1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif
#include "chrome/chrome_elf/pe_image_safe/pe_image_safe.h"
#include <assert.h>
#include <stddef.h>
namespace pe_image_safe {
// Sanity check. Yes, IMAGE_NT_HEADERS is a different size depending on
// image bitness, but either way it should not be more than kPageSize.
static_assert(sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS) <= kPageSize,
"PE Headers bigger than expected. Very unexpected.");
//------------------------------------------------------------------------------
// Public PEImage class methods
//------------------------------------------------------------------------------
PIMAGE_DOS_HEADER PEImageSafe::GetDosHeader() {
if (dos_header_)
return dos_header_;
// Find and verify the new header.
if (!image_)
return nullptr;
dos_header_ = reinterpret_cast<PIMAGE_DOS_HEADER>(image_);
if (sizeof(IMAGE_DOS_HEADER) > image_size_ ||
dos_header_->e_magic != IMAGE_DOS_SIGNATURE) {
dos_header_ = nullptr;
}
return dos_header_;
}
PIMAGE_FILE_HEADER PEImageSafe::GetFileHeader() {
if (file_header_)
return file_header_;
// Find and verify the new header.
PIMAGE_DOS_HEADER dos_header = GetDosHeader();
if (!dos_header)
return nullptr;
// Note: e_lfanew is an offset from |dos_header|, which is the start of the
// image buffer.
PIMAGE_NT_HEADERS nt_headers = reinterpret_cast<PIMAGE_NT_HEADERS>(
reinterpret_cast<char*>(dos_header) + dos_header->e_lfanew);
if (((dos_header->e_lfanew + sizeof(IMAGE_NT_HEADERS::Signature) +
sizeof(IMAGE_FILE_HEADER)) > image_size_) ||
nt_headers->Signature != IMAGE_NT_SIGNATURE) {
return nullptr;
}
// Nothing to verify inside the Coff File Header at this point.
file_header_ = &nt_headers->FileHeader;
return file_header_;
}
BYTE* PEImageSafe::GetOptionalHeader() {
if (opt_header_)
return opt_header_;
// Find and verify the new header.
PIMAGE_FILE_HEADER file_header = GetFileHeader();
if (!file_header)
return nullptr;
// No bitness yet...
PIMAGE_OPTIONAL_HEADER optional_header =
reinterpret_cast<PIMAGE_OPTIONAL_HEADER>(
reinterpret_cast<char*>(file_header) + sizeof(IMAGE_FILE_HEADER));
uintptr_t optional_header_offset = reinterpret_cast<char*>(optional_header) -
reinterpret_cast<char*>(dos_header_);
if (optional_header_offset + sizeof(IMAGE_OPTIONAL_HEADER::Magic) >
image_size_) {
return nullptr;
}
// Now is the time to set the image bitness.
if (optional_header->Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
bitness_ = ImageBitness::k64;
} else if (optional_header->Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
bitness_ = ImageBitness::k32;
} else {
// Invalid image.
bitness_ = ImageBitness::kUnknown;
return nullptr;
}
// Sanity check that the full optional header is in this buffer.
if ((bitness_ == ImageBitness::k64 &&
(optional_header_offset + sizeof(IMAGE_OPTIONAL_HEADER64)) >
image_size_) ||
(optional_header_offset + sizeof(IMAGE_OPTIONAL_HEADER32) >
image_size_)) {
return nullptr;
}
// If |image_size_| is currently |kImageSizeNotSet| (this is an image mapped
// into memory by NTLoader), now the size can be updated for accuracy.
if (image_size_ == kImageSizeNotSet) {
if (bitness_ == ImageBitness::k64) {
image_size_ = reinterpret_cast<PIMAGE_OPTIONAL_HEADER64>(optional_header)
->SizeOfImage;
} else {
image_size_ = reinterpret_cast<PIMAGE_OPTIONAL_HEADER32>(optional_header)
->SizeOfImage;
}
}
// Nothing to verify inside the optional header at this point.
opt_header_ = reinterpret_cast<BYTE*>(optional_header);
return opt_header_;
}
ImageBitness PEImageSafe::GetImageBitness() {
// GetOptionalHeader() mines the bitness, if possible.
if (bitness_ == ImageBitness::kUnknown)
GetOptionalHeader();
return bitness_;
}
//----------------------------------------------------------------------------
// The following functions are currently only supported for PE images that
// have been memory mapped by NTLoader.
//----------------------------------------------------------------------------
void* PEImageSafe::RVAToAddr(DWORD rva) {
assert(ldr_image_mapping_);
if (rva >= image_size_)
return nullptr;
return reinterpret_cast<char*>(image_) + rva;
}
void* PEImageSafe::GetImageDirectoryEntryAddr(int directory,
DWORD* directory_size) {
assert(directory >= 0 && directory < IMAGE_NUMBEROF_DIRECTORY_ENTRIES &&
ldr_image_mapping_);
// GetOptionalHeader() validates the optional header.
BYTE* optional_header = GetOptionalHeader();
if (!optional_header)
return nullptr;
DWORD rva = 0;
DWORD size = 0;
if (GetImageBitness() == ImageBitness::k64) {
PIMAGE_OPTIONAL_HEADER64 opt_header =
reinterpret_cast<PIMAGE_OPTIONAL_HEADER64>(optional_header);
if (directory >= static_cast<int>(opt_header->NumberOfRvaAndSizes))
return nullptr;
rva = opt_header->DataDirectory[directory].VirtualAddress;
size = opt_header->DataDirectory[directory].Size;
} else {
PIMAGE_OPTIONAL_HEADER32 opt_header =
reinterpret_cast<PIMAGE_OPTIONAL_HEADER32>(optional_header);
if (directory >= static_cast<int>(opt_header->NumberOfRvaAndSizes))
return nullptr;
rva = opt_header->DataDirectory[directory].VirtualAddress;
size = opt_header->DataDirectory[directory].Size;
}
// Verify that the whole data directory is inside this PEImageSafe buffer.
if (rva + size >= image_size_)
return nullptr;
if (directory_size)
*directory_size = size;
return RVAToAddr(rva);
}
PIMAGE_EXPORT_DIRECTORY PEImageSafe::GetExportDirectory() {
assert(ldr_image_mapping_);
if (export_dir_)
return export_dir_;
// Find and verify the new directory.
DWORD dir_size = 0;
export_dir_ = reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>(
GetImageDirectoryEntryAddr(IMAGE_DIRECTORY_ENTRY_EXPORT, &dir_size));
if (export_dir_) {
// Basic sanity check. |dir_size| will often be larger than just the given
// base directory structure.
if (sizeof(IMAGE_EXPORT_DIRECTORY) > dir_size)
export_dir_ = nullptr;
}
return export_dir_;
}
} // namespace pe_image_safe
|
