QuasarApp/LIEF
4
0
Fork 0
mirror of https://github.com/QuasarApp/LIEF.git synced 2025-04-27 21:04:32 +00:00
Code Issues Projects Releases Wiki Activity

Serialize PE object into json (resolve #18)

Browse Source
This commit is contained in:
Romain Thomas 2017-06-14 10:17:45 +02:00
parent 733053bc63
commit e4cd61e4bf
19 changed files with 954 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -215,6 +215,7 @@ set(LIEF_SRC
"${CMAKE_CURRENT_SOURCE_DIR}/src/BinaryStream/BinaryStream.cpp"
"${CMAKE_CURRENT_SOURCE_DIR}/src/BinaryStream/VectorStream.cpp"
"${CMAKE_CURRENT_SOURCE_DIR}/src/visitors/elf_json.cpp"
"${CMAKE_CURRENT_SOURCE_DIR}/src/visitors/pe_json.cpp"
"${CMAKE_CURRENT_SOURCE_DIR}/src/visitors/json.cpp"
"${CMAKE_CURRENT_SOURCE_DIR}/src/visitors/hash.cpp")

36
api/python/pyJson.cpp
View File

@ -42,6 +42,42 @@ void init_json_functions(py::module& m) {
m.def("to_json", &LIEF::to_json_str<LIEF::ELF::SymbolVersionDefinition, LIEF::ELF::JsonVisitor>);
#endif
#if defined(LIEF_PE_MODULE)
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Binary, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::DosHeader, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Header, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::OptionalHeader, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::DataDirectory, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Section, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Relocation, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::RelocationEntry, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Export, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ExportEntry, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::TLS, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Symbol, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Debug, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Import, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ImportEntry, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceNode, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceData, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceDirectory, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourcesManager, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceVersion, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceStringFileInfo, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceFixedFileInfo, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceVarFileInfo, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::LangCodeItem, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceIcon, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceDialog, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ResourceDialogItem, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::Signature, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::x509, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::SignerInfo, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::ContentInfo, LIEF::PE::JsonVisitor>);
m.def("to_json", &LIEF::to_json_str<LIEF::PE::AuthenticatedAttributes, LIEF::PE::JsonVisitor>);
#endif
m.def("to_json", &LIEF::to_json_str<LIEF::Binary>);
m.def("abstract_to_json", &LIEF::to_json_str<LIEF::Binary>);
m.def("to_json", &LIEF::to_json_str<LIEF::Header>);

43
examples/python/pe_json.py Normal file
View File

@ -0,0 +1,43 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Description
# -----------
# Print information about a PE binary in the JSON format
#
# python pe_json.py C:\\windows\\explorer.exe
#  
# {
# "dynamic_entries": [
# {
# "library": "libcap.so.2",
# "tag": "NEEDED",
# "value": 1
# },
# {
# "library": "libc.so.6",
# "tag": "NEEDED",
# "value": 74
# },
# ...
import argparse
import sys
import lief
import json
def main():
parser = argparse.ArgumentParser()
parser.add_argument('binary', help='PE binary')
args = parser.parse_args()
binary = lief.parse(args.binary)
json_data = json.loads(lief.to_json(binary))
print(json.dumps(json_data, sort_keys=True, indent=4))
if __name__ == "__main__":
sys.exit(main())

1
include/LIEF/PE.hpp
View File

@ -20,6 +20,7 @@
#include "LIEF/PE/Parser.hpp"
#include "LIEF/PE/Builder.hpp"
#include "LIEF/PE/Binary.hpp"
#include "LIEF/PE/signature/OIDToString.hpp"
#include "LIEF/PE/utils.hpp"

2
include/LIEF/PE/DataDirectory.hpp
View File

@ -75,4 +75,4 @@ class DLL_PUBLIC DataDirectory : public Visitable {
}
}
#endif /* DATADIRECTORY_H_ */
#endif /* LIEF_PE_DATADIRECTORY_H_ */

10
include/LIEF/PE/ResourcesManager.hpp
View File

@ -20,6 +20,7 @@
#include <set>
#include "LIEF/visibility.h"
#include "LIEF/Visitable.hpp"
#include "LIEF/BinaryStream/VectorStream.hpp"
#include "LIEF/PE/type_traits.hpp"
@ -34,14 +35,14 @@ namespace PE {
//! @brief The Resource Manager provides an enhanced API to
//! manipulate the resource tree.
class DLL_PUBLIC ResourcesManager {
class DLL_PUBLIC ResourcesManager : public Visitable {
public:
ResourcesManager(void) = delete;
ResourcesManager(ResourceNode *rsrc);
ResourcesManager(const ResourcesManager&);
ResourcesManager& operator=(const ResourcesManager&);
~ResourcesManager(void);
virtual ~ResourcesManager(void);
// Enhancemed API to explore resource tree
// =======================================
@ -115,6 +116,11 @@ class DLL_PUBLIC ResourcesManager {
//! @brief Print the resource tree to the given depth
std::string print(uint32_t depth = 0) const;
virtual void accept(Visitor& visitor) const override;
bool operator==(const ResourcesManager& rhs) const;
bool operator!=(const ResourcesManager& rhs) const;
DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const ResourcesManager& m);
private:

3
include/LIEF/PE/signature/x509.hpp
View File

@ -36,7 +36,7 @@ class DLL_PUBLIC x509 : public Visitable {
public:
//! @brief Tuple (Year, Month, Day, Hour, Minute, Second)
using date_t = std::tuple<uint32_t, uint32_t, uint32_t, uint32_t, uint32_t, uint32_t>;
using date_t = std::array<int32_t, 6>;
x509(mbedtls_x509_crt* ca);
x509(const x509& other);
@ -64,7 +64,6 @@ class DLL_PUBLIC x509 : public Visitable {
//! @brief Subject informations
std::string subject(void) const;
virtual void accept(Visitor& visitor) const override;
virtual ~x509(void);

34
include/LIEF/Visitor.hpp
View File

@ -22,9 +22,12 @@
#include <string>
#include <functional>
#include <iostream>
#include <utility>
#include "LIEF/visibility.h"
#include "LIEF/PE/signature/types.hpp"
namespace LIEF {
// Forward declarations
@ -87,6 +90,7 @@ class ResourceNode;
class ResourceData;
class ResourceDirectory;
class ResourcesManager;
class ResourceVersion;
class ResourceStringFileInfo;
class ResourceFixedFileInfo;
@ -97,6 +101,11 @@ class ResourceIcon;
class ResourceDialog;
class ResourceDialogItem;
class Signature;
class x509;
class SignerInfo;
class ContentInfo;
class AuthenticatedAttributes;
}
namespace MachO {
@ -258,6 +267,9 @@ class DLL_PUBLIC Visitor {
//! @brief Method to visit a LIEF::PE::Symbol
virtual void visit(const PE::Symbol& symbol);
//! @brief Method to visit a LIEF::PE::Section
virtual void visit(const PE::Section& section);
//! @brief Method to visit a LIEF::PE::Relocation
virtual void visit(const PE::Relocation& relocation);
@ -288,6 +300,9 @@ class DLL_PUBLIC Visitor {
//! @brief Method to visit a LIEF::PE::ResourceDirectory
virtual void visit(const PE::ResourceDirectory& directory);
//! @brief Method to visit a LIEF::PE::ResourceVersion
virtual void visit(const PE::ResourcesManager& resources_manager);
//! @brief Method to visit a LIEF::PE::ResourceVersion
virtual void visit(const PE::ResourceVersion& resource_version);
@ -312,6 +327,24 @@ class DLL_PUBLIC Visitor {
//! @brief Method to visit a LIEF::PE::ResourceDialogItem
virtual void visit(const PE::ResourceDialogItem& resource_dialogitem);
//! @brief Method to visit a LIEF::PE::Signature
virtual void visit(const PE::Signature& signature);
//! @brief Method to visit a LIEF::PE::x509
virtual void visit(const PE::x509& x509);
//! @brief Method to visit a LIEF::PE::SignerInfo
virtual void visit(const PE::SignerInfo& signer_info);
//! @brief Method to visit a LIEF::PE::ContentInfo
virtual void visit(const PE::ContentInfo& content_info);
//! @brief Method to visit a LIEF::PE::AuthenticatedAttributes
virtual void visit(const PE::AuthenticatedAttributes& authenticated_attributes);
//! @brief Method to visit a LIEF::PE::issuer_t
virtual void visit(const PE::issuer_t& issuer);
// MachO part
// ==========
@ -357,6 +390,7 @@ class DLL_PUBLIC Visitor {
private:
std::set<size_t> visited_;
};

2
include/LIEF/to_json.hpp
View File

@ -20,9 +20,11 @@
#include "LIEF/visitors/json.hpp"
#include "LIEF/visitors/elf_json.hpp"
#include "LIEF/visitors/pe_json.hpp"
#include "LIEF/Abstract/Abstract.hpp"
#include "LIEF/ELF.hpp"
#include "LIEF/PE.hpp"
namespace LIEF {
template<class T, class VISITOR = JsonVisitor>

74
include/LIEF/visitors/pe_json.hpp Normal file
View File

@ -0,0 +1,74 @@
/* Copyright 2017 R. Thomas
* Copyright 2017 Quarkslab
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef LIEF_PE_VISITOR_JSONS_H_
#define LIEF_PE_VISITOR_JSONS_H_
#include "LIEF/visibility.h"
#include "LIEF/visitors/json.hpp"
namespace LIEF {
namespace PE {
class DLL_PUBLIC JsonVisitor : public LIEF::JsonVisitor {
public:
using LIEF::JsonVisitor::JsonVisitor;
using LIEF::JsonVisitor::operator=;
using LIEF::JsonVisitor::visit;
using LIEF::JsonVisitor::get;
virtual void visit(const Binary& Binary) override;
virtual void visit(const DosHeader& dos_header) override;
virtual void visit(const Header& header) override;
virtual void visit(const OptionalHeader& optional_header) override;
virtual void visit(const DataDirectory& data_directory) override;
virtual void visit(const Section& section) override;
virtual void visit(const Relocation& relocation) override;
virtual void visit(const RelocationEntry& relocation_entry) override;
virtual void visit(const Export& export_) override;
virtual void visit(const ExportEntry& export_entry) override;
virtual void visit(const TLS& tls) override;
virtual void visit(const Symbol& Symbol) override;
virtual void visit(const Debug& debug) override;
virtual void visit(const Import& import) override;
virtual void visit(const ImportEntry& import_entry) override;
virtual void visit(const ResourceNode& resource_node) override;
virtual void visit(const ResourceData& resource_data) override;
virtual void visit(const ResourceDirectory& resource_directory) override;
virtual void visit(const ResourcesManager& resources_manager) override;
virtual void visit(const ResourceVersion& resource_version) override;
virtual void visit(const ResourceStringFileInfo& resource_sfi) override;
virtual void visit(const ResourceFixedFileInfo& resource_ffi) override;
virtual void visit(const ResourceVarFileInfo& resource_vfi) override;
virtual void visit(const LangCodeItem& resource_lci) override;
virtual void visit(const ResourceIcon& resource_icon) override;
virtual void visit(const ResourceDialog& dialog) override;
virtual void visit(const ResourceDialogItem& dialog_item) override;
virtual void visit(const Signature& signature) override;
virtual void visit(const x509& x509) override;
virtual void visit(const SignerInfo& signerinfo) override;
virtual void visit(const ContentInfo& contentinfo) override;
virtual void visit(const AuthenticatedAttributes& auth) override;
virtual void visit(const LIEF::Binary& binary) override;
virtual void visit(const LIEF::Symbol& symbol) override;
virtual void visit(const LIEF::Section& section) override;
};
}
}
#endif

35
src/PE/ResourcesManager.cpp
View File

@ -22,6 +22,7 @@
#include "easylogging++.h"
#include "LIEF/exception.hpp"
#include "LIEF/visitors/Hash.hpp"
#include "LIEF/utils.hpp"
#include "LIEF/BinaryStream/VectorStream.hpp"
@ -1074,6 +1075,40 @@ void ResourcesManager::print_tree(
}
void ResourcesManager::accept(Visitor& visitor) const {
if (this->has_manifest()) {
visitor.visit(this->manifest());
}
if (this->has_version()) {
visitor(this->version());
}
if (this->has_icons()) {
for (const ResourceIcon& icon : this->icons()) {
visitor(icon);
}
}
if (this->has_dialogs()) {
for (const ResourceDialog& dialog : this->dialogs()) {
visitor(dialog);
}
}
}
bool ResourcesManager::operator==(const ResourcesManager& rhs) const {
size_t hash_lhs = Hash::hash(*this);
size_t hash_rhs = Hash::hash(rhs);
return hash_lhs == hash_rhs;
}
bool ResourcesManager::operator!=(const ResourcesManager& rhs) const {
return not (*this == rhs);
}
std::ostream& operator<<(std::ostream& os, const ResourcesManager& rsrc) {
os << rsrc.print(3);
os << std::endl;

4
src/PE/signature/AuthenticatedAttributes.cpp
View File

@ -43,6 +43,10 @@ const std::string& AuthenticatedAttributes::more_info(void) const {
}
void AuthenticatedAttributes::accept(Visitor& visitor) const {
visitor.visit(this->content_type());
visitor.visit(this->message_digest());
visitor.visit(u16tou8(this->program_name()));
visitor.visit(this->more_info());
}
std::ostream& operator<<(std::ostream& os, const AuthenticatedAttributes& authenticated_attributes) {

3
src/PE/signature/ContentInfo.cpp
View File

@ -46,6 +46,9 @@ const std::vector<uint8_t>& ContentInfo::digest(void) const {
void ContentInfo::accept(Visitor& visitor) const {
visitor.visit(this->digest_algorithm());
visitor.visit(this->digest());
visitor.visit(this->content_type());
}

8
src/PE/signature/Signature.cpp
View File

@ -51,6 +51,14 @@ const std::vector<uint8_t>& Signature::original_signature(void) const {
}
void Signature::accept(Visitor& visitor) const {
visitor.visit(this->version());
visitor.visit(this->digest_algorithm());
visitor(this->content_info());
for (const x509& x509_crt : this->certificates()) {
visitor(x509_crt);
}
visitor(this->signer_info());
visitor.visit(this->original_signature());
}
std::ostream& operator<<(std::ostream& os, const Signature& signature) {

6
src/PE/signature/SignerInfo.cpp
View File

@ -59,6 +59,12 @@ const std::vector<uint8_t>& SignerInfo::encrypted_digest(void) const {
}
void SignerInfo::accept(Visitor& visitor) const {
visitor.visit(this->version());
visitor.visit(this->issuer());
visitor.visit(this->digest_algorithm());
visitor(this->authenticated_attributes());
visitor.visit(this->signature_algorithm());
visitor.visit(this->encrypted_digest());
}

45
src/PE/signature/x509.cpp
View File

@ -74,25 +74,25 @@ oid_t x509::signature_algorithm(void) const {
}
x509::date_t x509::valid_from(void) const {
return std::make_tuple(
return {{
this->x509_cert_->valid_from.year,
this->x509_cert_->valid_from.mon,
this->x509_cert_->valid_from.day,
this->x509_cert_->valid_from.hour,
this->x509_cert_->valid_from.min,
this->x509_cert_->valid_from.sec
);
}};
}
x509::date_t x509::valid_to(void) const {
return std::make_tuple(
return {{
this->x509_cert_->valid_to.year,
this->x509_cert_->valid_to.mon,
this->x509_cert_->valid_to.day,
this->x509_cert_->valid_to.hour,
this->x509_cert_->valid_to.min,
this->x509_cert_->valid_to.sec
);
}};
}
@ -110,6 +110,13 @@ std::string x509::subject(void) const {
void x509::accept(Visitor& visitor) const {
visitor.visit(this->subject());
visitor.visit(this->issuer());
visitor.visit(this->valid_to());
visitor.visit(this->valid_from());
visitor.visit(this->signature_algorithm());
visitor.visit(this->serial_number());
visitor.visit(this->version());
}
x509::~x509(void) {
@ -131,26 +138,26 @@ std::ostream& operator<<(std::ostream& os, const x509& x509_cert) {
return lhs.empty() ? ss.str() : lhs + ":" + ss.str();
});
const x509::date_t& valid_from = x509_cert.valid_from();
const x509::date_t& valid_to = x509_cert.valid_to();
//// 2018-01-11 20:39:31
std::string valid_from_str =
std::to_string(std::get<0>(valid_from)) + "-" +
std::to_string(std::get<1>(valid_from)) + "-" +
std::to_string(std::get<2>(valid_from)) + " " +
std::to_string(std::get<3>(valid_from)) + ":" +
std::to_string(std::get<4>(valid_from)) + ":" +
std::to_string(std::get<5>(valid_from));
std::to_string(valid_from[0]) + "-" +
std::to_string(valid_from[1]) + "-" +
std::to_string(valid_from[2]) + " " +
std::to_string(valid_from[3]) + ":" +
std::to_string(valid_from[4]) + ":" +
std::to_string(valid_from[5]);
std::string valid_to_str =
std::to_string(std::get<0>(valid_to)) + "-" +
std::to_string(std::get<1>(valid_to)) + "-" +
std::to_string(std::get<2>(valid_to)) + " " +
std::to_string(std::get<3>(valid_to)) + ":" +
std::to_string(std::get<4>(valid_to)) + ":" +
std::to_string(std::get<5>(valid_to));
std::to_string(valid_to[0]) + "-" +
std::to_string(valid_to[1]) + "-" +
std::to_string(valid_to[2]) + " " +
std::to_string(valid_to[3]) + ":" +
std::to_string(valid_to[4]) + ":" +
std::to_string(valid_to[5]);
os << std::hex << std::left;
@ -163,10 +170,6 @@ std::ostream& operator<<(std::ostream& os, const x509& x509_cert) {
os << std::setw(wsize) << std::setfill(' ') << "Subject: " << x509_cert.subject() << std::endl;
//os << std::endl << std::endl;
//std::vector<char> buffer(2048, 0);
//mbedtls_x509_crt_info(buffer.data(), buffer.size(), "", x509_cert.x509_cert_);

32
src/Visitor.cpp
View File

@ -178,6 +178,10 @@ void Visitor::visit(const PE::Symbol& symbol) {
symbol.accept(*this);
}
void Visitor::visit(const PE::Section& section) {
section.accept(*this);
}
void Visitor::visit(const PE::Relocation& relocation) {
relocation.accept(*this);
}
@ -218,6 +222,10 @@ void Visitor::visit(const PE::ResourceDirectory& directory) {
directory.accept(*this);
}
void Visitor::visit(const PE::ResourcesManager& resources_manager) {
resources_manager.accept(*this);
}
void Visitor::visit(const PE::ResourceVersion& resource_version) {
resource_version.accept(*this);
}
@ -258,10 +266,32 @@ void Visitor::visit(const PE::LangCodeItem& lang_code_item) {
}
void Visitor::visit(const PE::Signature& signature) {
signature.accept(*this);
}
void Visitor::visit(const PE::x509& x509) {
x509.accept(*this);
}
void Visitor::visit(const PE::SignerInfo& signer_info) {
signer_info.accept(*this);
}
void Visitor::visit(const PE::ContentInfo& content_info) {
content_info.accept(*this);
}
void Visitor::visit(const PE::AuthenticatedAttributes& authenticated_attributes) {
authenticated_attributes.accept(*this);
}
void Visitor::visit(const PE::issuer_t&) {
}
// MachO part
// ----------
void Visitor::visit(const MachO::Binary& binary) {
binary.accept(*this);
}

1
src/visitors/elf_json.cpp
View File

@ -222,7 +222,6 @@ void JsonVisitor::visit(const Segment& segment) {
void JsonVisitor::visit(const DynamicEntry& entry) {
this->node_["tag"] = to_string(entry.tag());
this->node_["value"] = entry.value();
}

642
src/visitors/pe_json.cpp Normal file
View File

@ -0,0 +1,642 @@
/* Copyright 2017 R. Thomas
* Copyright 2017 Quarkslab
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "LIEF/visitors/pe_json.hpp"
#include "LIEF/visitors/Hash.hpp"
#include "LIEF/PE.hpp"
namespace LIEF {
namespace PE {
void JsonVisitor::visit(const Binary& binary) {
this->node_["name"] = binary.name();
this->node_["entrypoint"] = binary.entrypoint();
this->node_["virtual_size"] = binary.get_virtual_size();
// DOS Header
JsonVisitor dos_header_visitor;
dos_header_visitor(binary.dos_header());
// PE header
JsonVisitor header_visitor;
header_visitor(binary.header());
// PE Optional Header
JsonVisitor optional_header_visitor;
optional_header_visitor(binary.optional_header());
this->node_["dos_header"] = dos_header_visitor.get();
this->node_["header"] = header_visitor.get();
this->node_["optional_header"] = optional_header_visitor.get();
// Data directories
std::vector<json> data_directories;
for (const DataDirectory& data_directory : binary.data_directories()) {
JsonVisitor visitor;
visitor(data_directory);
data_directories.emplace_back(visitor.get());
}
this->node_["data_directories"] = data_directories;
// Section
std::vector<json> sections;
for (const Section& section : binary.get_sections()) {
JsonVisitor visitor;
visitor(section);
sections.emplace_back(visitor.get());
}
this->node_["sections"] = sections;
// Relocations
if (binary.has_relocations()) {
std::vector<json> relocations;
for (const Relocation& relocation : binary.relocations()) {
JsonVisitor visitor;
visitor(relocation);
relocations.emplace_back(visitor.get());
}
this->node_["relocations"] = relocations;
}
// TLS
if (binary.has_tls()) {
JsonVisitor visitor;
visitor(binary.tls());
this->node_["tls"] = visitor.get();
}
// Exports
if (binary.has_exports()) {
JsonVisitor visitor;
visitor(binary.get_export());
this->node_["export"] = visitor.get();
}
// Debug
if (binary.has_debug()) {
JsonVisitor visitor;
visitor(binary.get_debug());
this->node_["debug"] = visitor.get();
}
// Imports
if (binary.has_imports()) {
std::vector<json> imports;
for (const Import& import : binary.imports()) {
JsonVisitor visitor;
visitor(import);
imports.emplace_back(visitor.get());
}
this->node_["imports"] = imports;
}
// Resources
if (binary.has_resources()) {
JsonVisitor visitor;
binary.get_resources().accept(visitor);
JsonVisitor manager_visitor;
binary.get_resources_manager().accept(manager_visitor);
this->node_["resources_tree"] = visitor.get();
this->node_["resources_manager"] = manager_visitor.get();
}
// Signature
if (binary.has_signature()) {
JsonVisitor visitor;
binary.signature().accept(visitor);
this->node_["signature"] = visitor.get();
}
}
void JsonVisitor::visit(const DosHeader& dos_header) {
this->node_["magic"] = dos_header.magic();
this->node_["used_bytes_in_the_last_page"] = dos_header.used_bytes_in_the_last_page();
this->node_["file_size_in_pages"] = dos_header.file_size_in_pages();
this->node_["numberof_relocation"] = dos_header.numberof_relocation();
this->node_["header_size_in_paragraphs"] = dos_header.header_size_in_paragraphs();
this->node_["minimum_extra_paragraphs"] = dos_header.minimum_extra_paragraphs();
this->node_["maximum_extra_paragraphs"] = dos_header.maximum_extra_paragraphs();
this->node_["initial_relative_ss"] = dos_header.initial_relative_ss();
this->node_["initial_sp"] = dos_header.initial_sp();
this->node_["checksum"] = dos_header.checksum();
this->node_["initial_ip"] = dos_header.initial_ip();
this->node_["initial_relative_cs"] = dos_header.initial_relative_cs();
this->node_["addressof_relocation_table"] = dos_header.addressof_relocation_table();
this->node_["overlay_number"] = dos_header.overlay_number();
this->node_["reserved"] = dos_header.reserved();
this->node_["oem_id"] = dos_header.oem_id();
this->node_["oem_info"] = dos_header.oem_info();
this->node_["reserved2"] = dos_header.reserved2();
this->node_["addressof_new_exeheader"] = dos_header.addressof_new_exeheader();
}
void JsonVisitor::visit(const Header& header) {
this->node_["signature"] = header.signature();
this->node_["machine"] = to_string(header.machine());
this->node_["numberof_sections"] = header.numberof_sections();
this->node_["time_date_stamp"] = header.time_date_stamp();
this->node_["pointerto_symbol_table"] = header.pointerto_symbol_table();
this->node_["numberof_symbols"] = header.numberof_symbols();
this->node_["sizeof_optional_header"] = header.sizeof_optional_header();
this->node_["characteristics"] = header.characteristics();
}
void JsonVisitor::visit(const OptionalHeader& optional_header) {
this->node_["magic"] = to_string(optional_header.magic());
this->node_["major_linker_version"] = optional_header.major_linker_version();
this->node_["minor_linker_version"] = optional_header.minor_linker_version();
this->node_["sizeof_code"] = optional_header.sizeof_code();
this->node_["sizeof_initialized_data"] = optional_header.sizeof_initialized_data();
this->node_["sizeof_uninitialized_data"] = optional_header.sizeof_uninitialized_data();
this->node_["addressof_entrypoint"] = optional_header.addressof_entrypoint();
this->node_["baseof_code"] = optional_header.baseof_code();
if (optional_header.magic() == PE_TYPE::PE32) {
this->node_["baseof_data"] = optional_header.baseof_data();
}
this->node_["imagebase"] = optional_header.imagebase();
this->node_["section_alignment"] = optional_header.section_alignment();
this->node_["file_alignment"] = optional_header.file_alignment();
this->node_["major_operating_system_version"] = optional_header.major_operating_system_version();
this->node_["minor_operating_system_version"] = optional_header.minor_operating_system_version();
this->node_["major_image_version"] = optional_header.major_image_version();
this->node_["minor_image_version"] = optional_header.minor_image_version();
this->node_["major_subsystem_version"] = optional_header.major_subsystem_version();
this->node_["minor_subsystem_version"] = optional_header.minor_subsystem_version();
this->node_["win32_version_value"] = optional_header.win32_version_value();
this->node_["sizeof_image"] = optional_header.sizeof_image();
this->node_["sizeof_headers"] = optional_header.sizeof_headers();
this->node_["checksum"] = optional_header.checksum();
this->node_["subsystem"] = to_string(optional_header.subsystem());
this->node_["dll_characteristics"] = optional_header.dll_characteristics();
this->node_["sizeof_stack_reserve"] = optional_header.sizeof_stack_reserve();
this->node_["sizeof_stack_commit"] = optional_header.sizeof_stack_commit();
this->node_["sizeof_heap_reserve"] = optional_header.sizeof_heap_reserve();
this->node_["sizeof_heap_commit"] = optional_header.sizeof_heap_commit();
this->node_["loader_flags"] = optional_header.loader_flags();
this->node_["numberof_rva_and_size"] = optional_header.numberof_rva_and_size();
}
void JsonVisitor::visit(const DataDirectory& data_directory) {
this->node_["RVA"] = data_directory.RVA();
this->node_["size"] = data_directory.size();
this->node_["type"] = to_string(data_directory.type());
if (data_directory.has_section()) {
this->node_["section"] = data_directory.section().name();
}
}
void JsonVisitor::visit(const Section& section) {
std::vector<json> characteristics;
for (SECTION_CHARACTERISTICS c : section.characteristics_list()) {
characteristics.emplace_back(to_string(c));
}
std::vector<json> types;
for (SECTION_TYPES t : section.types()) {
types.emplace_back(to_string(t));
}
this->node_["name"] = section.name();
this->node_["pointerto_relocation"] = section.pointerto_relocation();
this->node_["pointerto_line_numbers"] = section.pointerto_line_numbers();
this->node_["numberof_relocations"] = section.numberof_relocations();
this->node_["numberof_line_numbers"] = section.numberof_line_numbers();
this->node_["characteristics"] = characteristics;
this->node_["types"] = types;
}
void JsonVisitor::visit(const Relocation& relocation) {
std::vector<json> entries;
for (const RelocationEntry& entry : relocation.entries()) {
JsonVisitor visitor;
visitor(entry);
entries.emplace_back(visitor.get());
}
this->node_["virtual_address"] = relocation.virtual_address();
this->node_["block_size"] = relocation.block_size();
this->node_["entries"] = entries;
}
void JsonVisitor::visit(const RelocationEntry& relocation_entry) {
this->node_["data"] = relocation_entry.data();
this->node_["position"] = relocation_entry.position();
this->node_["type"] = to_string(relocation_entry.type());
}
void JsonVisitor::visit(const Export& export_) {
std::vector<json> entries;
for (const ExportEntry& entry : export_.entries()) {
JsonVisitor visitor;
visitor(entry);
entries.emplace_back(visitor.get());
}
this->node_["export_flags"] = export_.export_flags();
this->node_["timestamp"] = export_.timestamp();
this->node_["major_version"] = export_.major_version();
this->node_["minor_version"] = export_.minor_version();
this->node_["ordinal_base"] = export_.ordinal_base();
this->node_["name"] = export_.name();
this->node_["entries"] = entries;
}
void JsonVisitor::visit(const ExportEntry& export_entry) {
this->node_["name"] = export_entry.name();
this->node_["ordinal"] = export_entry.ordinal();
this->node_["address"] = export_entry.address();
this->node_["is_extern"] = export_entry.is_extern();
}
void JsonVisitor::visit(const TLS& tls) {
this->node_["callbacks"] = tls.callbacks();
this->node_["addressof_raw_data"] = std::vector<uint64_t>{tls.addressof_raw_data().first, tls.addressof_raw_data().second};
this->node_["addressof_index"] = tls.addressof_index();
this->node_["addressof_callbacks"] = tls.addressof_callbacks();
this->node_["sizeof_zero_fill"] = tls.sizeof_zero_fill();
this->node_["characteristics"] = tls.characteristics();
if (tls.has_data_directory()) {
this->node_["data_directory"] = to_string(tls.directory().type());
}
if (tls.has_section()) {
this->node_["section"] = tls.section().name();
}
}
void JsonVisitor::visit(const Symbol& symbol) {
this->node_["value"] = symbol.value();
this->node_["section_number"] = symbol.section_number();
this->node_["type"] = symbol.type();
this->node_["base_type"] = to_string(symbol.base_type());
this->node_["complex_type"] = to_string(symbol.complex_type());
this->node_["storage_class"] = to_string(symbol.storage_class());
this->node_["numberof_aux_symbols"] = symbol.numberof_aux_symbols();
this->node_["name"] = symbol.name();
if (symbol.has_section()) {
this->node_["section"] = symbol.section().name();
}
}
void JsonVisitor::visit(const Debug& debug) {
this->node_["characteristics"] = debug.characteristics();
this->node_["timestamp"] = debug.timestamp();
this->node_["major_version"] = debug.major_version();
this->node_["minor_version"] = debug.minor_version();
this->node_["type"] = to_string(debug.type());
this->node_["sizeof_data"] = debug.sizeof_data();
this->node_["addressof_rawdata"] = debug.addressof_rawdata();
this->node_["pointerto_rawdata"] = debug.pointerto_rawdata();
}
void JsonVisitor::visit(const Import& import) {
std::vector<json> entries;
for (const ImportEntry& entry : import.entries()) {
JsonVisitor visitor;
visitor(entry);
entries.emplace_back(visitor.get());
}
this->node_["forwarder_chain"] = import.forwarder_chain();
this->node_["timedatestamp"] = import.timedatestamp();
this->node_["import_address_table_rva"] = import.import_address_table_rva();
this->node_["import_lookup_table_rva"] = import.import_lookup_table_rva();
this->node_["name"] = import.name();
this->node_["entries"] = entries;
}
void JsonVisitor::visit(const ImportEntry& import_entry) {
if (import_entry.is_ordinal()) {
this->node_["ordinal"] = import_entry.ordinal();
} else {
this->node_["name"] = import_entry.name();
}
this->node_["iat_address"] = import_entry.iat_address();
this->node_["data"] = import_entry.data();
this->node_["hint"] = import_entry.hint();
}
void JsonVisitor::visit(const ResourceNode& resource_node) {
this->node_["id"] = resource_node.id();
if (resource_node.has_name()) {
this->node_["name"] = u16tou8(resource_node.name());
}
if (resource_node.childs().size() > 0) {
std::vector<json> childs;
for (const ResourceNode& rsrc : resource_node.childs()) {
JsonVisitor visitor;
rsrc.accept(visitor);
childs.emplace_back(visitor.get());
}
this->node_["childs"] = childs;
}
}
void JsonVisitor::visit(const ResourceData& resource_data) {
this->node_["code_page"] = resource_data.code_page();
this->node_["hash"] = Hash::hash(resource_data.content());
}
void JsonVisitor::visit(const ResourceDirectory& resource_directory) {
this->node_["characteristics"] = resource_directory.characteristics();
this->node_["time_date_stamp"] = resource_directory.time_date_stamp();
this->node_["major_version"] = resource_directory.major_version();
this->node_["minor_version"] = resource_directory.minor_version();
this->node_["numberof_name_entries"] = resource_directory.numberof_name_entries();
this->node_["numberof_id_entries"] = resource_directory.numberof_id_entries();
}
void JsonVisitor::visit(const ResourcesManager& resources_manager) {
if (resources_manager.has_manifest()) {
this->node_["manifest"] = resources_manager.manifest();
}
if (resources_manager.has_version()) {
JsonVisitor version_visitor;
version_visitor(resources_manager.version());
this->node_["version"] = version_visitor.get();
}
if (resources_manager.has_icons()) {
std::vector<json> icons;
for (const ResourceIcon& icon : resources_manager.icons()) {
JsonVisitor icon_visitor;
icon_visitor(icon);
icons.emplace_back(icon_visitor.get());
}
this->node_["icons"] = icons;
}
if (resources_manager.has_dialogs()) {
std::vector<json> dialogs;
for (const ResourceDialog& dialog : resources_manager.dialogs()) {
JsonVisitor dialog_visitor;
dialog_visitor(dialog);
dialogs.emplace_back(dialog_visitor.get());
}
this->node_["dialogs"] = dialogs;
}
}
void JsonVisitor::visit(const ResourceStringFileInfo& resource_sfi) {
std::vector<json> langcode_items;
for (const LangCodeItem& item : resource_sfi.langcode_items()) {
JsonVisitor langcode_visitor;
langcode_visitor(item);
langcode_items.emplace_back(langcode_visitor.get());
}
this->node_["type"] = resource_sfi.type();
this->node_["key"] = u16tou8(resource_sfi.key());
this->node_["langcode_items"] = langcode_items;
}
void JsonVisitor::visit(const ResourceFixedFileInfo& resource_ffi) {
this->node_["signature"] = resource_ffi.signature();
this->node_["struct_version"] = resource_ffi.struct_version();
this->node_["file_version_MS"] = resource_ffi.file_version_MS();
this->node_["file_version_LS"] = resource_ffi.file_version_LS();
this->node_["product_version_MS"] = resource_ffi.product_version_MS();
this->node_["product_version_LS"] = resource_ffi.product_version_LS();
this->node_["file_flags_mask"] = resource_ffi.file_flags_mask();
this->node_["file_flags"] = resource_ffi.file_flags();
this->node_["file_os"] = to_string(resource_ffi.file_os());
this->node_["file_type"] = to_string(resource_ffi.file_type());
this->node_["file_subtype"] = to_string(resource_ffi.file_subtype());
this->node_["file_date_MS"] = resource_ffi.file_date_MS();
this->node_["file_date_LS"] = resource_ffi.file_date_LS();
}
void JsonVisitor::visit(const ResourceVarFileInfo& resource_vfi) {
this->node_["type"] = resource_vfi.type();
this->node_["key"] = u16tou8(resource_vfi.key());
this->node_["translations"] = resource_vfi.translations();
}
void JsonVisitor::visit(const LangCodeItem& resource_lci) {
std::map<std::string, std::string> items;
std::transform(
std::begin(resource_lci.items()),
std::end(resource_lci.items()),
std::insert_iterator<decltype(items)>(items, std::end(items)),
[] (const std::pair<std::u16string, std::u16string>& p) {
return std::pair<std::string, std::string>{u16tou8(p.first), u16tou8(p.second)};
});
this->node_["type"] = resource_lci.type();
this->node_["key"] = u16tou8(resource_lci.key());
this->node_["items"] = items;
}
void JsonVisitor::visit(const ResourceVersion& resource_version) {
this->node_["type"] = resource_version.type();
this->node_["key"] = u16tou8(resource_version.key());
if (resource_version.has_fixed_file_info()) {
JsonVisitor visitor;
visitor(resource_version.fixed_file_info());
this->node_["fixed_file_info"] = visitor.get();
}
if (resource_version.has_string_file_info()) {
JsonVisitor visitor;
visitor(resource_version.string_file_info());
this->node_["string_file_info"] = visitor.get();
}
if (resource_version.has_var_file_info()) {
JsonVisitor visitor;
visitor(resource_version.var_file_info());
this->node_["var_file_info"] = visitor.get();
}
}
void JsonVisitor::visit(const ResourceIcon& resource_icon) {
this->node_["id"] = resource_icon.id();
this->node_["lang"] = resource_icon.lang();
this->node_["sublang"] = resource_icon.sublang();
this->node_["width"] = resource_icon.width();
this->node_["height"] = resource_icon.height();
this->node_["color_count"] = resource_icon.color_count();
this->node_["reserved"] = resource_icon.reserved();
this->node_["planes"] = resource_icon.planes();
this->node_["bit_count"] = resource_icon.bit_count();
this->node_["pixels"] = Hash::hash(resource_icon.pixels());
}
void JsonVisitor::visit(const ResourceDialog& dialog) {
this->node_["x"] = dialog.x();
this->node_["y"] = dialog.y();
this->node_["cx"] = dialog.cx();
this->node_["cy"] = dialog.cy();
this->node_["style"] = dialog.style();
this->node_["extended_style"] = dialog.extended_style();
std::vector<json> dialog_items;
for (const ResourceDialogItem& item : dialog.items()) {
JsonVisitor dialogitem_visitor;
dialogitem_visitor(item);
dialog_items.emplace_back(dialogitem_visitor.get());
}
this->node_["items"] = dialog_items;
if (dialog.is_extended()) {
this->node_["version"] = dialog.version();
this->node_["signature"] = dialog.signature();
this->node_["help_id"] = dialog.help_id();
this->node_["weight"] = dialog.weight();
this->node_["point_size"] = dialog.point_size();
this->node_["is_italic"] = dialog.is_italic();
this->node_["charset"] = dialog.charset();
this->node_["title"] = u16tou8(dialog.title());
this->node_["typeface"] = u16tou8(dialog.typeface());
}
}
void JsonVisitor::visit(const ResourceDialogItem& dialog_item) {
this->node_["id"] = dialog_item.id();
this->node_["x"] = dialog_item.x();
this->node_["y"] = dialog_item.y();
this->node_["cx"] = dialog_item.cx();
this->node_["cy"] = dialog_item.cy();
this->node_["style"] = dialog_item.style();
this->node_["extended_style"] = dialog_item.extended_style();
if (dialog_item.is_extended()) {
this->node_["title"] = u16tou8(dialog_item.title());
this->node_["help_id"] = dialog_item.help_id();
}
}
void JsonVisitor::visit(const Signature& signature) {
JsonVisitor content_info_visitor;
content_info_visitor(signature.content_info());
JsonVisitor signer_info_visitor;
signer_info_visitor(signature.signer_info());
std::vector<json> crts;
for (const x509& crt : signature.certificates()) {
JsonVisitor crt_visitor;
crt_visitor(crt);
crts.emplace_back(crt_visitor.get());
}
this->node_["version"] = signature.version();
this->node_["content_info"] = content_info_visitor.get();
this->node_["signer_info"] = signer_info_visitor.get();
this->node_["certificates"] = crts;
}
void JsonVisitor::visit(const x509& x509) {
this->node_["serial_number"] = x509.serial_number();
this->node_["version"] = x509.version();
this->node_["issuer"] = x509.issuer();
this->node_["subject"] = x509.subject();
this->node_["signature_algorithm"] = x509.signature_algorithm();
const x509::date_t& valid_from = x509.valid_from();
const x509::date_t& valid_to = x509.valid_to();
this->node_["valid_from"] = x509.valid_from();
this->node_["valid_to"] = x509.valid_to();
}
void JsonVisitor::visit(const SignerInfo& signerinfo) {
JsonVisitor authenticated_attributes_visitor;
authenticated_attributes_visitor(signerinfo.authenticated_attributes());
this->node_["version"] = signerinfo.version();
this->node_["digest_algorithm"] = signerinfo.digest_algorithm();
this->node_["signature_algorithm"] = signerinfo.signature_algorithm();
this->node_["authenticated_attributes"] = authenticated_attributes_visitor.get();
const issuer_t& issuer = signerinfo.issuer();
std::string issuer_str = std::accumulate(
std::begin(std::get<0>(issuer)),
std::end(std::get<0>(issuer)),
std::string(""),
[] (std::string lhs, const std::pair<std::string, std::string>& p) {
std::string s = oid_to_string(std::get<0>(p)) + std::string("=") + std::get<1>(p);
return lhs.empty() ? s : lhs + " " + s;
});
this->node_["issuer"] = issuer_str;
}
void JsonVisitor::visit(const ContentInfo& contentinfo) {
this->node_["content_type"] = contentinfo.content_type();
this->node_["type"] = contentinfo.type();
this->node_["digest_algorithm"] = contentinfo.digest_algorithm();
}
void JsonVisitor::visit(const AuthenticatedAttributes& auth) {
this->node_["content_type"] = auth.content_type();
this->node_["program_name"] = u16tou8(auth.program_name());
this->node_["url"] = auth.more_info();
this->node_["message_digest"] = auth.message_digest();
}
// LIEF Abstract
void JsonVisitor::visit(const LIEF::Binary& binary) {
// It should be a ELF::Binary so we don't catch "std::bad_cast"
this->visit(*dynamic_cast<const LIEF::PE::Binary*>(&binary));
}
void JsonVisitor::visit(const LIEF::Symbol& symbol) {
// It should be a ELF::Binary so we don't catch "std::bad_cast"
this->visit(*dynamic_cast<const LIEF::PE::Symbol*>(&symbol));
}
void JsonVisitor::visit(const LIEF::Section& section) {
// It should be a ELF::Binary so we don't catch "std::bad_cast"
this->visit(*dynamic_cast<const LIEF::PE::Section*>(&section));
}
} // namespace PE
} // namespace LIEF