1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
| #include<stdio.h>
#include<stdlib.h>
long n;
unsigned int elfanew;
unsigned int sizeofimage;
unsigned int sizeofheads;
unsigned short numberofsections;
unsigned short sizeofoptionalheader;
int startsectiontable;
void* dllread()
{
FILE* fp = fopen("mydll.dll","rb");
void* p;
if(fp == NULL)
{
printf("failed");
exit(0);
}
fseek(fp,0,2);
n = ftell(fp);
p = malloc(n);
if(p == NULL)
{
printf("failed");
exit(0);
}
fseek(fp,0,0);
fread(p,1,n,fp);
fclose(fp);
return p;
}
int rva2foa(char* p,int rva)
{
int i;
if(rva<=sizeofheads)
{
return rva;
}
for(i=0;i<numberofsections;i++)
{
int va = *(int*)(p + startsectiontable + i*0x28 + 0xc);
int sord = *(int*)(p + startsectiontable + i*0x28 + 0x10);
int ptrd = *(int*)(p + startsectiontable + i*0x28 + 0x14);
if(rva>=va && rva<=va+sord)
{
return ptrd + (rva - va);
}
}
printf("error");
exit(1);
}
int main()
{
char* p;
int relocrva;
int relocfoa;
int tmp;
int i;
p = (char*)dllread();
elfanew = *(unsigned int*)(p + 0x3c);
sizeofheads = *(unsigned int*)(p + elfanew + 4 + 0x14 + 0x3c);
numberofsections = *(unsigned short*)(p + elfanew + 4 + 2);
sizeofoptionalheader = *(unsigned short*)(p + elfanew + 4 + 0x10);
startsectiontable = elfanew + 4 + 0x14 + sizeofoptionalheader;
relocrva = *(unsigned int*)(p + elfanew + 4 + 0x14 + 0x60 + 5*0x8);
printf("relocrva: 0x%x\n",relocrva);
relocfoa = rva2foa(p,relocrva);
printf("relocfoa: 0x%x\n",relocfoa);
tmp = *(int*)(p + relocfoa + 4);
while(tmp != 0)
{
printf("VirtualAddress: 0x%x\n",*(int*)(p + relocfoa));
printf("SizeOfBlock: 0x%x\n",*(int*)(p + relocfoa + 4));
relocfoa += tmp;
tmp = *(int*)(p + relocfoa + 4);
}
return 0;
}
|
