unspeaker/vestal
1
0
Fork 0
mirror of https://codeberg.org/unspeaker/vestal.git synced 2025-12-06 12:56:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

log and resolve call sites

Browse source
This commit is contained in:
🪞👃🪞 2025-02-21 22:25:57 +02:00
parent 862159116c
commit 1997297d7b
3 changed files with 61 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

0
crates/vestal/src/call.rs Normal file
View file

4
crates/vestal/src/load.rs
View file

@ -31,7 +31,7 @@ impl Vestal {
let dep = descriptor.get_name(dll)?.as_str()?;
let iat = descriptor.get_first_thunk(dll)?;
let ilt = descriptor.get_original_first_thunk(dll)?;
let lookups = descriptor.get_lookup_thunks(dll)?;
let lut = descriptor.get_lookup_thunks(dll)?;
let resolved = Arc::new(self.resolve(&dep)?.expect("no path for {name}"));
print!(" (module {BOLD}{dep:?}{RESET} N=0x{:>08x} IAT=0x{:>08x} ILT=0x{:>08x}\n {resolved:?}",
&descriptor.name.0,
@ -47,7 +47,7 @@ impl Vestal {
Thunk::Thunk32(t) => panic!("32 bit original thunk"),
Thunk::Thunk64(t) => t.0
})),
lookups.iter().map(|thunk|format!("0x{:08x}", match thunk {
lut.iter().map(|thunk|format!("0x{:08x}", match thunk {
Thunk::Thunk32(t) => panic!("32 bit original thunk"),
Thunk::Thunk64(t) => t.0
})),

66
crates/vestal/src/main.rs
View file

@ -72,7 +72,7 @@ impl Dll {
let text = &data[start..start+size];
let mut calls_by_source = Default::default();
let mut calls_by_target = Default::default();
let _ = Self::calls(
let calls = Self::calls(
&name,
&pe,
start,
@ -81,6 +81,7 @@ impl Dll {
&mut calls_by_target,
false
)?;
let imports = Self::imports(&pe);
let dll = Arc::new(Self {
name: name.clone(),
path: path.clone(),
@ -91,9 +92,66 @@ impl Dll {
calls_by_source,
calls_by_target,
});
println!(" (call-sites {calls})");
for (call, sites) in dll.calls_by_target.iter() {
println!(" (0x{call:08x}\n {:?})", sites.iter()
.map(|call|format!("0x{:08x}", call.offset))
.collect::<Vec<_>>());
}
build.dlls.insert(name.clone(), dll.clone());
Ok(dll)
}
fn imports (pe: &VecPE) -> Usually<(usize, usize)> {
let directory = ImportDirectory::parse(pe)?;
for descriptor in directory.descriptors {
let dep = descriptor.get_name(pe)?.as_str()?;
let imp = descriptor.get_imports(pe)?;
let iat = descriptor.get_first_thunk(pe)?;
let ilt = descriptor.get_original_first_thunk(pe)?;
let lut = descriptor.get_lookup_thunks(pe)?;
let mut imports = Vec::new();
for (index, (import, thunk, orig, lookup)) in izip!(
imp,
iat.iter().map(|thunk|format!("0x{:08x}", match thunk {
Thunk::Thunk32(t) => panic!("32 bit thunk"),
Thunk::Thunk64(t) => t.0
})),
ilt.iter().map(|thunk|format!("0x{:08x}", match thunk {
Thunk::Thunk32(t) => panic!("32 bit original thunk"),
Thunk::Thunk64(t) => t.0
})),
lut.iter().map(|thunk|format!("0x{:08x}", match thunk {
Thunk::Thunk32(t) => panic!("32 bit original thunk"),
Thunk::Thunk64(t) => t.0
})),
).enumerate() {
let call_via = descriptor.first_thunk.0 + index as u32 * 8;
let name = match import {
ImportData::Ordinal(x) => {
//print!("\n (import-ordinal {BOLD}0x{:>08x}{RESET} IAT={} ILT={} LU={} 0x{:>04x})",
//call_via, thunk, orig, lookup, x);
format!("___VESTAL___ORD___{x}___")
},
ImportData::ImportByName(name) => {
//print!("\n (import-by-name {BOLD}0x{:>08x}{RESET} IAT={} ILT={} LU={} {:?})",
//call_via, thunk, orig, lookup, name);
format!("{name}")
},
};
println!(" ({index:5} 0x{call_via:08x} {dep:>20} {name}");
imports.push((thunk, orig, import));
//if let Some(existing) = self.addr_to_import.get(&call_via) {
//panic!("addr space overlap at 0x{call_via:x}: {}::{} vs {}::{}",
//existing.0,
//existing.1,
//dep.to_string(),
//name);
//}
//self.addr_to_import.insert(call_via, (dep.to_string(), name));
}
}
Ok((0, 0))
}
fn calls (
name: &Arc<str>,
pe: &VecPE,
@ -115,12 +173,6 @@ impl Dll {
calls_by_target.get_mut(&call.target).unwrap().push(call);
}
}
println!(" (call-sites {calls})");
for (call, sites) in calls_by_target.iter() {
println!(" (0x{call:08x}\n {:?})", sites.iter()
.map(|call|format!("0x{:08x}", call.offset))
.collect::<Vec<_>>());
}
Ok(calls)
}
fn call (