From 951852bab1d1127f9a8d7adfcaa37e9be1d06362 Mon Sep 17 00:00:00 2001 From: cw2k <3834079+cw2k@users.noreply.github.com> Date: Tue, 3 Nov 2020 21:52:22 +0100 Subject: [PATCH] ConvertVAtoFileOffsetEx() now supports VA values * ConvertVAtoFileOffsetEx(): implemented a handler for the bool AddressIsRVA. Before AddressToConvert was always assumed to be a RVA what lead to problems if a VA was passed in AddressToConvert [what was shown by AddressIsRVA=true] Combined with previous bug that returns INVALID_VALUE in case of an error it crashed the gleebug clientapp since they interpreted INVALID_VALUE as a file offset * ConvertFileOffsetToVA: fix for return value. In case an error occurs it now returns 0. Before it returned INVALID_VALUE. * Start commenting function purpose and it's parameters --- TitanEngineEmulator/Emulator.h | 54 ++++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/TitanEngineEmulator/Emulator.h b/TitanEngineEmulator/Emulator.h index 9ed8ac9..8df767c 100644 --- a/TitanEngineEmulator/Emulator.h +++ b/TitanEngineEmulator/Emulator.h @@ -571,29 +571,71 @@ public: ULONG_PTR ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) { auto found = mappedFiles.find(FileMapVA); + if(found == mappedFiles.end()) __debugbreak(); //return 0; + if(!found->second.pe->IsValidPe()) __debugbreak(); //return 0; - return found->second.pe->ConvertOffsetToRva(uint32(AddressToConvert)); + + auto offset = found->second.pe->ConvertOffsetToRva( uint32( AddressToConvert ) ); + + if (offset == INVALID_VALUE) + return 0; } - ULONG_PTR ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType) + //// + /// + // ConvertVAtoFileOffset - converts virtual addresses to its physical counterpart. + // + // Returns: converted physical address + // or NULL if conversion has failed. + // + ULONG_PTR ConvertVAtoFileOffset( + ULONG_PTR FileMapVA, // [in] Pointer to the mapped file content. It's either StaticFileLoad function or Windows API for file mapping. + ULONG_PTR AddressToConvert, // [in] Virtual address to convert to a physical address. + bool ReturnType // [in] Add the FileMapVA return value? + ) { - return ConvertVAtoFileOffsetEx(FileMapVA, 0, 0, AddressToConvert, false, ReturnType); + return ConvertVAtoFileOffsetEx( + FileMapVA ,0 ,0 , + AddressToConvert, false, ReturnType ); } - ULONG_PTR ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType) + //// + /// + // ConvertVAtoFileOffsetEx - converts virtual addresses to its physical counterpart. + // checks if PE file is valid and if memory is accessible + // Returns: converted physical address + // or NULL if conversion has failed. + // + ULONG_PTR ConvertVAtoFileOffsetEx( + ULONG_PTR FileMapVA, // [in] Pointer to the mapped file content. It's either StaticFileLoad function or Windows API for file mapping. + DWORD FileSize, // [in] Size of the mapped file. + ULONG_PTR ImageBase, // [in] ImageBase of the mapped file + ULONG_PTR AddressToConvert, // [in] Virtual address to convert to a physical address. + bool AddressIsRVA, // [in] true => AddressToConvert is relative virtual address + bool ReturnType // [in] Add the FileMapVA return value? + ) { auto found = mappedFiles.find(FileMapVA); if(found == mappedFiles.end()) __debugbreak(); //return 0; + if(!found->second.pe->IsValidPe()) __debugbreak(); //return 0; - auto offset = found->second.pe->ConvertRvaToOffset(uint32(AddressToConvert)); + + // Convert to RVA if needed + auto RVA_ToConvert = AddressIsRVA ? + AddressToConvert : + AddressToConvert - ImageBase; + + auto offset = found->second.pe->ConvertRvaToOffset( + uint32( RVA_ToConvert ) + ); + if (offset == INVALID_VALUE) return 0; - return ReturnType ? FileMapVA + offset : offset; } template