Java Code Examples for ghidra.app.util.bin.format.FactoryBundledWithBinaryReader#readNextShort()
The following examples show how to use
ghidra.app.util.bin.format.FactoryBundledWithBinaryReader#readNextShort() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ImageCor20Header.java From ghidra with Apache License 2.0 | 6 votes |
|
private void initIMAGE_COR20_HEADER(FactoryBundledWithBinaryReader reader, long index, NTHeader ntHeader) throws IOException {
long origIndex = reader.getPointerIndex();
reader.setPointerIndex(index);
cb = reader.readNextInt();
majorRuntimeVersion = reader.readNextShort();
minorRuntimeVersion = reader.readNextShort();
metadata = CliMetadataDirectory.createCliMetadataDirectory(ntHeader, reader);
flags = reader.readNextInt();
entryPointToken = reader.readNextInt();
resources = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
strongNameSignature = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
codeManagerTable = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
vTableFixups = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
exportAddressTableJumps = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
managedNativeHeader = DefaultDataDirectory.createDefaultDataDirectory(ntHeader, reader);
reader.setPointerIndex(origIndex);
}
Example 2
| Source File: PortableExecutableBinaryAnalysisCommand.java From ghidra with Apache License 2.0 | 6 votes |
|
@Override
public boolean canApply(Program program) {
try {
Memory memory = program.getMemory();
ByteProvider provider = new MemoryByteProvider(memory,
program.getAddressFactory().getDefaultAddressSpace());
FactoryBundledWithBinaryReader reader = new FactoryBundledWithBinaryReader(
RethrowContinuesFactory.INSTANCE, provider, !program.getLanguage().isBigEndian());
DOSHeader dosHeader = DOSHeader.createDOSHeader(reader);
if (dosHeader.isDosSignature()) {
reader.setPointerIndex( dosHeader.e_lfanew( ) );
short peMagic = reader.readNextShort();//we should be pointing at the PE magic value!
return ( peMagic & 0x0000ffff ) == Constants.IMAGE_NT_SIGNATURE;
}
}
catch (Exception e) {
}
return false;
}
Example 3
| Source File: NList.java From ghidra with Apache License 2.0 | 5 votes |
|
private void initNList(FactoryBundledWithBinaryReader reader, boolean is32bit)
throws IOException {
this.is32bit = is32bit;
n_strx = reader.readNextInt();
n_type = reader.readNextByte();
n_sect = reader.readNextByte();
n_desc = reader.readNextShort();
if (is32bit) {
n_value = reader.readNextInt() & 0xffffffffL;
}
else {
n_value = reader.readNextLong();
}
}
Example 4
| Source File: DebugDirectory.java From ghidra with Apache License 2.0 | 5 votes |
|
private void initDebugDirectory(FactoryBundledWithBinaryReader reader, long index,
OffsetValidator validator) throws IOException {
long oldIndex = reader.getPointerIndex();
reader.setPointerIndex(index);
characteristics = reader.readNextInt();
timeDateStamp = reader.readNextInt();
majorVersion = reader.readNextShort();
minorVersion = reader.readNextShort();
type = reader.readNextInt();
sizeOfData = reader.readNextInt();
addressOfRawData = reader.readNextInt();
pointerToRawData = reader.readNextInt();
if (type < 0 || type > 16 || sizeOfData < 0) {
Msg.error(this, "Invalid DebugDirectory");
sizeOfData = 0;
reader.setPointerIndex(oldIndex);
return;
}
if (sizeOfData > 0) {
if (!validator.checkPointer(pointerToRawData)) {
Msg.error(this, "Invalid pointerToRawData " + pointerToRawData);
sizeOfData = 0;
reader.setPointerIndex(oldIndex);
return;
}
blobBytes = reader.readByteArray(pointerToRawData, sizeOfData);
}
this.index = index;
reader.setPointerIndex(oldIndex);
}
Example 5
| Source File: VS_VERSION_INFO.java From ghidra with Apache License 2.0 | 5 votes |
|
/**
* Constructs a new VS_VERSION_INFO object.
* @param reader the binary reader
* @param index the index where the VS_VERSION_INFO begins
* @throws IOException if an I/O error occurs
*/
public VS_VERSION_INFO(FactoryBundledWithBinaryReader reader, int index) throws IOException {
long oldIndex = reader.getPointerIndex();
reader.setPointerIndex(index);
structLength = reader.readNextShort();
valueLength = reader.readNextShort();
structType = reader.readNextShort();
info = reader.readNextUnicodeString();
alignment = reader.align(4);
// start of VS_FIXEDFILEINFO
signature = reader.readNextInt();
structVersion = shortArrayToString(reader, 2);
fileVersion = shortArrayToString(reader, 4);
productVersion = shortArrayToString(reader, 4);
fileFlagsMask = intArrayToString(reader, 2);
fileFlags = reader.readNextInt();
fileOS = reader.readNextInt();
fileType = reader.readNextInt();
fileSubtype = reader.readNextInt();
fileTimestamp = reader.readNextInt();
while (reader.getPointerIndex() < index + structLength) {
// TODO: is alignment needed?
children.add(new VS_VERSION_CHILD(reader, reader.getPointerIndex() - index, null,
valueMap));
}
reader.setPointerIndex(oldIndex);
}
Example 6
| Source File: InformationBlock.java From ghidra with Apache License 2.0 | 4 votes |
|
InformationBlock(FactoryBundledWithBinaryReader reader, short index)
throws InvalidWindowsHeaderException, IOException {
long oldIndex = reader.getPointerIndex();
reader.setPointerIndex(Conv.shortToInt(index));
ne_magic = reader.readNextShort();
if (ne_magic != WindowsHeader.IMAGE_NE_SIGNATURE) {
throw new InvalidWindowsHeaderException();
}
ne_ver = reader.readNextByte();
ne_rev = reader.readNextByte();
ne_enttab = reader.readNextShort();
ne_cbenttab = reader.readNextShort();
ne_crc = reader.readNextInt();
ne_flags_prog = reader.readNextByte();
ne_flags_app = reader.readNextByte();
ne_autodata = reader.readNextShort();
ne_heap = reader.readNextShort();
ne_stack = reader.readNextShort();
ne_csip = reader.readNextInt();
ne_sssp = reader.readNextInt();
ne_cseg = reader.readNextShort();
ne_cmod = reader.readNextShort();
ne_cbnrestab = reader.readNextShort();
ne_segtab = reader.readNextShort();
ne_rsrctab = reader.readNextShort();
ne_restab = reader.readNextShort();
ne_modtab = reader.readNextShort();
ne_imptab = reader.readNextShort();
ne_nrestab = reader.readNextInt();
ne_cmovent = reader.readNextShort();
ne_align = reader.readNextShort();
ne_cres = reader.readNextShort();
ne_exetyp = reader.readNextByte();
ne_flagsothers = reader.readNextByte();
ne_pretthunks = reader.readNextShort();
ne_psegrefbytes = reader.readNextShort();
ne_swaparea = reader.readNextShort();
ne_expver = reader.readNextShort();
reader.setPointerIndex(oldIndex);
}
Example 7
| Source File: ElfSymbol.java From ghidra with Apache License 2.0 | 4 votes |
|
private void initElfSymbol(FactoryBundledWithBinaryReader reader, int symbolIndex,
ElfSymbolTable symbolTable, ElfStringTable stringTable, ElfHeader header)
throws IOException {
this.header = header;
this.symbolTable = symbolTable;
this.symbolTableIndex = symbolIndex;
if (header.is32Bit()) {
st_name = reader.readNextInt();
st_value = reader.readNextInt() & Conv.INT_MASK;
st_size = reader.readNextInt() & Conv.INT_MASK;
st_info = reader.readNextByte();
st_other = reader.readNextByte();
st_shndx = reader.readNextShort();
}
else {
st_name = reader.readNextInt();
st_info = reader.readNextByte();
st_other = reader.readNextByte();
st_shndx = reader.readNextShort();
st_value = reader.readNextLong();
st_size = reader.readNextLong();
}
if (st_name == 0) {
if (getType() == STT_SECTION) {
ElfSectionHeader[] sections = header.getSections();
if (st_shndx < 0 || st_shndx >= sections.length) {
//invalid section reference...
//this is a bug in objcopy, whereby sections are removed
//but the corresponding section symbols are left behind.
}
else {
ElfSectionHeader section = sections[st_shndx];
nameAsString = section.getNameAsString();
}
}
}
else {
nameAsString = stringTable.readString(reader, st_name);
}
}
Example 8
| Source File: ElfHeader.java From ghidra with Apache License 2.0 | 4 votes |
|
protected void initElfHeader(GenericFactory factory, ByteProvider provider)
throws ElfException {
try {
determineHeaderEndianess(provider);
reader = new FactoryBundledWithBinaryReader(factory, provider, hasLittleEndianHeaders);
e_ident_magic_num = reader.readNextByte();
e_ident_magic_str = reader.readNextAsciiString(ElfConstants.MAGIC_STR_LEN);
boolean magicMatch = ElfConstants.MAGIC_NUM == e_ident_magic_num &&
ElfConstants.MAGIC_STR.equalsIgnoreCase(e_ident_magic_str);
if (!magicMatch) {
throw new ElfException("Not a valid ELF executable.");
}
e_ident_class = reader.readNextByte();
e_ident_data = reader.readNextByte();
e_ident_version = reader.readNextByte();
e_ident_osabi = reader.readNextByte();
e_ident_abiversion = reader.readNextByte();
e_ident_pad = reader.readNextByteArray(PAD_LENGTH);
e_type = reader.readNextShort();
e_machine = reader.readNextShort();
e_version = reader.readNextInt();
if (is32Bit()) {
e_entry = reader.readNextInt() & 0xffffffffL;
e_phoff = reader.readNextInt() & 0xffffffffL;
e_shoff = reader.readNextInt() & 0xffffffffL;
}
else if (is64Bit()) {
e_entry = reader.readNextLong();
e_phoff = reader.readNextLong();
e_shoff = reader.readNextLong();
}
else {
throw new ElfException("Only 32-bit and 64-bit ELF headers are supported.");
}
e_flags = reader.readNextInt();
e_ehsize = reader.readNextShort();
e_phentsize = reader.readNextShort();
e_phnum = reader.readNextShort();
if (e_phnum < 0) {
e_phnum = 0; // protect against stripped program headers
}
e_shentsize = reader.readNextShort();
e_shnum = reader.readNextShort();
if (e_shnum < 0) {
e_shnum = 0; // protect against stripped section headers (have seen -1)
}
e_shstrndx = reader.readNextShort();
}
catch (IOException e) {
throw new ElfException(e);
}
}
Example 9
| Source File: VS_VERSION_CHILD.java From ghidra with Apache License 2.0 | 4 votes |
|
VS_VERSION_CHILD(FactoryBundledWithBinaryReader reader, long relativeOffset, String parentName,
HashMap<String, String> valueMap) throws IOException {
this.relativeOffset = relativeOffset;
this.parentName = parentName;
long origIndex = reader.getPointerIndex();
childSize = reader.readNextShort();
if (childSize == 0) {
return;
}
childValueSize = reader.readNextShort();
childValueType = reader.readNextShort();
childName = reader.readNextUnicodeString();
valueAlignment = reader.align(4);
boolean hasChildren = false;
if (parentName == null) {
childDataType = childName;
hasChildren = true;
}
else if ("StringFileInfo".equals(parentName)) {
childDataType = "StringTable";
hasChildren = true;
}
else if ("VarFileInfo".equals(parentName)) {
childDataType = "Var";
if (childValueSize > 0) {
childValue = Integer.toHexString(reader.readNextInt());
}
}
else if ("StringTable".equals(parentName)) {
// Should be called "String" but this may conflict with other String types
// Also, we have seen some PE's where the childValueType of this is 0, so we can't
// rely on that to know if we should read an integer or a string. This field is
// always a string regardless of the specified type.
childDataType = "StringInfo";
if (childValueSize > 0) {
childValue = reader.readNextUnicodeString();
}
}
if (hasChildren) {
while (reader.getPointerIndex() < origIndex + childSize) {
VS_VERSION_CHILD child = new VS_VERSION_CHILD(reader,
reader.getPointerIndex() - origIndex, childDataType, valueMap);
if (children == null) {
children = new ArrayList<VS_VERSION_CHILD>();
}
children.add(child);
}
}
else {
if (childValueSize > 0 && childValue != null) {
valueMap.put(childName, childValue);
}
}
}
Example 10
| Source File: LoadConfigDirectory.java From ghidra with Apache License 2.0 | 4 votes |
|
private void initLoadConfigDirectory(FactoryBundledWithBinaryReader reader, int index,
OptionalHeader oh) throws IOException {
is64bit = oh.is64bit();
long oldIndex = reader.getPointerIndex();
reader.setPointerIndex(index);
// Read original fields
size = reader.readNextInt();
timeDateStamp = reader.readNextInt();
majorVersion = reader.readNextShort();
minorVersion = reader.readNextShort();
globalFlagsClear = reader.readNextInt();
globalFlagsSet = reader.readNextInt();
criticalSectionDefaultTimeout = reader.readNextInt();
deCommitFreeBlockThreshold = readPointer(reader);
deCommitTotalFreeThreshold = readPointer(reader);
lockPrefixTable = readPointer(reader);
maximumAllocationSize = readPointer(reader);
virtualMemoryThreshold = readPointer(reader);
if (is64bit) {
processAffinityMask = readPointer(reader);
processHeapFlags = reader.readNextInt();
}
else {
processHeapFlags = reader.readNextInt();
processAffinityMask = readPointer(reader);
}
csdVersion = reader.readNextShort();
dependentLoadFlags = reader.readNextShort();
editList = readPointer(reader);
// If the structure size indicates there are more fields, we are dealing with
// a newer version of the structure. Each size check represents a new version
// of the structure.
if (reader.getPointerIndex() - index < size) {
securityCookie = readPointer(reader);
seHandlerTable = readPointer(reader);
seHandlerCount = readPointer(reader);
}
if (reader.getPointerIndex() - index < size) {
guardCfcCheckFunctionPointer = readPointer(reader);
guardCfDispatchFunctionPointer = readPointer(reader);
guardCfFunctionTable = readPointer(reader);
guardCfFunctionCount = readPointer(reader);
guardFlags = new GuardFlags(reader.readNextInt());
}
if (reader.getPointerIndex() - index < size) {
codeIntegrity = new CodeIntegrity(reader);
}
if (reader.getPointerIndex() - index < size) {
guardAddressTakenIatEntryTable = readPointer(reader);
guardAddressTakenIatEntryCount = readPointer(reader);
guardLongJumpTargetTable = readPointer(reader);
guardLongJumpTargetCount = readPointer(reader);
}
if (reader.getPointerIndex() - index < size) {
dynamicValueRelocTable = readPointer(reader);
chpeMetadataPointer = readPointer(reader);
}
if (reader.getPointerIndex() - index < size) {
guardRfFailureRoutine = readPointer(reader);
guardRfFailureRoutineFunctionPointer = readPointer(reader);
dynamicValueRelocTableOffset = reader.readNextInt();
dynamicValueRelocTableSection = reader.readNextShort();
reserved1 = reader.readNextShort();
}
if (reader.getPointerIndex() - index < size) {
guardRfVerifyStackPointerFunctionPointer = readPointer(reader);
hotPatchTableOffset = reader.readNextInt();
}
if (reader.getPointerIndex() - index < size) {
reserved2 = reader.readNextInt();
reserved3 = readPointer(reader);
}
reader.setPointerIndex(oldIndex);
}
Example 11
| Source File: SeparateDebugHeader.java From ghidra with Apache License 2.0 | 4 votes |
|
/**
* Constructs a new separate debug header using the specified byte provider.
* @param bp the byte provider
* @throws IOException if an I/O error occurs.
*/
public SeparateDebugHeader(GenericFactory factory, ByteProvider bp) throws IOException {
FactoryBundledWithBinaryReader reader =
new FactoryBundledWithBinaryReader(factory, bp, true);
reader.setPointerIndex(0);
signature = reader.readNextShort();
if (signature != IMAGE_SEPARATE_DEBUG_SIGNATURE) {
return;
}
flags = reader.readNextShort();
machine = reader.readNextShort();
characteristics = reader.readNextShort();
timeDateStamp = reader.readNextInt();
checkSum = reader.readNextInt();
imageBase = reader.readNextInt();
sizeOfImage = reader.readNextInt();
numberOfSections = reader.readNextInt();
exportedNamesSize = reader.readNextInt();
debugDirectorySize = reader.readNextInt();
sectionAlignment = reader.readNextInt();
reserved = reader.readNextIntArray(2);
if (numberOfSections > NTHeader.MAX_SANE_COUNT) {
Msg.error(this, "Number of sections " + numberOfSections);
return;
}
long ptr = reader.getPointerIndex();
sections = new SectionHeader[numberOfSections];
for (int i = 0; i < numberOfSections; ++i) {
sections[i] = SectionHeader.createSectionHeader(reader, ptr);
ptr += SectionHeader.IMAGE_SIZEOF_SECTION_HEADER;
}
long tmp = ptr;
List<String> exportedNameslist = new ArrayList<String>();
while (true) {
String str = reader.readAsciiString(tmp);
if (str == null || str.length() == 0) {
break;
}
tmp += str.length() + 1;
exportedNameslist.add(str);
}
exportedNames = new String[exportedNameslist.size()];
exportedNameslist.toArray(exportedNames);
ptr += exportedNamesSize;
parser =
DebugDirectoryParser.createDebugDirectoryParser(reader, ptr, debugDirectorySize, this);
}
