├── .github ├── ISSUE_TEMPLATE │ └── bug_report.md └── workflows │ └── build.yml ├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── Module.manifest ├── README.md ├── build.gradle ├── data ├── README.txt ├── dosbox.png ├── imagedata.png ├── labels.png ├── options.png └── options2.png ├── extension.properties ├── ghidra_scripts └── README.txt ├── lib ├── README.txt └── file-formats.jar ├── os ├── linux_x86_64 │ └── README.txt ├── mac_x86_64 │ └── README.txt └── win_x86_64 │ └── README.txt └── src ├── main ├── help │ └── help │ │ ├── TOC_Source.xml │ │ ├── shared │ │ └── Frontpage.css │ │ └── topics │ │ └── fooloader │ │ └── help.html ├── java │ └── yetmorecode │ │ └── ghidra │ │ ├── format │ │ └── lx │ │ │ ├── datatype │ │ │ ├── FixupSectionType.java │ │ │ ├── FixupSourceType.java │ │ │ ├── FixupTargetFlags.java │ │ │ ├── LePageMapEntryType.java │ │ │ ├── LoaderSectionType.java │ │ │ ├── LxByteOrder.java │ │ │ ├── LxCpuType.java │ │ │ ├── LxOSType.java │ │ │ ├── LxPageMapEntryType.java │ │ │ ├── ObjectFixupsType.java │ │ │ └── ObjectMapEntryType.java │ │ │ └── model │ │ │ ├── DOSHeader.java │ │ │ ├── Dos16Header.java │ │ │ ├── Executable.java │ │ │ ├── FixupRecord.java │ │ │ ├── Header.java │ │ │ ├── LePageMapEntry.java │ │ │ ├── LxPageMapEntry.java │ │ │ ├── ObjectTableEntry.java │ │ │ ├── VxDDescriptionBlock.java │ │ │ └── VxDVersionResource.java │ │ └── lx │ │ ├── InvalidHeaderException.java │ │ ├── LinearLoader.java │ │ ├── Options.java │ │ └── loader │ │ ├── LeLoader.java │ │ ├── LxLoader.java │ │ └── VxDLoader.java └── resources │ └── images │ └── README.txt └── test └── java └── README.test.txt /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Executable used** 11 | Which EXE are you trying to load? Can it be found somewhere for testing? 12 | 13 | **Ghidra** 14 | Which Ghidra version are you using? 15 | 16 | **Describe the bug** 17 | What's wrong? 18 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Build ghidra-lx-loader 2 | on: 3 | pull_request: 4 | push: 5 | 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/checkout@v3 11 | - uses: actions/setup-java@v3 12 | with: 13 | java-version: '17' 14 | distribution: 'zulu' 15 | - name: Setup ghidra 16 | uses: er28-0652/setup-ghidra@master 17 | with: 18 | version: '10.2' 19 | - name: Build Ghidra extension (using gradle) 20 | uses: gradle/gradle-build-action@v2 21 | with: 22 | gradle-version: 'current' 23 | arguments: 'buildExtension' 24 | - uses: actions/upload-artifact@v3 25 | with: 26 | name: ghidra-lx-loader 27 | path: | 28 | dist/*.zip 29 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /bin/ 2 | /.classpath 3 | /.project 4 | /.settings/ 5 | /build/ 6 | /.gradle/ 7 | /dist -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | . 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Getting started 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /Module.manifest: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/Module.manifest -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Ultimate Ghidra Loader for the LX/LE executable file format 2 | 3 | Download a zip matching your Ghidra version from [releases](https://github.com/yetmorecode/ghidra-lx-loader/releases) and install it from `File > Install extensions...` 4 | 5 | ## Features 6 | 7 | * Supports LE/LX files in various formats: 8 | * OS/2 LX-Style 9 | * MSDOS DOS/16 LE-Style 10 | * MSDOS DOS/4 LE-Style 11 | * DOS32A sb.exe unbound LE/LX-Style 12 | * Windows Virtual Device Driver (VxD) 13 | * Full page-map and fixup (relocation) support 14 | * Completely typed executable headers (and other image data) with comments 15 | 16 | Optionally, various options can be specified individually for each file: 17 | 18 | * Manually override the object base addresses and segment selectors (good for syncing with a debugger / DOSBox) 19 | * Map various image data to an overlay: 20 | * Map MZ Header 21 | * Map LX Header 22 | * Map LX Loader Section 23 | * Map LX Fixup Section (fully typed!) 24 | * Map LX Data Section (i.e. the unmodified page data) 25 | * Create labels for each fixup in memory 26 | * Create labels for each page beginning in memory 27 | * Log fixup statistics / Log individual fixup types 28 | 29 | ## Tested with 30 | 31 | * F1 Manager Professional (F1.exe - DOS/4GW LE): https://www.mobygames.com/game/dos/f1-manager-professional 32 | * The Elder Scrolls Redguard (RGFX.exe - DOS/4GW LE): https://en.wikipedia.org/wiki/The_Elder_Scrolls_Adventures:_Redguard 33 | * X-Com: Apocalypse (UFO2P.EXE - DOS/16 LE and unbound LE-style) 34 | * Various files compiled with Open Watcom (DOS32A LE) 35 | * Random VxD files 36 | 37 | ## Extra 38 | 39 | ![Options](data/options.png) 40 | 41 | ![Options](data/imagedata.png) 42 | 43 | ![Options](data/labels.png) 44 | 45 | ## Manually overriding base addresses and segment selectors 46 | 47 | The loader can be instructed to manually override the base addresses and selectors of the executable's objects. I use this to feed Ghidra the same memory layout and segment selectors as I find in the dosbox debugger. In return I can use the same addresses found in Ghidra to set breakpoints in the debugger etc. 48 | 49 | To override the base addresses, just enter a comma-seperated list of hex values into the field: 50 | 51 | The loader will adjust the locations (and fixups!) accordingly: 52 | 53 | ![New locations](data/options2.png) 54 | 55 | ## Resources 56 | 57 | * https://ghidra-sre.org/ 58 | * https://moddingwiki.shikadi.net/wiki/Linear_Executable_(LX/LE)_Format 59 | * https://github.com/yetmorecode/dos32a/blob/master/src/dos32a/loader.asm 60 | * https://github.com/open-watcom/open-watcom-v2/blob/master/bld/watcom/h/exeflat.h 61 | 62 | 63 | ## Feedback 64 | 65 | If you got any feedback, please don't hesitate to open a ticket. Even if you are just using the loader without any issues I'd be happy to hear about :) 66 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | /* ### 2 | * IP: GHIDRA 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | // Builds a Ghidra Extension for a given Ghidra installation. 17 | // 18 | // An absolute path to the Ghidra installation directory must be supplied either by setting the 19 | // GHIDRA_INSTALL_DIR environment variable or Gradle project property: 20 | // 21 | // > export GHIDRA_INSTALL_DIR= 22 | // > gradle 23 | // 24 | // or 25 | // 26 | // > gradle -PGHIDRA_INSTALL_DIR= 27 | // 28 | // Gradle should be invoked from the directory of the project to build. Please see the 29 | // application.gradle.version property in /Ghidra/application.properties 30 | // for the correction version of Gradle to use for the Ghidra installation you specify. 31 | 32 | //----------------------START "DO NOT MODIFY" SECTION------------------------------ 33 | def ghidraInstallDir 34 | 35 | if (System.env.GHIDRA_INSTALL_DIR) { 36 | ghidraInstallDir = System.env.GHIDRA_INSTALL_DIR 37 | } 38 | else if (project.hasProperty("GHIDRA_INSTALL_DIR")) { 39 | ghidraInstallDir = project.getProperty("GHIDRA_INSTALL_DIR") 40 | } 41 | 42 | if (ghidraInstallDir) { 43 | apply from: new File(ghidraInstallDir).getCanonicalPath() + "/support/buildExtension.gradle" 44 | } 45 | else { 46 | throw new GradleException("GHIDRA_INSTALL_DIR is not defined!") 47 | } 48 | //----------------------END "DO NOT MODIFY" SECTION------------------------------- 49 | 50 | repositories { 51 | // Declare dependency repositories here. This is not needed if dependencies are manually 52 | // dropped into the lib/ directory. 53 | // See https://docs.gradle.org/current/userguide/declaring_repositories.html for more info. 54 | // Ex: mavenCentral() 55 | } 56 | 57 | dependencies { 58 | // Any external dependencies added here will automatically be copied to the lib/ directory when 59 | // this extension is built. 60 | } 61 | -------------------------------------------------------------------------------- /data/README.txt: -------------------------------------------------------------------------------- 1 | The "data" directory is intended to hold data files that will be used by this module and will 2 | not end up in the .jar file, but will be present in the zip or tar file. Typically, data 3 | files are placed here rather than in the resources directory if the user may need to edit them. 4 | 5 | An optional data/languages directory can exist for the purpose of containing various Sleigh language 6 | specification files and importer opinion files. 7 | 8 | The data/buildLanguage.xml is used for building the contents of the data/languages directory. 9 | 10 | The skel language definition has been commented-out within the skel.ldefs file so that the 11 | skeleton language does not show-up within Ghidra. 12 | 13 | See the Sleigh language documentation (docs/languages/index.html) for details Sleigh language 14 | specification syntax. 15 | -------------------------------------------------------------------------------- /data/dosbox.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/data/dosbox.png -------------------------------------------------------------------------------- /data/imagedata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/data/imagedata.png -------------------------------------------------------------------------------- /data/labels.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/data/labels.png -------------------------------------------------------------------------------- /data/options.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/data/options.png -------------------------------------------------------------------------------- /data/options2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/data/options2.png -------------------------------------------------------------------------------- /extension.properties: -------------------------------------------------------------------------------- 1 | name=LxLoader 2 | description=Ultimate loader for Linear Executable (LE/LX) files. Supports various formats including OS/2 LX, DOS/4 LE, DOS/16 LE and VxD. 3 | author=Maik Beckmann 4 | createdOn=2022-04-22 5 | version=@extversion@ 6 | -------------------------------------------------------------------------------- /ghidra_scripts/README.txt: -------------------------------------------------------------------------------- 1 | Java source directory to hold module-specific Ghidra scripts. 2 | -------------------------------------------------------------------------------- /lib/README.txt: -------------------------------------------------------------------------------- 1 | The "lib" directory is intended to hold Jar files which this module is dependent upon. Jar files 2 | may be placed in this directory manually, or automatically by maven via the dependencies block 3 | of this module's build.gradle file. -------------------------------------------------------------------------------- /lib/file-formats.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/yetmorecode/ghidra-lx-loader/c0bc97c9c81892c5cfc33a6baf4b0426b9609001/lib/file-formats.jar -------------------------------------------------------------------------------- /os/linux_x86_64/README.txt: -------------------------------------------------------------------------------- 1 | The "os/linux_x86_64" directory is intended to hold Linux native binaries 2 | which this module is dependent upon. This directory may be eliminated for a specific 3 | module if native binaries are not provided for the corresponding platform. 4 | -------------------------------------------------------------------------------- /os/mac_x86_64/README.txt: -------------------------------------------------------------------------------- 1 | The "os/mac_x86_64" directory is intended to hold macOS (OS X) native binaries 2 | which this module is dependent upon. This directory may be eliminated for a specific 3 | module if native binaries are not provided for the corresponding platform. 4 | -------------------------------------------------------------------------------- /os/win_x86_64/README.txt: -------------------------------------------------------------------------------- 1 | The "os/win_x86_64" directory is intended to hold MS Windows native binaries (.exe) 2 | which this module is dependent upon. This directory may be eliminated for a specific 3 | module if native binaries are not provided for the corresponding platform. 4 | -------------------------------------------------------------------------------- /src/main/help/help/TOC_Source.xml: -------------------------------------------------------------------------------- 1 | 2 | 49 | 50 | 51 | 52 | 57 | 58 | -------------------------------------------------------------------------------- /src/main/help/help/shared/Frontpage.css: -------------------------------------------------------------------------------- 1 | /* ### 2 | * IP: GHIDRA 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | /* 17 | WARNING! 18 | This file is copied to all help directories. If you change this file, you must copy it 19 | to each src/main/help/help/shared directory. 20 | 21 | 22 | Java Help Note: JavaHelp does not accept sizes (like in 'margin-top') in anything but 23 | px (pixel) or with no type marking. 24 | 25 | */ 26 | 27 | body { margin-bottom: 50px; margin-left: 10px; margin-right: 10px; margin-top: 10px; } /* some padding to improve readability */ 28 | li { font-family:times new roman; font-size:14pt; } 29 | h1 { color:#000080; font-family:times new roman; font-size:36pt; font-style:italic; font-weight:bold; text-align:center; } 30 | h2 { margin: 10px; margin-top: 20px; color:#984c4c; font-family:times new roman; font-size:18pt; font-weight:bold; } 31 | h3 { margin-left: 10px; margin-top: 20px; color:#0000ff; font-family:times new roman; `font-size:14pt; font-weight:bold; } 32 | h4 { margin-left: 10px; margin-top: 20px; font-family:times new roman; font-size:14pt; font-style:italic; } 33 | 34 | /* 35 | P tag code. Most of the help files nest P tags inside of blockquote tags (the was the 36 | way it had been done in the beginning). The net effect is that the text is indented. In 37 | modern HTML we would use CSS to do this. We need to support the Ghidra P tags, nested in 38 | blockquote tags, as well as naked P tags. The following two lines accomplish this. Note 39 | that the 'blockquote p' definition will inherit from the first 'p' definition. 40 | */ 41 | p { margin-left: 40px; font-family:times new roman; font-size:14pt; } 42 | blockquote p { margin-left: 10px; } 43 | 44 | p.providedbyplugin { color:#7f7f7f; margin-left: 10px; font-size:14pt; margin-top:100px } 45 | p.ProvidedByPlugin { color:#7f7f7f; margin-left: 10px; font-size:14pt; margin-top:100px } 46 | p.relatedtopic { color:#800080; margin-left: 10px; font-size:14pt; } 47 | p.RelatedTopic { color:#800080; margin-left: 10px; font-size:14pt; } 48 | 49 | /* 50 | We wish for a tables to have space between it and the preceding element, so that text 51 | is not too close to the top of the table. Also, nest the table a bit so that it is clear 52 | the table relates to the preceding text. 53 | */ 54 | table { margin-left: 20px; margin-top: 10px; width: 80%;} 55 | td { font-family:times new roman; font-size:14pt; vertical-align: top; } 56 | th { font-family:times new roman; font-size:14pt; font-weight:bold; background-color: #EDF3FE; } 57 | 58 | /* 59 | Code-like formatting for things such as file system paths and proper names of classes, 60 | methods, etc. To apply this to a file path, use this syntax: 61 | ... 62 | */ 63 | code { color: black; font-weight: bold; font-family: courier new, monospace; font-size: 14pt; white-space: nowrap; } 64 | code.path { color: #4682B4; font-weight: bold; font-family: courier new, monospace; font-size: 14pt; white-space: nowrap; } 65 | -------------------------------------------------------------------------------- /src/main/help/help/topics/fooloader/help.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 7 | 8 | 9 | 10 | 11 | 12 | Skeleton Help File for a Module 13 | 14 | 15 | 16 | 17 |

Skeleton Help File for a Module

18 | 19 |

This is a simple skeleton help topic. For a better description of what should and should not 20 | go in here, see the "sample" Ghidra extension in the Extensions/Ghidra directory, or see your 21 | favorite help topic. In general, language modules do not have their own help topics.

22 | 23 | 24 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/FixupSectionType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.app.util.bin.StructConverter; 6 | import ghidra.program.model.data.ArrayDataType; 7 | import ghidra.program.model.data.Category; 8 | import ghidra.program.model.data.StructureDataType; 9 | import ghidra.program.model.listing.Program; 10 | import ghidra.program.model.mem.MemoryBlock; 11 | import ghidra.util.exception.UsrException; 12 | import ghidra.util.task.TaskMonitor; 13 | import yetmorecode.ghidra.format.lx.model.Executable; 14 | import yetmorecode.ghidra.lx.Options; 15 | 16 | public class FixupSectionType extends StructureDataType { 17 | 18 | public FixupSectionType(Executable executable, int end, Options options, Category cat, Program program, MemoryBlock b, TaskMonitor monitor) throws UsrException, IOException { 19 | super("IMAGE_LE_FIXUP", 0); 20 | 21 | var h = executable.header; 22 | add(new ArrayDataType(StructConverter.DWORD, h.pageCount+1, 0), "fixup_page_table", 23 | "The Fixup Page Table provides a simple mapping of a logical page number to an offset into " 24 | + "the Fixup Record Table for that page. " 25 | + "This table is parallel to the Object Page Table, except that there is one additional entry in this " 26 | + "table to indicate the end of the Fixup Record Table." 27 | ); 28 | 29 | for (var object : executable.objects) { 30 | if (executable.objectHasFixups(object)) { 31 | add( 32 | new ObjectFixupsType(executable, object, options, cat, program, b, monitor), 33 | "fixups_object" + object.number, 34 | "Fixup records for object #" + object.number 35 | ); 36 | } 37 | } 38 | 39 | if (h.importModuleNameCount > 0) { 40 | add(new ArrayDataType(StructConverter.BYTE, h.importProcedureNameTableOffset - h.importModuleNameTableOffset, 0), "import_module_name", "TODO"); 41 | } 42 | if (h.dataPagesOffset > h.importProcedureNameTableOffset) { 43 | add(new ArrayDataType(StructConverter.BYTE, (int) ((executable.lfamz + h.dataPagesOffset - executable.lfanew) - h.importProcedureNameTableOffset), 0), "import_procedure_table", "TODO"); 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/FixupSourceType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.program.model.data.EnumDataType; 4 | 5 | public class FixupSourceType extends EnumDataType { 6 | 7 | public FixupSourceType() { 8 | super("src_type", 1); 9 | add("FIX_BYTE", 0); 10 | add("INVALID1", 1); 11 | add("FIX_PTR1616 ", 2); 12 | add("FIX_SEGMENT_16", 3); 13 | add("INVALID4", 4); 14 | add("FIX_OFFSET16", 5); 15 | add("FIX_PTR1632", 6); 16 | add("FIX_OFFSET32", 7); 17 | add("FIX_OFFSET32_SELF", 7); 18 | add("TO_ALIAS", 0x10); 19 | add("SOURCELIST", 0x20); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/FixupTargetFlags.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.program.model.data.EnumDataType; 4 | 5 | public class FixupTargetFlags extends EnumDataType { 6 | public FixupTargetFlags() { 7 | super("flags", 1); 8 | add("INTERNAL", 0); 9 | add("EXTERN_ORDINAL", 1); 10 | add("EXTERN_NAME", 2); 11 | add("EXTERN_ENTRY", 3); 12 | add("ADDITIVE", 4); 13 | add("CHAINING", 8); 14 | add("OFFSET_32", 0x10); 15 | add("ADDITIVE_32", 0x20); 16 | add("OBJECT_16", 0x40); 17 | add("ORDINAL_8", 0x80); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LePageMapEntryType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.app.util.bin.StructConverter; 4 | import ghidra.program.model.data.ArrayDataType; 5 | import ghidra.program.model.data.StructureDataType; 6 | 7 | public class LePageMapEntryType extends StructureDataType { 8 | 9 | public LePageMapEntryType() { 10 | super("page_entry", 0); 11 | add( 12 | new ArrayDataType(StructConverter.BYTE, 3, 0), 13 | "index", 14 | "Page index into data pages" 15 | ); 16 | add(StructConverter.BYTE, "flags", "Page flags"); 17 | } 18 | 19 | } 20 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LoaderSectionType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.app.util.bin.StructConverter; 4 | import ghidra.program.model.data.ArrayDataType; 5 | import ghidra.program.model.data.StructureDataType; 6 | import yetmorecode.ghidra.format.lx.model.Executable; 7 | 8 | public class LoaderSectionType extends StructureDataType { 9 | 10 | public LoaderSectionType(Executable executable, int size) { 11 | super("IMAGE_LE_LOADER", 0); 12 | 13 | if (executable.objects.size() > 0) { 14 | add( 15 | new ArrayDataType(new ObjectMapEntryType() , executable.objects.size(), 0), 16 | "object_table", 17 | "Module Object Table. Entries are numbered starting from one." 18 | ); 19 | 20 | var t = new LePageMapEntryType(); 21 | for (var object : executable.objects) { 22 | if (object.pageCount > 0) { 23 | add(new ArrayDataType(t, object.pageCount, 0), "pagemap_obj" + object.number, "Page map table for object #" + object.number); 24 | } 25 | } 26 | } 27 | 28 | var h = executable.header; 29 | if (h.resourceTableOffset > 0 && h.resourceCount > 0) { 30 | if (h.residentNameTableOffset - h.resourceTableOffset > 0) { 31 | add(new ArrayDataType(StructConverter.BYTE, h.residentNameTableOffset - h.resourceTableOffset, 0), "resources", "todo"); 32 | } 33 | } 34 | if (h.entryTableOffset - h.residentNameTableOffset > 0) { 35 | add(new ArrayDataType(StructConverter.BYTE, h.entryTableOffset - h.residentNameTableOffset, 0), "name_table", "todo"); 36 | } 37 | if (h.fixupPageTableOffset - h.entryTableOffset > 0) { 38 | add(new ArrayDataType(StructConverter.BYTE, h.fixupPageTableOffset - h.entryTableOffset, 0), "entry_table", "todo (len, ascci, ord) tuples"); 39 | } 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LxByteOrder.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.program.model.data.EnumDataType; 4 | 5 | public class LxByteOrder extends EnumDataType { 6 | public LxByteOrder() { 7 | super("order", 1); 8 | add("little", 0); 9 | add("big", 1); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LxCpuType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.program.model.data.EnumDataType; 4 | 5 | public class LxCpuType extends EnumDataType { 6 | 7 | public LxCpuType() { 8 | super("cpu_type", 2); 9 | add("x86", 0); 10 | add("286+", 1); 11 | add("386+", 2); 12 | add("486+", 3); 13 | } 14 | 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LxOSType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.program.model.data.EnumDataType; 4 | 5 | public class LxOSType extends EnumDataType { 6 | 7 | public LxOSType() { 8 | super("os_type", 2); 9 | add("unknown", 0); 10 | add("OS/2", 1); 11 | add("win1", 2); 12 | add("dos4", 3); 13 | add("win3", 4); 14 | add("IBM", 5); 15 | } 16 | 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/LxPageMapEntryType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.app.util.bin.StructConverter; 4 | import ghidra.program.model.data.StructureDataType; 5 | 6 | public class LxPageMapEntryType extends StructureDataType { 7 | 8 | public LxPageMapEntryType() { 9 | super("page_entry", 0); 10 | add(StructConverter.DWORD, "offset", "Data offset in file"); 11 | add(StructConverter.WORD, "size", "Data size in file"); 12 | add(StructConverter.WORD, "flags", "Page flags"); 13 | } 14 | 15 | } 16 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/ObjectFixupsType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.program.model.data.Category; 6 | import ghidra.program.model.data.CategoryPath; 7 | import ghidra.program.model.data.StructureDataType; 8 | import ghidra.program.model.listing.Program; 9 | import ghidra.program.model.mem.MemoryBlock; 10 | import ghidra.program.model.symbol.MemReferenceImpl; 11 | import ghidra.program.model.symbol.RefType; 12 | import ghidra.program.model.symbol.SourceType; 13 | import ghidra.util.exception.UsrException; 14 | import ghidra.util.task.TaskMonitor; 15 | import yetmorecode.file.format.lx.LinearObjectTableEntry; 16 | import yetmorecode.ghidra.format.lx.model.Executable; 17 | import yetmorecode.ghidra.format.lx.model.FixupRecord; 18 | import yetmorecode.ghidra.lx.Options; 19 | 20 | public class ObjectFixupsType extends StructureDataType { 21 | 22 | public ObjectFixupsType(Executable executable, LinearObjectTableEntry object, Options options, Category cat, Program program, MemoryBlock b, TaskMonitor monitor) throws UsrException, IOException { 23 | super(String.format("%08x_%d", options.getBaseAddress(object), object.number), 0); 24 | setCategoryPath(cat.getCategoryPath()); 25 | 26 | // Iterate over all object pages 27 | for (int i = 0; i < object.pageCount; i++) { 28 | var page = object.pageTableIndex + i; 29 | var pageSize = executable.header.pageSize; 30 | 31 | // If page has fixups 32 | if (executable.fixups.get(page).size() > 0) { 33 | var sub = new StructureDataType(String.format("%08x", options.getBaseAddress(object) + i*pageSize), 0); 34 | sub.setCategoryPath(new CategoryPath( 35 | String.format( 36 | "%s/%08x", 37 | cat.getCategoryPathName(), 38 | options.getBaseAddress(object) + (page-1)*pageSize 39 | ) 40 | )); 41 | add(sub, "page_" + page, "Page #" + page + " fixups"); 42 | 43 | // Each single fixup 44 | var current = 0; 45 | for (var fix : executable.fixups.get(page)) { 46 | var f = (FixupRecord)fix; 47 | // Add datatype 48 | var fixupData = f.toDataType(); 49 | 50 | fixupData.setCategoryPath(new CategoryPath( 51 | String.format("%s/%08x/%08x", 52 | cat.getCategoryPathName(), 53 | options.getBaseAddress(object) + i*pageSize, 54 | f.getSourceAddress() 55 | ) 56 | )); 57 | sub.add(fixupData, "fix_" + f.index, "Fixup record #" + f.index); 58 | 59 | // Add xref 60 | var to = b.getStart().add(executable.header.dataPagesOffset - executable.lfanew + (page-1)*pageSize + current); 61 | var space = program.getAddressFactory().getDefaultAddressSpace(); 62 | var ref = new MemReferenceImpl( 63 | space.getAddress(f.getSourceAddress()), 64 | to, 65 | RefType.DATA_IND, 66 | SourceType.ANALYSIS, 67 | 0, 68 | false 69 | ); 70 | program.getReferenceManager().addReference(ref); 71 | 72 | current += fixupData.getLength(); 73 | monitor.incrementProgress(1); 74 | monitor.setMessage(String.format("Mapping fixups %d of %d", monitor.getProgress(), monitor.getMaximum())); 75 | } 76 | } 77 | } 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/datatype/ObjectMapEntryType.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.datatype; 2 | 3 | import ghidra.app.util.bin.StructConverter; 4 | import ghidra.program.model.data.StructureDataType; 5 | 6 | public class ObjectMapEntryType extends StructureDataType { 7 | public ObjectMapEntryType() { 8 | super("object_entry", 0); 9 | add( 10 | StructConverter.DWORD, 4, "size", 11 | "Virtual size of object. This is the size of the object that will be allocated when the object is loaded. Theobject data length must be less than or equal to the total size of the pages in theEXE file for the object. This memory size must also be large enough to contain all ofthe iterated data and uninitialized data in the EXE file" 12 | ); 13 | add( 14 | StructConverter.DWORD, 4, "base", 15 | "Base address the object is relocated to" 16 | ); 17 | add( 18 | StructConverter.DWORD, 4, "flags", 19 | "Object flags. 0001h = Readable Object.0002h = Writable Object.0004h = Executable Object.The readable, writable and executable flags provide support for all possible protections.In systems where all of these protections are not supported, the loader will be responsiblefor making the appropriate protection match for the system.0008h = Resource Object.0010h = Discardable Object.0020h = Object is Shared.0040h = Object has Preload Pages.0080h = Object has Invalid Pages.0100h = Object has Zero Filled Pages.0200h = Object is Resident (valid for VDDs, PDDs only).0300h = Object is Resident & Contiguous (VDDs, PDDs only).0400h = Object is Resident & 'long-lockable' (VDDs, PDDs only).0800h = Reserved for system use.1000h = 16:16 Alias Required (80x86 Specific).2000h = Big/Default Bit Setting (80x86 Specific).The 'big/default' bit, for data segments, controls the setting of the Big bit in the segment descriptor.(The Big bit, or B-bit, determines whether ESP or SP is used as the stack pointer.)For code segments, this bit controls the setting of the Default bit in the segment descriptor.(The Default bit, or D-bit, determines whether the default word size is 32-bits or 16-bits.It also affects the interpretation of the instruction stream.)4000h = Object is conforming for code (80x86 Specific).8000h = Object I/O privilege level (80x86 Specific). Only used for 16:16 Alias Objects." 20 | ); 21 | add( 22 | StructConverter.DWORD, 4, "pageTableIndex", 23 | "Object Page Table Index.This specifies the number of the first object page table entry for this object.The object page table specifies where in the EXE file a page can be found for agiven object and specifies per-page attributes.The object table entries are ordered by logical page in the object table.In other words the object table entries are sorted based on the object page table index value" 24 | ); 25 | add( 26 | StructConverter.DWORD, 4, "pageCount", 27 | "# of object page table entries for this object.Any logical pages at the end of an object that do not have an entry in the object pagetable associated with them are handled as zero filled or invalid pages by the loader.When the last logical pages of an object are not specified with an object page tableentry, they are treated as either zero filled pages or invalid pages based on the lastentry in the object page table for that object.If the last entry was neither a zero filled or invalid page, then theadditional pages are treated as zero filled pages" 28 | ); 29 | add( 30 | StructConverter.DWORD, 4, "reserved", 31 | "" 32 | ); 33 | 34 | } 35 | 36 | } 37 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/DOSHeader.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import java.io.RandomAccessFile; 5 | 6 | import ghidra.app.util.bin.BinaryReader; 7 | import ghidra.app.util.bin.StructConverter; 8 | import ghidra.app.util.bin.format.Writeable; 9 | import ghidra.program.model.data.ArrayDataType; 10 | import ghidra.program.model.data.CategoryPath; 11 | import ghidra.program.model.data.DataType; 12 | import ghidra.program.model.data.StructureDataType; 13 | import ghidra.util.DataConverter; 14 | import ghidra.util.exception.DuplicateNameException; 15 | 16 | public class DOSHeader implements StructConverter, Writeable { 17 | /** The name to use when converting into a structure data type. */ 18 | public final static String NAME = "IMAGE_DOS_HEADER"; 19 | public final static int IMAGE_DOS_SIGNATURE = 0x5A4D; // MZ 20 | public final static int SIZEOF_DOS_HEADER = 64; 21 | 22 | private short e_magic; // Magic number 23 | private short e_cblp; // Bytes on last page of file 24 | private short e_cp; // Pages in file 25 | private short e_crlc; // Relocations 26 | private short e_cparhdr; // Size of header in paragraphs 27 | private short e_minalloc; // Minimum extra paragraphs needed 28 | private short e_maxalloc; // Maximum extra paragraphs needed 29 | private short e_ss; // Initial (relative) SS value 30 | private short e_sp; // Initial SP value 31 | private short e_csum; // Checksum 32 | private short e_ip; // Initial IP value 33 | private short e_cs; // Initial (relative) CS value 34 | private short e_lfarlc; // File address of relocation table 35 | private short e_ovno; // Overlay number 36 | private short [] e_res = new short[4]; // Reserved words 37 | private short e_oemid; // OEM identifier (for e_oeminfo) 38 | private short e_oeminfo; // OEM information; e_oemid specific 39 | private short [] e_res2 = new short[10]; // Reserved words 40 | private int e_lfanew; // File address of new exe header 41 | 42 | private byte [] stubBytes; 43 | 44 | private BinaryReader reader; 45 | 46 | /** 47 | * Constructs a new DOS header. 48 | * @param reader the binary reader 49 | */ 50 | public static DOSHeader createDOSHeader( 51 | BinaryReader reader) throws IOException { 52 | DOSHeader dosHeader = new DOSHeader(); 53 | dosHeader.initDOSHeader(reader); 54 | return dosHeader; 55 | } 56 | 57 | /** 58 | * DO NOT USE THIS CONSTRUCTOR, USE create*(BinaryReader ...) FACTORY METHODS INSTEAD. 59 | */ 60 | public DOSHeader() {} 61 | 62 | private void initDOSHeader(BinaryReader reader1) throws IOException { 63 | this.reader = reader1; 64 | 65 | parse(); 66 | } 67 | 68 | /** 69 | * Returns the processor name. 70 | * @return the processor name 71 | */ 72 | public String getProcessorName() { 73 | return "x86"; 74 | } 75 | /** 76 | * Returns the magic number. 77 | * @return the magic number 78 | */ 79 | public short e_magic() { 80 | return e_magic; 81 | } 82 | /** 83 | * Returns the number of bytes on the last page of file. 84 | * @return the number of bytes on the last page of the file 85 | */ 86 | public short e_cblp() { 87 | return e_cblp; 88 | } 89 | /** 90 | * Returns the number of pages in the file. 91 | * @return the number of pages in the file 92 | */ 93 | public short e_cp() { 94 | return e_cp; 95 | } 96 | /** 97 | * Returns the number of relocations. 98 | * @return the number of relocations 99 | */ 100 | public short e_crlc() { 101 | return e_crlc; 102 | } 103 | /** 104 | * Returns the size of header in paragraphs. 105 | * @return the size of header in paragraphs 106 | */ 107 | public short e_cparhdr() { 108 | return e_cparhdr; 109 | } 110 | /** 111 | * Returns the minimum extra paragraphs needed. 112 | * @return the minimum extra paragraphs needed 113 | */ 114 | public short e_minalloc() { 115 | return e_minalloc; 116 | } 117 | /** 118 | * Returns the maximum extra paragraphs needed. 119 | * @return the maximum extra paragraphs needed 120 | */ 121 | public short e_maxalloc() { 122 | return e_maxalloc; 123 | } 124 | /** 125 | * Returns the initial (relative) SS value. 126 | * @return the initial (relative) SS value 127 | */ 128 | public short e_ss() { 129 | return e_ss; 130 | } 131 | /** 132 | * Returns the initial SP value. 133 | * @return the initial SP value 134 | */ 135 | public short e_sp() { 136 | return e_sp; 137 | } 138 | /** 139 | * Returns the checksum. 140 | * @return the checksum 141 | */ 142 | public short e_csum() { 143 | return e_csum; 144 | } 145 | /** 146 | * Returns the initial IP value. 147 | * @return the initial IP value 148 | */ 149 | public short e_ip() { 150 | return e_ip; 151 | } 152 | /** 153 | * Returns the initial (relative) CS value. 154 | * @return the initial (relative) CS value 155 | */ 156 | public short e_cs() { 157 | return e_cs; 158 | } 159 | /** 160 | * Returns the file address of relocation table. 161 | * @return the file address of relocation table 162 | */ 163 | public short e_lfarlc() { 164 | return e_lfarlc; 165 | } 166 | /** 167 | * Returns the overlay number. 168 | * @return the overlay number 169 | */ 170 | public short e_ovno() { 171 | return e_ovno; 172 | } 173 | /** 174 | * Returns the reserved words. 175 | * @return the reserved words 176 | */ 177 | public short [] e_res() { 178 | return e_res; 179 | } 180 | /** 181 | * Returns the OEM identifier (for e_oeminfo). 182 | * @return the OEM identifier (for e_oeminfo) 183 | */ 184 | public short e_oemid() { 185 | return e_oemid; 186 | } 187 | /** 188 | * Returns the OEM information; e_oemid specific. 189 | * @return the OEM information; e_oemid specific 190 | */ 191 | public short e_oeminfo() { 192 | return e_oeminfo; 193 | } 194 | /** 195 | * Returns the reserved words (2). 196 | * @return the reserved words (2) 197 | */ 198 | public short [] e_res2() { 199 | return e_res2; 200 | } 201 | /** 202 | * Returns the file address of new EXE header. 203 | * @return the file address of new EXE header 204 | */ 205 | public int e_lfanew() { 206 | return e_lfanew; 207 | } 208 | 209 | public int mzSize() { 210 | return (e_cp()-1)*512 + e_cblp(); 211 | } 212 | 213 | /** 214 | * Returns true if a new EXE header exists. 215 | * @return true if a new EXE header exists 216 | */ 217 | public boolean hasNewExeHeader() { 218 | return e_lfanew >= 0 && e_lfanew <= 0x10000 && e_lfarlc== 0x40; 219 | } 220 | 221 | /** 222 | * Returns true if the DOS magic number is correct 223 | * @return true if the DOS magic number is correct 224 | */ 225 | public boolean isDosSignature() { 226 | return e_magic == IMAGE_DOS_SIGNATURE; 227 | } 228 | 229 | /** 230 | * @see ghidra.app.util.bin.StructConverter#toDataType() 231 | */ 232 | @Override 233 | public DataType toDataType() throws DuplicateNameException { 234 | StructureDataType struct = new StructureDataType(NAME, 0); 235 | struct.add(new ArrayDataType(ASCII,2,1)); 236 | for (int i=1; i <= 13; i++) { 237 | struct.add(WORD); 238 | } 239 | struct.add(new ArrayDataType(WORD,4,2)); 240 | struct.add(WORD); 241 | struct.add(WORD); 242 | struct.add(new ArrayDataType(WORD,10,2)); 243 | struct.add(DWORD); 244 | if (getProgramLen() > 0) { 245 | struct.add(new ArrayDataType(BYTE, getProgramLen(), 1)); 246 | } 247 | 248 | struct.getComponent( 0).setFieldName("e_magic"); 249 | struct.getComponent( 1).setFieldName("e_cblp"); 250 | struct.getComponent( 2).setFieldName("e_cp"); 251 | struct.getComponent( 3).setFieldName("e_crlc"); 252 | struct.getComponent( 4).setFieldName("e_cparhdr"); 253 | struct.getComponent( 5).setFieldName("e_minalloc"); 254 | struct.getComponent( 6).setFieldName("e_maxalloc"); 255 | struct.getComponent( 7).setFieldName("e_ss"); 256 | struct.getComponent( 8).setFieldName("e_sp"); 257 | struct.getComponent( 9).setFieldName("e_csum"); 258 | struct.getComponent(10).setFieldName("e_ip"); 259 | struct.getComponent(11).setFieldName("e_cs"); 260 | struct.getComponent(12).setFieldName("e_lfarlc"); 261 | struct.getComponent(13).setFieldName("e_ovno"); 262 | struct.getComponent(14).setFieldName("e_res[4]"); 263 | struct.getComponent(15).setFieldName("e_oemid"); 264 | struct.getComponent(16).setFieldName("e_oeminfo"); 265 | struct.getComponent(17).setFieldName("e_res2[10]"); 266 | struct.getComponent(18).setFieldName("e_lfanew"); 267 | if (getProgramLen() > 0) { 268 | struct.getComponent(19).setFieldName("e_program"); 269 | } 270 | 271 | struct.getComponent( 0).setComment("Magic number"); 272 | struct.getComponent( 1).setComment("Bytes of last page"); 273 | struct.getComponent( 2).setComment("Pages in file"); 274 | struct.getComponent( 3).setComment("Relocations"); 275 | struct.getComponent( 4).setComment("Size of header in paragraphs"); 276 | struct.getComponent( 5).setComment("Minimum extra paragraphs needed"); 277 | struct.getComponent( 6).setComment("Maximum extra paragraphs needed"); 278 | struct.getComponent( 7).setComment("Initial (relative) SS value"); 279 | struct.getComponent( 8).setComment("Initial SP value"); 280 | struct.getComponent( 9).setComment("Checksum"); 281 | struct.getComponent(10).setComment("Initial IP value"); 282 | struct.getComponent(11).setComment("Initial (relative) CS value"); 283 | struct.getComponent(12).setComment("File address of relocation table"); 284 | struct.getComponent(13).setComment("Overlay number"); 285 | struct.getComponent(14).setComment("Reserved words"); 286 | struct.getComponent(15).setComment("OEM identifier (for e_oeminfo)"); 287 | struct.getComponent(16).setComment("OEM information; e_oemid specific"); 288 | struct.getComponent(17).setComment("Reserved words"); 289 | struct.getComponent(18).setComment("File address of new exe header"); 290 | if (getProgramLen() > 0) { 291 | struct.getComponent(19).setComment("Actual DOS program"); 292 | } 293 | 294 | struct.setCategoryPath(new CategoryPath("/DOS")); 295 | 296 | return struct; 297 | } 298 | 299 | /** 300 | * Returns the length (in bytes) of the DOS 301 | * program. 302 | *

303 | * In other words: 304 | * e_lfanew() - SIZEOF_DOS_HEADER 305 | * 306 | * @return the length (in bytes) 307 | */ 308 | public int getProgramLen() { 309 | return stubBytes == null ? 0 : stubBytes.length; 310 | } 311 | 312 | private void parse() throws IOException { 313 | // Override this from original Ghidra 314 | //reader.setPointerIndex(0); 315 | 316 | e_magic = reader.readNextShort(); 317 | 318 | if (e_magic != IMAGE_DOS_SIGNATURE) { 319 | return; 320 | } 321 | 322 | e_cblp = reader.readNextShort(); 323 | e_cp = reader.readNextShort(); 324 | e_crlc = reader.readNextShort(); 325 | e_cparhdr = reader.readNextShort(); 326 | e_minalloc = reader.readNextShort(); 327 | e_maxalloc = reader.readNextShort(); 328 | e_ss = reader.readNextShort(); 329 | e_sp = reader.readNextShort(); 330 | e_csum = reader.readNextShort(); 331 | e_ip = reader.readNextShort(); 332 | e_cs = reader.readNextShort(); 333 | e_lfarlc = reader.readNextShort(); 334 | e_ovno = reader.readNextShort(); 335 | e_res = reader.readNextShortArray(4); 336 | e_oemid = reader.readNextShort(); 337 | e_oeminfo = reader.readNextShort(); 338 | e_res2 = reader.readNextShortArray(10); 339 | e_lfanew = reader.readNextInt(); 340 | 341 | if (isDosSignature() && e_lfanew < 0x10000) { 342 | try { 343 | stubBytes = e_lfanew > SIZEOF_DOS_HEADER ? 344 | reader.readByteArray(SIZEOF_DOS_HEADER, e_lfanew - SIZEOF_DOS_HEADER) : new byte[0]; 345 | } 346 | catch (Exception exc) { 347 | stubBytes = new byte[0]; 348 | } 349 | } 350 | else { 351 | stubBytes = new byte[0]; 352 | } 353 | } 354 | 355 | public void decrementStub(int start) { 356 | if (stubBytes.length > 0) { 357 | try { 358 | stubBytes = start > SIZEOF_DOS_HEADER ? 359 | reader.readByteArray(SIZEOF_DOS_HEADER, start - SIZEOF_DOS_HEADER) : new byte[0]; 360 | } 361 | catch (Exception exc) { 362 | stubBytes = new byte[0]; 363 | } 364 | } 365 | } 366 | 367 | /** 368 | * @see ghidra.app.util.bin.format.Writeable#write(java.io.RandomAccessFile, ghidra.util.DataConverter) 369 | */ 370 | @Override 371 | public void write(RandomAccessFile raf, DataConverter dc) throws IOException { 372 | raf.write(dc.getBytes(e_magic)); 373 | raf.write(dc.getBytes(e_cblp)); 374 | raf.write(dc.getBytes(e_cp)); 375 | raf.write(dc.getBytes(e_crlc)); 376 | raf.write(dc.getBytes(e_cparhdr)); 377 | raf.write(dc.getBytes(e_minalloc)); 378 | raf.write(dc.getBytes(e_maxalloc)); 379 | raf.write(dc.getBytes(e_ss)); 380 | raf.write(dc.getBytes(e_sp)); 381 | raf.write(dc.getBytes(e_csum)); 382 | raf.write(dc.getBytes(e_ip)); 383 | raf.write(dc.getBytes(e_cs)); 384 | raf.write(dc.getBytes(e_lfarlc)); 385 | raf.write(dc.getBytes(e_ovno)); 386 | for (short e_re : e_res) { 387 | raf.write(dc.getBytes(e_re)); 388 | } 389 | raf.write(dc.getBytes(e_oemid)); 390 | raf.write(dc.getBytes(e_oeminfo)); 391 | for (short element : e_res2) { 392 | raf.write(dc.getBytes(element)); 393 | } 394 | raf.write(dc.getBytes(e_lfanew)); 395 | raf.write(stubBytes); 396 | } 397 | } 398 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/Dos16Header.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.app.util.bin.BinaryReader; 6 | import ghidra.app.util.bin.StructConverter; 7 | import ghidra.program.model.data.ArrayDataType; 8 | import ghidra.program.model.data.DataType; 9 | import ghidra.program.model.data.StructureDataType; 10 | import ghidra.util.exception.DuplicateNameException; 11 | import yetmorecode.file.format.dos16m.BwHeader; 12 | import yetmorecode.ghidra.lx.InvalidHeaderException; 13 | 14 | public class Dos16Header extends BwHeader implements StructConverter { 15 | public final static String DATATYPE_NAME = "IMAGE_DOS16_HEADER"; 16 | 17 | private StructureDataType dt = new StructureDataType(DATATYPE_NAME, 0); 18 | 19 | public Dos16Header(BinaryReader reader, long index) throws IOException, InvalidHeaderException { 20 | long oldIndex = reader.getPointerIndex(); 21 | reader.setPointerIndex(index); 22 | 23 | signature = reader.readNextShort(); 24 | dt.add(new ArrayDataType(ASCII,2,1), "signature", "Magic number for DOS/16 BW"); 25 | if (signature != DOS16M_SIGNATURE) { 26 | throw new InvalidHeaderException("Not a DOS/16 BW Header"); 27 | } 28 | last_page_bytes = reader.readNextShort(); 29 | dt.add(WORD, 2, "last_page_bytes", "length of image mod 512"); 30 | pages_in_file = reader.readNextShort(); 31 | dt.add(WORD, 2, "pages_in_file", "number of 512 byte pages"); 32 | reserved1 = reader.readNextShort(); 33 | dt.add(WORD, 2, "reserved1", ""); 34 | reserved2 = reader.readNextShort(); 35 | dt.add(WORD, 2, "reserved2", ""); 36 | min_alloc = reader.readNextShort(); 37 | dt.add(WORD, 2, "min_alloc", "required memory, in KB"); 38 | max_alloc = reader.readNextShort(); 39 | dt.add(WORD, 2, "max_alloc", "max KB (private allocation)"); 40 | stack_seg = reader.readNextShort(); 41 | dt.add(WORD, 2, "stack_seg", "segment of stack"); 42 | stack_ptr = reader.readNextShort(); 43 | dt.add(WORD, 2, "stack_ptr", "initial SP value"); 44 | first_reloc_sel = reader.readNextShort(); 45 | dt.add(WORD, 2, "first_reloc_sel", "huge reloc list selector"); 46 | init_ip = reader.readNextShort(); 47 | dt.add(WORD, 2, "init_ip", "initial IP value"); 48 | code_seg = reader.readNextShort(); 49 | dt.add(WORD, 2, "code_seg", "segment of code"); 50 | runtime_gdt_size = reader.readNextShort(); 51 | dt.add(WORD, 2, "runtime_gdt_size", "runtime GDT size in bytes"); 52 | MAKEPM_version = reader.readNextShort(); 53 | dt.add(WORD, 2, "MAKEPM_version", "ver * 100, GLU = (ver+10)*100"); 54 | next_header_pos = reader.readNextInt(); 55 | dt.add(DWORD, 4, "next_header_pos", "file pos of next spliced .EXP"); 56 | cv_info_offset = reader.readNextInt(); 57 | dt.add(DWORD, 4, "cv_info_offset", "offset to start of debug info"); 58 | last_sel_used = reader.readNextShort(); 59 | dt.add(WORD, 2, "last_sel_used", "last selector value used"); 60 | pmem_alloc = reader.readNextShort(); 61 | dt.add(WORD, 2, "pmem_alloc", "private xm amount KB if nonzero"); 62 | alloc_incr = reader.readNextShort(); 63 | dt.add(WORD, 2, "alloc_incr", "auto ExtReserve amount, in KB"); 64 | dt.add(new ArrayDataType(BYTE,6,1), "reserved4", ""); 65 | options = reader.readNextShort(); 66 | dt.add(WORD, 2, "options", "runtime options"); 67 | trans_stack_sel = reader.readNextShort(); 68 | dt.add(WORD, 2, "trans_stack_sel", "sel of transparent stack"); 69 | exp_flags = reader.readNextShort(); 70 | dt.add(WORD, 2, "exp_flags", "see ef_ constants below"); 71 | program_size = reader.readNextShort(); 72 | dt.add(WORD, 2, "program_size", "size of program in paras (16 byte blocks)"); 73 | gdtimage_size = reader.readNextShort(); 74 | dt.add(WORD, 2, "gdtimage_size", "size of gdt in file (bytes) "); 75 | first_selector = reader.readNextShort(); 76 | dt.add(WORD, 2, "first_selector", "gdt[first_sel] = gdtimage[0], 0 => 0x80"); 77 | default_mem_strategy = reader.readNextByte(); 78 | dt.add(BYTE, 1, "default_mem_strategy", ""); 79 | dt.add(BYTE, 1, "reserved5", ""); 80 | transfer_buffer_size = reader.readNextShort(); 81 | dt.add(WORD, 2, "transfer_buffer_size", "default in bytes, 0 => 8KB"); 82 | dt.add(new ArrayDataType(BYTE,48,1), "reserved6", ""); 83 | dt.add(new ArrayDataType(ASCII,48,1), "EXP_path", "original .EXP file name"); 84 | 85 | reader.setPointerIndex(oldIndex); 86 | } 87 | 88 | @Override 89 | public DataType toDataType() throws DuplicateNameException, IOException { 90 | return dt; 91 | } 92 | } 93 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/Executable.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import java.util.ArrayList; 5 | import java.util.HashMap; 6 | 7 | import ghidra.app.util.bin.BinaryReader; 8 | import ghidra.app.util.bin.ByteProvider; 9 | import yetmorecode.file.format.lx.LinearExecutable; 10 | import yetmorecode.file.format.lx.LinearObjectTableEntry; 11 | import yetmorecode.ghidra.lx.InvalidHeaderException; 12 | import yetmorecode.ghidra.lx.Options; 13 | 14 | 15 | public class Executable extends LinearExecutable { 16 | private BinaryReader reader; 17 | 18 | public boolean isUnbound = false; 19 | 20 | // MZ header 21 | public DOSHeader mz; 22 | 23 | // DOS/16 headers 24 | public HashMap dos16Headers = new HashMap(); 25 | public DOSHeader mzSecondary; 26 | 27 | // VxD version resource (i.e. e32_winresoff) 28 | public VxDVersionResource vxd; 29 | 30 | // When there is no MZ header (i.e. unbound LE-Style executables), the new file header starts at 0 31 | public long lfanew = 0; 32 | public long lfamz = 0; 33 | 34 | public Executable(ByteProvider bp, Options options) throws IOException, InvalidHeaderException { 35 | reader = new BinaryReader(bp, true); 36 | try { 37 | // Try reading MZ header 38 | mz = DOSHeader.createDOSHeader(reader); 39 | if (mz.isDosSignature()) { 40 | if (mz.e_lfarlc() == 0x40) { 41 | // New exe style (with e_lfanew) 42 | lfanew = mz.e_lfanew(); 43 | } else { 44 | // Old exe style (without e_lfanew) 45 | long secondaryOffset = (mz.e_cp()-1)*512 + mz.e_cblp(); 46 | Dos16Header bwHeader; 47 | try { 48 | do { 49 | bwHeader = new Dos16Header(reader, secondaryOffset); 50 | dos16Headers.put(secondaryOffset, bwHeader); 51 | secondaryOffset = bwHeader.next_header_pos; 52 | } while (secondaryOffset > 0); 53 | } catch (InvalidHeaderException exception) { 54 | // Done walking BW headers 55 | } 56 | reader.setPointerIndex(secondaryOffset); 57 | mzSecondary = DOSHeader.createDOSHeader(reader); 58 | lfamz = secondaryOffset; 59 | lfanew = secondaryOffset + mzSecondary.e_lfanew(); 60 | } 61 | } 62 | } catch (Exception e) {} 63 | 64 | // LX header 65 | header = new Header(reader, lfanew); 66 | if (header.winresoff > 0 && header.winreslen > 0) { 67 | vxd = new VxDVersionResource(reader, lfamz + header.winresoff); 68 | } 69 | 70 | // Object record table 71 | for (int object = 0; object < header.objectCount; object++) { 72 | objects.add(new ObjectTableEntry(this, object)); 73 | } 74 | 75 | // Page record table 76 | for (int page = 0; page < header.pageCount; page++) { 77 | if (header.isLe()) { 78 | pageRecords.add(new LePageMapEntry(this, page)); 79 | } else { 80 | pageRecords.add(new LxPageMapEntry(this, page)); 81 | } 82 | 83 | } 84 | 85 | // Read fixup page table 86 | fixupTable = new long[header.pageCount+1]; 87 | var tableOffset = lfanew + header.fixupPageTableOffset; 88 | for (int i = 0; i <= header.pageCount; i++) { 89 | fixupTable[i] = getReader().readInt(tableOffset + i * 4); 90 | } 91 | 92 | // Read fixups 93 | var fixupRecordOffset = lfanew + header.fixupRecordTableOffset; 94 | fixupCount = 0; 95 | for (var object : objects) { 96 | for (int i = 0; i < object.pageCount; i++) { 97 | var page = object.pageTableIndex + i; 98 | fixups.put(page, new ArrayList<>()); 99 | var fixupBegin = getFixupBegin(page); 100 | var fixupEnd = getFixupEnd(page); 101 | var fixupDataSize = fixupEnd - fixupBegin; 102 | var current = 0; 103 | while (current < fixupDataSize) { 104 | var fixup = new FixupRecord( 105 | reader, 106 | fixupRecordOffset + fixupBegin + current, 107 | ++fixupCount, 108 | options.getBaseAddress(object), 109 | i 110 | ); 111 | fixups.get(page).add(fixup); 112 | current += fixup.size; 113 | } 114 | } 115 | } 116 | } 117 | 118 | /** 119 | * Returns the underlying binary reader. 120 | * @return the underlying binary reader 121 | */ 122 | public BinaryReader getBinaryReader() { 123 | return reader; 124 | } 125 | 126 | public BinaryReader getReader() { 127 | return reader; 128 | } 129 | 130 | public long getFixupBegin(int page) { 131 | return fixupTable[page-1]; 132 | } 133 | 134 | public long getFixupEnd(int page) { 135 | return fixupTable[page]; 136 | } 137 | 138 | public int totalFixups() { 139 | int total = 0; 140 | for (var i = 1; i <= header.pageCount; i++) { 141 | total += fixups.get(i).size(); 142 | } 143 | return total; 144 | } 145 | 146 | public boolean objectHasFixups(LinearObjectTableEntry object) { 147 | var total = 0; 148 | for (int i = 0; i < object.pageCount; i++) { 149 | var page = object.pageTableIndex + i; 150 | total += getFixupEnd(page) - getFixupBegin(page); 151 | } 152 | return total > 0; 153 | } 154 | } 155 | 156 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/FixupRecord.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import java.nio.ByteBuffer; 5 | import java.nio.ByteOrder; 6 | import ghidra.app.util.bin.BinaryReader; 7 | import ghidra.app.util.bin.StructConverter; 8 | import ghidra.program.model.data.ArrayDataType; 9 | import ghidra.program.model.data.DataType; 10 | import ghidra.program.model.data.StructureDataType; 11 | import ghidra.util.Msg; 12 | import ghidra.util.exception.DuplicateNameException; 13 | import yetmorecode.file.format.lx.LinearFixupRecord; 14 | import yetmorecode.ghidra.format.lx.datatype.FixupSourceType; 15 | import yetmorecode.ghidra.format.lx.datatype.FixupTargetFlags; 16 | 17 | public class FixupRecord extends LinearFixupRecord implements StructConverter { 18 | 19 | public int sourceCount = 1; 20 | public int index; 21 | public int size; 22 | public int pageAddress; 23 | 24 | public static String[] shortnames = { 25 | "byte", 26 | "inv1", 27 | "sel16", 28 | "p1616", 29 | "inv4", 30 | "off16", 31 | "p1632", 32 | "off32", 33 | "off32s", 34 | }; 35 | 36 | private StructureDataType dt; 37 | 38 | public FixupRecord(BinaryReader reader, long l, int number, int baseAddress, int page) throws IOException { 39 | var oldIndex = reader.getPointerIndex(); 40 | reader.setPointerIndex(l); 41 | index = number; 42 | this.pageAddress = baseAddress + page * 0x1000; 43 | 44 | sourceType = reader.readNextByte(); 45 | targetFlags = reader.readNextByte(); 46 | size = 2; 47 | // source data 48 | if (hasSourceList()) { 49 | sourceCount = reader.readNextByte(); 50 | size++; 51 | } else { 52 | ByteBuffer bb = ByteBuffer.allocate(2); 53 | bb.order(ByteOrder.LITTLE_ENDIAN); 54 | bb.put(reader.readNextByte()); 55 | bb.put(reader.readNextByte()); 56 | sourceOffset = bb.getShort(0); 57 | size += 2; 58 | } 59 | 60 | dt = new StructureDataType(String.format("%08x", getSourceAddress()), 0); 61 | dt.add(new FixupSourceType(), "sourceType", "The source type specifies the size and type of the fixup to be performed on the fixup source."); 62 | dt.add(new FixupTargetFlags(), "targetFlags", "The target flags specify how the target information is interpreted."); 63 | if (hasSourceList()) { 64 | dt.add(BYTE, "sourceCount", ""); 65 | } else { 66 | dt.add(WORD, "sourceOffset", 67 | "This field contains either an offset or a count depending on the Source List Flag. Ifthe Source List Flag is set, a list of source offsets follows the additive field and thisfield contains the count of the entries in the source offset list. Otherwise, this is thesingle source offset for the fixup. Source offsets are relative to the beginning of thepage where the fixup is to be made.\r\n" 68 | + "Note: For fixups that cross page boundaries, a separate fixup record is specifiedfor each page. An offset is still used for the 2nd page but it now becomes anegative offset since the fixup originated on the preceding page. (Forexample, if only the last one byte of a 32-bit address is on the page to befixed up, then the offset would have a value of -3.)" 69 | ); 70 | } 71 | 72 | // target data 73 | if (objectNumber16Bit()) { 74 | objectNumber = reader.readNextShort(); 75 | dt.add(WORD, "objectNumber", "This field is an index into the current module’s Object Table to specify the targetObject. It is a Byte value when the ‘16-bit Object Number/Module Ordinal Flag’ bit inthe target flags field is clear and a Word value when the bit is set."); 76 | size += 2; 77 | } else { 78 | objectNumber = reader.readNextByte(); 79 | if (objectNumber < 0) { 80 | objectNumber += 0x100; 81 | } 82 | dt.add(BYTE, "objectNumber", "This field is an index into the current module’s Object Table to specify the targetObject. It is a Byte value when the ‘16-bit Object Number/Module Ordinal Flag’ bit inthe target flags field is clear and a Word value when the bit is set."); 83 | size++; 84 | } 85 | 86 | if (isInternalTarget()) { 87 | if (getSourceType() == SOURCE_16BIT_SELECTOR_FIXUP) { 88 | // no target offset 89 | } else if (isTargetOffset32Bit()) { 90 | targetOffset = reader.readNextInt(); 91 | dt.add(DWORD, "targetOffset", "This field is an offset into the specified target Object. It is not present when theSource Type specifies a 16-bit Selector fixup. It is a Word value when the ‘32-bitTarget Offset Flag’ bit in the target flags field is clear and a Dword value when the bitis set."); 92 | size += 4; 93 | } else { 94 | targetOffset = reader.readNextShort(); 95 | dt.add(WORD, "targetOffset", "This field is an offset into the specified target Object. It is not present when theSource Type specifies a 16-bit Selector fixup. It is a Word value when the ‘32-bitTarget Offset Flag’ bit in the target flags field is clear and a Dword value when the bitis set."); 96 | size += 2; 97 | if (targetOffset < 0) { 98 | targetOffset += 0x10000; 99 | } 100 | } 101 | } else if ((targetFlags & TARGET_TYPE_MASK) == TARGET_IMPORT_ORDINAL) { 102 | if ((targetFlags & TARGET_16BIT_OBJECT) > 0) { 103 | ordinalIndex = reader.readNextShort(); 104 | size += 2; 105 | } else { 106 | ordinalIndex = reader.readNextByte(); 107 | size++; 108 | } 109 | if ((targetFlags & TARGET_8BIT_ORDINAL) > 0) { 110 | ordinalNumber = reader.readNextByte(); 111 | size++; 112 | } else if ((targetFlags & TARGET_32BIT_OFFSET) > 0) { 113 | ordinalNumber = reader.readNextInt(); 114 | size += 4; 115 | } else { 116 | ordinalNumber = reader.readNextShort(); 117 | size += 2; 118 | } 119 | if ((targetFlags & TARGET_ADDITIVE_FIXUP) > 0) { 120 | if ((targetFlags & TARGET_32BIT_ADDITIVE) > 0) { 121 | additive = reader.readNextInt(); 122 | size += 4; 123 | } else { 124 | additive = reader.readNextShort(); 125 | size += 2; 126 | } 127 | } 128 | } else if ((targetFlags & TARGET_TYPE_MASK) == TARGET_IMPORT_NAME) { 129 | if ((targetFlags & TARGET_16BIT_OBJECT) > 0) { 130 | ordinalIndex = reader.readNextShort(); 131 | size += 2; 132 | } else { 133 | ordinalIndex = reader.readNextByte(); 134 | size++; 135 | } 136 | if ((targetFlags & TARGET_32BIT_OFFSET) > 0) { 137 | ordinalNumber = reader.readNextInt(); 138 | size += 4; 139 | } else { 140 | ordinalNumber = reader.readNextShort(); 141 | size += 2; 142 | } 143 | if ((targetFlags & TARGET_ADDITIVE_FIXUP) > 0) { 144 | if ((targetFlags & TARGET_32BIT_ADDITIVE) > 0) { 145 | additive = reader.readNextInt(); 146 | size += 4; 147 | } else { 148 | additive = reader.readNextShort(); 149 | size += 2; 150 | } 151 | } 152 | } else if ((targetFlags & TARGET_TYPE_MASK) == TARGET_IMPORT_ENTRY) { 153 | if ((targetFlags & TARGET_16BIT_OBJECT) > 0) { 154 | ordinalIndex = reader.readNextShort(); 155 | size += 2; 156 | } else { 157 | ordinalIndex = reader.readNextByte(); 158 | size++; 159 | } 160 | if ((targetFlags & TARGET_ADDITIVE_FIXUP) > 0) { 161 | if ((targetFlags & TARGET_32BIT_ADDITIVE) > 0) { 162 | additive = reader.readNextInt(); 163 | size += 4; 164 | } else { 165 | additive = reader.readNextShort(); 166 | size += 2; 167 | } 168 | } 169 | } else { 170 | Msg.warn(this, String.format("Invalid fixup. Unhandled..")); 171 | } 172 | 173 | if (hasSourceList()) { 174 | for (int i = 0; i < sourceCount; i++) { 175 | sourceList.add(reader.readNextShort()); 176 | size += 2; 177 | } 178 | dt.add(new ArrayDataType(WORD, sourceCount, 0), "source_list", ""); 179 | } 180 | 181 | reader.setPointerIndex(oldIndex); 182 | } 183 | 184 | public int getSourceAddress() { 185 | return pageAddress + sourceOffset; 186 | } 187 | 188 | @Override 189 | public DataType toDataType() throws DuplicateNameException, IOException { 190 | return dt; 191 | } 192 | 193 | public String shortname() { 194 | return shortnames[getSourceType()]; 195 | } 196 | } 197 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/Header.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.app.util.bin.BinaryReader; 6 | import ghidra.app.util.bin.StructConverter; 7 | import ghidra.program.model.data.ArrayDataType; 8 | import ghidra.program.model.data.DataType; 9 | import ghidra.program.model.data.StructureDataType; 10 | import ghidra.util.exception.DuplicateNameException; 11 | import yetmorecode.file.format.lx.LinearHeader; 12 | import yetmorecode.ghidra.format.lx.datatype.LxByteOrder; 13 | import yetmorecode.ghidra.format.lx.datatype.LxCpuType; 14 | import yetmorecode.ghidra.format.lx.datatype.LxOSType; 15 | import yetmorecode.ghidra.lx.InvalidHeaderException; 16 | 17 | public class Header extends yetmorecode.file.format.lx.LinearHeader implements StructConverter { 18 | 19 | public final static String DATATYPE_NAME = "IMAGE_LE_HEADER"; 20 | 21 | private StructureDataType dt = new StructureDataType(DATATYPE_NAME, 0); 22 | 23 | public int unknown; 24 | 25 | public Header(BinaryReader reader, long index) throws IOException, InvalidHeaderException { 26 | long oldIndex = reader.getPointerIndex(); 27 | reader.setPointerIndex(index); 28 | 29 | signature = reader.readNextShort(); 30 | if (!isLe() && !isLx() && !isLc()) { 31 | throw new InvalidHeaderException("Signature does not match LX/LE/LC"); 32 | } 33 | dt.add( 34 | new ArrayDataType(ASCII,2,1), 35 | "e32_magic", 36 | "Magic number for LX/LE/LC" 37 | ); 38 | byteOrdering = reader.readNextByte(); 39 | dt.add( 40 | new LxByteOrder(), 1, "e32_border", 41 | "Byte ordering for EXE" 42 | ); 43 | wordOrdering = reader.readNextByte(); 44 | dt.add( 45 | new LxByteOrder(), 1, "e32_worder", 46 | "Word ordering for EXE" 47 | ); 48 | formatLevel = reader.readNextInt(); 49 | dt.add( 50 | DWORD, 4, "e32_level", 51 | "EXE Format Level is set to 0 for the initial version of the 32-bit linear EXE format. Each incompatible change to the linear EXE format must increment thisvalue. This allows the system to recognized future EXE file versions so that anappropriate error message may be displayed if an attempt is made to load them." 52 | ); 53 | cpuType = reader.readNextShort(); 54 | dt.add(new LxCpuType(), 2, "e32_cpu", "CPU"); 55 | osType = reader.readNextShort(); 56 | dt.add(new LxOSType(), 2, "e32_os", "OS"); 57 | 58 | moduleVersion = reader.readNextInt(); 59 | dt.add( 60 | DWORD, 4, "e32_ver", 61 | "Version of the linear EXE module. Useful for differentiating between revisions of dynamic linked modules. Specified at link time by the user." 62 | ); 63 | moduleFlags = reader.readNextInt(); 64 | dt.add( 65 | DWORD, 4, "e32_mflags", 66 | "Flag bits for the module." 67 | ); 68 | pageCount = reader.readNextInt(); 69 | dt.add( 70 | DWORD, 4, "e32_mpages", 71 | "# of physical pages in module. This field specifies the number of pages physically contained in this module. In other words, pages containing either enumerated or iterated data, not invalid or zero-fillpages. These pages are contained in the ‘preload pages’, ‘demand load pages’ and ‘iterated data pages’ sections of the linear EXE module." 72 | ); 73 | eipObject = reader.readNextInt(); 74 | dt.add( 75 | DWORD, 4, "e32_startobj", 76 | "Object # to which the Entry Address is relative." 77 | ); 78 | eip = reader.readNextInt(); 79 | dt.add( 80 | DWORD, 4, "e32_eip", 81 | "Entry Address of module. The Entry Address is the starting address for program modules and the library initialization and Library termination address for library modules." 82 | ); 83 | espObject = reader.readNextInt(); 84 | dt.add( 85 | DWORD, 4, "e32_stackobj", 86 | "The Object number to which the ESP is relative.This specifies the object to which the starting ESP is relative. This must be anonzero value for a program module to be correctly loaded. This field is ignored for alibrary module." 87 | ); 88 | esp = reader.readNextInt(); 89 | dt.add( 90 | DWORD, 4, "esp", 91 | "Starting stack address of module." 92 | ); 93 | pageSize = reader.readNextInt(); 94 | dt.add( 95 | DWORD, 4, "e32_esp", 96 | "The size of one page for this system." 97 | ); 98 | lastPageSize = reader.readNextInt(); 99 | dt.add( 100 | DWORD, 4, "e32_lastpagesize", 101 | "Bytes on last page (only LE) / Page offset shift (LX)" 102 | ); 103 | fixupSectionSize = reader.readNextInt(); 104 | dt.add( 105 | DWORD, 4, "e32_fixupsize", 106 | "Total size of the fixup information in bytes. This includes the following 4 tables:Fixup Page TableFixup Record TableImport Module name TableImport Procedure Name Table" 107 | ); 108 | fixupSectionChecksum = reader.readNextInt(); 109 | dt.add( 110 | DWORD, 4, "e32_fixupsum", 111 | "Checksum for fixup information. If the checksum feature is not implemented, then the linker will set these fields to zero." 112 | ); 113 | loaderSectionSize = reader.readNextInt(); 114 | dt.add( 115 | DWORD, 4, "e32_ldrsize", 116 | "Flag bits for the module." 117 | ); 118 | loaderSectionChecksum = reader.readNextInt(); 119 | dt.add( 120 | DWORD, 4, "e32_ldrsum", 121 | "Checksum for loader section. If the checksum feature is not implemented, then the linker will set these fields to zero." 122 | ); 123 | objectTableOffset = reader.readNextInt(); 124 | dt.add( 125 | DWORD, 4, "e32_objtab", 126 | "Object Table offset. This offset is relative to the beginning of the linear EXE header. This offset alsopoints to the start of the Loader Section." 127 | ); 128 | objectCount = reader.readNextInt(); 129 | dt.add( 130 | DWORD, 4, "e32_objcnt", 131 | "# of entries in Object Table." 132 | ); 133 | pageTableOffset = reader.readNextInt(); 134 | dt.add( 135 | DWORD, 4, "e32_objmap", 136 | "Object Page Table offset. This offset is relative to the beginning of the linear EXE header." 137 | ); 138 | iterPagesOffset = reader.readNextInt(); 139 | dt.add( 140 | DWORD, 4, "e32_itermap", 141 | "Object Iterated Pages offset. This offset is relative to the beginning of the EXE file." 142 | ); 143 | resourceTableOffset = reader.readNextInt(); 144 | dt.add( 145 | DWORD, 4, "e32_rsrctab", 146 | "Resource Table offset. This offset is relative to the beginning of the linear EXE header." 147 | ); 148 | resourceCount = reader.readNextInt(); 149 | dt.add( 150 | DWORD, 4, "e32_rsrccnt", 151 | "# of entries in Resource Table." 152 | ); 153 | residentNameTableOffset = reader.readNextInt(); 154 | dt.add( 155 | DWORD, 4, "e32_restab", 156 | "Resident Name Table offset. This offset is relative to the beginning of the linear EXE header." 157 | ); 158 | entryTableOffset = reader.readNextInt(); 159 | dt.add( 160 | DWORD, 4, "e32_enttab", 161 | "Entry Table offset. This offset is relative to the beginning of the linear EXE header." 162 | ); 163 | directivesTableOffset = reader.readNextInt(); 164 | dt.add( 165 | DWORD, 4, "e32_dirtab", 166 | "Module Format Directives Table offset.This offset is relative to the beginning of the linear EXE header." 167 | ); 168 | directivesCount = reader.readNextInt(); 169 | dt.add( 170 | DWORD, 4, "e32_dircnt", 171 | "# of Module Format Directives in the Table.This field specifies the number of entries in the Module Format Directives Table. " 172 | ); 173 | fixupPageTableOffset = reader.readNextInt(); 174 | dt.add( 175 | DWORD, 4, "e32_fpagetab", 176 | "Fixup Page Table offset. This offset is relative to the beginning of the linear EXE header. This offset alsopoints to the start of the Fixup Section." 177 | ); 178 | fixupRecordTableOffset = reader.readNextInt(); 179 | dt.add( 180 | DWORD, 4, "e32_frectab", 181 | "Fixup Record Table Offset. This offset is relative to the beginning of the linear EXE header" 182 | ); 183 | importModuleNameTableOffset = reader.readNextInt(); 184 | dt.add( 185 | DWORD, 4, "e32_impmod", 186 | "Import Module Name Table offset.This offset is relative to the beginning of the linear EXE header." 187 | ); 188 | importModuleNameCount = reader.readNextInt(); 189 | dt.add( 190 | DWORD, 4, "e32_impmodcnt", 191 | "# of entries in the Import Module Name Table" 192 | ); 193 | importProcedureNameTableOffset = reader.readNextInt(); 194 | dt.add( 195 | DWORD, 4, "e32_impproc", 196 | "Import Procedure Name Table offset. This offset is relative to the beginning of the linear EXE header." 197 | ); 198 | checksumTableOffset = reader.readNextInt(); 199 | dt.add( 200 | DWORD, 4, "e32_pagesum", 201 | "Per-Page Checksum Table offset.This offset is relative to the beginning of the linear EXE header." 202 | ); 203 | dataPagesOffset = reader.readNextInt(); 204 | dt.add( 205 | DWORD, 4, "e32_datapage", 206 | "Data Pages Offset. This offset is relative to the beginning of the EXE file. This offset also points to thestart of the Data Section." 207 | ); 208 | preloadPagesCount = reader.readNextInt(); 209 | dt.add( 210 | DWORD, 4, "e32_preload", 211 | "# of Preload pages for this module.Note: OS/2 2.0 does not respect the preload of pages as specified in theexecutable file for performance reasons." 212 | ); 213 | nameTableOffset = reader.readNextInt(); 214 | dt.add( 215 | DWORD, 4, "e32_nrestab", 216 | "Non-Resident Name Table offset. This offset is relative to the beginning of the EXE file" 217 | ); 218 | nameTableLength = reader.readNextInt(); 219 | dt.add( 220 | DWORD, 4, "e32_cbnrestab", 221 | "# of bytes in the Non-resident name table" 222 | ); 223 | nameTableChecksum = reader.readNextInt(); 224 | dt.add( 225 | DWORD, 4, "e32_nressum", 226 | "Non-Resident Name Table Checksum" 227 | ); 228 | autoDataSegmentObjectNumber = reader.readNextInt(); 229 | dt.add( 230 | DWORD, 4, "e32_autodata", 231 | "Auto Data Segment Object number.This is the object number for the Auto Data Segment used by 16-bit modules. Thisfield is supported for 16-bit compatibility only and is not used by 32-bit modules." 232 | ); 233 | debugOffset = reader.readNextInt(); 234 | dt.add( 235 | DWORD, 4, "e32_debuginfo", 236 | "Debug Information offset. This offset is relative to the beginning of the file. This offset also points to the start of theDebug Section." 237 | ); 238 | debugLength = reader.readNextInt(); 239 | dt.add( 240 | DWORD, 4, "e32_debuglen", 241 | "Debug Information length" 242 | ); 243 | pagesInPreloadSectionCount = reader.readNextInt(); 244 | dt.add( 245 | DWORD, 4, "e32_instpreload", 246 | "# of instance data pages found in the preload section." 247 | ); 248 | pagesInDemandSectionCount = reader.readNextInt(); 249 | dt.add( 250 | DWORD, 4, "e32_instdemand", 251 | "# of instance data pages found in the demand section." 252 | ); 253 | heapSize = reader.readNextInt(); 254 | dt.add( 255 | DWORD, 4, "e32_heapsize", 256 | "Heap size added to the Auto DS Object" 257 | ); 258 | stackSize = reader.readNextInt(); 259 | dt.add( 260 | DWORD, 4, "e32_stacksize", 261 | "Stack size" 262 | ); 263 | res3 = reader.readNextByteArray(8); 264 | dt.add(new ArrayDataType(BYTE, 8, 0), "e32_res3", "reserved"); 265 | winresoff = reader.readNextInt(); 266 | dt.add( 267 | DWORD, 4, "e32_winresoff ", 268 | "" 269 | ); 270 | winreslen = reader.readNextInt(); 271 | dt.add( 272 | DWORD, 4, "e32_winreslen ", 273 | "" 274 | ); 275 | Dev386_Device_ID = reader.readNextShort(); 276 | dt.add( 277 | WORD, 2, "Dev386_Device_ID", 278 | "" 279 | ); 280 | Dev386_DDK_Version = reader.readNextShort(); 281 | dt.add( 282 | WORD, 2, "Dev386_DDK_Version", 283 | "" 284 | ); 285 | reader.setPointerIndex(oldIndex); 286 | } 287 | 288 | public boolean isVxD() { 289 | if (!isLe()) { 290 | return false; 291 | } 292 | // Guess VxD from module type and missing eip 293 | return (moduleFlags & LinearHeader.MODULE_TYPE_MASK) == LinearHeader.MODULE_VXD && eipObject == 0; 294 | } 295 | 296 | public String getTypePrefix() { 297 | if (isLx()) { 298 | return "lx"; 299 | } 300 | if (isLc()) { 301 | return "lc"; 302 | } 303 | return "le"; 304 | } 305 | 306 | @Override 307 | public DataType toDataType() throws DuplicateNameException, IOException { 308 | return dt; 309 | } 310 | } 311 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/LePageMapEntry.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import ghidra.util.BigEndianDataConverter; 5 | import yetmorecode.file.format.lx.LePageTableEntry; 6 | 7 | public class LePageMapEntry extends LePageTableEntry { 8 | public LePageMapEntry(Executable exe, int page) throws IOException { 9 | var reader = exe.getBinaryReader(); 10 | var oldIndex = reader.getPointerIndex(); 11 | reader.setPointerIndex(exe.lfanew + exe.header.pageTableOffset + page * SIZE); 12 | long data = BigEndianDataConverter.INSTANCE.getInt(reader.readNextByteArray(4)); 13 | dataOffset = (int) ((data & 0xffffff00) >> 8); 14 | flags = (byte)(data & 0xff); 15 | if (index == exe.header.pageCount) { 16 | dataSize = (short) exe.header.lastPageSize; 17 | } else { 18 | dataSize = (short) exe.header.pageSize; 19 | } 20 | reader.setPointerIndex(oldIndex); 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/LxPageMapEntry.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import yetmorecode.file.format.lx.LxPageTableEntry; 5 | 6 | public class LxPageMapEntry extends LxPageTableEntry { 7 | public LxPageMapEntry(Executable exe, int page) throws IOException { 8 | var reader = exe.getBinaryReader(); 9 | var oldIndex = reader.getPointerIndex(); 10 | reader.setPointerIndex(exe.lfanew + exe.header.pageTableOffset + page * SIZE); 11 | dataOffset = reader.readNextInt(); 12 | dataSize = reader.readNextShort(); 13 | flags = reader.readNextShort(); 14 | reader.setPointerIndex(oldIndex); 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/ObjectTableEntry.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | import java.util.ArrayList; 5 | 6 | import yetmorecode.file.format.lx.LinearObjectTableEntry; 7 | 8 | public class ObjectTableEntry extends LinearObjectTableEntry { 9 | public long offset; 10 | 11 | public ObjectTableEntry(Executable exe, int number) throws IOException { 12 | var reader = exe.getBinaryReader(); 13 | var oldIndex = reader.getPointerIndex(); 14 | var objectTableOffset = exe.lfanew + exe.header.objectTableOffset; 15 | this.offset = objectTableOffset + number * SIZE; 16 | this.number = number + 1; 17 | reader.setPointerIndex(offset); 18 | size = reader.readNextInt(); 19 | base = reader.readNextInt(); 20 | flags = reader.readNextInt(); 21 | pageTableIndex = reader.readNextInt(); 22 | pageCount = reader.readNextInt(); 23 | reserved = reader.readNextInt(); 24 | reader.setPointerIndex(oldIndex); 25 | } 26 | 27 | public String getPermissionFlagsLabel() { 28 | return String.format( 29 | "%s%s%s", 30 | (flags & FLAG_READABLE) > 0 ? "r" : "-", 31 | (flags & FLAG_WRITEABLE) > 0 ? "w" : "-", 32 | (flags & FLAG_EXECUTABLE) > 0 ? "x" : "-" 33 | ); 34 | } 35 | 36 | public String getExtraFlagsLabel() { 37 | ArrayList f = new ArrayList<>(); 38 | f.add(getPermissionFlagsLabel()); 39 | if ((flags & FLAG_PRELOAD_PAGES) > 0) { 40 | f.add("preload pages"); 41 | } 42 | if ((flags & FLAG_1616_ALIAS) > 0) { 43 | f.add("16:16 alias"); 44 | } 45 | if ((flags & FLAG_BIG_DEFAULT_BIT) > 0) { 46 | f.add("big default"); 47 | } 48 | return String.format("%04x (%s)", flags, String.join(", ", f)); 49 | } 50 | } -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/VxDDescriptionBlock.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.app.util.bin.BinaryReader; 6 | import ghidra.app.util.bin.StructConverter; 7 | import ghidra.program.model.data.ArrayDataType; 8 | import ghidra.program.model.data.DataType; 9 | import ghidra.program.model.data.StructureDataType; 10 | import ghidra.util.exception.DuplicateNameException; 11 | import yetmorecode.file.format.vxd.DescriptionBlock; 12 | 13 | public class VxDDescriptionBlock extends DescriptionBlock implements StructConverter { 14 | public final static String DATATYPE_NAME = "IMAGE_VXD_DESCRIPTION"; 15 | 16 | private StructureDataType dt = new StructureDataType(DATATYPE_NAME, 0); 17 | 18 | private BinaryReader reader; 19 | 20 | public VxDDescriptionBlock(BinaryReader reader, long index) throws IOException { 21 | this.reader = reader; 22 | long oldIndex = reader.getPointerIndex(); 23 | reader.setPointerIndex(index); 24 | DDB_Next = nextInt("DDB_Next", "VMM RESERVED FIELD"); 25 | DDB_SDK_Version = nextShort("DDB_SDK_Version", "INIT RESERVED FIELD"); 26 | DDB_Req_Device_Number = nextShort("DDB_Req_Device_Number", "INIT "); 27 | DDB_Dev_Major_Version = nextByte("DDB_Dev_Major_Version", "INIT <0> Major device number"); 28 | DDB_Dev_Minor_Version = nextByte("DDB_Dev_Minor_Version", "INIT <0> Minor device number"); 29 | DDB_Flags = nextShort("DDB_Flags", "INIT <0> for init calls complete"); 30 | dt.add(new ArrayDataType(ASCII,8,1), "DDB_Name", "AINIT <\" \"> Device name"); 31 | DDB_Init_Order = nextInt("DDB_Init_Order", "INIT "); 32 | DDB_Control_Proc = nextInt("DDB_Control_Proc", "Offset of control procedure"); 33 | DDB_V86_API_Proc = nextInt("DDB_V86_API_Proc", "INIT <0> Offset of API procedure"); 34 | DDB_PM_API_Proc = nextInt("DDB_PM_API_Proc", "INIT <0> Offset of API procedure"); 35 | DDB_V86_API_CSIP = nextInt("DDB_V86_API_CSIP", "INIT <0> CS:IP of API entry point"); 36 | DDB_PM_API_CSIP = nextInt("DDB_PM_API_CSIP", "INIT <0> CS:IP of API entry point"); 37 | DDB_Reference_Data = nextInt("DDB_Reference_Data", "Reference data from real mode"); 38 | DDB_Service_Table_Ptr = nextInt("DDB_Service_Table_Ptr", "INIT <0> Pointer to service table"); 39 | DDB_Service_Table_Size = nextInt("DDB_Service_Table_Size", "INIT <0> Number of services"); 40 | DDB_Win32_Service_Table = nextInt("DDB_Win32_Service_Table", "INIT <0> Pointer to Win32 services"); 41 | DDB_Prev = nextInt("DDB_Prev", "INIT <'Prev'> Ptr to prev 4.0 DDB"); 42 | DDB_Reserved0 = nextInt("DDB_Reserved0", "INIT <0> Reserved"); 43 | DDB_Reserved1 = nextInt("DDB_Reserved1", "INIT <'Rsv1'> Reserved"); 44 | DDB_Reserved2 = nextInt("DDB_Reserved2", "INIT <'Rsv2'> Reserved"); 45 | DDB_Reserved3 = nextInt("DDB_Reserved3", "INIT <'Rsv3'> Reserved"); 46 | reader.setPointerIndex(oldIndex); 47 | } 48 | 49 | private byte nextByte(String name, String comment) throws IOException { 50 | dt.add(BYTE, 1, name, comment); 51 | return reader.readNextByte(); 52 | } 53 | 54 | private short nextShort(String name, String comment) throws IOException { 55 | dt.add(WORD, 2, name, comment); 56 | return reader.readNextShort(); 57 | } 58 | 59 | private int nextInt(String name, String comment) throws IOException { 60 | dt.add(DWORD, 4, name, comment); 61 | return reader.readNextInt(); 62 | } 63 | 64 | @Override 65 | public DataType toDataType() throws DuplicateNameException, IOException { 66 | return dt; 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/format/lx/model/VxDVersionResource.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.format.lx.model; 2 | 3 | import java.io.IOException; 4 | 5 | import ghidra.app.util.bin.BinaryReader; 6 | import ghidra.app.util.bin.StructConverter; 7 | import ghidra.program.model.data.ArrayDataType; 8 | import ghidra.program.model.data.DataType; 9 | import ghidra.program.model.data.StructureDataType; 10 | import ghidra.util.exception.DuplicateNameException; 11 | import yetmorecode.file.format.vxd.VersionResource; 12 | import yetmorecode.file.format.vxd.fileinfo.VS_VarFileInfo; 13 | 14 | public class VxDVersionResource extends VersionResource implements StructConverter { 15 | public final static String DATATYPE_NAME = "IMAGE_VXD_VERSION_RESOURCE"; 16 | private StructureDataType dt = new StructureDataType(DATATYPE_NAME, 0); 17 | 18 | private StructureDataType vartype = new StructureDataType("VarFileInfo", 0); 19 | private StructureDataType versiontype = new StructureDataType("VS_VERSIONINFO", 0); 20 | private StructureDataType infotype = new StructureDataType("VS_FIXEDFILEINFO", 0); 21 | private BinaryReader reader; 22 | 23 | public VxDVersionResource(BinaryReader reader, long index) throws IOException { 24 | this.reader = reader; 25 | long oldIndex = reader.getPointerIndex(); 26 | reader.setPointerIndex(index); 27 | cType = nextByte("cType", ""); 28 | wID = nextShort(dt, "wID", "Resource ID"); 29 | cName = nextByte("cName", ""); 30 | wOrdinal = nextShort(dt, "wOrdinal", "Ordinal of following resource"); 31 | wFlags = nextShort(dt, "wFlags", ""); 32 | dwResSize = nextInt(dt, "dwResSize", "Size of following resource"); 33 | 34 | 35 | info.wLength = nextShort(versiontype, "wLength", "The length, in bytes, of the VS_VERSIONINFO structure. This length does not include any padding that aligns any subsequent version resource data on a 32-bit boundary."); 36 | info.wType = nextShort(versiontype, "wType", ""); 37 | info.szKey = reader.readNextAsciiString(); 38 | versiontype.add(new ArrayDataType(StructConverter.ASCII, info.szKey.length()+1, 1), "szKey", "VS_VERSION_INFO"); 39 | 40 | info.value.dwSignature = nextInt(infotype, "dwSignature", "Contains the value 0xFEEF04BD. See verrsrc.h (include Windows.h). This is used with the szKey member of the VS_VERSIONINFO structure when searching a file for the VS_FIXEDFILEINFO structure."); 41 | info.value.dwStrucVersion = nextInt(infotype, "dwStrucVersion", "The binary version number of this structure. The high-order word of this member contains the major version number, and the low-order word contains the minor version number."); 42 | info.value.dwFileVersionMS = nextInt(infotype, "dwFileVersionMS", "The most significant 32 bits of the file's binary version number. This member is used with dwFileVersionLS to form a 64-bit value used for numeric comparisons."); 43 | info.value.dwFileVersionLS = nextInt(infotype, "dwFileVersionLS", "The least significant 32 bits of the file's binary version number. This member is used with dwFileVersionMS to form a 64-bit value used for numeric comparisons."); 44 | info.value.dwProductVersionMS = nextInt(infotype, "dwProductVersionMS", "The most significant 32 bits of the binary version number of the product with which this file was distributed. This member is used with dwProductVersionLS to form a 64-bit value used for numeric comparisons."); 45 | info.value.dwProductVersionLS = nextInt(infotype, "dwProductVersionLS", "The least significant 32 bits of the binary version number of the product with which this file was distributed. This member is used with dwProductVersionMS to form a 64-bit value used for numeric comparisons."); 46 | info.value.dwFileFlagsMask = nextInt(infotype, "dwFileFlagsMask", "Contains a bitmask that specifies the valid bits in dwFileFlags. A bit is valid only if it was defined when the file was created."); 47 | // TODO: Add types 48 | info.value.dwFileFlags = nextInt(infotype, "dwFileFlags", "Contains a bitmask that specifies the Boolean attributes of the file."); 49 | info.value.dwFileOS = nextInt(infotype, "dwFileOS", "The operating system for which this file was designed."); 50 | info.value.dwFileType = nextInt(infotype, "dwFileType", "The general type of file."); 51 | info.value.dwFileSubtype = nextInt(infotype, "dwFileSubtype", "The function of the file. The possible values depend on the value of dwFileType. For all values of dwFileType not described in the following list, dwFileSubtype is zero."); 52 | info.value.dwFileDateMS = nextInt(infotype, "dwFileDateMS", "The most significant 32 bits of the file's 64-bit binary creation date and time stamp."); 53 | info.value.dwFileDateLS = nextInt(infotype, "dwFileDateLS", "The least significant 32 bits of the file's 64-bit binary creation date and time stamp."); 54 | versiontype.add(infotype, "Value", "VS_FIXEDFILEINFO"); 55 | 56 | 57 | var len = reader.readNextShort(); 58 | var type = reader.readNextShort(); 59 | var key = reader.readNextAsciiString(); 60 | if (key.equals("VarFileInfo")) { 61 | var v = new VS_VarFileInfo(); 62 | v.wLength = len; 63 | v.wType = type; 64 | v.szKey = key; 65 | vartype.add(StructConverter.WORD, 2, "wLength", "The length, in bytes, of the entire VarFileInfo block, including all structures indicated by the Children member."); 66 | vartype.add(StructConverter.WORD, 2, "wType", ""); 67 | vartype.add(new ArrayDataType(StructConverter.ASCII, v.szKey.length()+1, 1), "szKey", ""); 68 | if (reader.getPointerIndex() % 4 != 0) { 69 | v.Padding = nextShort(vartype, "Padding", ""); 70 | } 71 | v.varLength = nextShort(vartype, "transLength", "The length, in bytes, of the VS_VERSIONINFO structure. This length does not include any padding that aligns any subsequent version resource data on a 32-bit boundary."); 72 | v.varszKey = reader.readNextAsciiString(); 73 | vartype.add(new ArrayDataType(StructConverter.ASCII, v.varszKey.length()+1, 1), "transKey", "TRANSLATION"); 74 | vartype.add(new ArrayDataType(StructConverter.DWORD, v.varLength / 4, 4), "Children", "An array of one or more values that are language and code page identifier pairs."); 75 | 76 | versiontype.add(vartype); 77 | } 78 | 79 | dt.add(versiontype, "Children", "VS_VERSIONINFO"); 80 | 81 | 82 | reader.setPointerIndex(oldIndex); 83 | } 84 | 85 | private byte nextByte(String name, String comment) throws IOException { 86 | dt.add(BYTE, 1, name, comment); 87 | return reader.readNextByte(); 88 | } 89 | 90 | private short nextShort(StructureDataType d, String name, String comment) throws IOException { 91 | d.add(WORD, 2, name, comment); 92 | return reader.readNextShort(); 93 | } 94 | 95 | private int nextInt(StructureDataType d, String name, String comment) throws IOException { 96 | d.add(DWORD, 4, name, comment); 97 | return reader.readNextInt(); 98 | } 99 | 100 | @Override 101 | public DataType toDataType() throws DuplicateNameException, IOException { 102 | return dt; 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/lx/InvalidHeaderException.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.lx; 2 | 3 | /** 4 | * An exception class to handle encountering 5 | * invalid LX/LE Headers. 6 | */ 7 | public class InvalidHeaderException extends Exception { 8 | private static final long serialVersionUID = 1L; 9 | 10 | public InvalidHeaderException(String message) { 11 | super(message); 12 | } 13 | } -------------------------------------------------------------------------------- /src/main/java/yetmorecode/ghidra/lx/LinearLoader.java: -------------------------------------------------------------------------------- 1 | package yetmorecode.ghidra.lx; 2 | 3 | import java.io.ByteArrayInputStream; 4 | import java.io.IOException; 5 | import java.util.*; 6 | 7 | import ghidra.app.util.MemoryBlockUtils; 8 | import ghidra.app.util.Option; 9 | import ghidra.app.util.bin.BinaryReader; 10 | import ghidra.app.util.bin.ByteProvider; 11 | import ghidra.app.util.bin.StructConverter; 12 | import ghidra.app.util.importer.MessageLog; 13 | import ghidra.app.util.opinion.AbstractLibrarySupportLoader; 14 | import ghidra.app.util.opinion.LoadSpec; 15 | import ghidra.framework.model.DomainObject; 16 | import ghidra.program.flatapi.FlatProgramAPI; 17 | import ghidra.program.model.address.Address; 18 | import ghidra.program.model.address.AddressOverflowException; 19 | import ghidra.program.model.address.AddressSpace; 20 | import ghidra.program.model.data.CategoryPath; 21 | import ghidra.program.model.data.DataType; 22 | import ghidra.program.model.data.StructureDataType; 23 | import ghidra.program.model.lang.LanguageCompilerSpecPair; 24 | import ghidra.program.model.listing.CodeUnit; 25 | import ghidra.program.model.listing.Data; 26 | import ghidra.program.model.listing.Program; 27 | import ghidra.program.model.symbol.MemReferenceImpl; 28 | import ghidra.program.model.symbol.RefType; 29 | import ghidra.program.model.symbol.SourceType; 30 | import ghidra.program.model.util.CodeUnitInsertionException; 31 | import ghidra.util.Msg; 32 | import ghidra.util.exception.CancelledException; 33 | import ghidra.util.exception.UsrException; 34 | import ghidra.util.task.TaskMonitor; 35 | import ghidra.program.model.data.ArrayDataType; 36 | import yetmorecode.file.format.lx.LinearFixupRecord; 37 | import yetmorecode.file.format.lx.LinearObjectTableEntry; 38 | import yetmorecode.ghidra.format.lx.datatype.FixupSectionType; 39 | import yetmorecode.ghidra.format.lx.datatype.LoaderSectionType; 40 | import yetmorecode.ghidra.format.lx.model.FixupRecord; 41 | import yetmorecode.ghidra.format.lx.model.Header; 42 | import yetmorecode.ghidra.format.lx.model.Executable; 43 | 44 | /** 45 | * LxLoader - LX/LE/LC executable format loader 46 | * 47 | * This loader is able to to load executable files of the LX/LE/LC format. 48 | * 49 | * Linear Executable is an executable file format. 50 | * It is used by OS/2, MS-DOS (DOS extender), and by MS Windows VxD files. 51 | * It is a successor to NE (New Executable). 52 | * There are two main varieties of it: LX (32-bit), and LE (mixed 16/32-bit). 53 | * LC variety is using compression (hence the C). 54 | * 55 | * @author yetmorecode@posteo.net 56 | */ 57 | public abstract class LinearLoader extends AbstractLibrarySupportLoader { 58 | protected final static String CHECK = " " + (new String(new int[] { 0x2713 }, 0, 1)) + " "; 59 | protected final static String CLOCK = " " + (new String(new int[] { 0x231b }, 0, 1)) + " "; 60 | protected final static String HORSE = " " + (new String(new int[] { 0x2658 }, 0, 1)) + " "; 61 | protected final static String ARROW = " " + (new String(new int[] { 0x2794 }, 0, 1)) + " "; 62 | 63 | protected MessageLog messageLog; 64 | protected Options loaderOptions = new Options(); 65 | 66 | @Override 67 | public abstract String getName(); 68 | 69 | public abstract void checkFormat(BinaryReader reader) throws IOException, InvalidHeaderException; 70 | 71 | @Override 72 | public Collection findSupportedLoadSpecs(ByteProvider provider) throws IOException { 73 | List loadSpecs = new ArrayList<>(); 74 | if (provider.length() < 4) { 75 | return loadSpecs; 76 | } 77 | var reader = new BinaryReader(provider, true); 78 | try { 79 | checkFormat(reader); 80 | loadSpecs.add(new LoadSpec(this, 0, new LanguageCompilerSpecPair("x86:LE:32:default", "borlandcpp"), true)); 81 | loadSpecs.add(new LoadSpec(this, 0, new LanguageCompilerSpecPair("x86:LE:32:default", "watcom"), false)); 82 | } catch (IOException e) { 83 | Msg.error(this, String.format("IOException while parsing LxExecutable: %s", e.getMessage())); 84 | e.printStackTrace(); 85 | } catch (InvalidHeaderException e) { 86 | // Everything is ok, but the provided data is not a valid LX/LE/LC 87 | } 88 | return loadSpecs; 89 | } 90 | 91 | public abstract void onLoadSuccess(Program program); 92 | 93 | @Override 94 | protected void load(ByteProvider provider, LoadSpec loadSpec, List