make smoldd work with -fuse-dnload-loader executables (oops)

This commit is contained in:
PoroCYon 2020-08-24 02:31:07 +02:00
parent 60d51bbc3b
commit 6af8463ef1
2 changed files with 25 additions and 8 deletions

View File

@ -1,5 +1,7 @@
import sys
import traceback
archmagic = {
'i386': 3, 3: 'i386' ,
@ -7,21 +9,27 @@ archmagic = {
'x86_64': 62, 62: 'x86_64',
}
def hash_bsd2(s):
h = 0
for c in s:
h = ((h >> 2) + ((h & 3) << 14) + ord(c)) & 0xFFFF
return h
def hash_djb2(s):
h = 5381
for c in s:
h = (h * 33 + ord(c)) & 0xFFFFFFFF
return h
def eprintf(*args, **kwargs): print(*args, file=sys.stderr, **kwargs)
def eprintf(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
def error(*args, **kwargs):
traceback.print_stack()
eprintf(*args, **kwargs)
sys.exit(1)

View File

@ -83,6 +83,7 @@ def get_hashtbl(elf, blob, args):
assert txtoff < len(blob), "wtf??? (can't find a push IMM32 instruction which pushes the hashtable address)"
txtoff = txtoff + 1
eprintf("Hash table offset: 0x%08x?" % txtoff)
htaddr = struct.unpack('<I', blob[txtoff:txtoff+4])[0]
else: # 64-bit
txtoff = addr2off(elf, elf.entry)
@ -90,18 +91,26 @@ def get_hashtbl(elf, blob, args):
# but the first one we'll encounter pushes the entrypoint addr!
while blob[txtoff] != 0x68:
txtoff = txtoff + 1
assert txtoff < len(blob), "wtf??? (can't find a push IMM32 instruction which pushes the entrypoint address)"
txtoff = txtoff + 1
# now we can look for the interesting address
while blob[txtoff] != 0x68:
txtoff = txtoff + 1
assert txtoff < len(blob), "wtf??? (can't find a push IMM32 instruction which pushes the hashtable address)"
assert txtoff < len(blob), "wtf??? (can't find a push IMM32 instruction which pushes the hashtable or entrypoint address)"
txtoff = txtoff + 1
# except, this is actually the value we're looking for when the binary
# had been linked with -fuse-dnload-loader! so let's just check the
# value
htaddr = struct.unpack('<I', blob[txtoff:txtoff+4])
if htaddr == elf.entry:
# now we can look for the interesting address
while blob[txtoff] != 0x68:
txtoff = txtoff + 1
assert txtoff < len(blob), "wtf??? (can't find a push IMM32 instruction which pushes the hashtable address)"
txtoff = txtoff + 1
#eprintf("Hash table offset: 0x%08x?" % txtoff)
htaddr = struct.unpack('<I', blob[txtoff:txtoff+4])[0]
assert htaddr is not None, "wtf? (no hashtable address)"
#print("Hash table address: 0x%08x" % htaddr)
#eprintf("Hash table address: 0x%08x" % htaddr)
htoff = addr2off(elf, htaddr)
tbl = []