diff --git a/Deploy/pe.cpp b/Deploy/pe.cpp index 9260f8c..42838a7 100644 --- a/Deploy/pe.cpp +++ b/Deploy/pe.cpp @@ -2,30 +2,74 @@ #include #include +#include -bool PE::readSectionsHeaders(QList §ions, - const QFile& file) { +bool PE::readSectionsHeaders(const LIB_META_INFO & info, + QVector §ions, + QFile& file) { + + if (!file.isOpen()) { + return false; + } + + sections.clear(); + + if (static_cast(info.type) == RunType::_32bit) { + if (!file.seek(info.PEIndex + SECTION_HEADER_32)) { + return false; + } + + sections.resize(info.rawSectionCount); + file.read(reinterpret_cast(sections.data()), + sizeof (IMAGE_SECTION_HEADER) * info.rawSectionCount); + + return true; + } + else if (static_cast(info.type) == RunType::_64bit) { + + if (!file.seek(info.PEIndex + SECTION_HEADER_64)) { + return false; + } + + sections.resize(info.rawSectionCount); + file.read(reinterpret_cast(sections.data()), + sizeof (IMAGE_SECTION_HEADER) * info.rawSectionCount); + return true; + } return false; } -DWORD PE::readSectionAligment(const QFile& file) { - return 0; -} - -int PE::findIndexPE(QFile &file) { +DWORD PE::readSectionAligment(const LIB_META_INFO &info, QFile& file) { if (!file.isOpen()) { - return -1; + return false; } - int limit = 0x400; - int currentSeeck = INDEX_PE_MAGIC; - unsigned int PE = 0x0; + if (!file.seek(info.PEIndex + SECTION_ALIGMENT_INDEX_32_64)) { + return false; + } + + DWORD sectionAlign; + + file.read(reinterpret_cast(§ionAlign), sizeof (sectionAlign)); + + return sectionAlign; +} + +unsigned short PE::findIndexPE(QFile &file) { + + if (!file.isOpen()) { + return 0; + } + + unsigned short limit = 0x400; + unsigned short currentSeeck = INDEX_PE_MAGIC; + unsigned short PE = 0x0; while (currentSeeck <= limit) { if (!file.seek(currentSeeck)) { - return -1; + return 0; } file.read(reinterpret_cast(&PE), sizeof (PE)); @@ -37,7 +81,7 @@ int PE::findIndexPE(QFile &file) { currentSeeck++; } - return -1; + return 0; } bool PE::fillMetaInfo(LIB_META_INFO &info, const QString &file) { @@ -53,20 +97,22 @@ bool PE::fillMetaInfo(LIB_META_INFO &info, const QString &file) { return false; } - int peAddress = findIndexPE(f); + info.PEIndex = findIndexPE(f); - if (peAddress < 0) { + if (!info.PEIndex) { return false; } - unsigned short mashine = 0x0; - SEEK(static_cast(peAddress) + sizeof (unsigned int)); + SEEK(info.PEIndex + sizeof (unsigned int)); + f.read(reinterpret_cast(&info.mashine), sizeof (info.mashine)); - f.read(reinterpret_cast(&mashine), sizeof (mashine)); + SEEK(info.PEIndex + + sizeof (unsigned int) + + sizeof (info.mashine)); + f.read(reinterpret_cast(&info.rawSectionCount), + sizeof (info.rawSectionCount)); - info.mashine = mashine; - - SEEK(static_cast(peAddress) + INDEX_MAGIC); + SEEK(info.PEIndex + INDEX_MAGIC); unsigned short magic = 0x0; f.read(reinterpret_cast(&magic), sizeof (magic)); @@ -74,39 +120,29 @@ bool PE::fillMetaInfo(LIB_META_INFO &info, const QString &file) { info.type = magic; unsigned int importTableIndex = 0; - unsigned int rvaIndex = 0; if (static_cast(info.type) == RunType::_32bit) { - importTableIndex = static_cast(peAddress) + INDEX_IMPORTS_32; - rvaIndex = static_cast(peAddress) + NUMBER_RVA_AND_SIZES_32; + importTableIndex = info.PEIndex + INDEX_IMPORTS_32; } else if (static_cast(info.type) == RunType::_64bit) { - importTableIndex = static_cast(peAddress) + INDEX_IMPORTS_64; - rvaIndex = static_cast(peAddress) + NUMBER_RVA_AND_SIZES_64; + importTableIndex = info.PEIndex + INDEX_IMPORTS_64; } else { f.close(); return false; } - - SEEK(rvaIndex); - - unsigned int NumberOfRvaAndSizes = 0; - - f.read(reinterpret_cast(&NumberOfRvaAndSizes), sizeof (NumberOfRvaAndSizes)); - SEEK(importTableIndex); IMAGE_DATA_DIRECTORY import = {}; + f.read(reinterpret_cast(&import), sizeof (import)); - QList sectionHeader; - if (!readSectionsHeaders(sectionHeader, f)) { + QVector sectionHeader; + if (!readSectionsHeaders(info, sectionHeader, f)) { return false; } - ROW_CONVERTER converter(sectionHeader, readSectionAligment(f)); + ROW_CONVERTER converter(sectionHeader, readSectionAligment(info, f)); - f.read(reinterpret_cast(&import), sizeof (import)); info.addressImports = converter.convert(import.VirtualAddress); info.sizeImportTable = import.Size; @@ -205,10 +241,9 @@ PE::~PE(){ } int ROW_CONVERTER::defSection(DWORD rva) { - for (int i = 0; i < sections.size(); ++i) - { + for (int i = 0; i < sections.size(); ++i) { DWORD start = sections[i].VirtualAddress; - DWORD end = start + ALIGN_UP(sections[i].Misc.VirtualSize, sectionAligment); + DWORD end = start + ALIGN_UP(sections[i].VirtualSize, sectionAligment); if(rva >= start && rva < end) return i; } @@ -218,12 +253,13 @@ int ROW_CONVERTER::defSection(DWORD rva) { DWORD ROW_CONVERTER::rvaToOff(DWORD rva) { int indexSection = defSection(rva); if(indexSection != -1) - return rva - sections[indexSection].VirtualAddress + sections[indexSection].PointerToRawData; + return rva - sections[indexSection].VirtualAddress + + sections[indexSection].PointerToRawData; else return 0; } -ROW_CONVERTER::ROW_CONVERTER(QList sctions, DWORD align) { +ROW_CONVERTER::ROW_CONVERTER(QVector sctions, DWORD align) { sections = sctions; sectionAligment = align; } diff --git a/Deploy/pe.h b/Deploy/pe.h index afb5186..789b6d7 100644 --- a/Deploy/pe.h +++ b/Deploy/pe.h @@ -3,6 +3,7 @@ #include #include +#include #include "igetlibinfo.h" //Alghoritm of read dll file @@ -21,6 +22,8 @@ struct LIB_META_INFO { unsigned short mashine = 0x0; unsigned short type = 0x0; + unsigned short PEIndex = 0x0; + unsigned short rawSectionCount = 0x0; unsigned int addressImports = 0x0; unsigned int sizeImportTable = 0x0; }; @@ -114,10 +117,7 @@ struct IMAGE_NT_HEADERS { struct IMAGE_SECTION_HEADER { BYTE Name[IMAGE_SIZEOF_SHORT_NAME]; - union { - DWORD PhysicalAddress; - DWORD VirtualSize; - } Misc; + DWORD VirtualSize; DWORD VirtualAddress; DWORD SizeOfRawData; DWORD PointerToRawData; @@ -135,11 +135,11 @@ private: DWORD rvaToOff(DWORD rva); - QList sections; + QVector sections; DWORD sectionAligment; public: - ROW_CONVERTER(QList sctions, DWORD align); + ROW_CONVERTER(QVector sctions, DWORD align); DWORD convert(DWORD rva); }; @@ -147,10 +147,13 @@ class PE : public IGetLibInfo { private: - bool readSectionsHeaders(QList& sections, const QFile &file); - DWORD readSectionAligment(const QFile &file); + bool readSectionsHeaders(const LIB_META_INFO & info, + QVector §ions, + QFile &file); + DWORD readSectionAligment(const LIB_META_INFO &info, + QFile &file); - int findIndexPE(QFile &file); + unsigned short findIndexPE(QFile &file); bool fillMetaInfo(LIB_META_INFO& info, const QString &file); constexpr static unsigned int PE_MAGIC = 0x00004550; @@ -158,8 +161,12 @@ private: constexpr static unsigned int INDEX_MAGIC = 0x18; constexpr static unsigned int INDEX_IMPORTS_32 = 104; constexpr static unsigned int INDEX_IMPORTS_64 = 120; - constexpr static unsigned int NUMBER_RVA_AND_SIZES_32 = 92; - constexpr static unsigned int NUMBER_RVA_AND_SIZES_64 = 108; + + constexpr static unsigned int SECTION_HEADER_32 = 224; + constexpr static unsigned int SECTION_HEADER_64 = 240; + + constexpr static unsigned int SECTION_ALIGMENT_INDEX_32_64 = 32; + public: enum class MashineTypesS: unsigned short {