From 166dd4e8dfce09152617f40b53022cfb84bb5a16 Mon Sep 17 00:00:00 2001 From: Andrew Date: Wed, 24 Jul 2013 19:15:53 -0400 Subject: [PATCH] . --- parser-library/buffer.cpp | 9 ++++++++- parser-library/parse.cpp | 23 +++++++++++++++++++---- parser-library/parse.h | 8 +++++++- 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/parser-library/buffer.cpp b/parser-library/buffer.cpp index 9eee5e6..d42b47f 100644 --- a/parser-library/buffer.cpp +++ b/parser-library/buffer.cpp @@ -66,6 +66,7 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) { memset(p->buf, 0, fileSize); p->bufLen = fileSize; + p->copy = false; inFile.seekg(0, ios::beg); inFile.read((char *)p->buf, fileSize); @@ -89,6 +90,8 @@ bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) { return NULL; } + newBuff->copy = true; + ::uint8_t *curPtr = b->buf; ::uint8_t *newPtr = curPtr+from; @@ -96,6 +99,10 @@ bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) { } void deleteBuffer(bounded_buffer *b) { - free(b->buf); + if(b->copy == false) { + free(b->buf); + } + delete b; } + diff --git a/parser-library/parse.cpp b/parser-library/parse.cpp index dbe536e..5e3ab41 100644 --- a/parser-library/parse.cpp +++ b/parser-library/parse.cpp @@ -6,13 +6,25 @@ using namespace std; struct section { string sectionName; RVA sectionBase; - bounded_buffer *sectionData; + bounded_buffer sectionData; }; struct parsed_pe_internal { - list
secs; + list
secs; }; +list
getSections(bounded_buffer *file) { + list
sections; + + return sections; +} + +pe_header getHeader(bounded_buffer *file) { + pe_header p; + + return p; +} + parsed_pe *ParsePEFromFile(const char *filePath) { //first, create a new parsed_pe structure parsed_pe *p = new parsed_pe(); @@ -37,13 +49,16 @@ parsed_pe *ParsePEFromFile(const char *filePath) { return NULL; } - //now, we need to do some actual PE parsing and file carving. sigh. + //now, we need to do some actual PE parsing and file carving. + p->peHeader = getHeader(p->fileBuffer); + p->internal->secs = getSections(p->fileBuffer); return p; } void DestructParsedPE(parsed_pe *p) { + delete p; return; } @@ -74,7 +89,7 @@ void IterSec(parsed_pe *pe, iterSec cb, void *cbd) { ++sit) { section s = *sit; - cb(cbd, s.sectionBase, s.sectionName, s.sectionData); + cb(cbd, s.sectionBase, s.sectionName, &s.sectionData); } return; diff --git a/parser-library/parse.h b/parser-library/parse.h index ad7f793..a2d4c61 100644 --- a/parser-library/parse.h +++ b/parser-library/parse.h @@ -10,6 +10,7 @@ typedef boost::uint32_t RVA; typedef struct _bounded_buffer { boost::uint8_t *buf; boost::uint32_t bufLen; + bool copy; } bounded_buffer; bool readByte(bounded_buffer *b, boost::uint32_t offset, boost::uint8_t &out); @@ -22,10 +23,15 @@ void deleteBuffer(bounded_buffer *b); struct parsed_pe_internal; +typedef struct _pe_header { + RVA entryPoint; + bounded_buffer headerData; +} pe_header; + typedef struct _parsed_pe { - std::string originalFilePath; bounded_buffer *fileBuffer; parsed_pe_internal *internal; + pe_header peHeader; } parsed_pe; //get a PE parse context from a file