---

perdr.cpp

Go to the documentation of this file.

/*
PeRdr - PE file disassembler
Copyright (C) 1999-2003 Frediano Ziglio
-----

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-----

INFORMATION
  www: https://freddy77.tripod.com/perdr/
  e-mail: freddy77@angelfire.com
*/
#include "global.h"
#ifdef HAVE_HDRSTOP
#pragma hdrstop
#endif

#include <stdexcept>
#include <ctime>
#include <cstdarg>
#include "rva.h"
#include "symbols.h"
#include "code.h"
#include "rawdump.h"
#include "x86dasm.h"
#include "module.h" // !!! only for exception
#include "relocationinfo.h"
#include "perdroptions.h"
#include "signfile.hpp"
#include "peformat.h"
#include "pefile.hpp"
#include "persrc.h"

using namespace std;

#define ZERO(a) memset(&(a),0,sizeof(a))

void Error(const char* msg,...)
{
  va_list argptr;
  va_start(argptr, msg);
  vfprintf(stderr, msg, argptr);
  va_end(argptr);
  fprintf(stderr,"\n");

  exit(1);
}

struct OutImportParam
{
        OutImportParam(CFile& _file,uint32_t _imageBase):
        file(&_file),imagebase(_imageBase) {};
  CFile* file;
  uint32_t imagebase;
};

void OutputImport(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param)
{
  OutImportParam *p = (OutImportParam*)param;
  if (address != 0)
  {
    if (func_name != NULL)
      fprintf(p->file->GetFile(),"%08lX %s.%s\n",(long int)address+p->imagebase,dll_name,func_name);
    else
      fprintf(p->file->GetFile(),"%08lX %s.%04X\n",(long int)address+p->imagebase,dll_name,(int)hint);
  }
}

// !!! other file ?
struct AddRelocationParam
{
  AddRelocationParam(RelocationInfos* _infos,uint32_t _imageBase):
    infos(_infos),imageBase(_imageBase),relocationExist(false) {};
        RelocationInfos* infos;
  uint32_t imageBase;
  bool relocationExist;
};

void AddRelocationInfo(uint32_t address,unsigned type,void* _param)
{
  AddRelocationParam* param = (AddRelocationParam*)_param;
  param->relocationExist = true;
  if ( type == IMAGE_REL_BASED_HIGHLOW )
  {
    param->infos->AddRelocation(
      Relocation(Relocation::relRelative),address+param->imageBase);
  }
}

struct MarkImportParam
{
  CSignFile* file;
  RVAFileTranslator* rva;
  uint32_t imageBase;
};

// read import location to strip from code parsing
static void MarkImport(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param)
{
  MarkImportParam* p = (MarkImportParam*)param;
  if (address != 0)
  {
    p->file->Seek(p->rva->RVA2FileSafe(address));
    uint32_t addr;
    RawRead(*(p->file),addr);
  }
}

extern char szBuild[];
extern char szVersion[];

int main(int argc,char** argv)
{
#ifdef DEBUG
//  unsigned totalLen = 0;
//  unsigned maxStrLen = 0;
//  for (int i=0;i<num_instructions;++i)
//  {
//    int len = strlen(x86instructions_names[i]) +1;
//    totalLen += len;
//    if (maxStrLen < len )
//      maxStrLen = len;
//  }
//  fprintf(stderr,"Debug: (Test) MaxLen: %u Len ptr: %u Len array: %u\n",maxStrLen,sizeof(void*)*num_instructions+totalLen,maxStrLen*num_instructions);
#endif
  try {
    fprintf(stderr,"PeRdr by Frediano Ziglio. Build %s\n",szBuild);
#ifdef DEBUG
    fprintf(stderr,"Debug version use only for testing!!\n");
#endif

    int arg = ReadOptions(argc,argv);

    // if wrong param or not filename
    // print help and exit
    bool badParam = false;
    if ( arg <= 0 || (arg==argc && !options.showVersion && !options.showHelp) )
    {
      options.showHelp = true;
      badParam = true;
    }

    if (options.showHelp)
    {
      fprintf(badParam?stderr:stdout,"PeRdr version %s\n"
"\n"
"usage: perdr [options] <filename>\n"
"   --help                  - print this message\n"
"   --version               - print the version of PeRdr being used\n"
"   -b, --bytes             - show bytes on disassembly\n"
"   --show-priority         - show priority in disassembly\n"
"   --raw-dump              - don't disassemble, print only raw bytes\n"
"   --extract-icon-resource - extract icon into separate files (resicoX.ico)\n"
" Disable some instruction sets decode:\n"
"   --disable-3dnow         - disable 3DNow! disassembly (even enhanced)\n"
"   --disable-enh3dnow      - disable enhanced 3DNow! disassembly\n"
"   --disable-pentium3      - disable PentiumIII disassembly\n"
"   --disable-athlon        - disable Athlon disassembly\n"
" Select what show (if none show all):\n"
"   --show-headers          - show headers\n"
"   --show-imports          - show imports\n"
"   --show-relocations      - show relocations\n"
"   --show-exports          - show exports\n"
"   --show-resources        - show resources\n"
"   --show-code             - show code or dump\n"
      ,szVersion);
      return badParam ? 1: 0;
    }

    if (options.showVersion)
    {
      fprintf(stderr,"PeRdr version %s\n",szVersion);
      return 0;
    }

    // set CPU options
    p3enable           = !options.disableP3;
    k6_en_3DNow_enable = !options.disableEnh3DNow;
    k6_3DNow_enable    = !options.disable3DNow;
    athlon_enable      = !options.disableAthlon;

    CSignFile file(argv[arg],"rb");

    PeFile peFile(file);

    // write info
    if (options.showHeaders)
    {
      PeFile::WriteFileHdr(peFile.GetFileHeader());
      PeFile::WriteOptionalHdr(peFile.GetOptionalHeader());
      for (unsigned i=0; i<peFile.GetSectionCount(); ++i)
      {
        printf("Section %i\n",i);
        PeFile::WriteSectionHdr(peFile.GetSection(i));
      }
    }
    RVAFileTranslator& rva = peFile.GetRVA();

    Symbols symbols,exportedSymbols;

    // parse imports
    const PE_IMAGE_DATA_DIRECTORY& imports =
      peFile.GetDataDirectory(IMAGE_DIRECTORY_ENTRY_IMPORT);
    if ( imports.VirtualAddress != 0 && imports.Size != 0 )
    {
      SymbolsAddImportParam param = { &symbols,peFile.GetImageBase() };
      peFile.ParseImport(SymbolsAddImport,&param);

      MarkImportParam markParam = { &file,&rva,peFile.GetImageBase() };
      peFile.ParseImport(MarkImport,&markParam);

      if (options.showImports)
        peFile.ParseImport(PeFile::WriteImport,NULL);
    }

    // parse exports
    const PE_IMAGE_DATA_DIRECTORY& export_ =
      peFile.GetDataDirectory(IMAGE_DIRECTORY_ENTRY_EXPORT);
    if ( export_.VirtualAddress != 0 && export_.Size != 0 )
    {
                        SymbolsAddImportParam param = { &exportedSymbols,peFile.GetImageBase() };
      peFile.ParseExport(SymbolsAddImport,&param);

      if (options.showExports)
        peFile.ParseExport(PeFile::WriteImport,NULL);
    }

    bool hasRelocation = (peFile.GetFileHeader().Characteristics&IMAGE_FILE_RELOCS_STRIPPED)==0;
                RelocationInfos relocationInfos;

    // parse relocations
    const PE_IMAGE_DATA_DIRECTORY& relocations =
      peFile.GetDataDirectory(IMAGE_DIRECTORY_ENTRY_BASERELOC);
    if ( relocations.VirtualAddress != 0 && relocations.Size != 0 )
    {
      hasRelocation = true;
      if (options.showRelocations)
         peFile.ParseRelocations(PeFile::WriteRelocation,NULL);
      // add relocation info to object
      // also check if exist some relocation
      // some driver not mark relocation stripping on header, 
      //  have relocation section without relocation
      AddRelocationParam param(&relocationInfos,peFile.GetImageBase());
      peFile.ParseRelocations(AddRelocationInfo,&param);
            hasRelocation = param.relocationExist;
    }
          else
            hasRelocation = false;

    // parse resources
    const PE_IMAGE_DATA_DIRECTORY& resources =
      peFile.GetDataDirectory(IMAGE_DIRECTORY_ENTRY_RESOURCE);
    if ( resources.VirtualAddress != 0 && resources.Size != 0 )
    {
      if (options.showResources)
        peFile.WriteResource();
      if (options.extractIconRes)
      {
        ResourceExtract::ExtractIcons(peFile);
      }
    }

    // transfer to byte level
    if (!options.showCode)
      return 0;
    if (options.rawDumping)
    {
      RawDump(file,peFile.GetImageBase(),rva);
    }
    else
    {
//    FileByte();
//    ParseCode(file,nt_hdr.OptionalHeader.ImageBase,
//      nt_hdr.OptionalHeader.AddressOfEntryPoint,rva,api);
      ParseCode(file,peFile.GetImageBase(),
        peFile.GetOptionalHeader().AddressOfEntryPoint,rva,symbols,exportedSymbols,
        hasRelocation,relocationInfos);
    }
    return 0;
  }
  catch(runtime_error& error)
  {
    fprintf(stderr,"Runtime Error: %s\n",error.what());
    return 2;
  }
  catch(const ObjectModule::OutOfAddress& error)
  {
    fprintf(stderr,"Runtime Error: Out of file %08X\n",error.address);
    return 1;
  }
}

---