.

2025-04-26 20:34:31 +00:00 · 2013-07-24 18:32:56 -04:00 · 2013-07-24 18:32:56 -04:00 · 20aee7ccb9
commit 20aee7ccb9
parent 50ff629e28
3 changed files with 71 additions and 3 deletions
--- a/parser-library/buffer.cpp
+++ b/parser-library/buffer.cpp
@ -3,7 +3,14 @@
 using namespace boost;

 bool readByte(bounded_buffer *b, ::uint32_t offset, ::uint8_t &out) {
-  return false;
+  if(offset >= b->bufLen) {
+    return false;
+  }
+
+  ::uint8_t *tmp = (b->bufBegin+offset);
+  out = *tmp;
+
+  return true;
 }

 bool readWord(bounded_buffer *b, ::uint32_t offset, ::uint16_t &out) {
@ -13,3 +20,25 @@ bool readWord(bounded_buffer *b, ::uint32_t offset, ::uint16_t &out) {
 bool readDword(bounded_buffer *b, ::uint32_t offset, ::uint32_t &out) {
  return false;
 }
+
+bounded_buffer *readFileToFileBuffer(const char *filePath) {
+  return NULL;
+}
+
+//split buffer inclusively from from to to by offset
+bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
+  //safety checks
+  
+  //make a new buffer
+  bounded_buffer  *newBuff = new bounded_buffer();
+
+  if(newBuff == NULL) {
+    return NULL;
+  }
+
+  ::uint8_t   *curPtr = b->bufBegin;
+  ::uint8_t   *newPtr = curPtr+from;
+
+  return newBuff;
+}
+
--- a/parser-library/parse.cpp
+++ b/parser-library/parse.cpp
@ -1,10 +1,46 @@
 #include "parse.h"

 parsed_pe *ParsePEFromFile(const char *filePath) {
-  return NULL;
+  //first, create a new parsed_pe structure
+  parsed_pe *p = new parsed_pe();
+
+  if(p == NULL) {
+    return NULL;
+  }
+
+  //make a new buffer object to hold just our file data 
+  p->fileBuffer = readFileToFileBuffer(filePath);
+
+  //now, we need to do some actual PE parsing and file carving. sigh. 
+
+  return p;
 }

 void DestructParsedPE(parsed_pe *p) {

  return;
 }
+
+//iterate over the imports by RVA and string
+void IterImpRVAString(parsed_pe *pe, iterRVAStr cb, void *cbd) {
+
+  return;
+}
+
+//iterate over relocations in the PE file
+void IterRelocs(parsed_pe *pe, iterReloc cb, void *cbd) {
+
+  return;
+}
+
+//iterate over the exports by RVA
+void IterExpRVA(parsed_pe *pe, iterRVA cb, void *cbd) {
+
+  return;
+}
+
+//iterate over sections
+void IterSec(parsed_pe *pe, iterSec cb, void *cbd) {
+
+  return;
+}
--- a/parser-library/parse.h
+++ b/parser-library/parse.h
@ -16,8 +16,11 @@ bool readByte(bounded_buffer *b, boost::uint32_t offset, boost::uint8_t &out);
 bool readWord(bounded_buffer *b, boost::uint32_t offset, boost::uint16_t &out);
 bool readDword(bounded_buffer *b, boost::uint32_t offset, boost::uint32_t &out);

+bounded_buffer *readFileToFileBuffer(const char *filePath);
+
 typedef struct _parsed_pe {
-  std::string originalFilePath;
+  std::string     originalFilePath;
+  bounded_buffer  *fileBuffer;
 } parsed_pe;

 //get a PE parse context from a file