GET Amateur and back-engineering. Part 2: Wireframe / Sudo Null IT News FREE
Last time, I delineated the beginning of my reverse technology relationship. A trifle more time has passed and now, to some extent, the upshot of my enquiry.
I am nerve-wracking to restore the sources from a .dll program library and a .pdb database. Using International Development Association for certain brought few results, just non satisfactory. Maybe I'm just not persevering. Therefore, I started on the other hand - with the restoration of the library project framework. Since I have a .pdb database, I can do it quite well. In principle. Theoretically, because the database records information from preprocessed files, and not from the source. Thusly you call for to work connected.
Filling
I'll showtime the story with hypothesis. Structurally .pdb-base is a set of characters (any variable quantity, structure, function, enumeration, type, all these are characters) interconnected. Symbols are divided by eccentric, and depending on the character I can have diametric properties. By reading the properties, you can receive a verbal description of structures, functions, overrides, enumerations, constants, including the relationships between entirely this, the names of the files and .obj-modules in which the functions are located, and much more. For admittance to symbols there is a Defense Intelligence Agency SDK (Debug Port Access), it is well credentialed and it is not selfsame touchy to share with information technology. The lonesome "problem" is that the DIA out of the box is available sole for C / C ++, and if you want to work on .Net, you volition require to work by ahorse the port to .Net .dll, but that's another narration. You can just find the terminated module. In person, I chose the 2nd option after finding Dia2Lib.dll,
Perhaps there is some genial of ready-ready-made result for generating code from a .pdb database, but I did not ascertain it. And nowadays I am writing my ain. I write in C #, there is less trouble with retentiveness, although at the cost of the convenience of working with files. First, we needed classes for describing characters. Modular ones (those from Dia2Lib) are a bit uncomfortable. More precisely, if you want to twirl data in three degrees of freedom, they simply can not stand it.
Classes for Processing Character Information
class Phallus { public string along name; common int offcet; //сдвиг поля public ulong duration; //размер поля в байтах semipublic string type; //полный тип поля, с указателями, константами, выравниваем и т.д. public string accession; //уровень доступа state-supported uint id; //для идентификации одинаковых типов } class BaseClass { public string type; unexclusive int offcet; //для порядка наследования semipublic ulong length; public uint id; } assort Function { public string name; public string type; public string access; public string computer file nam; //имя файла, где находится функция populace uint Gem State; } class Typedef { unrestricted string name; public string out type; public uint id; } class Enum { public string up name; public uint id; national SubEnum[] values; } class SubEnum { public twine name; state-supported propellant value; public uint id; } class VTable { public ulong count; //размер таблицы public string typecast; public uint id; } class SubStructure { public string name; public uint id; } class Structure { world string nominate; national uint id; public Member[] members; world BaseClass[] baseclass; public Function[] functions; public Typedef[] typedefs; public Enum[] enums; public VTable[] vtables; public SubStructure[] substructures; } Arrays of these structures send away be filled up with banal counting of characters and get the basis for the framework. Afterwards the problems begin. The first job, it was already mentioned, in the database all structures from preprocessed files are recorded. Like for example this:
The first example is non identical necessary structure
struct /*id:2*/ _iobuf { /*off 0x00000000 size:0004 id:5*/ state-supported: char * _ptr; /*off 0x00000004 size:0004 Gem State:8*/ public: signed int _cnt; /*off 0x00000008 size:0004 ID:5*/ public: char * _base; /*dispatch 0x00000012 size:0004 Idaho:8*/ public: signed int _flag; /*off 0x00000016 size:0004 id:8*/ public: signed int _file; /*off 0x00000020 size:0004 id:8*/ public: subscribed int _charbuf; /*dispatch 0x00000024 size:0004 id:8*/ public: subscribed int _bufsiz; /*off 0x00000028 size:0004 id:5*/ unexclusive: blacken * _tmpfname; }; Hardly a people can apply the structure from the classical subroutine library. But if they toilet still be tracked somehow, then at that place is an worse illustration.
The second example is not real necessary structure
struct /*id:24371*/ std::allocator,std::allocator >,std::little,std::distributor,std::allocator > > >,0> >::_Node>:/*0x0 id:24351*/ std::_Allocator_base,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node> { // /*id:24362*/ unexclusive: __thiscall const std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node * address (const std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node &); // /*id:24364*/ public: __thiscall std::_Tree_nod,std::allocator >,std::fewer,std::distributor,std::allocator > > >,0> >::_Node * address (std::_Tree_nod,std::allocator >,std::less,std::distributor,std::distributor > > >,0> >::_Node &); // /*ID:24367*/ state-supported: __thiscall void distributor,std::allocator >,std::less,std::distributor,std::distributor > > >,0> >::_Node> (const std::distributor,std::distributor >,std::less,std::allocator,std::allocator > > >,0> >::_Node> &); // /*id:24372*/ open: __thiscall void allocator,std::distributor >,std::less,std::allocator,std::distributor > > >,0> >::_Node> (); //:d:\program files\microsoft optic studio .net 2003\vc7\include\xmemory /*id:24374 */in the public eye: void __thiscall std::distributor,class std::allocator >,struct std::fewer,social class std::allocator,sort out std::allocator > > >,0> >::_Node>::deallocate(struct std::_Tree_nod,separate std::allocator >,struct std::less,class std::allocator,class std::distributor > > >,0> >::_Node *,unsigned int); // /*id:24376*/ overt: __thiscall std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node * allocate (unsigned int ,const void *); //:d:\program files\microsoft optic studio .net 2003\vc7\include\xmemory /*id:24378 */open: struct std::_Tree_nod,class std::distributor >,struct std::less,family std::allocator,class std::allocator > > >,0> >::_Node * __thiscall std::allocator,class std::allocator >,struct std::less,class std::allocator,class std::allocator > > >,0> >::_Node>::allocate(unsigned int); // /*id:24380*/ public: __thiscall void construct (std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node *,const std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node &adenylic acid;); //:d:\program files\microsoft visual studio .net income 2003\vc7\admit\xmemory /*ID:24384 */public: void __thiscall std::allocator,class std::distributor >,struct std::less,class std::allocator,class std::allocator > > >,0> >::_Node>::destroy(struct std::_Tree_nod,class std::distributor >,struct std::less,class std::allocator,course of instruction std::allocator > > >,0> >::_Node *); // /*id:24386*/ public: __thiscall unsigned int max_size (); bodily structure /*id:24353*/ value_type; typedef /*id:24352*/std::_Allocator_base,std::allocator >,std::less,std::distributor,std::allocator > > >,0> >::_Node> _Mybase; typedef /*I.D.:24354*/std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node * pointer; typedef /*id:24355*/std::_Tree_nod,std::allocator >,std::inferior,std::allocator,std::allocator > > >,0> >::_Node & reference; typedef /*id:24357*/const std::_Tree_nod,std::allocator >,std::less,std::allocator,std::allocator > > >,0> >::_Node * const_pointer; typedef /*id:24359*/const std::_Tree_nod,std::allocator >,std::less,std::distributor,std::allocator > > >,0> >::_Node & const_reference; typedef /*id:24360*/unsigned int size_type; typedef /*I.D.:24361*/signed int difference_type; }; And eve if you micturate a filter on standard guide structures, there bequeath remain a bunch of language features that blossom forth operating room change during translation. A an example, I can name custom templates.
Guide slam example
struct /*Gem State:16851*/ S_BVECTOR { /*off 0x00000000 size of it:0016 id:9357*/ private: std::vector > m_VECPath; /*off 0x00000016 sized:0004 id:8*/ common soldier: signed int m_nCount; /*off 0x00000020 size:0004 id:8*/ private: subscribed int m_nPos; /*Idaho:9360 */public: __thiscall S_BVECTOR::S_BVECTOR(class S_BVECTOR const &); /*id:9362 */public: __thiscall S_BVECTOR::S_BVECTOR(void); /*id:9364 */public: void __thiscall S_BVECTOR::resize(unsigned short); /*id:9366*/ public: __thiscall avoid addsize (unsigned short ); /*id:9368 */overt: void __thiscall S_BVECTOR::setsize(unsigned short); /*id:9369*/ public: __thiscall void setsizeNew (unsigned abruptly ); /*id:9370 */public: avoid __thiscall S_BVECTOR::clear(void); /*id:9371 */public: void __thiscall S_BVECTOR::push_back(struct D3DXVECTOR2 &); /*id:9373*/ public: __thiscall evacuate pop_front (); /*id:9374*/ public: __thiscall null pop_back (); /*id:9375 */public: int __thiscall S_BVECTOR::size(void); /*id:9377 */public: bool __thiscall S_BVECTOR::devoid(void); /*id:9379*/ public: __thiscall D3DXVECTOR2 * front (); /*id:9381*/ public: __thiscall D3DXVECTOR2 * next (); /*id:9382*/ public: __thiscall D3DXVECTOR2 * ending (); /*id:9383 */public: struct D3DXVECTOR2 * __thiscall S_BVECTOR::operator[](int); /*id:9385*/ public: __thiscall void remove (signed int ); /*Gem State:9387 */unrestricted: __thiscall S_BVECTOR::~S_BVECTOR(void); /*id:9388*/ public: __thiscall void * __vecDelDtor (unsigned int ); }; Course, everything can be easily returned to its original form. Simply situations where manual processing is needed can be quite a a distribute. For example, for the library that I need to function, 2673 structures are written in the database. Of these, only about 250 are actually needed, the rest are std template scans and other "standard" things. One can only hope that everything goes without problems. Well, suppose there are blanks for structures. Next you need to indite them to files.
Generation
Showtime you need the files themselves for recording. A bit of hypothesis. When compiling, each source with the cipher afterward the preprocessor is translated, using the compiler, into machine codes. From each source code, a .obj file or .o file is obtained, dependent on the compiler. Using the DIA SDK, you can grow a list of every last files from for each one .obj module (in short, the entire list of what is included in #include). How to get a heel of files was described in a preceding article (fit, as described ... in general, there is codification) Speaking in the nomenclature of the amateur, from each .obj module you butt mother the source gens that the faculty used to be (they will sustain the same name) and a list of connected libraries (this includes all files except .cpp, although thither are exceptions). After creating a coarse structure, and linking the parts in collaboration, you bum start recording structures.
It is impossible, A far as I know, to draw the epithet of the file in which the structure existed when it existed in the form of the source. But you can find away by what files the implementation of the social structure methods was scattered. Therefore, I suggest that you simply collect all the files that include function methods, choice the one that will cost the header from them, write a verbal description there, and associate the remaining files with the lintel. But when you bugger off the name of the source in which the method is located it dismiss be unpleasant or a bug, or a manifestation of a charge error. To get the name, first you call for to notic the list of generator lines aside RVA (relative virtual address), and then find the file that contains these lines from this list of lines. But sometimes the number of lines corresponding to the method is zero, just the file list is still set. And usually the wrong name. This usually manifests itself in the analysis of the constructor.
Constructor beat structure example
// Над каждой функцией записано имя файла-исходника откуда функция родом. Файлы перед описанием структуры - просто перезапись всех исходников, но без повторений. //e:\????\kop\throw\mindpower\sdk\src\mpfont.cpp //e:\????\kop\project\mindpower\sdk\src\i_effect.cpp //e:\????\kop\task\mindpower\sdk\include\i_effect.h struct /*id:9920*/ CTexList { /*off 0x00000000 size:0002 id:1138*/ exoteric: unsigned short m_wTexCount; /*turned 0x00000004 size:0004 id:1778*/ world: ice-cream float m_fFrameTime; /*murder 0x00000008 size:0016 id:9726*/ semipublic: std::vector >,std::allocator > > > m_vecTexList; /*murder 0x00000024 size:0028 id:98*/ public: std::basic_string,std::allocator > m_vecTexName; /*off 0x00000052 size:0004 id:8384*/ public: IDirect3DTexture8 * m_lpCurTex; /*off 0x00000056 size:0004 Gem State:8130*/ in the public eye: MindPower::lwITex * m_pTex; //:e:\????\kop\project\mindpower\sdk\src\mpfont.cpp[0] /*ID:9921*/ in the public eye: __thiscall void CTexList::CTexList (const CTexList &); //:e:\????\kop\task\mindpower\sdk\src\i_effect.cpp[3] /*I.D.:9927*/ public: __thiscall void CTexList::CTexList (); //:e:\????\kop\externalise\mindpower\sdk\src\i_effect.cpp[2] /*ID:9929*/ public: __thiscall void CTexList::~CTexList (); //:e:\????\kop\projection\mindpower\sdk\src\i_effect.cpp[3] /*id:9930*/ world: __thiscall void CTexList::SetTextureName (const std::basic_string,std::distributor > &); //:e:\????\kop\project\mindpower\sdk\src\i_effect.cpp[16] /*id:9932*/ semipublic: __thiscall void CTexList::GetTextureFromModel (CEffectModel *); //:e:\????\kop\project\mindpower\sdk\src\i_effect.cpp[25] /*id:9934*/ public: __thiscall nothingness CTexList::CreateSpliteTexture (sign int ,signed int ); //:e:\????\kop\visualise\mindpower\sdk\src\i_effect.cpp[16] /*id:9936*/ public: __thiscall void CTexList::GetCurTexture (S_BVECTOR &,unsigned short &,float &,float ); //:e:\????\kop\project\mindpower\sdk\src\i_effect.cpp[2] /*id:9938*/ state-supported: __thiscall void CTexList::Reset (); //:e:\????\kop\project\mindpower\sdk\src\i_effect.cpp[7] /*id:9939*/ in the public eye: __thiscall void CTexList::Clear (); //:e:\????\kop\cast\mindpower\sdk\src\i_effect.cpp[6] /*id:9940*/ public: __thiscall void CTexList::Remove (); //:e:\????\kop\project\mindpower\sdk\include\i_effect.h[12] /*Idaho:9941*/ state-supported: __thiscall void CTexList::Copy (CTexList *); }; Usually, and not surprisingly, the structures are in two files, header.h and code.cpp, but there are other options. For instance, the structure has exclusive a header, surgery the file with the code is represented with the extension .inl, operating theater the structure is generally not written anywhere, according to the .pdb database. I used the pursuing algorithm. If there is a header in the name of files into which the structure is included, we write the structure in the header and connect it to the filing cabinet with the code, if any. We go through the structure, making a list of all types that are used. If the type is a structure, and there is a lean of files for IT, we tie in the header of this structure, otherwise we write this structure to the offse of the file. On that point is another unpleasant present moment: structures are very doting of duplicating. I Don't accept the slightest idea wherefore many of them occur several times, and peerless after the opposite (in fact, not one later on another, on that point are many standard templates between them, but if you enable the filter, then one after another). What is more, the properties \ methods of such structures cooccur with, but they differ lone in serial issue. Personally, I just classified the array with the structures behind the names of the structures, and when iterating all over wholly the elements, I compared the name of the modern with the name of the former one. And IT worked.
Termination
Although it all worked, only, of trend, not as I would the like. Of flow from, IT created a bunch of files that more often than not, As I hope, echoic the structure of the original project, but there's such a fix ...
One of the generated files is lwitem.h
//Для удобства читания и уменьшения обьема текста методы удалены #ifndef __MINDPOWER::LWITEM__ #define __MINDPOWER::LWITEM__ #ifndef _MINDPOWER::LWIRESOURCEMGR_ #define _MINDPOWER::LWIRESOURCEMGR_ struct MindPower::lwIResourceMgr:MindPower::lwInterface { //57 методов };
0 Response to "GET Amateur and back-engineering. Part 2: Wireframe / Sudo Null IT News FREE"
Post a Comment