mirror of
https://github.com/QuasarApp/pe-parse.git
synced 2025-05-03 15:39:33 +00:00
.
This commit is contained in:
Andrew
parent
4a2eb58e82
commit
166dd4e8df
parser-library
@ -66,6 +66,7 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
||||
|
||||
memset(p->buf, 0, fileSize);
|
||||
p->bufLen = fileSize;
|
||||
p->copy = false;
|
||||
|
||||
inFile.seekg(0, ios::beg);
|
||||
inFile.read((char *)p->buf, fileSize);
|
||||
@ -89,6 +90,8 @@ bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
newBuff->copy = true;
|
||||
|
||||
::uint8_t *curPtr = b->buf;
|
||||
::uint8_t *newPtr = curPtr+from;
|
||||
|
||||
@ -96,6 +99,10 @@ bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
||||
}
|
||||
|
||||
void deleteBuffer(bounded_buffer *b) {
|
||||
free(b->buf);
|
||||
if(b->copy == false) {
|
||||
free(b->buf);
|
||||
}
|
||||
|
||||
delete b;
|
||||
}
|
||||
|
||||
|
||||
@ -6,13 +6,25 @@ using namespace std;
|
||||
struct section {
|
||||
string sectionName;
|
||||
RVA sectionBase;
|
||||
bounded_buffer *sectionData;
|
||||
bounded_buffer sectionData;
|
||||
};
|
||||
|
||||
struct parsed_pe_internal {
|
||||
list<section> secs;
|
||||
list<section> secs;
|
||||
};
|
||||
|
||||
list<section> getSections(bounded_buffer *file) {
|
||||
list<section> sections;
|
||||
|
||||
return sections;
|
||||
}
|
||||
|
||||
pe_header getHeader(bounded_buffer *file) {
|
||||
pe_header p;
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
parsed_pe *ParsePEFromFile(const char *filePath) {
|
||||
//first, create a new parsed_pe structure
|
||||
parsed_pe *p = new parsed_pe();
|
||||
@ -37,13 +49,16 @@ parsed_pe *ParsePEFromFile(const char *filePath) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
//now, we need to do some actual PE parsing and file carving. sigh.
|
||||
//now, we need to do some actual PE parsing and file carving.
|
||||
p->peHeader = getHeader(p->fileBuffer);
|
||||
p->internal->secs = getSections(p->fileBuffer);
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
void DestructParsedPE(parsed_pe *p) {
|
||||
|
||||
delete p;
|
||||
return;
|
||||
}
|
||||
|
||||
@ -74,7 +89,7 @@ void IterSec(parsed_pe *pe, iterSec cb, void *cbd) {
|
||||
++sit)
|
||||
{
|
||||
section s = *sit;
|
||||
cb(cbd, s.sectionBase, s.sectionName, s.sectionData);
|
||||
cb(cbd, s.sectionBase, s.sectionName, &s.sectionData);
|
||||
}
|
||||
|
||||
return;
|
||||
|
||||
@ -10,6 +10,7 @@ typedef boost::uint32_t RVA;
|
||||
typedef struct _bounded_buffer {
|
||||
boost::uint8_t *buf;
|
||||
boost::uint32_t bufLen;
|
||||
bool copy;
|
||||
} bounded_buffer;
|
||||
|
||||
bool readByte(bounded_buffer *b, boost::uint32_t offset, boost::uint8_t &out);
|
||||
@ -22,10 +23,15 @@ void deleteBuffer(bounded_buffer *b);
|
||||
|
||||
struct parsed_pe_internal;
|
||||
|
||||
typedef struct _pe_header {
|
||||
RVA entryPoint;
|
||||
bounded_buffer headerData;
|
||||
} pe_header;
|
||||
|
||||
typedef struct _parsed_pe {
|
||||
std::string originalFilePath;
|
||||
bounded_buffer *fileBuffer;
|
||||
parsed_pe_internal *internal;
|
||||
pe_header peHeader;
|
||||
} parsed_pe;
|
||||
|
||||
//get a PE parse context from a file
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user