Support resolve PE Overlay Data. close #1

fcharlie · Jan 19, 2021 · a7cfb2e · a7cfb2e
1 parent 72e1881
commit a7cfb2e
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 1 deletion.
diff --git a/debug/pe/file.go b/debug/pe/file.go
@@ -28,7 +28,9 @@ type File struct {
 	COFFSymbols    []COFFSymbol // all COFF symbols (including auxiliary symbol records)
 	StringTable    StringTable
 
-	closer io.Closer
+	overlay []byte
+	r       io.ReaderAt
+	closer  io.Closer
 }
 
 // Open opens the named file using os.Open and prepares it for use as a PE binary.
@@ -63,6 +65,7 @@ func (f *File) Close() error {
 // NewFile creates a new File for accessing a PE binary in an underlying reader.
 func NewFile(r io.ReaderAt) (*File, error) {
 	f := new(File)
+	f.r = r
 	sr := io.NewSectionReader(r, 0, 1<<63-1)
 
 	var dosheader [96]byte

diff --git a/debug/pe/overlay.go b/debug/pe/overlay.go
@@ -0,0 +1,56 @@
+package pe
+
+import (
+	"errors"
+	"fmt"
+	"io"
+)
+
+// error
+var (
+	ErrNoOverlayFound = errors.New("no overlay found")
+)
+
+// Overlay returns the overlay of the PE fil (i.e. any optional bytes directly
+// succeeding the image).
+func (file *File) Overlay() ([]byte, error) {
+	if file.overlay == nil {
+		if err := file.parseOverlay(); err != nil {
+			return nil, err
+		}
+	}
+	return file.overlay, nil
+}
+
+// parseOverlay parses the overlay of the PE file.
+func (file *File) parseOverlay() error {
+	if file.r == nil {
+		return errors.New("invalid reader")
+	}
+	// Locate start of overlay (i.e. end of image).
+	var overlayStart int64
+	for _, s := range file.Sections {
+		if sectionStart := int64(s.Offset + s.Size); sectionStart > overlayStart {
+			overlayStart = sectionStart
+		}
+	}
+	sr, ok := file.r.(io.Seeker)
+	if !ok {
+		return errors.New("not seeker")
+	}
+	overlayEnd, err := sr.Seek(0, io.SeekEnd)
+	if err != nil {
+		return fmt.Errorf("pe: seek %v", err)
+	}
+	overlayLen := overlayEnd - overlayStart
+	if overlayLen == 0 {
+		return ErrNoOverlayFound
+	}
+	overlay := make([]byte, overlayLen)
+	ser := io.NewSectionReader(file.r, overlayStart, overlayLen)
+	if _, err := io.ReadFull(ser, overlay); err != nil {
+		return err
+	}
+	file.overlay = overlay
+	return nil
+}
diff --git a/test/gope/main.go b/test/gope/main.go
@@ -47,4 +47,10 @@ func main() {
 	for _, d := range ft.Exports {
 		fmt.Fprintf(os.Stderr, "\x1b[35mE %5d %08X %s  (Hint: %d)\x1b[0m\n", d.Ordinal, d.Address, demangle.Demangle(d.Name), d.Hint)
 	}
+	overlay, err := fd.Overlay()
+	if err != nil && err != pe.ErrNoOverlayFound {
+		fmt.Fprintf(os.Stderr, "unable LookupExports: %s %v\n", os.Args[1], err)
+		os.Exit(1)
+	}
+	fmt.Fprintf(os.Stderr, "Overlay: %v\n", string(overlay))
 }