flat assembler
Message board for the users of flat assembler.

Index > Windows > Is it possible to rewrite parts of PE with recalculate reloc

Author
Thread Post new topic Reply to topic
ProMiNick



Joined: 24 Mar 2012
Posts: 802
Location: Russian Federation, Sochi
ProMiNick 26 Nov 2019, 15:02
initial restrictions:
we have some valid PE with reloc section
we have some binary block where relocated positions are labeled reloc@1, reloc@2, and so on.
after relocs recalculation they will be still fit within reloc section raw size extended to file alignment so no section will be moved.

How to obtain static relocs from PE with macros (fasmg| or better fasm) in some flexible structure such way that we could cut off reloc items related with replaced part of PE and inject there relocs items reloc@1, reloc@2, and so on.
and after all rebuilt PE with format binary as 'DLL' with replaced piece and recalculated relocs for that piece.
Thanks if it possible.

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.
Post 26 Nov 2019, 15:02
View user's profile Send private message Send e-mail Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8356
Location: Kraków, Poland
Tomasz Grysztar 26 Nov 2019, 15:40
You would have to parse the PE headers (I once did something like that for fasm 1, but for a very different purpose), find the fixups, parse them and replace the ones that you need to change.
Post 26 Nov 2019, 15:40
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 802
Location: Russian Federation, Sochi
ProMiNick 26 Nov 2019, 16:45
Code:
macro extract_relocs pe_file
{
  ; get PE header offset
  virtual at 0
   file pe_file:32,4
   load __header_offset dword from 0
  end virtual
  ; load PE header
  virtual at 0
   file pe_file:__header_offset+4,20
   load __number_of_sections word from 2
   load __size_of_optional_header word from 16
   load __characteristics word from 18
  end virtual
  ; load optional header
  virtual at 0
   file pe_file:__header_offset+24,__size_of_optional_header
   load __magic word from 0
   if __magic = 0x10B
    load __reloc_base dword from 136
    load __reloc_size dword from 136+4
   else
    load __reloc_base qword from 158
    load __reloc_size qword from 158+8
   end if
  end virtual
  ; load sections and scan for the one containing the relocs
  virtual at 0
   file pe_file:__header_offset+24+__size_of_optional_header,__number_of_sections*40
   repeat __number_of_sections
    load __section_size dword from (%-1)*40+8
    load __section_base dword from (%-1)*40+12
    load __section_offset dword from (%-1)*40+20
    if __reloc_base>=__section_base & __reloc_base+__reloc_size<=__section_base+__section_size
      __reloc_offset = __section_offset+(__reloc_base-__section_base)
      break
    end if
   end repeat
  end virtual
  ; load all the resource and scan the tree for required entry
  virtual at 0
   file pe_file:__reloc_offset,__reloc_size      

until that place all is clear but I dont completely understand relocs internal structure
Post 26 Nov 2019, 16:45
View user's profile Send private message Send e-mail Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8356
Location: Kraków, Poland
Tomasz Grysztar 26 Nov 2019, 16:56
ProMiNick wrote:
until that place all is clear but I dont completely understand relocs internal structure
You can find some description in section 1.2 of my PE tutorial. There's a listing near the end of that section that shows an example block of relocations. Relocations that are in the same 4096-byte page are grouped together into a single block (the first dword of the block is the base address of the page). Each relocation is 16-bit, with 12 bits for the offset within the page and the remaining bits for the relocation type.
Post 26 Nov 2019, 16:56
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 802
Location: Russian Federation, Sochi
ProMiNick 27 Nov 2019, 08:24
Code:
macro extract_relocs pe_file {
; get PE header offset
        virtual at 0
                file pe_file:$3C,4
                load __header_offset dword from 0
        end virtual
; load PE header
        virtual at 0
                file pe_file:__header_offset+4,20
                load __number_of_sections word from 2
                load __size_of_optional_header word from 16
                load __characteristics word from 18
        end virtual
; load optional header
        virtual at 0
                file pe_file:__header_offset+24,__size_of_optional_header
                load __magic word from 0
                if __magic = 0x10B
                        PEsizeof.PTR = 4
                        load __image_base dword from 28
                        load __reloc_base dword from __size_of_optional_header-PEsizeof.PTR*2*(16-5);136
                        load __reloc_size dword from __size_of_optional_header-PEsizeof.PTR*2*(16-5)+PEsizeof.PTR;136+4
                else
                        PEsizeof.PTR = 8
                        load __image_base qword from 28
                        load __reloc_base qword from __size_of_optional_header-PEsizeof.PTR*2*(16-5);158
                        load __reloc_size qword from __size_of_optional_header-PEsizeof.PTR*2*(16-5)+PEsizeof.PTR;158+8
                end if
        end virtual
; load sections and scan for the one containing the relocs
        virtual at 0
                file pe_file:__header_offset+24+__size_of_optional_header,__number_of_sections*40
                repeat __number_of_sections
                        load __section_size dword from (%-1)*40+8
                        load __section_base dword from (%-1)*40+12
                        load __section_offset dword from (%-1)*40+20
                        if __reloc_base>=__section_base & __reloc_base+__reloc_size<=__section_base+__section_size
                                __reloc_offset = __section_offset+(__reloc_base-__section_base)
                                break
                        end if
                end repeat
        end virtual
; load all the relocs and scan the tree for required entry
        virtual at 0
                __relocs::
                ; I found how to workaround throw relocs
                __reloc_block_offset = 0
                file pe_file:__reloc_offset,__reloc_size
                while __reloc_block_offset < __reloc_size
                        load __reloc_block_base dword from __reloc_block_offset
                        load __reloc_block_size dword from __reloc_block_offset+4
                        __reloc_index = 0
                        while 8+__reloc_index*2<__reloc_block_size
                                load __reloc word from __reloc_block_offset+8+__reloc_index*2
                                if __reloc
                                        __reloc = __reloc_block_base + (__reloc and $FFF)
                                        ;relocarray equ relocarray,__reloc
                                end if
                                __reloc_index = __reloc_index + 1
                        end while
                        __reloc_block_offset = __reloc_block_offset + __reloc_block_size
                end while
        end virtual }

macro patchrelocs start,end,[relocs] {
; It is not clear how to patch relocs
; And how to make cumulative patch
}



extract_relocs 'ANY.DLL' ; any valid dll no matter

patchrelocs __image_base+$1000,__image_base+$1070,\ ; if I work with "__relocs::" I will lose patches of previos patchrelocs
                __image_base+$1013,\
                __image_base+$1020,\
                __image_base+$1027,\
                __image_base+$1040

patchrelocs __image_base+$1210,__image_base+$1240,\
                __image_base+$1217,\
                __image_base+$1230    


[edited] In my case there is no needance in virtual - I making patch - so everithing is always accessible and all changes are cumulative.
Post 27 Nov 2019, 08:24
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.