ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

winedump: Added detection of Wine fake dlls. 

Also pass the real start of the file to the dump functions, instead of
having the generic code care about the specifics of the individual
file formats.
This commit is contained in:
Alexandre Julliard 2006-04-11 12:30:09 +02:00
parent 9f9ac54a19
commit 1e160c8418
2 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/winedump/dump.c
View File

@ -161,7 +161,7 @@ static void do_dump( enum FileSig sig, void* pmt )
pe_dump(pmt);
}
static enum FileSig check_headers(void** pmt)
static enum FileSig check_headers(void)
{
WORD* pw;
DWORD* pdw;
@ -171,13 +171,12 @@ static enum FileSig check_headers(void** pmt)
pw = PRD(0, sizeof(WORD));
if (!pw) {printf("Can't get main signature, aborting\n"); return 0;}
*pmt = NULL;
switch (*pw)
{
case IMAGE_DOS_SIGNATURE:
sig = SIG_DOS;
dh = PRD(0, sizeof(IMAGE_DOS_HEADER));
if (dh && dh->e_lfanew >= sizeof(*dh)) /* reasonable DOS header ? */
if (dh)
{
/* the signature is the first DWORD */
pdw = PRD(dh->e_lfanew, sizeof(DWORD));
@ -185,7 +184,6 @@ static enum FileSig check_headers(void** pmt)
{
if (*pdw == IMAGE_NT_SIGNATURE)
{
*pmt = PRD(dh->e_lfanew, sizeof(DWORD)+sizeof(IMAGE_FILE_HEADER));
sig = SIG_PE;
}
else if (*(WORD *)pdw == IMAGE_OS2_SIGNATURE)
@ -231,7 +229,6 @@ int dump_analysis(const char* name, void (*fn)(enum FileSig, void*), enum FileSi
enum FileSig effective_sig;
int ret = 1;
struct stat s;
void* pmt;
setbuf(stdout, NULL);
@ -249,7 +246,7 @@ int dump_analysis(const char* name, void (*fn)(enum FileSig, void*), enum FileSi
if ((unsigned long)read( fd, dump_base, dump_total_len ) != dump_total_len) fatal( "Cannot read file" );
}
effective_sig = check_headers(&pmt);
effective_sig = check_headers();
if (effective_sig == SIG_UNKNOWN)
{
@ -266,7 +263,7 @@ int dump_analysis(const char* name, void (*fn)(enum FileSig, void*), enum FileSi
case SIG_NE:
case SIG_LE:
printf("Contents of \"%s\": %ld bytes\n\n", name, dump_total_len);
(*fn)(effective_sig, pmt);
(*fn)(effective_sig, dump_base);
break;
case SIG_DBG:
dump_separate_dbg();

22
tools/winedump/pe.c
View File

@ -87,6 +87,22 @@ static void* RVA(unsigned long rva, unsigned long len)
return NULL;
}
static IMAGE_NT_HEADERS32 *get_nt_header( void *pmt )
{
IMAGE_DOS_HEADER *dos = pmt;
return (IMAGE_NT_HEADERS32 *)((BYTE *)dos + dos->e_lfanew);
}
static int is_fake_dll( const void *base )
{
static const char fakedll_signature[] = "Wine placeholder DLL";
const IMAGE_DOS_HEADER *dos = base;
if (dos->e_lfanew >= sizeof(*dos) + sizeof(fakedll_signature) &&
!memcmp( dos + 1, fakedll_signature, sizeof(fakedll_signature) )) return TRUE;
return FALSE;
}
static void *get_dir_and_size(unsigned int idx, unsigned int *size)
{
if(PE_nt_headers->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC)
@ -1063,7 +1079,9 @@ void pe_dump(void* pmt)
{
int all = (globals.dumpsect != NULL) && strcmp(globals.dumpsect, "ALL") == 0;
PE_nt_headers = pmt;
PE_nt_headers = get_nt_header(pmt);
if (is_fake_dll(pmt)) printf( "*** This is a Wine fake DLL ***\n\n" );
if (globals.do_dumpheader)
{
dump_pe_header();
@ -1145,7 +1163,7 @@ static void do_grab_sym( enum FileSig sig, void* pmt )
const char* ptr;
DWORD* map;
PE_nt_headers = pmt;
PE_nt_headers = get_nt_header(pmt);
if (!(exportDir = get_dir(IMAGE_FILE_EXPORT_DIRECTORY))) return;
pName = RVA(exportDir->AddressOfNames, exportDir->NumberOfNames * sizeof(DWORD));