From 1997297d7b37278473ff66c6f1ac2e14b8a543c9 Mon Sep 17 00:00:00 2001
From: unspeaker <hora.nqma@protonmail.com>
Date: Fri, 21 Feb 2025 22:25:57 +0200
Subject: [PATCH] log and resolve call sites

---
 crates/vestal/src/call.rs |  0
 crates/vestal/src/load.rs |  4 +--
 crates/vestal/src/main.rs | 66 ++++++++++++++++++++++++++++++++++-----
 3 files changed, 61 insertions(+), 9 deletions(-)
 create mode 100644 crates/vestal/src/call.rs

diff --git a/crates/vestal/src/call.rs b/crates/vestal/src/call.rs
new file mode 100644
index 0000000..e69de29
diff --git a/crates/vestal/src/load.rs b/crates/vestal/src/load.rs
index 996f587..a133c93 100644
--- a/crates/vestal/src/load.rs
+++ b/crates/vestal/src/load.rs
@@ -31,7 +31,7 @@ impl Vestal {
             let dep = descriptor.get_name(dll)?.as_str()?;
             let iat = descriptor.get_first_thunk(dll)?;
             let ilt = descriptor.get_original_first_thunk(dll)?;
-            let lookups = descriptor.get_lookup_thunks(dll)?;
+            let lut = descriptor.get_lookup_thunks(dll)?;
             let resolved = Arc::new(self.resolve(&dep)?.expect("no path for {name}"));
             print!("  (module {BOLD}{dep:?}{RESET} N=0x{:>08x} IAT=0x{:>08x} ILT=0x{:>08x}\n    {resolved:?}",
                 &descriptor.name.0,
@@ -47,7 +47,7 @@ impl Vestal {
                     Thunk::Thunk32(t) => panic!("32 bit original thunk"),
                     Thunk::Thunk64(t) => t.0
                 })),
-                lookups.iter().map(|thunk|format!("0x{:08x}", match thunk {
+                lut.iter().map(|thunk|format!("0x{:08x}", match thunk {
                     Thunk::Thunk32(t) => panic!("32 bit original thunk"),
                     Thunk::Thunk64(t) => t.0
                 })),
diff --git a/crates/vestal/src/main.rs b/crates/vestal/src/main.rs
index fbbdb98..e78e285 100644
--- a/crates/vestal/src/main.rs
+++ b/crates/vestal/src/main.rs
@@ -72,7 +72,7 @@ impl Dll {
         let text = &data[start..start+size];
         let mut calls_by_source = Default::default();
         let mut calls_by_target = Default::default();
-        let _ = Self::calls(
+        let calls = Self::calls(
             &name,
             &pe, 
             start,
@@ -81,6 +81,7 @@ impl Dll {
             &mut calls_by_target,
             false
         )?;
+        let imports = Self::imports(&pe);
         let dll = Arc::new(Self {
             name:  name.clone(),
             path:  path.clone(),
@@ -91,9 +92,66 @@ impl Dll {
             calls_by_source,
             calls_by_target,
         });
+        println!("  (call-sites {calls})");
+        for (call, sites) in dll.calls_by_target.iter() {
+            println!("  (0x{call:08x}\n    {:?})", sites.iter()
+                .map(|call|format!("0x{:08x}", call.offset))
+                .collect::<Vec<_>>());
+        }
         build.dlls.insert(name.clone(), dll.clone());
         Ok(dll)
     }
+    fn imports (pe: &VecPE) -> Usually<(usize, usize)> {
+        let directory = ImportDirectory::parse(pe)?;
+        for descriptor in directory.descriptors {
+            let dep = descriptor.get_name(pe)?.as_str()?;
+            let imp = descriptor.get_imports(pe)?;
+            let iat = descriptor.get_first_thunk(pe)?;
+            let ilt = descriptor.get_original_first_thunk(pe)?;
+            let lut = descriptor.get_lookup_thunks(pe)?;
+            let mut imports = Vec::new();
+            for (index, (import, thunk, orig, lookup)) in izip!(
+                imp,
+                iat.iter().map(|thunk|format!("0x{:08x}", match thunk {
+                    Thunk::Thunk32(t) => panic!("32 bit thunk"),
+                    Thunk::Thunk64(t) => t.0
+                })),
+                ilt.iter().map(|thunk|format!("0x{:08x}", match thunk {
+                    Thunk::Thunk32(t) => panic!("32 bit original thunk"),
+                    Thunk::Thunk64(t) => t.0
+                })),
+                lut.iter().map(|thunk|format!("0x{:08x}", match thunk {
+                    Thunk::Thunk32(t) => panic!("32 bit original thunk"),
+                    Thunk::Thunk64(t) => t.0
+                })),
+            ).enumerate() {
+                let call_via = descriptor.first_thunk.0 + index as u32 * 8;
+                let name = match import {
+                    ImportData::Ordinal(x) => {
+                        //print!("\n    (import-ordinal {BOLD}0x{:>08x}{RESET} IAT={} ILT={} LU={} 0x{:>04x})",
+                            //call_via, thunk, orig, lookup, x);
+                        format!("___VESTAL___ORD___{x}___")
+                    },
+                    ImportData::ImportByName(name) => {
+                        //print!("\n    (import-by-name {BOLD}0x{:>08x}{RESET} IAT={} ILT={} LU={} {:?})",
+                            //call_via, thunk, orig, lookup, name);
+                        format!("{name}")
+                    },
+                };
+                println!("  ({index:5} 0x{call_via:08x} {dep:>20} {name}");
+                imports.push((thunk, orig, import));
+                //if let Some(existing) = self.addr_to_import.get(&call_via) {
+                    //panic!("addr space overlap at 0x{call_via:x}: {}::{} vs {}::{}",
+                        //existing.0,
+                        //existing.1,
+                        //dep.to_string(),
+                        //name);
+                //}
+                //self.addr_to_import.insert(call_via, (dep.to_string(), name));
+            }
+        }
+        Ok((0, 0))
+    }
     fn calls (
         name:  &Arc<str>,
         pe:    &VecPE,
@@ -115,12 +173,6 @@ impl Dll {
                 calls_by_target.get_mut(&call.target).unwrap().push(call);
             }
         }
-        println!("  (call-sites {calls})");
-        for (call, sites) in calls_by_target.iter() {
-            println!("  (0x{call:08x}\n    {:?})", sites.iter()
-                .map(|call|format!("0x{:08x}", call.offset))
-                .collect::<Vec<_>>());
-        }
         Ok(calls)
     }
     fn call (