redmcg · November 27, 2023 22:52
diff --git a/.gitignore b/.gitignore
 test_reloc.exe
 test_reloc.o
diff --git a/Makefile b/Makefile
 CC=i686-w64-mingw32-gcc
 LDLIBS=-limagehlp

 test_reloc: test_reloc.o

 clean:
 	@rm -f test_reloc.exe test_reloc.o
diff --git a/test_reloc.c b/test_reloc.c
 #include <windows.h>
 #include <imagehlp.h>
 #include <versionhelpers.h>
 #include <stdio.h>

 static void dump_info(const char *filename, BYTE *ptr) {
    IMAGE_DOS_HEADER *dh = (IMAGE_DOS_HEADER*) ptr;
    IMAGE_NT_HEADERS32 *fh = (IMAGE_NT_HEADERS32*) (ptr + dh->e_lfanew);

    LOADED_IMAGE image;
    if (!MapAndLoad(filename, NULL, &image, TRUE, TRUE)) {
        fprintf(stderr, "Couldn't MapAndLoad (%08x)\n", GetLastError());
        return;
    }

    printf("image mapped address: %08x (%02x%02x%02x%02x)\n", image.MappedAddress, image.MappedAddress[0], image.MappedAddress[1], image.MappedAddress[2], image.MappedAddress[3]);
    printf("fh->FileHeader.Machine: %04x\n", fh->FileHeader.Machine);
    printf("fh->OptionalHeader.ImageBase: %08x -> %08x\n", image.FileHeader->OptionalHeader.ImageBase, fh->OptionalHeader.ImageBase);

    printf("image.SizeOfImage: %d, fh->OptionalHeader.SizeOfImage: %d\n", image.SizeOfImage, fh->OptionalHeader.SizeOfImage);

    
    BYTE *pImage = image.MappedAddress + fh->OptionalHeader.SizeOfHeaders;
    BYTE *pFh;

    if (ptr == (BYTE*)fh->OptionalHeader.ImageBase) {
        pFh = ptr + fh->OptionalHeader.BaseOfCode;
        printf("Executable\n");
    } else {
        pFh = ptr + fh->OptionalHeader.SizeOfHeaders;
        printf("Not executable");
        if (memcmp(pImage, pFh, 4) && !memcmp(pImage, ptr + fh->OptionalHeader.BaseOfCode, 4)) {
            pFh = ptr + fh->OptionalHeader.BaseOfCode;
            printf(", but mapped as one");
        }
        printf("\n");
    }

    int match = memcmp(pImage, pFh, fh->OptionalHeader.SizeOfCode);

    printf("size of code: %d\n", fh->OptionalHeader.SizeOfImage - fh->OptionalHeader.BaseOfCode);
    printf("image: %02x%02x%02x%02x, fh: %02x%02x%02x%02x\n", pImage[0], pImage[1], pImage[2], pImage[3], pFh[0], pFh[1], pFh[2], pFh[3]);
    printf("memcmp: %d\n", match);
    if (match) {
        printf("Reloc performed\n");
    } else {
        printf("No reloc performed\n");
    }

    UnMapAndLoad(&image);
 }

 static void map_file(const char *filename, DWORD flProtect) {
    printf("Attempting mapping of %s with %08x\n", filename, flProtect);
    const HANDLE hFile = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
    if (!hFile) {
        fprintf(stderr, "Couldn't open %s\n", filename);
        return;
    }

    const HANDLE hFileMappingObject = CreateFileMapping(hFile, NULL, flProtect, 0, 0, NULL);
    if (!hFileMappingObject) {
        fprintf(stderr, "Couldn't map %s\n", filename);
        goto close_hFile;
    }
    BYTE * const ptr = (BYTE*) MapViewOfFile(hFileMappingObject, FILE_MAP_READ, 0, 0, 0);
    if (!ptr) {
        fprintf(stderr, "Couldn't map the view\n");
        goto close_hMapping;
    }
    printf("Mapped %s to %08lx\n", filename, ptr);

    dump_info(filename, ptr);

 close_view:
    UnmapViewOfFile(ptr);
 close_hMapping:
    CloseHandle(hFileMappingObject);
 close_hFile:
    CloseHandle(hFile);

    printf("\n");
 }

 static void load_library(const char *filename, DWORD dwFlags) {
    printf("Attempting library load of %s with %08x\n", filename, dwFlags);

    HMODULE mod = LoadLibraryExA(filename, NULL, dwFlags);
    
    if (!mod) {
        fprintf(stderr, "Failed to load %s\n", filename);
        return;
    }

    printf("mod value: %08x\n", mod);

    dump_info(filename, (BYTE*) ((DWORD)mod & ~3));

    FreeLibrary(mod);

    printf("\n");
 }

 int main(int argc, const char *argv[], const char *argp[]) {
    const char *filename = "C:\\windows\\system32\\user32.dll";

    load_library(filename, LOAD_LIBRARY_AS_DATAFILE);
    load_library(filename, LOAD_LIBRARY_AS_DATAFILE | LOAD_LIBRARY_AS_IMAGE_RESOURCE);
    load_library(filename, LOAD_LIBRARY_AS_IMAGE_RESOURCE);
    load_library(filename, 0);

    map_file(filename, PAGE_READONLY );
    map_file(filename, PAGE_READONLY | SEC_IMAGE);

    if (IsWindows8OrGreater())
        map_file(filename, PAGE_READONLY | SEC_IMAGE_NO_EXECUTE);

 }
	CC=i686-w64-mingw32-gcc
	LDLIBS=-limagehlp

	test_reloc: test_reloc.o

	clean:
	@rm -f test_reloc.exe test_reloc.o
	#include <windows.h>
	#include <imagehlp.h>
	#include <versionhelpers.h>
	#include <stdio.h>

	static void dump_info(const char filename, BYTE ptr) {
	IMAGE_DOS_HEADER dh = (IMAGE_DOS_HEADER) ptr;
	IMAGE_NT_HEADERS32 fh = (IMAGE_NT_HEADERS32) (ptr + dh->e_lfanew);

	LOADED_IMAGE image;
	if (!MapAndLoad(filename, NULL, &image, TRUE, TRUE)) {
	fprintf(stderr, "Couldn't MapAndLoad (%08x)\n", GetLastError());
	return;
	}

	printf("image mapped address: %08x (%02x%02x%02x%02x)\n", image.MappedAddress, image.MappedAddress[0], image.MappedAddress[1], image.MappedAddress[2], image.MappedAddress[3]);
	printf("fh->FileHeader.Machine: %04x\n", fh->FileHeader.Machine);
	printf("fh->OptionalHeader.ImageBase: %08x -> %08x\n", image.FileHeader->OptionalHeader.ImageBase, fh->OptionalHeader.ImageBase);

	printf("image.SizeOfImage: %d, fh->OptionalHeader.SizeOfImage: %d\n", image.SizeOfImage, fh->OptionalHeader.SizeOfImage);


	BYTE *pImage = image.MappedAddress + fh->OptionalHeader.SizeOfHeaders;
	BYTE *pFh;

	if (ptr == (BYTE*)fh->OptionalHeader.ImageBase) {
	pFh = ptr + fh->OptionalHeader.BaseOfCode;
	printf("Executable\n");
	} else {
	pFh = ptr + fh->OptionalHeader.SizeOfHeaders;
	printf("Not executable");
	if (memcmp(pImage, pFh, 4) && !memcmp(pImage, ptr + fh->OptionalHeader.BaseOfCode, 4)) {
	pFh = ptr + fh->OptionalHeader.BaseOfCode;
	printf(", but mapped as one");
	}
	printf("\n");
	}

	int match = memcmp(pImage, pFh, fh->OptionalHeader.SizeOfCode);

	printf("size of code: %d\n", fh->OptionalHeader.SizeOfImage - fh->OptionalHeader.BaseOfCode);
	printf("image: %02x%02x%02x%02x, fh: %02x%02x%02x%02x\n", pImage[0], pImage[1], pImage[2], pImage[3], pFh[0], pFh[1], pFh[2], pFh[3]);
	printf("memcmp: %d\n", match);
	if (match) {
	printf("Reloc performed\n");
	} else {
	printf("No reloc performed\n");
	}

	UnMapAndLoad(&image);
	}

	static void map_file(const char *filename, DWORD flProtect) {
	printf("Attempting mapping of %s with %08x\n", filename, flProtect);
	const HANDLE hFile = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	if (!hFile) {
	fprintf(stderr, "Couldn't open %s\n", filename);
	return;
	}

	const HANDLE hFileMappingObject = CreateFileMapping(hFile, NULL, flProtect, 0, 0, NULL);
	if (!hFileMappingObject) {
	fprintf(stderr, "Couldn't map %s\n", filename);
	goto close_hFile;
	}
	BYTE * const ptr = (BYTE*) MapViewOfFile(hFileMappingObject, FILE_MAP_READ, 0, 0, 0);
	if (!ptr) {
	fprintf(stderr, "Couldn't map the view\n");
	goto close_hMapping;
	}
	printf("Mapped %s to %08lx\n", filename, ptr);

	dump_info(filename, ptr);

	close_view:
	UnmapViewOfFile(ptr);
	close_hMapping:
	CloseHandle(hFileMappingObject);
	close_hFile:
	CloseHandle(hFile);

	printf("\n");
	}

	static void load_library(const char *filename, DWORD dwFlags) {
	printf("Attempting library load of %s with %08x\n", filename, dwFlags);

	HMODULE mod = LoadLibraryExA(filename, NULL, dwFlags);

	if (!mod) {
	fprintf(stderr, "Failed to load %s\n", filename);
	return;
	}

	printf("mod value: %08x\n", mod);

	dump_info(filename, (BYTE*) ((DWORD)mod & ~3));

	FreeLibrary(mod);

	printf("\n");
	}

	int main(int argc, const char argv[], const char argp[]) {
	const char *filename = "C:\\windows\\system32\\user32.dll";

	load_library(filename, LOAD_LIBRARY_AS_DATAFILE);
	load_library(filename, LOAD_LIBRARY_AS_DATAFILE \| LOAD_LIBRARY_AS_IMAGE_RESOURCE);
	load_library(filename, LOAD_LIBRARY_AS_IMAGE_RESOURCE);
	load_library(filename, 0);

	map_file(filename, PAGE_READONLY );
	map_file(filename, PAGE_READONLY \| SEC_IMAGE);

	if (IsWindows8OrGreater())
	map_file(filename, PAGE_READONLY \| SEC_IMAGE_NO_EXECUTE);

	}