diff --git a/etc/projects/bingen/.gitignore b/etc/projects/bingen/.gitignore
new file mode 100644
index 000000000..ce4932e11
--- /dev/null
+++ b/etc/projects/bingen/.gitignore
@@ -0,0 +1,413 @@
+CMakeLists.txt.user
+CMakeCache.txt
+CMakeFiles
+CMakeScripts
+Testing
+Makefile
+cmake_install.cmake
+install_manifest.txt
+compile_commands.json
+CTestTestfile.cmake
+_deps
+CMakeUserPresets.json
+**/build
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+##
+## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
+
+# User-specific files
+*.rsuser
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Mono auto generated files
+mono_crash.*
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Ww][Ii][Nn]32/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# Visual Studio 2015/2017 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# Visual Studio 2017 auto generated files
+Generated\ Files/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# Benchmark Results
+BenchmarkDotNet.Artifacts/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# ASP.NET Scaffolding
+ScaffoldingReadMe.txt
+
+# StyleCop
+StyleCopReport.xml
+
+# Files built by Visual Studio
+*_i.c
+*_p.c
+*_h.h
+*.ilk
+*.meta
+*.obj
+*.iobj
+*.pch
+*.pdb
+*.ipdb
+*.pgc
+*.pgd
+*.rsp
+# but not Directory.Build.rsp, as it configures directory-level build defaults
+!Directory.Build.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*_wpftmp.csproj
+*.log
+*.tlog
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+*.VC.VC.opendb
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# Visual Studio Trace Files
+*.e2e
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# AxoCover is a Code Coverage Tool
+.axoCover/*
+!.axoCover/settings.json
+
+# Coverlet is a free, cross platform Code Coverage Tool
+coverage*.json
+coverage*.xml
+coverage*.info
+
+# Visual Studio code coverage results
+*.coverage
+*.coveragexml
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# Note: Comment the next line if you want to checkin your web deploy settings,
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# Microsoft Azure Web App publish settings. Comment the next line if you want to
+# checkin your Azure Web App publish settings, but sensitive information contained
+# in these scripts will be unencrypted
+PublishScripts/
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+# The packages folder can be ignored because of Package Restore
+**/[Pp]ackages/*
+# except build/, which is used as an MSBuild target.
+!**/[Pp]ackages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/[Pp]ackages/repositories.config
+# NuGet v3's project.json files produces more ignorable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directories and files
+AppPackages/
+BundleArtifacts/
+Package.StoreAssociation.xml
+_pkginfo.txt
+*.appx
+*.appxbundle
+*.appxupload
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!?*.[Cc]ache/
+
+# Others
+ClientBin/
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.jfm
+*.pfx
+*.publishsettings
+orleans.codegen.cs
+
+# Including strong name files can present a security risk
+# (https://github.com/github/gitignore/pull/2483#issue-259490424)
+#*.snk
+
+# Since there are multiple workflows, uncomment next line to ignore bower_components
+# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
+#bower_components/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+ServiceFabricBackup/
+*.rptproj.bak
+
+# SQL Server files
+*.mdf
+*.ldf
+*.ndf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+*.rptproj.rsuser
+*- [Bb]ackup.rdl
+*- [Bb]ackup ([0-9]).rdl
+*- [Bb]ackup ([0-9][0-9]).rdl
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+node_modules/
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
+*.vbw
+
+# Visual Studio 6 auto-generated project file (contains which files were open etc.)
+*.vbp
+
+# Visual Studio 6 workspace and project file (working project files containing files to include in project)
+*.dsw
+*.dsp
+
+# Visual Studio 6 technical files
+*.ncb
+*.aps
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# Paket dependency manager
+.paket/paket.exe
+paket-files/
+
+# FAKE - F# Make
+.fake/
+
+# CodeRush personal settings
+.cr/personal
+
+# Python Tools for Visual Studio (PTVS)
+__pycache__/
+*.pyc
+
+# Cake - Uncomment if you are using it
+# tools/**
+# !tools/packages.config
+
+# Tabs Studio
+*.tss
+
+# Telerik's JustMock configuration file
+*.jmconfig
+
+# BizTalk build output
+*.btp.cs
+*.btm.cs
+*.odx.cs
+*.xsd.cs
+
+# OpenCover UI analysis results
+OpenCover/
+
+# Azure Stream Analytics local run output
+ASALocalRun/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# NVidia Nsight GPU debugger configuration file
+*.nvuser
+
+# MFractors (Xamarin productivity tool) working folder
+.mfractor/
+
+# Local History for Visual Studio
+.localhistory/
+
+# Visual Studio History (VSHistory) files
+.vshistory/
+
+# BeatPulse healthcheck temp database
+healthchecksdb
+
+# Backup folder for Package Reference Convert tool in Visual Studio 2017
+MigrationBackup/
+
+# Ionide (cross platform F# VS Code tools) working folder
+.ionide/
+
+# Fody - auto-generated XML schema
+FodyWeavers.xsd
+
+# VS Code files for those working on multiple tools
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+# Local History for Visual Studio Code
+.history/
+
+# Windows Installer files from build outputs
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# JetBrains Rider
+*.sln.iml
diff --git a/etc/projects/bingen/CMakeLists.txt b/etc/projects/bingen/CMakeLists.txt
new file mode 100644
index 000000000..01df9be45
--- /dev/null
+++ b/etc/projects/bingen/CMakeLists.txt
@@ -0,0 +1,25 @@
+cmake_minimum_required(VERSION 3.12)
+project(bingen LANGUAGES CXX)
+option(ENABLE_TLS "Whether to generate TLS in resulting binary" ON)
+
+if(ENABLE_TLS)
+ add_definitions(-DENABLE_TLS)
+endif()
+
+set(CMAKE_SYSTEM_NAME Windows)
+
+add_executable(bin WIN32 "main.cc")
+set_target_properties(bin PROPERTIES LANGUAGE CXX)
+target_compile_options(bin PRIVATE
+ /GS- # Disable generation of stack check handlers
+ /GL # Enable whole program optimization
+)
+target_link_options(bin PRIVATE
+ /ENTRY:main # Explicit entry symbol since there are no CRT/libs to be linked
+ /MANIFEST:NO # Disable manifest
+ /NODEFAULTLIB # No libs; we want a pure binary
+ /FIXED # No relocs
+ /DYNAMICBASE:NO # No ASLR
+ /SAFESEH # No unwinds
+ /MERGE:.data=.text /MERGE:.CRT=.text /MERGE:.tls=.text # Combine sections to avoid paddings
+)
diff --git a/etc/projects/bingen/README.md b/etc/projects/bingen/README.md
new file mode 100644
index 000000000..6e7848621
--- /dev/null
+++ b/etc/projects/bingen/README.md
@@ -0,0 +1,63 @@
+# Test binary generator for Portable Executable
+
+## Preprocessor definitions
+
+- `ENABLE_TLS`: if defined, compile the binary with Thread Local Storage (TLS) enabled.
+
+## How to build
+
+This project is designed to be compiled by Clang (`clang-cl`) _not_ MSVC toolchain, primarily because 1) MSVC linker supports more features and may unexpectedly generate larger binaries than LLD linker under Clang, 2) compiler and linker flags are designed for specifically Clang for best efforts in reducing size of the resulting binary, 3) sometimes LLD links much smarter e.g., metadatas such as unnecessary rich headers (can be disabled by `/EMITTOOLVERSIONINFO:NO`).
+
+While MSVC toolchains are theoretically possible; but not recommended.
+
+### CMake
+
+**Prerequisites**
+- 64-bit Windows host
+- CMake 3.12 or later
+- [Ninja build system](https://ninja-build.org) (any version)
+- Clang (ideally 17 or later)
+
+Firstly run the following commands on terminal:
+
+```bash
+mkdir build
+```
+
+```bash
+cd build
+```
+
+```bash
+cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_COMPILER=clang-cl
+```
+
+Then build the binary:
+
+```bash
+cmake --build . --config release
+```
+
+### Visual Studio
+
+**Prerequisites**
+- 64-bit Windows host
+- Visual Studio 2022 (editions do not matter)
+ - C++ Clang Compiler for Windows [or this method if you have manual installation](#optional-referencing-manually-installed-clang-toolchain)
+ - MSBuild support for LLVM (clang-cl) toolset
+
+Open `bingen.sln` under [`etc/projects/bingen`](etc/projects/bingen/) and compile as Release (Debug configuration is redacted).
+
+#### Optional: Referencing manually-installed Clang toolchain
+
+If you do not have or not willing to install Clang under Visual Studio individual components, [customize the build by folder for MSBuild](https://learn.microsoft.com/en-us/visualstudio/msbuild/customize-by-directory?view=vs-2022) by deploying following `Directory.build.props` right next to the `.sln`:
+
+```xml
+
+
+
+ C:/path/to/llvm/bin
+ xx.xxxx.x
+
+
+```
diff --git a/etc/projects/bingen/bingen.sln b/etc/projects/bingen/bingen.sln
new file mode 100644
index 000000000..8e6763288
--- /dev/null
+++ b/etc/projects/bingen/bingen.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.12.35527.113
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bingen", "bingen.vcxproj", "{45EE6877-125F-49B9-9837-D91D38F6C2A3}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Release|x64 = Release|x64
+ Release|x86 = Release|x86
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {45EE6877-125F-49B9-9837-D91D38F6C2A3}.Release|x64.ActiveCfg = Release|x64
+ {45EE6877-125F-49B9-9837-D91D38F6C2A3}.Release|x64.Build.0 = Release|x64
+ {45EE6877-125F-49B9-9837-D91D38F6C2A3}.Release|x86.ActiveCfg = Release|Win32
+ {45EE6877-125F-49B9-9837-D91D38F6C2A3}.Release|x86.Build.0 = Release|Win32
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/etc/projects/bingen/bingen.vcxproj b/etc/projects/bingen/bingen.vcxproj
new file mode 100644
index 000000000..5029990e2
--- /dev/null
+++ b/etc/projects/bingen/bingen.vcxproj
@@ -0,0 +1,91 @@
+
+
+
+
+ Release
+ Win32
+
+
+ Release
+ x64
+
+
+
+ {45EE6877-125F-49B9-9837-D91D38F6C2A3}
+
+
+
+
+
+
+ Application
+ false
+ v143
+ true
+ Unicode
+
+
+ Application
+ false
+ ClangCL
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+ Level3
+ true
+ true
+ true
+ WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+ true
+ true
+
+
+
+
+ Level3
+ true
+ true
+ true
+ NDEBUG;_CONSOLE;ENABLE_TLS;%(PreprocessorDefinitions)
+ true
+ false
+
+
+ Console
+ true
+ true
+ false
+ true
+ main
+ false
+ true
+ /MERGE:.data=.text /MERGE:.CRT=.text /MERGE:.tls=.text
+ true
+
+
+
+
+
+
\ No newline at end of file
diff --git a/etc/projects/bingen/main.cc b/etc/projects/bingen/main.cc
new file mode 100644
index 000000000..6b0de49e7
--- /dev/null
+++ b/etc/projects/bingen/main.cc
@@ -0,0 +1,46 @@
+#include
+
+#if !(_WIN64)
+#error "Only x64 is supported"
+#endif
+
+#ifdef ENABLE_TLS
+EXTERN_C unsigned int _tls_index{};
+static void NTAPI tls_callback(PVOID, DWORD, PVOID) {}
+
+// Force include unreferenced symbols
+// Marker symbol to tell the linker that TLS is being used
+#pragma comment(linker, "/INCLUDE:_tls_used")
+#pragma comment(linker, "/INCLUDE:_tls_callback")
+
+#pragma data_seg(".tls")
+int _tls_start = 0;
+#pragma const_seg()
+
+#pragma data_seg(".tls$ZZZ")
+int _tls_end = 0;
+#pragma const_seg()
+
+#pragma data_seg(".CRT$XLA")
+int __xl_a = 0;
+#pragma const_seg()
+
+#pragma data_seg(".CRT$XLZ")
+int __xl_z = 0;
+#pragma const_seg()
+
+#pragma const_seg(".CRT$XLB")
+EXTERN_C const PIMAGE_TLS_CALLBACK _tls_callback[] = { &tls_callback, 0 };
+#pragma const_seg()
+
+EXTERN_C IMAGE_TLS_DIRECTORY _tls_used = {
+ /*StartAddressOfRawData*/(ULONG64)&_tls_start,
+ /*EndAddressOfRawData*/(ULONG64)&_tls_end,
+ /*AddressOfIndex*/(ULONG64)&_tls_index,
+ /*AddressOfCallbacks*/(ULONG64)&_tls_callback,
+ /*SizeOfZeroFill*/0,
+ /*Characteristics*/{0},
+};
+#endif // #ifdef ENABLE_TLS
+
+int main() { return 0; }
diff --git a/src/pe/tls.rs b/src/pe/tls.rs
index 2369bb0e6..0a72fb382 100644
--- a/src/pe/tls.rs
+++ b/src/pe/tls.rs
@@ -7,6 +7,37 @@ use crate::pe::options;
use crate::pe::section_table;
use crate::pe::utils;
+/// Indicates 1-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_1BYTES: u32 = 0x00100000;
+/// Indicates 2-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_2BYTES: u32 = 0x00200000;
+/// Indicates 4-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_4BYTES: u32 = 0x00300000;
+/// Indicates 8-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_8BYTES: u32 = 0x00400000;
+/// Indicates 16-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_16BYTES: u32 = 0x00500000;
+/// Indicates 32-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_32BYTES: u32 = 0x00600000;
+/// Indicates 64-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_64BYTES: u32 = 0x00700000;
+/// Indicates 128-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_128BYTES: u32 = 0x00800000;
+/// Indicates 256-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_256BYTES: u32 = 0x00900000;
+/// Indicates 512-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_512BYTES: u32 = 0x00A00000;
+/// Indicates 1024-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_1024BYTES: u32 = 0x00B00000;
+/// Indicates 2048-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_2048BYTES: u32 = 0x00D00000;
+/// Indicates 4096-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_4096BYTES: u32 = 0x00C00000;
+/// Indicates 8192-byte alignment for Thread Local Storage (TLS) characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_8192BYTES: u32 = 0x00E00000;
+/// Mask for isolating alignment information from the characteristics field in [`ImageTlsDirectory::characteristics`]
+pub const TLS_CHARACTERISTICS_ALIGN_MASK: u32 = 0x00F00000;
+
/// Represents the TLS directory `IMAGE_TLS_DIRECTORY64`.
#[repr(C)]
#[derive(Debug, PartialEq, Copy, Clone, Default, Pread, Pwrite, SizeWith)]
@@ -28,6 +59,24 @@ pub struct ImageTlsDirectory {
/// The size of the zero fill.
pub size_of_zero_fill: u32,
/// The characteristics of the TLS.
+ ///
+ /// Contains one or more bitflags of:
+ ///
+ /// - [`TLS_CHARACTERISTICS_ALIGN_1BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_2BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_4BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_8BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_16BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_32BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_64BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_128BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_256BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_512BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_1024BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_2048BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_4096BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_8192BYTES`]
+ /// - [`TLS_CHARACTERISTICS_ALIGN_MASK`]
pub characteristics: u32,
}
@@ -223,8 +272,16 @@ impl<'a> TlsData<'a> {
if callback == 0 {
break;
}
+ if callback < image_base as u64 {
+ return Err(error::Error::Malformed(format!(
+ "tls callback ({:#x}) is less than image base ({:#x})",
+ callback, image_base
+ )));
+ }
// Each callback is an VA so convert it to RVA
- let callback_rva = callback as usize - image_base;
+ // For x86 compatibility, `usize` is 32-bit, `u64` is 64-bit.
+ // Therefore upcast to u64 first, then downcast the whole var to u32.
+ let callback_rva = (callback - image_base as u64) as usize;
// Check if the callback is in the image
if utils::find_offset(callback_rva, sections, file_alignment, opts).is_none() {
return Err(error::Error::Malformed(format!(
@@ -245,3 +302,110 @@ impl<'a> TlsData<'a> {
}))
}
}
+
+#[cfg(test)]
+mod tests {
+ use super::TLS_CHARACTERISTICS_ALIGN_4BYTES;
+
+ const SPECIAL_IMPORT_FORWARDER_TLS: &[u8] =
+ include_bytes!("../../tests/bins/pe/special_import_forwarder_tls.exe.bin");
+ const LLD_TLS_SLOT_VIRTONLY_BIN64: &[u8] =
+ include_bytes!("../../tests/bins/pe/lld_tls_slot_virtonly.exe.bin");
+ const LLD_MALFORMED_TLS_CALLBACKS_BIN64: &[u8] =
+ include_bytes!("../../tests/bins/pe/lld_malformed_tls_callbacks_64.exe.bin");
+ const LLD_WITH_TLS_BIN64: &[u8] = include_bytes!("../../tests/bins/pe/lld_with_tls_64.exe.bin");
+ const LLD_NO_TLS_BIN64: &[u8] = include_bytes!("../../tests/bins/pe/lld_no_tls_64.exe.bin");
+
+ /// Binary without TLS directory
+ #[test]
+ fn parse_no_tls() {
+ let binary = crate::pe::PE::parse(LLD_NO_TLS_BIN64).expect("Unable to parse binary");
+ assert_eq!(binary.tls_data.is_none(), true);
+ }
+
+ #[test]
+ fn parse_with_tls() {
+ let binary = crate::pe::PE::parse(LLD_WITH_TLS_BIN64).expect("Unable to parse binary");
+ assert_eq!(binary.tls_data.is_some(), true);
+ let tls_data = binary.tls_data.unwrap();
+ let dir = tls_data.image_tls_directory;
+
+ assert_eq!(tls_data.callbacks, vec![0x140001000]);
+ assert_eq!(dir.address_of_callbacks, 0x140001020);
+
+ let raw_data_expect: &[u8] = &[0, 0, 0, 0];
+ assert_eq!(
+ tls_data
+ .raw_data
+ .as_ref()
+ .map(|x| x.len() == 4)
+ .unwrap_or(false),
+ true
+ );
+ assert_eq!(tls_data.raw_data, Some(raw_data_expect));
+ assert_eq!(dir.start_address_of_raw_data, 0x140001060);
+ assert_eq!(dir.end_address_of_raw_data, 0x140001064);
+
+ assert_eq!(tls_data.slot, Some(0xCCCCCCCC));
+ assert_eq!(dir.address_of_index, 0x140001034);
+
+ assert_eq!(dir.size_of_zero_fill, 0x0);
+ assert_eq!(dir.characteristics, TLS_CHARACTERISTICS_ALIGN_4BYTES);
+ }
+
+ /// Contains two valid callbacks, but null-terminator is (intentionally, for test)
+ /// malformed with 8-bytes `08 07 06 05 04 03 02 01` (LE).
+ #[test]
+ fn parse_malformed_tls_callbacks() {
+ let binary = crate::pe::PE::parse(LLD_MALFORMED_TLS_CALLBACKS_BIN64);
+ match binary {
+ Ok(_) => unreachable!("Malformed TLS callbacks should fail to parse"),
+ Err(crate::error::Error::Malformed(msg)) => {
+ assert_eq!(msg, "cannot map tls callback (0x807060504030201)");
+ }
+ Err(err) => unreachable!("Unexpected error: {err:?}"),
+ }
+ }
+
+ /// Binaries compiled with a valid TLS index may generate an binary that
+ /// its TLS directory contains `AddressOfIndex` field that only
+ /// present in virtual address when mapped to virtual memory.
+ ///
+ /// Issue:
+ #[test]
+ fn parse_tls_slot_nonexist_in_raw() {
+ let binary =
+ crate::pe::PE::parse(LLD_TLS_SLOT_VIRTONLY_BIN64).expect("Unable to parse binary");
+ assert_eq!(binary.tls_data.is_some(), true);
+ let tls_data = binary.tls_data.unwrap();
+ assert_eq!(tls_data.slot, None);
+ }
+
+ /// So-called "special import forwarder TLS" means the address of callbacks points
+ /// to the VA of FT (first thunk, aka address table) within an associated import descriptor.
+ ///
+ /// This forwarder allows a exported symbol in the external DLL to be called as main
+ /// executables TLS callbacks ealier than DLLs TLS callbacks callouts.
+ ///
+ /// When the image is mapped to memory for execution:
+ ///
+ /// 1. Windows loader loads up the depencency specified in the descriptor (`abcd.dll`)
+ /// 2. Windows loader resolves import symbol and writes absolute address of import symbol (`abcd.dll!ORDINAL 00001`)
+ /// 3. Once entire dependencies are resolved, Windows loader then calls out the chain of TLS callbacks
+ /// specified in the `AddressOfCallbacks` in TLS directory.
+ /// 4. The imported symbol (`abcd.dll!ORDINAL 00001`) is called as an TLS callback.
+ ///
+ /// This executable cannot be created by any combinations of compiler or linker options. Instead, it requires manual or
+ /// automated process of modifying artifact binary.
+ #[test]
+ fn parse_special_import_fowarder_tls() {
+ let binary = crate::pe::PE::parse(SPECIAL_IMPORT_FORWARDER_TLS);
+ match binary {
+ Ok(_) => unreachable!("Special import forwarder TLS should fail to parse"),
+ Err(crate::error::Error::Malformed(msg)) => {
+ assert_eq!(msg, "cannot map tls callback (0x800000000000c8c6)")
+ }
+ Err(err) => unreachable!("Unexpected error: {err:?}"),
+ }
+ }
+}
diff --git a/tests/bins/pe/lld_malformed_tls_callbacks_64.exe.bin b/tests/bins/pe/lld_malformed_tls_callbacks_64.exe.bin
new file mode 100644
index 000000000..85961442c
Binary files /dev/null and b/tests/bins/pe/lld_malformed_tls_callbacks_64.exe.bin differ
diff --git a/tests/bins/pe/lld_no_tls_64.exe.bin b/tests/bins/pe/lld_no_tls_64.exe.bin
new file mode 100644
index 000000000..7ba3c8af9
Binary files /dev/null and b/tests/bins/pe/lld_no_tls_64.exe.bin differ
diff --git a/tests/bins/pe/lld_tls_slot_virtonly.exe.bin b/tests/bins/pe/lld_tls_slot_virtonly.exe.bin
new file mode 100644
index 000000000..edb835461
Binary files /dev/null and b/tests/bins/pe/lld_tls_slot_virtonly.exe.bin differ
diff --git a/tests/bins/pe/lld_with_tls_64.exe.bin b/tests/bins/pe/lld_with_tls_64.exe.bin
new file mode 100644
index 000000000..a81dbe7ea
Binary files /dev/null and b/tests/bins/pe/lld_with_tls_64.exe.bin differ
diff --git a/tests/bins/pe/special_import_forwarder_tls.exe.bin b/tests/bins/pe/special_import_forwarder_tls.exe.bin
new file mode 100644
index 000000000..7453f5085
Binary files /dev/null and b/tests/bins/pe/special_import_forwarder_tls.exe.bin differ