Add symbol table search scaffolding and ELF32 implementation

2019-10-21 00:00:05 +02:00
parent 491735044c
commit bebfba4f46
4 changed files with 115 additions and 4 deletions
--- a/Il2CppInspector/FileFormatReaders/ElfReader.cs
+++ b/Il2CppInspector/FileFormatReaders/ElfReader.cs
@@ -1,19 +1,23 @@
 /*
    Copyright 2017 Perfare - https://github.com/Perfare/Il2CppDumper
-    Copyright 2017 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
+    Copyright 2017-2019 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com

    All rights reserved.
 */

 using System;
+using System.Collections.Generic;
+using System.Diagnostics;
 using System.IO;
 using System.Linq;
+using System.Net.Sockets;

 namespace Il2CppInspector
 {
    internal class ElfReader : FileFormatReader<ElfReader>
    {
        private program_header_table[] program_table_element;
+        private elf_32_shdr[] section_header_table;
        private elf_header elf_header;

        public ElfReader(Stream stream) : base(stream) { }
@@ -44,9 +48,65 @@ namespace Il2CppInspector
                return false;
            }
            program_table_element = ReadArray<program_header_table>(elf_header.e_phoff, elf_header.e_phnum);
+            section_header_table = ReadArray<elf_32_shdr>(elf_header.e_shoff, elf_header.e_shnum);
            return true;
        }

+        public override Dictionary<string, uint> GetSymbolTable() {
+            // Three possible symbol tables in ELF files
+            var pTables = new List<(uint offset, uint count, uint strings)>();
+
+            // String table (a sequence of null-terminated strings, total length in sh_size
+            var SHT_STRTAB = section_header_table.FirstOrDefault(x => x.sh_type == 3u); // SHT_STRTAB = 3
+
+            if (SHT_STRTAB != null) {
+                // Section header shared object symbol table (.symtab)
+                if (section_header_table.FirstOrDefault(x => x.sh_type == 2u) is elf_32_shdr SHT_SYMTAB) // SHT_SYMTAB = 2
+                    pTables.Add((SHT_SYMTAB.sh_offset, SHT_SYMTAB.sh_size / SHT_SYMTAB.sh_entsize, SHT_STRTAB.sh_offset));
+                
+                // Section header executable symbol table (.dynsym)
+                if (section_header_table.FirstOrDefault(x => x.sh_type == 11u) is elf_32_shdr SHT_DYNSYM) // SHT_DYNSUM = 11
+                    pTables.Add((SHT_DYNSYM.sh_offset, SHT_DYNSYM.sh_size / SHT_DYNSYM.sh_entsize, SHT_STRTAB.sh_offset));
+            }
+
+            // Symbol table in dynamic section (DT_SYMTAB)
+            // Normally the same as .dynsym except that .dynsym may be removed in stripped binaries
+            if (program_table_element.FirstOrDefault(x => x.p_type == 2u) is program_header_table PT_DYNAMIC) // PT_DYNAMIC = 2
+            {
+                // Get the dynamic table
+                var dynamic_table = ReadArray<elf_32_dynamic>(PT_DYNAMIC.p_offset, (int) PT_DYNAMIC.p_filesz / 8 /* sizeof(elf_32_dynamic) */);
+
+                // Dynamic string table
+                var DT_STRTAB = dynamic_table.FirstOrDefault(x => x.d_tag == 5u); // DT_STRTAB = 5
+
+                if (DT_STRTAB != null) {
+                    if (dynamic_table.FirstOrDefault(x => x.d_tag == 6u) is elf_32_dynamic DT_SYMTAB) { // DT_SYMTAB = 6
+                        // Find the next pointer in the dynamic table to calculate the length of the symbol table
+                        var end = (from x in dynamic_table where x.d_un > DT_SYMTAB.d_un orderby x.d_un select x).First().d_un;
+
+                        // Dynamic symbol table
+                        pTables.Add((DT_SYMTAB.d_un, (end - DT_SYMTAB.d_un) / 16 /* sizeof(elf_32_sym) */, DT_STRTAB.d_un));
+                    }
+                }
+            }
+
+            // Now iterate through all of the symbol and string tables we found to build a full list
+            var symbolTable = new Dictionary<string, uint>();
+
+            foreach (var pTab in pTables) {
+                var symbol_table = ReadArray<elf_32_sym>(pTab.offset, (int) pTab.count);
+
+                foreach (var symbol in symbol_table) {
+                    var name = ReadNullTerminatedString(pTab.strings + symbol.st_name);
+
+                    // Avoid duplicates
+                    symbolTable.TryAdd(name, symbol.st_value);
+                }
+            }
+
+            return symbolTable;
+        }
+
        public override uint[] GetFunctionTable() {
            // Find dynamic section
            var dynamic = new elf_32_shdr();
--- a/Il2CppInspector/FileFormatReaders/FormatLayouts/Elf.cs
+++ b/Il2CppInspector/FileFormatReaders/FormatLayouts/Elf.cs
@@ -1,6 +1,6 @@
 /*
    Copyright 2017 Perfare - https://github.com/Perfare/Il2CppDumper
-    Copyright 2017 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
+    Copyright 2017-2019 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com

    All rights reserved.
 */
@@ -85,5 +85,21 @@ namespace Il2CppInspector
        public uint sh_addralign;
        public uint sh_entsize;
    }
+
+    internal class elf_32_sym
+    {
+        public uint st_name;
+        public uint st_value;
+        public uint st_size;
+        public byte st_info;
+        public byte st_other;
+        public ushort st_shndx;
+    }
+
+    internal class elf_32_dynamic
+    {
+        public uint d_tag;
+        public uint d_un;
+    }
 #pragma warning restore CS0649
 }