2019-03-17 18:42:07 +03:00
|
|
|
#ifndef PE_H
|
|
|
|
|
#define PE_H
|
|
|
|
|
|
2019-03-20 18:05:14 +03:00
|
|
|
#include <QFile>
|
2019-03-17 18:42:07 +03:00
|
|
|
#include <QString>
|
2019-03-22 23:36:22 +03:00
|
|
|
#include <QVector>
|
2019-03-18 10:33:03 +03:00
|
|
|
#include "igetlibinfo.h"
|
2019-03-17 18:42:07 +03:00
|
|
|
|
2019-03-21 00:34:57 +03:00
|
|
|
//Alghoritm of read dll file
|
|
|
|
|
|
|
|
|
|
//1. find PEMagic
|
|
|
|
|
//2. read magic
|
|
|
|
|
//3. check arhitecture (PE32 or PE32+)
|
|
|
|
|
//4. find on map of PE achitecture peraw addresses the address of section count
|
|
|
|
|
//5. find like point 4 address of begin sections headers
|
|
|
|
|
//6. read all sections or skip all sections and read only neaded information (rva addresses)
|
|
|
|
|
//7. read a size and rva address of import table and import table deley.
|
|
|
|
|
//8. convert rva addresses to raw addresses and jomp to begin import tables.
|
|
|
|
|
//9. read the all data of import tables and split it.
|
|
|
|
|
//10 find needed library of binary file.
|
|
|
|
|
|
2019-03-17 18:42:07 +03:00
|
|
|
struct LIB_META_INFO {
|
2019-03-17 20:16:48 +03:00
|
|
|
unsigned short mashine = 0x0;
|
|
|
|
|
unsigned short type = 0x0;
|
2019-03-22 23:36:22 +03:00
|
|
|
unsigned short PEIndex = 0x0;
|
|
|
|
|
unsigned short rawSectionCount = 0x0;
|
2019-03-17 20:16:48 +03:00
|
|
|
unsigned int addressImports = 0x0;
|
|
|
|
|
unsigned int sizeImportTable = 0x0;
|
|
|
|
|
};
|
2019-03-17 18:42:07 +03:00
|
|
|
|
2019-03-21 00:34:57 +03:00
|
|
|
typedef unsigned char BYTE;
|
|
|
|
|
typedef unsigned short WORD;
|
|
|
|
|
typedef unsigned int DWORD;
|
|
|
|
|
|
|
|
|
|
#define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
|
|
|
|
|
#define IMAGE_SIZEOF_SHORT_NAME 8
|
|
|
|
|
|
|
|
|
|
// Directory Entries
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_IMPORT 1 // Import Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_RESOURCE 2 // Resource Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_EXCEPTION 3 // Exception Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_SECURITY 4 // Security Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_BASERELOC 5 // Base Relocation Table
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_DEBUG 6 // Debug Directory
|
|
|
|
|
// IMAGE_DIRECTORY_ENTRY_COPYRIGHT 7 // (X86 usage)
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 7 // Architecture Specific Data
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_GLOBALPTR 8 // RVA of GP
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_TLS 9 // TLS Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 10 // Load Configuration Directory
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 11 // Bound Import Directory in headers
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_IAT 12 // Import Address Table
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 13 // Delay Load Import Descriptors
|
|
|
|
|
#define IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 14 // COM Runtime descriptor
|
|
|
|
|
|
2019-03-21 13:22:18 +03:00
|
|
|
#define ALIGN_DOWN(x, align) (x & ~(align-1))
|
|
|
|
|
#define ALIGN_UP(x, align) ((x & (align-1))?ALIGN_DOWN(x,align)+align:x)
|
|
|
|
|
|
|
|
|
|
// sectionAligment - выравнивание для секции. Значение можно узнать в Optional-header.
|
|
|
|
|
// sectionVitualAddress - RVA секции - хранится непосредственно в секции
|
|
|
|
|
// ALIGN_UP() - функция, определяющая сколько занимает секция в памяти, учитывая выравнивание
|
|
|
|
|
|
2019-03-21 00:34:57 +03:00
|
|
|
struct IMAGE_DATA_DIRECTORY {
|
|
|
|
|
DWORD VirtualAddress;
|
|
|
|
|
DWORD Size;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct IMAGE_FILE_HEADER {
|
|
|
|
|
WORD Machine;
|
|
|
|
|
WORD NumberOfSections;
|
|
|
|
|
DWORD TimeDateStamp;
|
|
|
|
|
DWORD PointerToSymbolTable;
|
|
|
|
|
DWORD NumberOfSymbols;
|
|
|
|
|
WORD SizeOfOptionalHeader;
|
|
|
|
|
WORD Characteristics;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct IMAGE_OPTIONAL_HEADER {
|
|
|
|
|
WORD Magic;
|
|
|
|
|
BYTE MajorLinkerVersion;
|
|
|
|
|
BYTE MinorLinkerVersion;
|
|
|
|
|
DWORD SizeOfCode;
|
|
|
|
|
DWORD SizeOfInitializedData;
|
|
|
|
|
DWORD SizeOfUninitializedData;
|
|
|
|
|
DWORD AddressOfEntryPoint;
|
|
|
|
|
DWORD BaseOfCode;
|
|
|
|
|
DWORD BaseOfData;
|
|
|
|
|
DWORD ImageBase;
|
|
|
|
|
DWORD SectionAlignment;
|
|
|
|
|
DWORD FileAlignment;
|
|
|
|
|
WORD MajorOperatingSystemVersion;
|
|
|
|
|
WORD MinorOperatingSystemVersion;
|
|
|
|
|
WORD MajorImageVersion;
|
|
|
|
|
WORD MinorImageVersion;
|
|
|
|
|
WORD MajorSubsystemVersion;
|
|
|
|
|
WORD MinorSubsystemVersion;
|
|
|
|
|
DWORD Win32VersionValue;
|
|
|
|
|
DWORD SizeOfImage;
|
|
|
|
|
DWORD SizeOfHeaders;
|
|
|
|
|
DWORD CheckSum;
|
|
|
|
|
WORD Subsystem;
|
|
|
|
|
WORD DllCharacteristics;
|
|
|
|
|
DWORD SizeOfStackReserve;
|
|
|
|
|
DWORD SizeOfStackCommit;
|
|
|
|
|
DWORD SizeOfHeapReserve;
|
|
|
|
|
DWORD SizeOfHeapCommit;
|
|
|
|
|
DWORD LoaderFlags;
|
|
|
|
|
DWORD NumberOfRvaAndSizes;
|
|
|
|
|
IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct IMAGE_NT_HEADERS {
|
|
|
|
|
DWORD Signature;
|
|
|
|
|
IMAGE_FILE_HEADER FileHeader;
|
|
|
|
|
IMAGE_OPTIONAL_HEADER OptionalHeader;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct IMAGE_SECTION_HEADER {
|
|
|
|
|
BYTE Name[IMAGE_SIZEOF_SHORT_NAME];
|
2019-03-22 23:36:22 +03:00
|
|
|
DWORD VirtualSize;
|
2019-03-21 00:34:57 +03:00
|
|
|
DWORD VirtualAddress;
|
|
|
|
|
DWORD SizeOfRawData;
|
|
|
|
|
DWORD PointerToRawData;
|
|
|
|
|
DWORD PointerToRelocations;
|
|
|
|
|
DWORD PointerToLinenumbers;
|
|
|
|
|
WORD NumberOfRelocations;
|
|
|
|
|
WORD NumberOfLinenumbers;
|
|
|
|
|
DWORD Characteristics;
|
|
|
|
|
};
|
|
|
|
|
|
2019-03-21 13:22:18 +03:00
|
|
|
class ROW_CONVERTER {
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
int defSection(DWORD rva);
|
|
|
|
|
|
|
|
|
|
DWORD rvaToOff(DWORD rva);
|
|
|
|
|
|
2019-03-22 23:36:22 +03:00
|
|
|
QVector<IMAGE_SECTION_HEADER> sections;
|
2019-03-21 13:22:18 +03:00
|
|
|
DWORD sectionAligment;
|
|
|
|
|
|
|
|
|
|
public:
|
2019-03-22 23:36:22 +03:00
|
|
|
ROW_CONVERTER(QVector<IMAGE_SECTION_HEADER> sctions, DWORD align);
|
2019-03-21 13:22:18 +03:00
|
|
|
DWORD convert(DWORD rva);
|
|
|
|
|
};
|
|
|
|
|
|
2019-03-18 10:33:03 +03:00
|
|
|
class PE : public IGetLibInfo {
|
2019-03-17 18:42:07 +03:00
|
|
|
|
2019-03-17 20:16:48 +03:00
|
|
|
private:
|
2019-03-21 00:34:57 +03:00
|
|
|
|
2019-03-22 23:36:22 +03:00
|
|
|
bool readSectionsHeaders(const LIB_META_INFO & info,
|
|
|
|
|
QVector<IMAGE_SECTION_HEADER> §ions,
|
|
|
|
|
QFile &file);
|
|
|
|
|
DWORD readSectionAligment(const LIB_META_INFO &info,
|
|
|
|
|
QFile &file);
|
2019-03-21 00:34:57 +03:00
|
|
|
|
2019-03-22 23:36:22 +03:00
|
|
|
unsigned short findIndexPE(QFile &file);
|
2019-03-17 20:16:48 +03:00
|
|
|
bool fillMetaInfo(LIB_META_INFO& info, const QString &file);
|
2019-03-17 18:42:07 +03:00
|
|
|
|
2019-03-18 17:12:40 +03:00
|
|
|
constexpr static unsigned int PE_MAGIC = 0x00004550;
|
|
|
|
|
constexpr static unsigned int INDEX_PE_MAGIC = 0x80;
|
2019-03-20 18:05:14 +03:00
|
|
|
constexpr static unsigned int INDEX_MAGIC = 0x18;
|
2019-03-21 00:34:57 +03:00
|
|
|
constexpr static unsigned int INDEX_IMPORTS_32 = 104;
|
|
|
|
|
constexpr static unsigned int INDEX_IMPORTS_64 = 120;
|
2019-03-22 23:36:22 +03:00
|
|
|
|
|
|
|
|
constexpr static unsigned int SECTION_HEADER_32 = 224;
|
|
|
|
|
constexpr static unsigned int SECTION_HEADER_64 = 240;
|
|
|
|
|
|
|
|
|
|
constexpr static unsigned int SECTION_ALIGMENT_INDEX_32_64 = 32;
|
|
|
|
|
|
2019-03-18 17:12:40 +03:00
|
|
|
|
2019-03-17 18:42:07 +03:00
|
|
|
public:
|
|
|
|
|
enum class MashineTypesS: unsigned short {
|
|
|
|
|
IMAGE_FILE_MACHINE_UNKNOWN = 0x0,
|
|
|
|
|
IMAGE_FILE_MACHINE_AMD64 = 0x8664, // x64
|
|
|
|
|
IMAGE_FILE_MACHINE_ARM = 0x1c0, // ARM little endian
|
|
|
|
|
IMAGE_FILE_MACHINE_ARM64 = 0xaa64, // ARM64 little endian
|
|
|
|
|
IMAGE_FILE_MACHINE_ARMNT = 0x1c4, // ARM Thumb-2 little endian
|
|
|
|
|
IMAGE_FILE_MACHINE_I386 = 0x14c, // Intel 386 or later processors and compatible processors
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
enum class RunType: unsigned short {
|
|
|
|
|
_UNKNOWN = 0x0,
|
|
|
|
|
_32bit = 0x10B,
|
|
|
|
|
_64bit = 0x20B,
|
|
|
|
|
_ROM = 0x107,
|
|
|
|
|
};
|
|
|
|
|
|
2019-03-18 10:33:03 +03:00
|
|
|
bool is32bit(const QString& file, const LIB_META_INFO *info = nullptr);
|
|
|
|
|
bool dependecies(QStringList& lisr, const QString& file,
|
|
|
|
|
const LIB_META_INFO *info = nullptr);
|
2019-03-17 18:42:07 +03:00
|
|
|
PE();
|
2019-03-18 10:33:03 +03:00
|
|
|
|
2019-03-19 21:50:05 +03:00
|
|
|
bool getLibInfo(const QString& lib, LibInfo& info) override;
|
2019-03-18 17:12:40 +03:00
|
|
|
|
|
|
|
|
~PE() override;
|
|
|
|
|
|
2019-03-17 18:42:07 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#endif // PE_H
|
