Bound imports added

struppigel · Jul 18, 2024 · 18aac03 · 18aac03
1 parent b100517
commit 18aac03
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 12 deletions.
diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.github.struppigel</groupId>
     <artifactId>PortexAnalyzerGUI</artifactId>
-    <version>0.13.0</version>
+    <version>0.13.2</version>
     <repositories>
         <repository>
             <id>github</id>
@@ -78,7 +78,7 @@
         <dependency>
             <groupId>com.github.struppigel</groupId>
             <artifactId>portex_2.12</artifactId>
-            <version>5.0.4-SNAPSHOT</version>
+            <version>5.0.5-SNAPSHOT</version>
         </dependency>
     </dependencies>
 

diff --git a/src/main/java/com/github/struppigel/gui/AboutFrame.java b/src/main/java/com/github/struppigel/gui/AboutFrame.java
@@ -26,10 +26,10 @@ public class AboutFrame extends JFrame {
 
     private static final long serialVersionUID = 1L;
 
-    public static String version = "0.13.0";
+    public static String version = "0.13.2";
     private static final String text = "Portex Analyzer GUI" + "\n\n" + "Version: " + version
             + "\nAuthor: Karsten Hahn"
-            + "\nLast update: 10. July 2024"
+            + "\nLast update: 18. July 2024"
             + "\n\nI develop this software as a hobby in my free time."
             + "\n\nIf you like it, please consider buying me a coffee: https://ko-fi.com/struppigel"
             + "\n\nThe repository is available at https://github.com/struppigel/PortexAnalyzerGUI";

diff --git a/src/main/java/com/github/struppigel/gui/FullPEData.java b/src/main/java/com/github/struppigel/gui/FullPEData.java
@@ -53,6 +53,8 @@ public class FullPEData {
     private final List<ImportDLL> imports;
     private final List<Object[]> importTableEntries;
     private final List<Object[]> delayLoadEntries;
+
+    private final List<Object[]> boundImportEntries;
     private final List<Object[]> resourceTableEntries;
     private final List<Resource> resources;
     private final List<ExportEntry> exports;
@@ -78,6 +80,7 @@ public class FullPEData {
     private final long OFFSET_DEFAULT = 0L;
     public FullPEData(PEData data, Overlay overlay, double overlayEntropy, List<String> overlaySignatures,
                       double[] sectionEntropies, List<ImportDLL> imports, List<Object[]> importTableEntries, List<Object[]> delayLoadEntries,
+                      List<Object[]> boundImportEntries,
                       List<Object[]> resourceTableEntries, List<Resource> resources, List<String> manifests,
                       List<Object[]> exportTableEntries, List<ExportEntry> exports,
                       String hashes, List<Object[]> sectionHashTableEntries,
@@ -93,6 +96,7 @@ public FullPEData(PEData data, Overlay overlay, double overlayEntropy, List<Stri
         this.imports = imports;
         this.importTableEntries = importTableEntries;
         this.delayLoadEntries = delayLoadEntries;
+        this.boundImportEntries = boundImportEntries;
         this.resourceTableEntries = resourceTableEntries;
         this.resources = resources;
         this.manifests = manifests;
@@ -141,9 +145,11 @@ public List<Object[]> getImportTableEntries() {
         return importTableEntries;
     }
 
-    public List<Object[]> getDelayLoadEntries() {
-        return delayLoadEntries;
-    }
+    public List<Object[]> getDelayLoadEntries() {return delayLoadEntries;}
+
+    public List<Object[]> getBoundImportEntries() {return boundImportEntries;}
+
+    public boolean hasBoundImportEntries() {return !boundImportEntries.isEmpty();}
 
     public boolean hasManifest() {
         return getManifests().size() > 0;

diff --git a/src/main/java/com/github/struppigel/gui/PEComponentTree.java b/src/main/java/com/github/struppigel/gui/PEComponentTree.java
@@ -54,6 +54,7 @@ public class PEComponentTree extends JPanel {
     private static final String IMPORTS_TEXT = "Imports";
 
     private static final String DELAY_LOAD_IMPORTS_TEXT = "Delay Load Imports";
+    private static final String BOUND_IMPORTS_TEXT = "Bound Imports";
     private static final String EXPORTS_TEXT = "Exports";
     private static final String DEBUG_TEXT = "Debug";
     private static final String ANOMALY_TEXT = "Anomalies";
@@ -112,6 +113,7 @@ private void updateTree() {
         // Data directories
         DefaultMutableTreeNode imports = new DefaultMutableTreeNode(IMPORTS_TEXT);
         DefaultMutableTreeNode delayLoad = new DefaultMutableTreeNode(DELAY_LOAD_IMPORTS_TEXT);
+        DefaultMutableTreeNode bound = new DefaultMutableTreeNode(BOUND_IMPORTS_TEXT);
         DefaultMutableTreeNode exports = new DefaultMutableTreeNode(EXPORTS_TEXT);
         DefaultMutableTreeNode debug = new DefaultMutableTreeNode(DEBUG_TEXT);
 
@@ -165,6 +167,10 @@ private void updateTree() {
             pe.add(delayLoad);
         }
 
+        if(peData.hasBoundImportEntries()) {
+            pe.add(bound);
+        }
+
         if(peData.hasExports()){
             pe.add(exports);
         }
@@ -310,6 +316,9 @@ private void selectionChanged(TreePath path) {
             case DELAY_LOAD_IMPORTS_TEXT:
                 peDetailsPanel.showDelayLoadImports();
                 return;
+            case BOUND_IMPORTS_TEXT:
+                peDetailsPanel.showBoundImports();
+                return;
             case EXPORTS_TEXT:
                 peDetailsPanel.showExports();
                 return;

diff --git a/src/main/java/com/github/struppigel/gui/pedetails/PEDetailsPanel.java b/src/main/java/com/github/struppigel/gui/pedetails/PEDetailsPanel.java
@@ -931,6 +931,20 @@ public void showDelayLoadImports() {
         showImportsForEntries(peData.getDelayLoadEntries(), DataDirectoryKey.DELAY_IMPORT_DESCRIPTOR);
     }
 
+    public void showBoundImports() {
+        if (peData == null) return;
+        String[] tableHeader = {"Name", "Offset Module Name", "Time Date Stamp", "Forwarder Refs", "Raw Offset"};
+        showTextEntries(peData.getBoundImportEntries(), tableHeader, 4);
+        showTablePanel();
+        SectionTable sectionTable = peData.getPeData().getSectionTable();
+        Long offset = peData.getPeData()
+                .getOptionalHeader()
+                .getDataDirectory()
+                .get(DataDirectoryKey.BOUND_IMPORT)
+                .getFileOffset(sectionTable);
+        previewPanel.showContentAtOffset(offset);
+    }
+
     public void showImports() {
         showImportsForEntries(peData.getImportTableEntries(), DataDirectoryKey.IMPORT_TABLE);
     }

diff --git a/src/main/java/com/github/struppigel/gui/utils/PELoadWorker.java b/src/main/java/com/github/struppigel/gui/utils/PELoadWorker.java
@@ -25,10 +25,7 @@
 import com.github.struppigel.parser.sections.debug.*;
 import com.github.struppigel.parser.sections.edata.ExportEntry;
 import com.github.struppigel.parser.sections.edata.ExportNameEntry;
-import com.github.struppigel.parser.sections.idata.ImportDLL;
-import com.github.struppigel.parser.sections.idata.NameImport;
-import com.github.struppigel.parser.sections.idata.OrdinalImport;
-import com.github.struppigel.parser.sections.idata.SymbolDescription;
+import com.github.struppigel.parser.sections.idata.*;
 import com.github.struppigel.parser.sections.rsrc.IDOrName;
 import com.github.struppigel.parser.sections.rsrc.Level;
 import com.github.struppigel.parser.sections.rsrc.Resource;
@@ -101,6 +98,7 @@ protected FullPEData doInBackground() throws Exception {
         List<ImportDLL> delayDLLs = data.loadDelayLoadImports();
         List<Object[]> impEntries = createImportTableEntries(importDLLs);
         List<Object[]> delayLoadEntries = createImportTableEntries(delayDLLs);
+        List<Object[]> boundImportEntries = createBoundImportEntries(data);
         setProgress(40);
 
         publish("Scanning for signatures...");
@@ -136,12 +134,33 @@ protected FullPEData doInBackground() throws Exception {
 
         publish("Done!");
         return new FullPEData(data, overlay, overlayEntropy, overlaySignatures, sectionEntropies, importDLLs,
-                impEntries, delayLoadEntries, resourceTableEntries, data.loadResources(), manifests, exportEntries, exports,
+                impEntries, delayLoadEntries, boundImportEntries, resourceTableEntries, data.loadResources(), manifests, exportEntries, exports,
                 hashesReport, hashesForSections, anomaliesTable, debugTableEntries, vsInfoTable,
                 rehintsReport, stringTableEntries, dotnetMetaDataRootEntries, maybeCLR, dotNetStreamHeaders,
                 optimizedStreamEntries, clrTables, clrTableHeaders);
     }
 
+    private Object[] createBoundImportEntry(BoundImportDescriptor bi) {
+        List<Object> line = new ArrayList<>();
+        line.add(bi.getName());
+        line.add(bi.get(BoundImportDescriptorKey.OFFSET_MODULE_NAME));
+        line.add(bi.get(BoundImportDescriptorKey.TIME_DATE_STAMP));
+        line.add(bi.get(BoundImportDescriptorKey.NR_OF_MODULE_FORWARDER_REFS));
+        line.add(bi.rawOffset());
+        return line.toArray();
+    }
+
+    private List<Object[]> createBoundImportEntries(PEData data) throws IOException {
+        Optional<BoundImportSection> section = new SectionLoader(data).maybeLoadBoundImportSection();
+        if(section.isPresent()) {
+            BoundImportSection bsec = section.get();
+            return bsec.getEntries().stream()
+                    .map(this::createBoundImportEntry)
+                    .collect(Collectors.toList());
+        }
+        return new ArrayList<>();
+    }
+
     private Optional<CLRSection> loadCLRSection(PEData data) {
         SectionLoader loader = new SectionLoader(data);
         try {