The-Homebrew-Cloud/GhidraRPXLoader
2
0
Fork 0
mirror of https://github.com/Maschell/GhidraRPXLoader.git synced 2024-09-28 23:58:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Zero the data in imports and exports section to prevent analysis marking strings.

Browse Source
This commit is contained in:
James Benton 2019-10-03 11:44:55 +01:00
parent 3275fe9c7f
commit 55e72815e3
1 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/main/java/cafeloader/Cafe_ElfExtension.java
View File

@ -135,38 +135,60 @@ public class Cafe_ElfExtension extends ElfExtension {
processRplCrcs(elfLoadHelper, sectionHeader);
} else if (headertype == SHT_RPL_FILEINFO.value) {
processRplFileInfo(elfLoadHelper, sectionHeader);
} else if (headertype == SHT_RPL_IMPORTS.value) {
processRplImports(elfLoadHelper, sectionHeader);
} else if (headertype == SHT_RPL_EXPORTS.value) {
processRplExports(elfLoadHelper, sectionHeader);
}
}
}
private void processRplImports(ElfLoadHelper elfLoadHelper, ElfSectionHeader sectionHeader) {
// Clear the section data otherwise analysis will identify strings in it.
Address sectionAddress = elfLoadHelper.findLoadAddress(sectionHeader, 0);
int sectionSize = (int) sectionHeader.getSize();
elfLoadHelper.createUndefinedData(sectionAddress, sectionSize);
byte[] zeroes = new byte[sectionSize];
try {
elfLoadHelper.getProgram().getMemory().setBytes(sectionAddress, zeroes);
} catch (MemoryAccessException e) {
}
}
private void processRplExports(ElfLoadHelper elfLoadHelper, ElfSectionHeader sectionHeader) {
String sectionName = sectionHeader.getNameAsString();
boolean isDataExports = sectionName.contentEquals(".dexports");
if (!isDataExports) {
// Function exports are already in symbol table
return;
if (sectionName.contentEquals(".dexports")) {
// Create symbols for data exports
BinaryReader reader = elfLoadHelper.getElfHeader().getReader();
reader.setPointerIndex(sectionHeader.getOffset());
try {
int count = reader.readNextInt();
/* int signature = */ reader.readNextInt();
for (int i = 0; i < count; ++i) {
int value = reader.readNextInt();
int nameOffset = reader.readNextInt();
/* boolean isTlsExport = (nameOffset & 0x80000000) != 0; */
String name = reader.readAsciiString(sectionHeader.getOffset() + (nameOffset & 0x7FFFFFFF));
elfLoadHelper.createSymbol(elfLoadHelper.getDefaultAddress(value), name, true, false, null);
}
} catch (IOException e) {
e.printStackTrace();
} catch (InvalidInputException e) {
e.printStackTrace();
}
}
// Create symbols for data exports
BinaryReader reader = elfLoadHelper.getElfHeader().getReader();
reader.setPointerIndex(sectionHeader.getOffset());
// Clear the section data otherwise analysis will identify strings in it.
Address sectionAddress = elfLoadHelper.findLoadAddress(sectionHeader, 0);
int sectionSize = (int) sectionHeader.getSize();
elfLoadHelper.createUndefinedData(sectionAddress, sectionSize);
byte[] zeroes = new byte[sectionSize];
try {
int count = reader.readNextInt();
/* int signature = */ reader.readNextInt();
for (int i = 0; i < count; ++i) {
int value = reader.readNextInt();
int nameOffset = reader.readNextInt();
/* boolean isTlsExport = (nameOffset & 0x80000000) != 0; */
String name = reader.readAsciiString(sectionHeader.getOffset() + (nameOffset & 0x7FFFFFFF));
elfLoadHelper.createSymbol(elfLoadHelper.getDefaultAddress(value), name, true, false, null);
}
} catch (IOException e) {
e.printStackTrace();
} catch (InvalidInputException e) {
e.printStackTrace();
elfLoadHelper.getProgram().getMemory().setBytes(sectionAddress, zeroes);
} catch (MemoryAccessException e) {
}
}