Blob Blame History Raw
From cfd61f6958a46d5e9687f87caf04c94680382a9f Mon Sep 17 00:00:00 2001
From: Nicolas Frayer <nfrayer@redhat.com>
Date: Wed, 1 Feb 2023 12:13:45 +0100
Subject: [PATCH] generate_binary: Add NX COMPAT flag manually when genpeimg
 missing

When genpeimg or python3-pefile is missing, add the NX COMPAT flag
manually by setting bit8 of the DllCharacteristics in the optional
header, clear the TimeDateStamp and update the checksum.
---
 efi/generate_binary.py | 50 ++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/efi/generate_binary.py b/efi/generate_binary.py
index 7b802e7..10ab0b3 100755
--- a/efi/generate_binary.py
+++ b/efi/generate_binary.py
@@ -10,6 +10,13 @@
 import subprocess
 import sys
 import argparse
+import os
+import struct
+
+COFF_HDR_OFFSET = 0x80
+OPTIONALHDR_CHECKSUM = COFF_HDR_OFFSET + 0x58
+OPTIONALHDR_DLLCHARACTERISTICS = COFF_HDR_OFFSET + 0x5E
+PEHEADER_TIMEDATASTAMP = COFF_HDR_OFFSET + 0x8
 
 
 def _run_objcopy(args):
@@ -66,6 +73,27 @@ def _run_genpeimg(args):
         sys.exit(1)
 
 
+def generate_checksum(data):
+    checksum_offset: int = OPTIONALHDR_CHECKSUM
+    checksum: int = 0
+    remainder: int = len(data) % 4
+    data_len: int = len(data) + ((4 - remainder) * (remainder != 0))
+    for i in range(int(data_len / 4)):
+        if i == int(checksum_offset / 4):
+            continue
+        if i + 1 == (int(data_len / 4)) and remainder:
+            dword = struct.unpack("I", data[i * 4 :] + (b"\0" * (4 - remainder)))[0]
+        else:
+            dword = struct.unpack("I", data[i * 4 : i * 4 + 4])[0]
+        checksum += dword
+        if checksum >= 2**32:
+            checksum = (checksum & 0xFFFFFFFF) + (checksum >> 32)
+    checksum = (checksum & 0xFFFF) + (checksum >> 16)
+    checksum = checksum + (checksum >> 16)
+    checksum = checksum & 0xFFFF
+    return checksum + len(data)
+
+
 def _add_nx_pefile(args):
     # unnecessary if we have genpeimg
     if args.genpeimg:
@@ -73,8 +101,26 @@ def _add_nx_pefile(args):
     try:
         import pefile
     except ImportError:
-        print("Unable to add NX support to binaries without genpeimg or python3-pefile")
-        sys.exit(1)
+        print("Adding NX support manually to the binary")
+        with open(args.outfile, "r+b") as fh:
+            buf = bytearray(fh.read(os.path.getsize(args.outfile)))
+            fh.seek(0)
+            DllCharacteristics = struct.unpack_from(
+                "<H", buf, OPTIONALHDR_DLLCHARACTERISTICS
+            )[0]
+            DllCharacteristics |= 0x100
+            struct.pack_into(
+                "<H", buf, OPTIONALHDR_DLLCHARACTERISTICS, DllCharacteristics
+            )
+
+            # set the timestamp to 0
+            struct.pack_into("<I", buf, PEHEADER_TIMEDATASTAMP, 0x0)
+
+            # as we have set the NX COMPAT bit, regenerate the checksum
+            struct.pack_into("<I", buf, OPTIONALHDR_CHECKSUM, generate_checksum(buf))
+            fh.write(buf)
+
+        return
 
     pe = pefile.PE(args.outfile)
     pe.OPTIONAL_HEADER.DllCharacteristics |= pefile.DLL_CHARACTERISTICS[
-- 
2.39.1