From bed12f184d285fe27141d89d14f93d723777bf05 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Mon, 2 Oct 2017 17:55:07 +0300 Subject: version of checksum that handles multiple debug info entries ported to PluginUpdater --- plugins/PluginUpdater/src/checksum.cpp | 81 ++++++++++++++-------------------- tools/checksum/checksum.cpp | 4 +- 2 files changed, 33 insertions(+), 52 deletions(-) diff --git a/plugins/PluginUpdater/src/checksum.cpp b/plugins/PluginUpdater/src/checksum.cpp index ba895515b4..5a524b7d1b 100644 --- a/plugins/PluginUpdater/src/checksum.cpp +++ b/plugins/PluginUpdater/src/checksum.cpp @@ -30,7 +30,7 @@ struct MFileMapping hFile = CreateFile(ptszFileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); if (hFile != INVALID_HANDLE_VALUE) - hMap = CreateFileMapping( hFile, NULL, PAGE_WRITECOPY, 0, 0, NULL); + hMap = CreateFileMapping(hFile, NULL, PAGE_WRITECOPY, 0, 0, NULL); if (hMap) ptr = (PBYTE)MapViewOfFile(hMap, FILE_MAP_COPY, 0, 0, 0); } @@ -53,7 +53,7 @@ static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, BYTE *pBase) static void PatchResourceEntry(PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE, BYTE *pBase) { if (pIRDE->DataIsDirectory) - PatchResourcesDirectory( PIMAGE_RESOURCE_DIRECTORY(pBase + pIRDE->OffsetToDirectory), pBase); + PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY(pBase + pIRDE->OffsetToDirectory), pBase); } static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, PBYTE pBase) @@ -61,11 +61,11 @@ static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, PBYTE pBase) UINT i; pIRD->TimeDateStamp = 0; - PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE = PIMAGE_RESOURCE_DIRECTORY_ENTRY(pIRD+1); - for ( i=0; i < pIRD->NumberOfNamedEntries; i++, pIRDE++ ) + PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE = PIMAGE_RESOURCE_DIRECTORY_ENTRY(pIRD + 1); + for (i = 0; i < pIRD->NumberOfNamedEntries; i++, pIRDE++) PatchResourceEntry(pIRDE, pBase); - for ( i=0; i < pIRD->NumberOfIdEntries; i++, pIRDE++ ) + for (i = 0; i < pIRD->NumberOfIdEntries; i++, pIRDE++) PatchResourceEntry(pIRDE, pBase); } @@ -79,7 +79,7 @@ int CalculateModuleHash(const wchar_t *filename, char *szDest) return RESULT_READERROR; // check minimum and maximum size - DWORD hsize = 0, filesize = GetFileSize(map.hFile, &hsize ); + DWORD hsize = 0, filesize = GetFileSize(map.hFile, &hsize); if (!filesize || filesize == INVALID_FILE_SIZE || hsize) return RESULT_INVALID; @@ -97,7 +97,7 @@ LBL_NotPE: } else { PIMAGE_NT_HEADERS pINTH = (PIMAGE_NT_HEADERS)(map.ptr + pIDH->e_lfanew); - if ((PBYTE)pINTH + sizeof(IMAGE_NT_HEADERS) >= map.ptr + filesize ) + if ((PBYTE)pINTH + sizeof(IMAGE_NT_HEADERS) >= map.ptr + filesize) return RESULT_CORRUPTED; if (pINTH->Signature != IMAGE_NT_SIGNATURE) goto LBL_NotPE; @@ -106,27 +106,25 @@ LBL_NotPE: DWORD sections = pINTH->FileHeader.NumberOfSections; if (!sections) return RESULT_INVALID; + PIMAGE_DATA_DIRECTORY pIDD = 0; + PIMAGE_DEBUG_DIRECTORY pDBG = 0; + PBYTE pRealloc = nullptr; + ULONGLONG base = 0; // try to found correct offset independent of architectures DWORD offset = pIDH->e_lfanew + pINTH->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_NT_HEADERS) - sizeof(IMAGE_OPTIONAL_HEADER); - PBYTE pRealloc = 0; - PIMAGE_DEBUG_DIRECTORY pDBG = 0; - PIMAGE_DATA_DIRECTORY pIDD; - ULONGLONG base; if ((machine == IMAGE_FILE_MACHINE_I386) && (pINTH->FileHeader.SizeOfOptionalHeader >= sizeof(IMAGE_OPTIONAL_HEADER32)) && - (pINTH->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)) - { + (pINTH->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC)) { pIDD = (PIMAGE_DATA_DIRECTORY)((PBYTE)pINTH + offsetof(IMAGE_NT_HEADERS32, OptionalHeader.DataDirectory)); - base = *(DWORD*)((PBYTE)pINTH + offsetof( IMAGE_NT_HEADERS32, OptionalHeader.ImageBase )); + base = *(DWORD*)((PBYTE)pINTH + offsetof(IMAGE_NT_HEADERS32, OptionalHeader.ImageBase)); } else if ((machine == IMAGE_FILE_MACHINE_AMD64) && (pINTH->FileHeader.SizeOfOptionalHeader >= sizeof(IMAGE_OPTIONAL_HEADER64)) && - (pINTH->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)) - { + (pINTH->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)) { pIDD = (PIMAGE_DATA_DIRECTORY)((PBYTE)pINTH + offsetof(IMAGE_NT_HEADERS64, OptionalHeader.DataDirectory)); - base = *(ULONGLONG*)((PBYTE)pINTH + offsetof( IMAGE_NT_HEADERS64, OptionalHeader.ImageBase )); + base = *(ULONGLONG*)((PBYTE)pINTH + offsetof(IMAGE_NT_HEADERS64, OptionalHeader.ImageBase)); } else return RESULT_CORRUPTED; @@ -147,54 +145,43 @@ LBL_NotPE: DWORD relocSize = pIDD[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; // verify image integrity - for (DWORD idx=0; idx < sections; idx++) { + for (DWORD idx = 0; idx < sections; idx++) { PIMAGE_SECTION_HEADER pISH = (PIMAGE_SECTION_HEADER)(map.ptr + offset + idx * sizeof(IMAGE_SECTION_HEADER)); if (((PBYTE)pISH + sizeof(IMAGE_SECTION_HEADER) > map.ptr + filesize) || (pISH->PointerToRawData + pISH->SizeOfRawData > filesize)) return RESULT_CORRUPTED; // erase timestamp - if (( dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY)) && - (dbgAddr >= pISH->VirtualAddress) && - (dbgAddr + dbgSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) - { + if ((dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY)) && (dbgAddr >= pISH->VirtualAddress) && (dbgAddr + dbgSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { DWORD shift = dbgAddr - pISH->VirtualAddress; pDBG = (PIMAGE_DEBUG_DIRECTORY)(map.ptr + shift + pISH->PointerToRawData); - pDBG->TimeDateStamp = 0; + for (int i = dbgSize / sizeof(IMAGE_DEBUG_DIRECTORY); i > 0; i--) + pDBG[i - 1].TimeDateStamp = 0; } // erase export timestamp - if ((expSize >= sizeof(IMAGE_EXPORT_DIRECTORY)) && - (expAddr >= pISH->VirtualAddress) && - (expAddr + expSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) - { + if ((expSize >= sizeof(IMAGE_EXPORT_DIRECTORY)) && (expAddr >= pISH->VirtualAddress) && (expAddr + expSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { DWORD shift = expAddr - pISH->VirtualAddress; PIMAGE_EXPORT_DIRECTORY pEXP = (PIMAGE_EXPORT_DIRECTORY)(map.ptr + shift + pISH->PointerToRawData); pEXP->TimeDateStamp = 0; } // find realocation table - if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && - (relocAddr >= pISH->VirtualAddress) && - (relocAddr + relocSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) - { + if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && (relocAddr >= pISH->VirtualAddress) && (relocAddr + relocSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { DWORD shift = relocAddr - pISH->VirtualAddress; pRealloc = map.ptr + shift + pISH->PointerToRawData; } } - for (size_t idx=0; idx < sections; idx++) { + for (size_t idx = 0; idx < sections; idx++) { PIMAGE_SECTION_HEADER pISH = (PIMAGE_SECTION_HEADER)(map.ptr + offset + idx * sizeof(IMAGE_SECTION_HEADER)); - if (((PBYTE)pISH + sizeof(IMAGE_SECTION_HEADER) > map.ptr + filesize) || ( pISH->PointerToRawData + pISH->SizeOfRawData > filesize)) + if (((PBYTE)pISH + sizeof(IMAGE_SECTION_HEADER) > map.ptr + filesize) || (pISH->PointerToRawData + pISH->SizeOfRawData > filesize)) return RESULT_CORRUPTED; // erase debug information - if (pDBG && pDBG->SizeOfData > 0 && - pDBG->PointerToRawData >= pISH->PointerToRawData && - pDBG->PointerToRawData + pDBG->SizeOfData <= pISH->PointerToRawData + pISH->SizeOfRawData) - { - memset((map.ptr + pDBG->PointerToRawData), 0, pDBG->SizeOfData); - } + if (pDBG && pDBG->SizeOfData > 0) + if (pDBG->PointerToRawData >= pISH->PointerToRawData && pDBG->PointerToRawData + pDBG->SizeOfData <= pISH->PointerToRawData + pISH->SizeOfRawData) + ZeroMemory(map.ptr + pDBG->PointerToRawData, pDBG->SizeOfData); // patch resources if (resSize > 0 && resAddr >= pISH->VirtualAddress && resAddr + resSize <= pISH->VirtualAddress + pISH->SizeOfRawData) { @@ -207,28 +194,24 @@ LBL_NotPE: if (pRealloc) { DWORD blocklen = relocSize; PIMAGE_BASE_RELOCATION pIBR = (PIMAGE_BASE_RELOCATION)pRealloc; - - while(pIBR) { - if ((pIBR->VirtualAddress >= pISH->VirtualAddress) && - (pIBR->VirtualAddress < pISH->VirtualAddress + pISH->SizeOfRawData) && - (pIBR->SizeOfBlock <= blocklen)) - { + while (pIBR) { + if ((pIBR->VirtualAddress >= pISH->VirtualAddress) && (pIBR->VirtualAddress < pISH->VirtualAddress + pISH->SizeOfRawData) && (pIBR->SizeOfBlock <= blocklen)) { DWORD shift = pIBR->VirtualAddress - pISH->VirtualAddress + pISH->PointerToRawData; int len = pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION); PWORD pw = (PWORD)((PBYTE)pIBR + sizeof(IMAGE_BASE_RELOCATION)); - while(len > 0) { + while (len > 0) { DWORD type = *pw >> 12; DWORD addr = (*pw & 0x0FFF); PBYTE pAddr = map.ptr + shift + addr; - switch(type) { + switch (type) { case IMAGE_REL_BASED_HIGHLOW: if (addr + pIBR->VirtualAddress + sizeof(DWORD) >= pISH->VirtualAddress + pISH->SizeOfRawData) { len = 0; break; } - *(PDWORD)pAddr = (DWORD)((*(PDWORD)pAddr) - (DWORD)base ); + *(PDWORD)pAddr = (DWORD)((*(PDWORD)pAddr) - (DWORD)base); break; case IMAGE_REL_BASED_DIR64: @@ -236,7 +219,7 @@ LBL_NotPE: len = 0; break; } - *(ULONGLONG*)pAddr = (ULONGLONG)((*(ULONGLONG*)pAddr) - base ); + *(ULONGLONG*)pAddr = (ULONGLONG)((*(ULONGLONG*)pAddr) - base); break; case IMAGE_REL_BASED_ABSOLUTE: diff --git a/tools/checksum/checksum.cpp b/tools/checksum/checksum.cpp index 1469197554..180c2b00c9 100644 --- a/tools/checksum/checksum.cpp +++ b/tools/checksum/checksum.cpp @@ -172,7 +172,6 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) if ((expSize >= sizeof(IMAGE_EXPORT_DIRECTORY)) && (expAddr >= pISH->VirtualAddress) && (expAddr + expSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { DWORD shift = expAddr - pISH->VirtualAddress; PIMAGE_EXPORT_DIRECTORY pEXP = (PIMAGE_EXPORT_DIRECTORY)(ptr + shift + pISH->PointerToRawData); - pEXP->TimeDateStamp = 0; if (debug) @@ -209,14 +208,13 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) // patch resources if (resSize > 0 && resAddr >= pISH->VirtualAddress && resAddr + resSize <= pISH->VirtualAddress + pISH->SizeOfRawData) { DWORD shift = resAddr - pISH->VirtualAddress + pISH->PointerToRawData; - IMAGE_RESOURCE_DIRECTORY* pIRD = (IMAGE_RESOURCE_DIRECTORY*)(ptr + shift); + IMAGE_RESOURCE_DIRECTORY *pIRD = (IMAGE_RESOURCE_DIRECTORY*)(ptr + shift); PatchResourcesDirectory(pIRD, ptr + shift); } // rebase to zero address if (pRealloc) { DWORD blocklen = relocSize; - PIMAGE_BASE_RELOCATION pIBR = (PIMAGE_BASE_RELOCATION)pRealloc; while (pIBR) { if ((pIBR->VirtualAddress >= pISH->VirtualAddress) && -- cgit v1.2.3