From ebdfc32619b48385a2012ccec72c5239579b6c41 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Mon, 2 Oct 2017 18:47:20 +0300 Subject: human readable form of all those section checks --- plugins/PluginUpdater/src/checksum.cpp | 31 ++++++++++++++++++------------- tools/checksum/checksum.cpp | 16 +++++++++------- tools/checksum/checksum.exe | Bin 18432 -> 18432 bytes 3 files changed, 27 insertions(+), 20 deletions(-) diff --git a/plugins/PluginUpdater/src/checksum.cpp b/plugins/PluginUpdater/src/checksum.cpp index 5a524b7d1b..67f2493611 100644 --- a/plugins/PluginUpdater/src/checksum.cpp +++ b/plugins/PluginUpdater/src/checksum.cpp @@ -48,9 +48,9 @@ struct MFileMapping } }; -static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, BYTE *pBase); +static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, PBYTE pBase); -static void PatchResourceEntry(PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE, BYTE *pBase) +static void PatchResourceEntry(PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE, PBYTE pBase) { if (pIRDE->DataIsDirectory) PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY(pBase + pIRDE->OffsetToDirectory), pBase); @@ -58,17 +58,21 @@ static void PatchResourceEntry(PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE, BYTE *pBas static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, PBYTE pBase) { - UINT i; pIRD->TimeDateStamp = 0; PIMAGE_RESOURCE_DIRECTORY_ENTRY pIRDE = PIMAGE_RESOURCE_DIRECTORY_ENTRY(pIRD + 1); - for (i = 0; i < pIRD->NumberOfNamedEntries; i++, pIRDE++) + for (UINT i = 0; i < pIRD->NumberOfNamedEntries; i++, pIRDE++) PatchResourceEntry(pIRDE, pBase); - for (i = 0; i < pIRD->NumberOfIdEntries; i++, pIRDE++) + for (UINT i = 0; i < pIRD->NumberOfIdEntries; i++, pIRDE++) PatchResourceEntry(pIRDE, pBase); } +__forceinline bool Contains(PIMAGE_SECTION_HEADER pISH, DWORD address, DWORD size = 0) +{ + return (address >= pISH->VirtualAddress && address + size <= pISH->VirtualAddress + pISH->SizeOfRawData); +} + int CalculateModuleHash(const wchar_t *filename, char *szDest) { MFileMapping map(filename); @@ -80,7 +84,6 @@ int CalculateModuleHash(const wchar_t *filename, char *szDest) // check minimum and maximum size DWORD hsize = 0, filesize = GetFileSize(map.hFile, &hsize); - if (!filesize || filesize == INVALID_FILE_SIZE || hsize) return RESULT_INVALID; @@ -99,6 +102,7 @@ LBL_NotPE: PIMAGE_NT_HEADERS pINTH = (PIMAGE_NT_HEADERS)(map.ptr + pIDH->e_lfanew); if ((PBYTE)pINTH + sizeof(IMAGE_NT_HEADERS) >= map.ptr + filesize) return RESULT_CORRUPTED; + if (pINTH->Signature != IMAGE_NT_SIGNATURE) goto LBL_NotPE; @@ -106,8 +110,9 @@ LBL_NotPE: DWORD sections = pINTH->FileHeader.NumberOfSections; if (!sections) return RESULT_INVALID; - PIMAGE_DATA_DIRECTORY pIDD = 0; - PIMAGE_DEBUG_DIRECTORY pDBG = 0; + + PIMAGE_DATA_DIRECTORY pIDD = nullptr; + PIMAGE_DEBUG_DIRECTORY pDBG = nullptr; PBYTE pRealloc = nullptr; ULONGLONG base = 0; @@ -151,7 +156,7 @@ LBL_NotPE: return RESULT_CORRUPTED; // erase timestamp - if ((dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY)) && (dbgAddr >= pISH->VirtualAddress) && (dbgAddr + dbgSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if (dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY) && Contains(pISH, dbgAddr, dbgSize)) { DWORD shift = dbgAddr - pISH->VirtualAddress; pDBG = (PIMAGE_DEBUG_DIRECTORY)(map.ptr + shift + pISH->PointerToRawData); for (int i = dbgSize / sizeof(IMAGE_DEBUG_DIRECTORY); i > 0; i--) @@ -159,14 +164,14 @@ LBL_NotPE: } // erase export timestamp - if ((expSize >= sizeof(IMAGE_EXPORT_DIRECTORY)) && (expAddr >= pISH->VirtualAddress) && (expAddr + expSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if (expSize >= sizeof(IMAGE_EXPORT_DIRECTORY) && Contains(pISH, expAddr, expSize)) { DWORD shift = expAddr - pISH->VirtualAddress; PIMAGE_EXPORT_DIRECTORY pEXP = (PIMAGE_EXPORT_DIRECTORY)(map.ptr + shift + pISH->PointerToRawData); pEXP->TimeDateStamp = 0; } // find realocation table - if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && (relocAddr >= pISH->VirtualAddress) && (relocAddr + relocSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && Contains(pISH, relocAddr, relocSize)) { DWORD shift = relocAddr - pISH->VirtualAddress; pRealloc = map.ptr + shift + pISH->PointerToRawData; } @@ -184,7 +189,7 @@ LBL_NotPE: ZeroMemory(map.ptr + pDBG->PointerToRawData, pDBG->SizeOfData); // patch resources - if (resSize > 0 && resAddr >= pISH->VirtualAddress && resAddr + resSize <= pISH->VirtualAddress + pISH->SizeOfRawData) { + if (resSize > 0 && Contains(pISH, resAddr, resSize)) { DWORD shift = resAddr - pISH->VirtualAddress + pISH->PointerToRawData; IMAGE_RESOURCE_DIRECTORY *pIRD = (IMAGE_RESOURCE_DIRECTORY*)(map.ptr + shift); PatchResourcesDirectory(pIRD, map.ptr + shift); @@ -195,7 +200,7 @@ LBL_NotPE: DWORD blocklen = relocSize; PIMAGE_BASE_RELOCATION pIBR = (PIMAGE_BASE_RELOCATION)pRealloc; while (pIBR) { - if ((pIBR->VirtualAddress >= pISH->VirtualAddress) && (pIBR->VirtualAddress < pISH->VirtualAddress + pISH->SizeOfRawData) && (pIBR->SizeOfBlock <= blocklen)) { + if (Contains(pISH, pIBR->VirtualAddress) && pIBR->SizeOfBlock <= blocklen) { DWORD shift = pIBR->VirtualAddress - pISH->VirtualAddress + pISH->PointerToRawData; int len = pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION); PWORD pw = (PWORD)((PBYTE)pIBR + sizeof(IMAGE_BASE_RELOCATION)); diff --git a/tools/checksum/checksum.cpp b/tools/checksum/checksum.cpp index 180c2b00c9..a3aefec80f 100644 --- a/tools/checksum/checksum.cpp +++ b/tools/checksum/checksum.cpp @@ -38,6 +38,11 @@ static void PatchResourcesDirectory(PIMAGE_RESOURCE_DIRECTORY pIRD, PBYTE pBase) PatchResourceEntry(pIRDE, pBase); } +__forceinline bool Contains(PIMAGE_SECTION_HEADER pISH, DWORD address, DWORD size = 0) +{ + return (address >= pISH->VirtualAddress && address + size <= pISH->VirtualAddress + pISH->SizeOfRawData); +} + int PEChecksum(wchar_t *filename, BYTE digest[16]) { HANDLE hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL); @@ -158,7 +163,7 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) } // erase timestamp - if ((dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY)) && (dbgAddr >= pISH->VirtualAddress) && (dbgAddr + dbgSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if (dbgSize >= sizeof(IMAGE_DEBUG_DIRECTORY) && Contains(pISH, dbgAddr, dbgSize)) { DWORD shift = dbgAddr - pISH->VirtualAddress; pDBG = (PIMAGE_DEBUG_DIRECTORY)(ptr + shift + pISH->PointerToRawData); for (int i = dbgSize / sizeof(IMAGE_DEBUG_DIRECTORY); i > 0; i--) @@ -169,7 +174,7 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) } // erase export timestamp - if ((expSize >= sizeof(IMAGE_EXPORT_DIRECTORY)) && (expAddr >= pISH->VirtualAddress) && (expAddr + expSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if (expSize >= sizeof(IMAGE_EXPORT_DIRECTORY) && Contains(pISH, expAddr, expSize)) { DWORD shift = expAddr - pISH->VirtualAddress; PIMAGE_EXPORT_DIRECTORY pEXP = (PIMAGE_EXPORT_DIRECTORY)(ptr + shift + pISH->PointerToRawData); pEXP->TimeDateStamp = 0; @@ -179,7 +184,7 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) } // find realocation table - if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && (relocAddr >= pISH->VirtualAddress) && (relocAddr + relocSize <= pISH->VirtualAddress + pISH->SizeOfRawData)) { + if ((relocSize >= sizeof(IMAGE_BASE_RELOCATION)) && Contains(pISH, relocAddr, relocSize)) { DWORD shift = relocAddr - pISH->VirtualAddress; pRealloc = ptr + shift + pISH->PointerToRawData; @@ -217,10 +222,7 @@ int PEChecksum(wchar_t *filename, BYTE digest[16]) DWORD blocklen = relocSize; PIMAGE_BASE_RELOCATION pIBR = (PIMAGE_BASE_RELOCATION)pRealloc; while (pIBR) { - if ((pIBR->VirtualAddress >= pISH->VirtualAddress) && - (pIBR->VirtualAddress < pISH->VirtualAddress + pISH->SizeOfRawData) && - (pIBR->SizeOfBlock <= blocklen)) - { + if (Contains(pISH, pIBR->VirtualAddress) && pIBR->SizeOfBlock <= blocklen) { DWORD shift = pIBR->VirtualAddress - pISH->VirtualAddress + pISH->PointerToRawData; int len = pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION); diff --git a/tools/checksum/checksum.exe b/tools/checksum/checksum.exe index d6efb88ca4..234b1f2ff7 100644 Binary files a/tools/checksum/checksum.exe and b/tools/checksum/checksum.exe differ -- cgit v1.2.3