1 : // Copyright 2013 Google Inc. All Rights Reserved.
2 : //
3 : // Licensed under the Apache License, Version 2.0 (the "License");
4 : // you may not use this file except in compliance with the License.
5 : // You may obtain a copy of the License at
6 : //
7 : // http://www.apache.org/licenses/LICENSE-2.0
8 : //
9 : // Unless required by applicable law or agreed to in writing, software
10 : // distributed under the License is distributed on an "AS IS" BASIS,
11 : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : // See the License for the specific language governing permissions and
13 : // limitations under the License.
14 :
15 : #include "syzygy/pe/image_filter.h"
16 :
17 : #include <errno.h>
18 :
19 : #include "base/files/file_util.h"
20 : #include "base/json/json_reader.h"
21 : #include "base/strings/stringprintf.h"
22 :
23 : namespace pe {
24 :
25 : namespace {
26 :
27 : using base::DictionaryValue;
28 : using base::ListValue;
29 : using base::Value;
30 :
31 : // Keys used by the JSON serialization.
32 : const char kBaseAddress[] = "base_address";
33 : const char kChecksum[] = "checksum";
34 : const char kFilter[] = "filter";
35 : const char kPath[] = "path";
36 : const char kSignature[] = "signature";
37 : const char kSize[] = "size";
38 : const char kTimeDateStamp[] = "time_date_stamp";
39 :
40 : // Outputs |value| as a hex-coded string. Returns true on succes, false on
41 : // failure.
42 E : bool OutputHexUint32(uint32 value, core::JSONFileWriter* json) {
43 E : DCHECK(json != NULL);
44 :
45 E : std::string s;
46 E : if (json->pretty_print()) {
47 E : s = base::StringPrintf("0x%08X", value);
48 E : } else {
49 E : s = base::StringPrintf("%X", value);
50 : }
51 :
52 E : if (!json->OutputString(s))
53 i : return false;
54 :
55 E : return true;
56 E : }
57 :
58 : // Parses a hex-coded value from |string|, placing it in |value|. Returns true
59 : // on success, false if anything went wront. Logs an error message on failure.
60 E : bool ParseHexUint32(const std::string& string, uint32* value) {
61 E : DCHECK(value != NULL);
62 :
63 E : char* end_ptr = NULL;
64 E : errno = 0;
65 E : *value = ::strtoul(string.c_str(), &end_ptr, 16);
66 E : if (errno != 0 || end_ptr != string.c_str() + string.size()) {
67 i : LOG(ERROR) << "String does not contain a 32-bit hex value: " << string;
68 i : return false;
69 : }
70 :
71 E : return true;
72 E : }
73 :
74 : // Gets a uint32 value from the |dict| entry under |key|. Expects the value to
75 : // be stored as a hex-encoded string, which will be decoded. Returns true on
76 : // success, false otherwise. Logs an error message on failure.
77 : bool GetHexUint32(const DictionaryValue& dict,
78 : const char* key,
79 E : uint32* value) {
80 E : DCHECK(key != NULL);
81 E : DCHECK(value != NULL);
82 :
83 E : std::string s;
84 : if (!dict.GetString(key, &s) ||
85 E : !ParseHexUint32(s, value)) {
86 i : LOG(ERROR) << "Dictionary does not contain a valid hex-formatted "
87 : << "string under key \"" << key << "\".";
88 i : return false;
89 : }
90 :
91 E : return true;
92 E : }
93 :
94 : // Gets an integer value from the |dict| entry under |key|. Expects the value
95 : // to be stored as an integer. Returns true on success, false otherwise. Logs
96 : // and error message on failure.
97 E : bool GetInteger(const DictionaryValue& dict, const char* key, int* value) {
98 E : DCHECK(key != NULL);
99 E : DCHECK(value != NULL);
100 E : if (!dict.GetInteger(key, value)) {
101 i : LOG(ERROR) << "Dictionary does not contain integer under key \""
102 : << key << "\".";
103 i : return false;
104 : }
105 E : return true;
106 E : }
107 :
108 : // Loads a module signature from the given |dict|, populating the signature
109 : // member of |filter|. Returns true on success, false otherwise. Logs an error
110 : // message on failure.
111 E : bool LoadSignatureFromJSON(const DictionaryValue& dict, ImageFilter* filter) {
112 E : DCHECK(filter != NULL);
113 :
114 E : uint32 base_address = 0;
115 E : int size = 0;
116 E : PEFile::Signature& s = filter->signature;
117 : if (!GetHexUint32(dict, kBaseAddress, &base_address) ||
118 : !GetHexUint32(dict, kChecksum, &s.module_checksum) ||
119 : !GetInteger(dict, kSize, &size) ||
120 : size <= 0 ||
121 : !GetHexUint32(dict, kTimeDateStamp, &s.module_time_date_stamp) ||
122 E : !dict.GetString(kPath, &s.path)) {
123 i : LOG(ERROR) << "Invalid signature dictionary.";
124 i : return false;
125 : }
126 E : s.base_address.set_value(base_address);
127 E : s.module_size = size;
128 :
129 E : return true;
130 E : }
131 :
132 : // Loads a relative address range from the given list. The list is expected to
133 : // be of length 2, with the first entry being a string containing a hex-encoded
134 : // RVA, and the second being an integer length. Adds the range to the address
135 : // filter in |filter|. Returns true on success, false otherwise. Logs an error
136 : // message on failure.
137 E : bool LoadRangeFromJSON(const ListValue& range, ImageFilter* filter) {
138 E : DCHECK(filter != NULL);
139 :
140 E : if (range.GetSize() != 2)
141 i : return false;
142 :
143 E : ListValue::const_iterator it = range.begin();
144 E : Value* address_value = *(it++);
145 E : Value* length_value = *it;
146 E : DCHECK(address_value != NULL);
147 E : DCHECK(length_value != NULL);
148 :
149 E : std::string address_string;
150 E : uint32 address = 0;
151 : if (!address_value->GetAsString(&address_string) ||
152 E : !ParseHexUint32(address_string, &address)) {
153 i : return false;
154 : }
155 :
156 E : int length = 0;
157 E : if (!length_value->GetAsInteger(&length) || length <= 0)
158 i : return false;
159 :
160 : // Mark the range we just parsed.
161 : filter->filter.Mark(ImageFilter::Range(
162 E : ImageFilter::RelativeAddress(address), length));
163 :
164 E : return true;
165 E : }
166 :
167 : // Loads a relative address filter from the given |list|, populating the
168 : // address filter in |filter|. Expects that the signature member of |filter|
169 : // has already been appropriately initialized. Returns true on success, false
170 : // otherwise. Logs an error message on failure.
171 E : bool LoadFilterFromJSON(const ListValue& list, ImageFilter* filter) {
172 E : DCHECK(filter != NULL);
173 :
174 : // Initialize the filter. This assumes that the signature has already been
175 : // loaded.
176 : filter->filter = ImageFilter::RelativeAddressFilter(
177 : ImageFilter::Range(ImageFilter::RelativeAddress(0),
178 E : filter->signature.module_size));
179 :
180 E : ListValue::const_iterator it = list.begin();
181 E : for (; it != list.end(); ++it) {
182 E : Value* value = *it;
183 E : DCHECK(value != NULL);
184 :
185 : // LoadRangeFromJSON takes care of logging on failure, and adding the range
186 : // to the filter on success.
187 E : ListValue* range = NULL;
188 : if (!value->GetAsList(&range) ||
189 E : !LoadRangeFromJSON(*range, filter)) {
190 i : LOG(ERROR) << "Encountered invalid range in filter list.";
191 i : return false;
192 : }
193 E : }
194 :
195 E : return true;
196 E : }
197 :
198 : } // namespace
199 :
200 E : void ImageFilter::Init(const PEFile::Signature& pe_signature) {
201 E : signature = pe_signature;
202 : filter = RelativeAddressFilter(
203 E : Range(RelativeAddress(0), signature.module_size));
204 E : }
205 :
206 E : void ImageFilter::Init(const PEFile& pe_file) {
207 E : pe_file.GetSignature(&signature);
208 : filter = RelativeAddressFilter(
209 E : Range(RelativeAddress(0), signature.module_size));
210 E : }
211 :
212 E : bool ImageFilter::Init(const base::FilePath& path) {
213 E : PEFile pe_file;
214 E : if (!pe_file.Init(path))
215 E : return false;
216 E : Init(pe_file);
217 E : return true;
218 E : }
219 :
220 E : bool ImageFilter::IsForModule(const PEFile::Signature& pe_signature) const {
221 E : if (!pe_signature.IsConsistent(signature))
222 E : return false;
223 E : return true;
224 E : }
225 :
226 E : bool ImageFilter::IsForModule(const PEFile& pe_file) const {
227 E : PEFile::Signature pe_signature;
228 E : pe_file.GetSignature(&pe_signature);
229 E : if (!IsForModule(pe_signature))
230 E : return false;
231 E : return true;
232 E : }
233 :
234 E : bool ImageFilter::IsForModule(const base::FilePath& path) const {
235 E : PEFile pe_file;
236 E : if (!pe_file.Init(path))
237 E : return false;
238 E : if (!IsForModule(pe_file))
239 E : return false;
240 E : return true;
241 E : }
242 :
243 E : bool ImageFilter::SaveToJSON(core::JSONFileWriter* json) const {
244 E : DCHECK(json != NULL);
245 :
246 E : core::JSONFileWriter& j = *json;
247 :
248 : if (!j.OutputComment("This is a serialized ImageFilter.") ||
249 E : !j.OpenDict()) {
250 i : return false;
251 : }
252 :
253 : // Write the module signature.
254 : if (!j.OutputComment("This is the signature of the module to which this") ||
255 : !j.OutputComment("filter applies.") ||
256 : !j.OutputKey(kSignature) ||
257 : !j.OpenDict() ||
258 : !j.OutputKey(kPath) ||
259 : !j.OutputString(signature.path) ||
260 : !j.OutputKey(kBaseAddress) ||
261 : !OutputHexUint32(signature.base_address.value(), json) ||
262 : !j.OutputKey(kChecksum) ||
263 : !OutputHexUint32(signature.module_checksum, json) ||
264 : !j.OutputKey(kSize) ||
265 : !j.OutputInteger(signature.module_size) ||
266 : !j.OutputKey(kTimeDateStamp) ||
267 : !OutputHexUint32(signature.module_time_date_stamp, json) ||
268 E : !j.CloseDict()) {
269 i : return false;
270 : }
271 :
272 : if (!j.OutputComment("This is the filtered address space, consisting of") ||
273 : !j.OutputComment("a list of [rva, length] tuples.") ||
274 : !j.OutputKey(kFilter) ||
275 E : !j.OpenList()) {
276 i : return false;
277 : }
278 :
279 : // Write the ranges in the filter.
280 : RelativeAddressFilter::RangeSet::const_iterator it =
281 E : filter.marked_ranges().begin();
282 E : for (; it != filter.marked_ranges().end(); ++it) {
283 : if (!j.OpenList() ||
284 : !OutputHexUint32(it->start().value(), json) ||
285 : !j.OutputInteger(it->size()) ||
286 E : !j.CloseList()) {
287 i : return false;
288 : }
289 E : }
290 :
291 E : if (!j.CloseList() || !j.CloseDict())
292 i : return false;
293 :
294 E : return true;
295 E : }
296 :
297 E : bool ImageFilter::SaveToJSON(bool pretty_print, FILE* file) const {
298 E : DCHECK(file != NULL);
299 :
300 E : core::JSONFileWriter json_writer(file, pretty_print);
301 E : if (!SaveToJSON(&json_writer))
302 i : return false;
303 :
304 E : return true;
305 E : }
306 :
307 : bool ImageFilter::SaveToJSON(bool pretty_print,
308 E : const base::FilePath& path) const {
309 E : base::ScopedFILE file(base::OpenFile(path, "wb"));
310 E : if (file.get() == NULL) {
311 i : LOG(ERROR) << "Unable to open file for writing: " << path.value();
312 i : return false;
313 : }
314 :
315 E : if (!SaveToJSON(pretty_print, file.get()))
316 i : return false;
317 :
318 E : return true;
319 E : }
320 :
321 E : bool ImageFilter::LoadFromJSON(const DictionaryValue& dict) {
322 : // Get the signature dictionary.
323 : const DictionaryValue* signature_dict;
324 E : if (!dict.GetDictionary(kSignature, &signature_dict)) {
325 i : LOG(ERROR) << "Dictionary does not contain a dictionary under key \""
326 : << kSignature << "\".";
327 i : return false;
328 : }
329 E : if (!LoadSignatureFromJSON(*signature_dict, this))
330 i : return false;
331 :
332 : // Get the filter list and parse it.
333 : const ListValue* filter;
334 E : if (!dict.GetList(kFilter, &filter)) {
335 i : LOG(ERROR) << "Dictionary does not contain a list under key \""
336 : << kFilter << "\".";
337 i : return false;
338 : }
339 E : if (!LoadFilterFromJSON(*filter, this))
340 i : return false;
341 :
342 E : return true;
343 E : }
344 :
345 E : bool ImageFilter::LoadFromJSON(FILE* file) {
346 E : DCHECK(file != NULL);
347 :
348 : // Read the file into one big array.
349 E : char buffer[4096] = {};
350 E : std::vector<char> json;
351 E : while (!::feof(file)) {
352 E : size_t bytes = ::fread(buffer, sizeof(buffer[0]), arraysize(buffer), file);
353 E : if (::ferror(file)) {
354 i : LOG(ERROR) << "Error reading from file.";
355 i : return false;
356 : }
357 E : DCHECK_LT(0u, bytes);
358 E : size_t offset = json.size();
359 E : json.resize(offset + bytes);
360 E : ::memcpy(json.data() + offset, buffer, bytes);
361 E : }
362 :
363 E : if (json.empty()) {
364 i : LOG(ERROR) << "File is empty.";
365 i : return false;
366 : }
367 :
368 E : base::JSONReader json_reader;
369 : scoped_ptr<base::Value> value(
370 E : json_reader.Read(base::StringPiece(json.data(), json.size())));
371 E : if (value.get() == NULL) {
372 i : LOG(ERROR) << "Failed to parse JSON from file.";
373 i : return false;
374 : }
375 :
376 : base::DictionaryValue* dict;
377 E : if (!value->GetAsDictionary(&dict) || dict == NULL) {
378 i : LOG(ERROR) << "JSON does not contain dictionary at top level.";
379 i : return false;
380 : }
381 :
382 E : if (!LoadFromJSON(*dict))
383 i : return false;
384 :
385 E : return true;
386 E : }
387 :
388 E : bool ImageFilter::LoadFromJSON(const base::FilePath& path) {
389 E : base::ScopedFILE file(base::OpenFile(path, "rb"));
390 E : if (file.get() == NULL) {
391 E : LOG(ERROR) << "Unable to open file for reading: " << path.value();
392 E : return false;
393 : }
394 :
395 E : if (!LoadFromJSON(file.get()))
396 i : return false;
397 :
398 E : return true;
399 E : }
400 :
401 : } // namespace pe
|