about summary refs log tree commit diff stats
path: root/miasm2/jitter/loader/pe.py
diff options
context:
space:
mode:
Diffstat (limited to 'miasm2/jitter/loader/pe.py')
-rw-r--r--miasm2/jitter/loader/pe.py43
1 files changed, 27 insertions, 16 deletions
diff --git a/miasm2/jitter/loader/pe.py b/miasm2/jitter/loader/pe.py
index 5c523c6c..65bf284b 100644
--- a/miasm2/jitter/loader/pe.py
+++ b/miasm2/jitter/loader/pe.py
@@ -66,20 +66,31 @@ def preload_pe(vm, e, runtime_lib, patch_vm_imp=True):
     return dyn_funcs
 
 
-def is_redirected_export(e, ad):
-    # test is ad points to code or dll name
-    out = ''
-    for i in xrange(0x200):
-        c = e.virt.get(ad + i)
-        if c == "\x00":
-            break
-        out += c
-        if not (c.isalnum() or c in "_.-+*$@&#()[]={}"):
-            return False
-    if not "." in out:
+def is_redirected_export(pe_obj, addr):
+    """Test if the @addr is a forwarded export address. If so, return
+    dllname/function name couple. If not, return False.
+
+    An export address is a forwarded export if the rva is in the export
+    directory of the pe.
+
+    @pe_obj: PE instance
+    @addr: virtual address of the function to test
+    """
+
+    export_dir = pe_obj.NThdr.optentries[pe.DIRECTORY_ENTRY_EXPORT]
+    addr_rva = pe_obj.virt2rva(addr)
+    if not (export_dir.rva <= addr_rva < export_dir.rva + export_dir.size):
         return False
-    i = out.find('.')
-    return out[:i], out[i + 1:]
+    addr_end = pe_obj.virt.find('\x00', addr)
+    data = pe_obj.virt.get(addr, addr_end)
+
+    dllname, func_info = data.split('.', 1)
+    dllname = dllname.lower()
+
+    # Test if function is forwarded using ordinal
+    if func_info.startswith('#'):
+        func_info = int(func_info[1:])
+    return dllname, func_info
 
 
 def get_export_name_addr_list(e):
@@ -223,7 +234,7 @@ def vm_load_pe_lib(vm, fname_in, libs, lib_path_base, **kargs):
     log.info('Loading module %r', fname_in)
 
     fname = os.path.join(lib_path_base, fname_in)
-    with open(fname) as fstream:
+    with open(fname, "rb") as fstream:
         pe = vm_load_pe(vm, fstream.read(), name=fname_in, **kargs)
     libs.add_export_lib(pe, fname_in)
     return pe
@@ -324,7 +335,7 @@ def vm2pe(myjit, fname, libs=None, e_orig=None,
             mye.DirRes.set_rva(s_res.addr)
             log.debug('%r', mye.DirRes)
     # generation
-    open(fname, 'w').write(str(mye))
+    open(fname, 'wb').write(str(mye))
     return mye
 
 
@@ -490,7 +501,7 @@ def vm_load_pe_and_dependencies(vm, fname, name2module, runtime_lib,
             pe_obj = name2module[name]
         else:
             try:
-                with open(fname) as fstream:
+                with open(fname, "rb") as fstream:
                     log.info('Loading module name %r', fname)
                     pe_obj = vm_load_pe(
                         vm, fstream.read(), name=fname, **kwargs)