put in a lot of work into the PE builder.

Author: jonomango

Diff for: chum/CMakeLists.txt

@@ -11,6 +11,8 @@ add_executable(chum
   "source/symbol.h"
   "source/disassembler.h"
   "source/disassembler.cpp"
+  "source/pe-builder.h"
+  "source/pe-builder.cpp"
   "source/util.h"
   "source/util.cpp"
 )

Diff for: chum/source/binary.cpp

@@ -1,4 +1,5 @@
 #include "binary.h"
+#include "pe-builder.h"
 
 #include <cassert>
 #include <algorithm>
@@ -221,66 +222,7 @@ void binary::print(bool const verbose) {
 
 // Create a new PE file from this binary.
 bool binary::create(char const* const path) const {
-  std::ofstream file(path);
-  if (!file)
-    return false;
-
-  // Create a minimal MS-DOS header that just points to the PE header.
-  IMAGE_DOS_HEADER dos_header = {};
-  std::memset(&dos_header, 0, sizeof(dos_header));
-  dos_header.e_magic  = IMAGE_DOS_SIGNATURE;
-  dos_header.e_lfanew = sizeof(dos_header);
-  file.write(reinterpret_cast<char const*>(&dos_header), sizeof(dos_header));
-
-  IMAGE_NT_HEADERS64 nt_header = {};
-  std::memset(&nt_header, 0, sizeof(nt_header));
-  nt_header.Signature                                  = IMAGE_NT_SIGNATURE;
-  nt_header.FileHeader.Machine                         = IMAGE_FILE_MACHINE_AMD64;
-  nt_header.FileHeader.NumberOfSections                = 1;
-  nt_header.FileHeader.SizeOfOptionalHeader            = sizeof(nt_header.OptionalHeader);
-  nt_header.FileHeader.Characteristics                 = IMAGE_FILE_EXECUTABLE_IMAGE;
-  nt_header.OptionalHeader.Magic                       = IMAGE_NT_OPTIONAL_HDR64_MAGIC;
-  nt_header.OptionalHeader.AddressOfEntryPoint         = 0x1000;
-  nt_header.OptionalHeader.ImageBase                   = 0x140000000;
-  nt_header.OptionalHeader.SectionAlignment            = 0x1000; // Minimum alignment of all data blocks.
-  nt_header.OptionalHeader.FileAlignment               = 0x200; // Test lower than 0x200.
-  nt_header.OptionalHeader.MajorOperatingSystemVersion = 6;
-  nt_header.OptionalHeader.MinorOperatingSystemVersion = 0;
-  nt_header.OptionalHeader.MajorSubsystemVersion       = 6;
-  nt_header.OptionalHeader.MinorSubsystemVersion       = 0;
-  nt_header.OptionalHeader.SizeOfImage                 = 0x2000;
-  nt_header.OptionalHeader.SizeOfHeaders               = 0x200;
-  nt_header.OptionalHeader.Subsystem                   = IMAGE_SUBSYSTEM_WINDOWS_CUI;
-  nt_header.OptionalHeader.DllCharacteristics          = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE | IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
-  nt_header.OptionalHeader.SizeOfStackReserve          = 0x10000;
-  nt_header.OptionalHeader.SizeOfStackCommit           = 0x1000;
-  nt_header.OptionalHeader.SizeOfHeapReserve           = 0x10000;
-  nt_header.OptionalHeader.SizeOfHeapCommit            = 0x1000;
-  nt_header.OptionalHeader.NumberOfRvaAndSizes         = 16; // This can be lowered as a meme.
-  file.write(reinterpret_cast<char const*>(&nt_header), sizeof(nt_header));
-
-  IMAGE_SECTION_HEADER sections[1] = {};
-  std::memset(&sections, 0, sizeof(sections));
-  std::memcpy(&sections[0].Name, ".text\0\0\0", 8);
-  sections[0].Misc.VirtualSize = 1;
-  sections[0].VirtualAddress   = 0x1000;
-  sections[0].SizeOfRawData    = 0x200; // FileAlignment.
-  sections[0].PointerToRawData = 0x200;
-  sections[0].Characteristics  = IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ;
-  file.write(reinterpret_cast<char const*>(&sections), sizeof(sections));
-
-  // Fill with padding until we reach the .text section raw data.
-  while (file.tellp() < 0x200)
-    file.put(0);
-
-  // A single INT3 instruction in the .text section :)
-  file.put(0xCC);
-
-  // Align.
-  while (file.tellp() < 0x400)
-    file.put(0);
-
-  return true;
+  return pe_builder(*this).create(path);
 }
 
 // Get the entrypoint of this binary, if it exists.

Diff for: chum/source/pe-builder.cpp

@@ -0,0 +1,198 @@
+#include "pe-builder.h"
+#include "binary.h"
+
+#include <fstream>
+
+namespace chum {
+
+// Try to create a PE image at the specified path.
+bool pe_builder::create(char const* const path) const {
+  auto const contents = create();
+  if (contents.empty())
+    return false;
+
+  std::ofstream file(path, std::ios::binary);
+  if (!file)
+    return false;
+
+  file.write(reinterpret_cast<char const*>(contents.data()), contents.size());
+
+  return true;
+}
+
+// Create and return the raw contents of a PE image. An empty vector is
+// returned on failure.
+std::vector<std::uint8_t> pe_builder::create() const {
+  // This is the initial file size of the image, before we start adding the
+  // raw section data. This value is aligned to the file alignment.
+  std::size_t headers_size = 0;
+
+  headers_size += sizeof(IMAGE_DOS_HEADER);
+  headers_size += sizeof(IMAGE_NT_HEADERS);
+
+  // Each data block has its own section, while code blocks are all stored
+  // in a single section.
+  headers_size += sizeof(IMAGE_SECTION_HEADER) * (bin_.data_blocks().size() + 1);
+
+  // Align to the file alignment.
+  headers_size = align_integer(headers_size, file_alignment);
+
+  // Allocate a vector with enough space for the MS-DOS header, the PE header,
+  // and the section headers.
+  std::vector<std::uint8_t> contents(headers_size, 0);
+
+  auto const& data_blocks = bin_.data_blocks();
+
+  // Calculate the virtual section alignment.
+  std::uint32_t section_alignment = 1;
+  for (auto const& db : data_blocks)
+    section_alignment = max(section_alignment, db->alignment);
+
+  std::uint32_t current_virtual_address = static_cast<std::uint32_t>(
+    align_integer(contents.size(), section_alignment));
+
+  // Write the raw data of every data block to the vector, as well as
+  // their section header info.
+  for (std::uint32_t i = 0; i < data_blocks.size(); ++i) {
+    auto const& db = data_blocks[i];
+
+    // This pointer has to be computed every time we modify the vector
+    // since the underlying buffer could have been re-allocated.
+    auto const section = section_header(contents, i);
+
+    // Fill out the section header for this data block.
+    std::memset(section, 0, sizeof(*section));
+    std::memcpy(section->Name, ".data\0\0\0", 8);
+    section->Misc.VirtualSize = static_cast<std::uint32_t>(db->bytes.size());
+    section->VirtualAddress   = current_virtual_address;
+    section->SizeOfRawData    = static_cast<std::uint32_t>(
+      align_integer(db->bytes.size(), file_alignment));
+    section->PointerToRawData = static_cast<std::uint32_t>(contents.size());
+    section->Characteristics  = IMAGE_SCN_MEM_READ | IMAGE_SCN_CNT_INITIALIZED_DATA;
+
+    if (!db->read_only)
+      section->Characteristics |= IMAGE_SCN_MEM_WRITE;
+
+    // Append the raw data of the data block to the vector.
+    contents.insert(end(contents), begin(db->bytes), end(db->bytes));
+
+    // Append padding to align the vector to the file alignment value.
+    if (contents.size() % file_alignment != 0)
+      append_padding(contents, file_alignment - (contents.size() % file_alignment));
+
+    // Increment the current virtual address.
+    current_virtual_address = static_cast<std::uint32_t>(
+      align_integer(current_virtual_address + db->bytes.size(), section_alignment));
+  }
+
+  // The current offset in the code section.
+  std::uint32_t instr_offset = 0;
+
+  std::vector<std::uint32_t> sym_to_rva(bin_.symbols().size(), 0);
+
+  for (auto const bb : bin_.basic_blocks()) {
+    sym_to_rva[bb->sym_id.value] = current_virtual_address + instr_offset;
+
+    for (auto const& instr : bb->instructions) {
+      contents.insert(end(contents),
+        std::begin(instr.bytes), std::begin(instr.bytes) + instr.length);
+      instr_offset += instr.length;
+    }
+
+    contents.push_back(0xCC);
+    contents.push_back(0xCC);
+    contents.push_back(0xCC);
+    instr_offset += 3;
+  }
+
+  // The code section is the last section (after the data blocks).
+  auto const code_section = section_header(contents, data_blocks.size());
+
+  std::memset(code_section, 0, sizeof(*code_section));
+  std::memcpy(code_section->Name, ".text\0\0\0", 8);
+  code_section->Misc.VirtualSize = instr_offset;
+  code_section->VirtualAddress   = current_virtual_address;
+  code_section->SizeOfRawData    = static_cast<std::uint32_t>(
+    align_integer(instr_offset, file_alignment));
+  code_section->PointerToRawData = static_cast<std::uint32_t>(contents.size() - instr_offset);
+  code_section->Characteristics  = IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_CNT_CODE;
+
+  // Append padding to align the vector to the file alignment value.
+  if (contents.size() % file_alignment != 0)
+    append_padding(contents, file_alignment - (contents.size() % file_alignment));
+
+  // Align the current virtual address (which is effectively the virtual image size).
+  current_virtual_address = static_cast<std::uint32_t>(
+    align_integer(current_virtual_address + instr_offset, section_alignment));
+
+  // Write a very minimal MS-DOS header (without the DOS stub).
+  auto const dos_header = reinterpret_cast<PIMAGE_DOS_HEADER>(contents.data());
+  std::memset(dos_header, 0, sizeof(*dos_header));
+  dos_header->e_magic  = IMAGE_DOS_SIGNATURE;
+  dos_header->e_lfanew = sizeof(*dos_header);
+
+  auto const nt_header = reinterpret_cast<PIMAGE_NT_HEADERS>(&contents[sizeof(IMAGE_DOS_HEADER)]);
+  write_nt_header(nt_header);
+
+  nt_header->OptionalHeader.AddressOfEntryPoint = sym_to_rva[bin_.entrypoint()->sym_id.value];
+  nt_header->OptionalHeader.SectionAlignment    = section_alignment;
+  nt_header->OptionalHeader.SizeOfImage         = static_cast<std::uint32_t>(current_virtual_address);
+  nt_header->OptionalHeader.SizeOfHeaders       = static_cast<std::uint32_t>(headers_size);
+
+  return contents;
+}
+
+// Fill out most of the stuff in the NT header.
+void pe_builder::write_nt_header(PIMAGE_NT_HEADERS const nt_header) const {
+  std::memset(nt_header, 0, sizeof(*nt_header));
+  nt_header->Signature                                  = IMAGE_NT_SIGNATURE;
+  nt_header->FileHeader.Machine                         = IMAGE_FILE_MACHINE_AMD64;
+  nt_header->FileHeader.NumberOfSections                =
+    static_cast<std::uint16_t>(bin_.data_blocks().size() + 1);
+  nt_header->FileHeader.SizeOfOptionalHeader            = sizeof(nt_header->OptionalHeader);
+  nt_header->FileHeader.Characteristics                 = IMAGE_FILE_EXECUTABLE_IMAGE;
+  nt_header->OptionalHeader.Magic                       = IMAGE_NT_OPTIONAL_HDR64_MAGIC;
+  nt_header->OptionalHeader.ImageBase                   = image_base;
+  nt_header->OptionalHeader.FileAlignment               = file_alignment;
+  nt_header->OptionalHeader.MajorOperatingSystemVersion = 6;
+  nt_header->OptionalHeader.MinorOperatingSystemVersion = 0;
+  nt_header->OptionalHeader.MajorSubsystemVersion       = 6;
+  nt_header->OptionalHeader.MinorSubsystemVersion       = 0;
+  nt_header->OptionalHeader.Subsystem                   = IMAGE_SUBSYSTEM_WINDOWS_CUI;
+  nt_header->OptionalHeader.DllCharacteristics          = IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
+    | IMAGE_DLLCHARACTERISTICS_NX_COMPAT | IMAGE_DLLCHARACTERISTICS_NO_SEH;
+  nt_header->OptionalHeader.SizeOfStackReserve          = 0x10000;
+  nt_header->OptionalHeader.SizeOfStackCommit           = 0x1000;
+  nt_header->OptionalHeader.SizeOfHeapReserve           = 0x10000;
+  nt_header->OptionalHeader.SizeOfHeapCommit            = 0x1000;
+  nt_header->OptionalHeader.NumberOfRvaAndSizes         = 16;
+}
+
+// Get a pointer to a section header in the vector of bytes.
+PIMAGE_SECTION_HEADER pe_builder::section_header(
+    std::vector<std::uint8_t>& vec, std::size_t const idx) {
+  auto const sections = reinterpret_cast<PIMAGE_SECTION_HEADER>(
+    &vec[sizeof(IMAGE_DOS_HEADER) + sizeof(IMAGE_NT_HEADERS)]);
+  return &sections[idx];
+}
+
+// Append padding to the vector of bytes.
+void pe_builder::append_padding(std::vector<std::uint8_t>& vec,
+    std::size_t const count, std::uint8_t const value) {
+  vec.insert(end(vec), count, value);
+}
+
+// Align an integer up to the specified alignment.
+std::uint64_t pe_builder::align_integer(
+    std::uint64_t const value, std::uint64_t const alignment) {
+  auto const r = value % alignment;
+
+  // Already aligned.
+  if (r == 0)
+    return value;
+  
+  return value + (alignment - r);
+}
+
+} // namespace chum
+

Diff for: chum/source/pe-builder.h

@@ -0,0 +1,47 @@
+#pragma once
+
+#include <vector>
+
+#include <Windows.h>
+
+namespace chum {
+
+class binary;
+
+class pe_builder {
+public:
+  pe_builder(binary const& bin)
+    : bin_(bin) {}
+
+  // Try to create a PE image at the specified path.
+  bool create(char const* path) const;
+
+  // Create and return the raw contents of a PE image. An empty vector is
+  // returned on failure.
+  std::vector<std::uint8_t> create() const;
+
+private:
+  // Fill out most of the stuff in the NT header.
+  void write_nt_header(PIMAGE_NT_HEADERS nt_header) const;
+
+  // Get a pointer to a section header in the vector of bytes.
+  static PIMAGE_SECTION_HEADER section_header(
+    std::vector<std::uint8_t>& vec, std::size_t idx);
+
+  // Append padding to the vector of bytes.
+  static void append_padding(std::vector<std::uint8_t>& vec,
+    std::size_t count, std::uint8_t value = 0);
+
+  // Align an integer up to the specified alignment.
+  static std::uint64_t align_integer(std::uint64_t value, std::uint64_t alignment);
+
+private:
+  binary const& bin_;
+
+  // TODO: Pass options like this to the PE builder.
+  static constexpr std::uint32_t file_alignment = 0x200;
+  static constexpr std::uint64_t image_base = 0x140000000;
+};
+
+} // namespace chum
+