 * considered an executable, and all such files have some structures in
40 * common. The PE format was apparently based largely on COFF but has
41 * mutated significantly over time. We are mainly concerned with .SYS files,
42 * so this module implements only enough routines to be able to parse the
43 * headers and sections of a .SYS object file and perform the necessary
44 * relocations and jump table patching to allow us to call into it
45 * (and to have it call back to us). Note that while this module
46 * can handle fixups for imported symbols, it knows nothing about
50 #include <sys/param.h>
51 #include <sys/types.h>
52 #include <sys/errno.h>
54 #include <sys/systm.h>
61 #define kprintf printf /* ndiscvt(8) uses this file */
64 #include <emulation/ndis/pe_var.h>
66 static vm_offset_t pe_functbl_match(image_patch_table *, char *);
69 * Check for an MS-DOS executable header. All Windows binaries
70 * have a small MS-DOS executable prepended to them to print out
71 * the "This program requires Windows" message. Even .SYS files
72 * have this header, in spite of the fact that you're can't actually
77 pe_get_dos_header(vm_offset_t imgbase, image_dos_header *hdr)
81 if (imgbase == 0 || hdr == NULL)
84 signature = *(uint16_t *)imgbase;
85 if (signature != IMAGE_DOS_SIGNATURE)
88 bcopy ((char *)imgbase, (char *)hdr, sizeof(image_dos_header));
94 * Verify that this image has a Windows NT PE signature.
98 pe_is_nt_image(vm_offset_t imgbase)
101 image_dos_header *dos_hdr;
106 signature = *(uint16_t *)imgbase;
107 if (signature == IMAGE_DOS_SIGNATURE) {
108 dos_hdr = (image_dos_header *)imgbase;
109 signature = *(uint32_t *)(imgbase + dos_hdr->idh_lfanew);
110 if (signature == IMAGE_NT_SIGNATURE)
118 * Return a copy of the optional header. This contains the
119 * executable entry point and the directory listing which we
120 * need to find the relocations and imports later.
124 pe_get_optional_header(vm_offset_t imgbase, image_optional_header *hdr)
126 image_dos_header *dos_hdr;
127 image_nt_header *nt_hdr;
129 if (imgbase == 0 || hdr == NULL)
132 if (pe_is_nt_image(imgbase))
135 dos_hdr = (image_dos_header *)(imgbase);
136 nt_hdr = (image_nt_header *)(imgbase + dos_hdr->idh_lfanew);
138 bcopy ((char *)&nt_hdr->inh_optionalhdr, (char *)hdr,
139 nt_hdr->inh_filehdr.ifh_optionalhdrlen);
145 * Return a copy of the file header. Contains the number of
146 * sections in this image.
150 pe_get_file_header(vm_offset_t imgbase, image_file_header *hdr)
152 image_dos_header *dos_hdr;
153 image_nt_header *nt_hdr;
155 if (imgbase == 0 || hdr == NULL)
158 if (pe_is_nt_image(imgbase))
161 dos_hdr = (image_dos_header *)imgbase;
162 nt_hdr = (image_nt_header *)(imgbase + dos_hdr->idh_lfanew);
165 * Note: the size of the nt_header is variable since it
166 * can contain optional fields, as indicated by ifh_optionalhdrlen.
167 * However it happens we're only interested in fields in the
168 * non-variant portion of the nt_header structure, so we don't
169 * bother copying the optional parts here.
172 bcopy ((char *)&nt_hdr->inh_filehdr, (char *)hdr,
173 sizeof(image_file_header));
179 * Return the header of the first section in this image (usually
184 pe_get_section_header(vm_offset_t imgbase, image_section_header *hdr)
186 image_dos_header *dos_hdr;
187 image_nt_header *nt_hdr;
188 image_section_header *sect_hdr;
190 if (imgbase == 0 || hdr == NULL)
193 if (pe_is_nt_image(imgbase))
196 dos_hdr = (image_dos_header *)imgbase;
197 nt_hdr = (image_nt_header *)(imgbase + dos_hdr->idh_lfanew);
198 sect_hdr = IMAGE_FIRST_SECTION(nt_hdr);
200 bcopy ((char *)sect_hdr, (char *)hdr, sizeof(image_section_header));
206 * Return the number of sections in this executable, or 0 on error.
210 pe_numsections(vm_offset_t imgbase)
212 image_file_header file_hdr;
214 if (pe_get_file_header(imgbase, &file_hdr))
217 return (file_hdr.ifh_numsections);
221 * Return the base address that this image was linked for.
222 * This helps us calculate relocation addresses later.
226 pe_imagebase(vm_offset_t imgbase)
228 image_optional_header optional_hdr;
230 if (pe_get_optional_header(imgbase, &optional_hdr))
233 return (optional_hdr.ioh_imagebase);
237 * Return the offset of a given directory structure within the
238 * image. Directories reside within sections.
242 pe_directory_offset(vm_offset_t imgbase, uint32_t diridx)
244 image_optional_header opt_hdr;
247 if (pe_get_optional_header(imgbase, &opt_hdr))
250 if (diridx >= opt_hdr.ioh_rva_size_cnt)
253 dir = opt_hdr.ioh_datadir[diridx].idd_vaddr;
255 return (pe_translate_addr(imgbase, dir));
259 pe_translate_addr(vm_offset_t imgbase, vm_offset_t rva)
261 image_optional_header opt_hdr;
262 image_section_header *sect_hdr;
263 image_dos_header *dos_hdr;
264 image_nt_header *nt_hdr;
265 int i = 0, sections, fixedlen;
267 if (pe_get_optional_header(imgbase, &opt_hdr))
270 sections = pe_numsections(imgbase);
272 dos_hdr = (image_dos_header *)imgbase;
273 nt_hdr = (image_nt_header *)(imgbase + dos_hdr->idh_lfanew);
274 sect_hdr = IMAGE_FIRST_SECTION(nt_hdr);
277 * The test here is to see if the RVA falls somewhere
278 * inside the section, based on the section's start RVA
279 * and its length. However it seems sometimes the
280 * virtual length isn't enough to cover the entire
281 * area of the section. We fudge by taking into account
282 * the section alignment and rounding the section length
283 * up to a page boundary.
285 while (i++ < sections) {
286 fixedlen = sect_hdr->ish_misc.ish_vsize;
287 fixedlen += ((opt_hdr.ioh_sectalign - 1) -
288 sect_hdr->ish_misc.ish_vsize) &
289 (opt_hdr.ioh_sectalign - 1);
290 if (sect_hdr->ish_vaddr <= (uint32_t)rva &&
291 (sect_hdr->ish_vaddr + fixedlen) >
300 return ((vm_offset_t)(imgbase + rva - sect_hdr->ish_vaddr +
301 sect_hdr->ish_rawdataaddr));
305 * Get the section header for a particular section. Note that
306 * section names can be anything, but there are some standard
307 * ones (.text, .data, .rdata, .reloc).
311 pe_get_section(vm_offset_t imgbase, image_section_header *hdr,
314 image_dos_header *dos_hdr;
315 image_nt_header *nt_hdr;
316 image_section_header *sect_hdr;
320 if (imgbase == 0 || hdr == NULL)
323 if (pe_is_nt_image(imgbase))
326 sections = pe_numsections(imgbase);
328 dos_hdr = (image_dos_header *)imgbase;
329 nt_hdr = (image_nt_header *)(imgbase + dos_hdr->idh_lfanew);
330 sect_hdr = IMAGE_FIRST_SECTION(nt_hdr);
332 for (i = 0; i < sections; i++) {
333 if (!strcmp ((char *)§_hdr->ish_name, name)) {
334 bcopy((char *)sect_hdr, (char *)hdr,
335 sizeof(image_section_header));
345 * Apply the base relocations to this image. The relocation table
346 * resides within the .reloc section. Relocations are specified in
347 * blocks which refer to a particular page. We apply the relocations
348 * one page block at a time.
352 pe_relocate(vm_offset_t imgbase)
354 image_section_header sect;
355 image_base_reloc *relhdr;
364 base = pe_imagebase(imgbase);
365 pe_get_section(imgbase, §, ".text");
366 txt = pe_translate_addr(imgbase, sect.ish_vaddr);
367 delta = (uint32_t)(txt) - base - sect.ish_vaddr;
369 pe_get_section(imgbase, §, ".reloc");
371 relhdr = (image_base_reloc *)(imgbase + sect.ish_rawdataaddr);
374 count = (relhdr->ibr_blocksize -
375 (sizeof(uint32_t) * 2)) / sizeof(uint16_t);
376 for (i = 0; i < count; i++) {
377 rel = relhdr->ibr_rel[i];
378 switch (IMR_RELTYPE(rel)) {
379 case IMAGE_REL_BASED_ABSOLUTE:
381 case IMAGE_REL_BASED_HIGHLOW:
382 lloc = (uint32_t *)pe_translate_addr(imgbase,
383 relhdr->ibr_vaddr + IMR_RELOFFSET(rel));
384 *lloc = pe_translate_addr(imgbase,
387 case IMAGE_REL_BASED_HIGH:
388 sloc = (uint16_t *)pe_translate_addr(imgbase,
389 relhdr->ibr_vaddr + IMR_RELOFFSET(rel));
390 *sloc += (delta & 0xFFFF0000) >> 16;
392 case IMAGE_REL_BASED_LOW:
393 sloc = (uint16_t *)pe_translate_addr(imgbase,
394 relhdr->ibr_vaddr + IMR_RELOFFSET(rel));
395 *sloc += (delta & 0xFFFF);
397 case IMAGE_REL_BASED_DIR64:
398 qloc = (uint64_t *)pe_translate_addr(imgbase,
399 relhdr->ibr_vaddr + IMR_RELOFFSET(rel));
400 *qloc = pe_translate_addr(imgbase,
405 kprintf("[%d]reloc type: %d\n", i,
410 relhdr = (image_base_reloc *)((vm_offset_t)relhdr +
411 relhdr->ibr_blocksize);
412 } while (relhdr->ibr_blocksize);
418 * Return the import descriptor for a particular module. An image
419 * may be linked against several modules, typically HAL.dll, ntoskrnl.exe
420 * and NDIS.SYS. For each module, there is a list of imported function
421 * names and their addresses.
423 * Note: module names are case insensitive!
427 pe_get_import_descriptor(vm_offset_t imgbase, image_import_descriptor *desc,
431 image_import_descriptor *imp_desc;
434 if (imgbase == 0 || module == NULL || desc == NULL)
437 offset = pe_directory_offset(imgbase, IMAGE_DIRECTORY_ENTRY_IMPORT);
441 imp_desc = (void *)offset;
443 while (imp_desc->iid_nameaddr) {
444 modname = (char *)pe_translate_addr(imgbase,
445 imp_desc->iid_nameaddr);
446 if (!strncasecmp(module, modname, strlen(module))) {
447 bcopy((char *)imp_desc, (char *)desc,
448 sizeof(image_import_descriptor));
458 pe_get_messagetable(vm_offset_t imgbase, message_resource_data **md)
460 image_resource_directory *rdir, *rtype;
461 image_resource_directory_entry *dent, *dent2;
462 image_resource_data_entry *rent;
469 offset = pe_directory_offset(imgbase, IMAGE_DIRECTORY_ENTRY_RESOURCE);
473 rdir = (image_resource_directory *)offset;
475 dent = (image_resource_directory_entry *)(offset +
476 sizeof(image_resource_directory));
478 for (i = 0; i < rdir->ird_id_entries; i++){
479 if (dent->irde_name != RT_MESSAGETABLE) {
484 while (dent2->irde_dataoff & RESOURCE_DIR_FLAG) {
485 rtype = (image_resource_directory *)(offset +
486 (dent2->irde_dataoff & ~RESOURCE_DIR_FLAG));
487 dent2 = (image_resource_directory_entry *)
489 sizeof(image_resource_directory));
491 rent = (image_resource_data_entry *)(offset +
492 dent2->irde_dataoff);
493 *md = (message_resource_data *)pe_translate_addr(imgbase,
502 pe_get_message(vm_offset_t imgbase, uint32_t id, char **str, int *len,
505 message_resource_data *md = NULL;
506 message_resource_block *mb;
507 message_resource_entry *me;
510 pe_get_messagetable(imgbase, &md);
515 mb = (message_resource_block *)((uintptr_t)md +
516 sizeof(message_resource_data));
518 for (i = 0; i < md->mrd_numblocks; i++) {
519 if (id >= mb->mrb_lowid && id <= mb->mrb_highid) {
520 me = (message_resource_entry *)((uintptr_t)md +
522 for (i = id - mb->mrb_lowid; i > 0; i--)
523 me = (message_resource_entry *)((uintptr_t)me +
527 *flags = me->mre_flags;
537 * Find the function that matches a particular name. This doesn't
538 * need to be particularly speedy since it's only run when loading
539 * a module for the first time.
543 pe_functbl_match(image_patch_table *functbl, char *name)
545 image_patch_table *p;
547 if (functbl == NULL || name == NULL)
552 while (p->ipt_name != NULL) {
553 if (!strcmp(p->ipt_name, name))
554 return ((vm_offset_t)p->ipt_wrap);
557 kprintf("no match for %s\n", name);
560 * Return the wrapper pointer for this routine.
561 * For x86, this is the same as the funcptr.
562 * For amd64, this points to a wrapper routine
563 * that does calling convention translation and
564 * then invokes the underlying routine.
566 return ((vm_offset_t)p->ipt_wrap);
570 * Patch the imported function addresses for a given module.
571 * The caller must specify the module name and provide a table
572 * of function pointers that will be patched into the jump table.
573 * Note that there are actually two copies of the jump table: one
574 * copy is left alone. In a .SYS file, the jump tables are usually
575 * merged into the INIT segment.
579 pe_patch_imports(vm_offset_t imgbase, char *module, image_patch_table *functbl)
581 image_import_descriptor imp_desc;
583 vm_offset_t *nptr, *fptr;
586 if (imgbase == 0 || module == NULL || functbl == NULL)
589 if (pe_get_import_descriptor(imgbase, &imp_desc, module))
592 nptr = (vm_offset_t *)pe_translate_addr(imgbase,
593 imp_desc.iid_import_name_table_addr);
594 fptr = (vm_offset_t *)pe_translate_addr(imgbase,
595 imp_desc.iid_import_address_table_addr);
597 while (nptr != NULL && pe_translate_addr(imgbase, *nptr)) {
598 fname = (char *)pe_translate_addr(imgbase, (*nptr) + 2);
599 func = pe_functbl_match(functbl, fname);
nant's projects / dragonfly.git / blob