Imporve resolve PE export unnamed function

debug/pe/functions.go

@@ -14,7 +14,7 @@ type ExportedSymbol struct {
 	ForwardName string
 	Address     uint32
 	Ordinal     uint16
-	Hint        uint16
+	Hint        int
 }
 
 // Exports support sort
@@ -136,43 +136,37 @@ func (f *File) LookupExports() ([]ExportedSymbol, error) {
 	if ied.NumberOfNames == 0 {
 		return nil, nil
 	}
-	ordinalBase := uint16(ied.Base)
-	exports := make([]ExportedSymbol, ied.NumberOfNames) // make
-	if ied.AddressOfNameOrdinals > ds.VirtualAddress && ied.AddressOfNameOrdinals < ds.VirtualAddress+ds.VirtualSize {
-		d = sdata[ied.AddressOfNameOrdinals-ds.VirtualAddress:]
-		if len(d) > len(exports)*2 {
-			for i := 0; i < len(exports); i++ {
-				exports[i].Ordinal = binary.LittleEndian.Uint16(d[i*2:]) + ordinalBase
-				exports[i].Hint = uint16(i)
-			}
-		}
-	} else {
-		for i := 0; i < len(exports); i++ {
-			exports[i].Ordinal = 0xFFFF
-			exports[i].Hint = uint16(i)
-		}
-	}
-	if ied.AddressOfNames > ds.VirtualAddress && ied.AddressOfNames < ds.VirtualAddress+ds.VirtualSize {
-		d = sdata[ied.AddressOfNames-ds.VirtualAddress:]
-		if len(sdata) >= len(exports)*4 {
-			for i := 0; i < len(exports); i++ {
-				start := binary.LittleEndian.Uint32(d[i*4:]) - ds.VirtualAddress
-				exports[i].Name, _ = getString(sdata, int(start))
+	dataDirEnd := idd.VirtualAddress + idd.Size
+	sectionEnd := ds.VirtualAddress + ds.VirtualSize
+	exports := make([]ExportedSymbol, ied.NumberOfFunctions) // make function
+	if ied.AddressOfFunctions > ds.VirtualAddress && ied.AddressOfFunctions+ied.NumberOfFunctions*4 < sectionEnd {
+		d = sdata[ied.AddressOfFunctions-ds.VirtualAddress:]
+		for i := uint32(0); i < ied.NumberOfFunctions; i++ {
+			address := binary.LittleEndian.Uint32(d[i*4:])
+			if address > idd.VirtualAddress && address < dataDirEnd {
+				exports[i].ForwardName, _ = getString(sdata, int(address-ds.VirtualAddress))
 			}
+			exports[i].Address = address
+			exports[i].Ordinal = uint16(i + ied.Base)
+			exports[i].Hint = -1
 		}
 	}
-	iddEnd := idd.VirtualAddress + idd.Size
-	if ied.AddressOfFunctions > ds.VirtualAddress && ied.AddressOfFunctions < ds.VirtualAddress+ds.VirtualSize {
-		d = sdata[ied.AddressOfFunctions-ds.VirtualAddress:]
-		for i := 0; i < len(exports); i++ {
-			if len(d) >= int(exports[i].Ordinal)*4+4 {
-				exports[i].Address = binary.LittleEndian.Uint32(d[int(exports[i].Ordinal-ordinalBase)*4:])
-				if exports[i].Address >= idd.VirtualAddress && exports[i].Address < iddEnd {
-					exports[i].ForwardName, _ = getString(sdata, int(exports[i].Address-ds.VirtualAddress))
-				}
+	if ied.AddressOfNames > ds.VirtualAddress && ied.AddressOfNames+ied.NumberOfNames*4 <= sectionEnd &&
+		ied.AddressOfNameOrdinals > ds.VirtualAddress && ied.AddressOfNameOrdinals+ied.NumberOfNames*2 <= sectionEnd {
+		nameTable := sdata[ied.AddressOfNames-ds.VirtualAddress:]
+		ordinalTable := sdata[ied.AddressOfNameOrdinals-ds.VirtualAddress:]
+		for i := 0; i < int(ied.NumberOfNames); i++ {
+			nameRVA := binary.LittleEndian.Uint32(nameTable[i*4:])
+			name, _ := getString(sdata, int(nameRVA-ds.VirtualAddress))
+			ordinalIndex := binary.LittleEndian.Uint16(ordinalTable[i*2:])
+			if uint32(ordinalIndex) >= ied.NumberOfFunctions {
+				continue
 			}
+			exports[ordinalIndex].Name = name
+			exports[ordinalIndex].Hint = i
 		}
 	}
+
 	sort.Sort(Exports(exports))
 	return exports, nil
 }

test/gope/main.go

@@ -45,6 +45,14 @@ func main() {
 		}
 	}
 	for _, d := range ft.Exports {
+		if len(d.Name) == 0 {
+			if len(d.ForwardName) != 0 {
+				fmt.Fprintf(os.Stderr, "\x1b[35mE %5d %08X (unnamed) (Hint: %d) --> %s\x1b[0m\n", d.Ordinal, d.Address, d.Hint, d.ForwardName)
+				continue
+			}
+			fmt.Fprintf(os.Stderr, "\x1b[35mE %5d %08X (unnamed) (Hint: %d)\x1b[0m\n", d.Ordinal, d.Address, d.Hint)
+			continue
+		}
 		if len(d.ForwardName) != 0 {
 			fmt.Fprintf(os.Stderr, "\x1b[35mE %5d %08X %s  (Hint: %d) --> %s\x1b[0m\n", d.Ordinal, d.Address, demangle.Demangle(d.Name), d.Hint, d.ForwardName)
 			continue