first version of PE simple parser

2025-04-27 18:24:33 +00:00 · 2019-03-17 20:16:48 +03:00 · 2019-03-17 20:16:48 +03:00 · 467a49da08
commit 467a49da08
parent 7b35a196cc
2 changed files with 105 additions and 14 deletions
--- a/Deploy/pe.cpp
+++ b/Deploy/pe.cpp
@ -2,33 +2,118 @@

 #include <QFile>

-bool PE::is32bit(const QString &file) {
+
+
+bool PE::fillMetaInfo(LIB_META_INFO &info, const QString &file) {
    QFile f(file);

+#define SEEK(address) \
+    if (!f.seek(address)) { \
+        f.close(); \
+        return false; \
+    }
+
    if (!f.open(QIODevice::ReadOnly)) {
        return false;
    }

-    if (!f.seek(INDEX_PE_MAGIC)) {
-        f.close();
-        return false;
-    }
+    SEEK(INDEX_PE_MAGIC);

-    unsigned short PE = 0x0;
-    f.read(reinterpret_cast<char*>(&PE), sizeof (unsigned short));
+    unsigned int PE = 0x0;
+    f.read(reinterpret_cast<char*>(&PE), sizeof (PE));

    if (PE != PE_MAGIC) {
        f.close();
        return false;
    }

+    unsigned short mashine = 0x0;
+    SEEK(INDEX_PE_MAGIC + sizeof (PE));
+
+    f.read(reinterpret_cast<char*>(&mashine), sizeof (mashine));
+
+    info.mashine = mashine;
+
+    SEEK(INDEX_MAGIC);
+
+    unsigned short magic = 0x0;
+    f.read(reinterpret_cast<char*>(&magic), sizeof (magic));
+
+    info.type = magic;
+
+    unsigned int importTableIndex = 0;
+    if (static_cast<RunType>(info.type) == RunType::_32bit) {
+        importTableIndex = INDEX_IMPORTS_32;
+    } else if (static_cast<RunType>(info.type) == RunType::_64bit) {
+        importTableIndex = INDEX_IMPORTS_64;
+    } else {
+        f.close();
+        return false;
+    }
+
+    SEEK(importTableIndex);
+
+    unsigned int impoerAddress = 0x0;
+
+    f.read(reinterpret_cast<char*>(&impoerAddress), sizeof (impoerAddress));
+
+    SEEK(importTableIndex + sizeof (impoerAddress));
+
+    unsigned int impoerSize = 0x0;
+    f.read(reinterpret_cast<char*>(&impoerSize), sizeof (impoerSize));
+
+    info.addressImports = impoerAddress;
+    info.sizeImportTable = impoerSize;
+
    f.close();
    return true;
 }

-bool PE::dependecies(QStringList &lisr, const QString &file)
-{
+//TODO is sucks rewrite!
+bool PE::is32bit(const QString &file) {

+    LIB_META_INFO meta;
+
+    if (!fillMetaInfo(meta, file)) {
+        return false;
+    }
+
+    return static_cast<RunType>(meta.type) == RunType::_32bit;
+}
+
+bool PE::dependecies(QStringList &list, const QString &file) {
+    // TODO
+    LIB_META_INFO meta;
+
+    if (!fillMetaInfo(meta, file)) {
+        return false;
+    }
+
+    QFile f(file);
+
+    if (!f.open(QIODevice::ReadOnly)) {
+        return false;
+    }
+
+    f.close();
+
+    if (!f.seek(meta.addressImports)) {
+        f.close();
+        return false;
+    }
+
+    QByteArray data = f.read(meta.sizeImportTable);
+
+    f.close();
+
+    if (data.isEmpty()) {
+        return false;
+    }
+
+    // TODO
+
+
+    return true;
 }

 PE::PE()
--- a/Deploy/pe.h
+++ b/Deploy/pe.h
@ -4,13 +4,16 @@
 #include <QString>

 struct LIB_META_INFO {
-    unsigned int
-}
+    unsigned short mashine = 0x0;
+    unsigned short type = 0x0;
+    unsigned int addressImports = 0x0;
+    unsigned int sizeImportTable = 0x0;
+};
+
+class PE {

-class PE
-{
 private:
-
+    bool fillMetaInfo(LIB_META_INFO& info, const QString &file);

 public:
    enum class MashineTypesS: unsigned short {
@ -31,6 +34,9 @@ public:

    constexpr static unsigned int PE_MAGIC = 0x00004550;
    constexpr static unsigned int INDEX_PE_MAGIC = 0x80;
+    constexpr static unsigned int INDEX_MAGIC = INDEX_PE_MAGIC + 0x16;
+    constexpr static unsigned int INDEX_IMPORTS_32 = INDEX_MAGIC + 0x68;
+    constexpr static unsigned int INDEX_IMPORTS_64 = INDEX_MAGIC + 0x78;

    bool is32bit(const QString& file);
    bool dependecies(QStringList& lisr, const QString& file);