pretty-printing meta-programming

2025-05-07 17:19:33 +00:00 · 2013-07-26 09:36:05 -04:00 · 2013-07-26 09:36:05 -04:00 · 240928b373
commit 240928b373
parent f84bffdebe
3 changed files with 33 additions and 8 deletions
--- a/dump-prog/dump.cpp
+++ b/dump-prog/dump.cpp
@ -23,9 +23,19 @@ THE SOFTWARE.
 */

 #include <iostream>
+#include <sstream>
 #include "parse.h"

 using namespace std;
+using namespace boost;
+
+template <class T>
+static
+string to_string(T t, ios_base & (*f)(ios_base&)) {
+    ostringstream oss;
+    oss << f << t;
+    return oss.str();
+}

 void printImports(void *N, RVA  impAddr, string &impName) {

@ -43,6 +53,21 @@ int main(int argc, char *argv[]) {

    if(p != NULL) {
      //print out some things
+#define DUMP_FIELD(x) \
+      cout << "" #x << ": "; \
+      cout << to_string<uint32_t>(p->peHeader.x, hex) << endl;
+
+      DUMP_FIELD(nt.Signature);
+      DUMP_FIELD(nt.FileHeader.Machine);
+      DUMP_FIELD(nt.FileHeader.NumberOfSections);
+      DUMP_FIELD(nt.FileHeader.TimeDateStamp);
+      DUMP_FIELD(nt.FileHeader.PointerToSymbolTable);
+      DUMP_FIELD(nt.FileHeader.NumberOfSymbols);
+      DUMP_FIELD(nt.FileHeader.SizeOfOptionalHeader);
+      DUMP_FIELD(nt.FileHeader.Characteristics);
+     
+#undef DUMP_FIELD
+
      IterImpRVAString(p, printImports, NULL);
      IterRelocs(p, printRelocs, NULL);

--- a/parser-library/parse.cpp
+++ b/parser-library/parse.cpp
@ -174,9 +174,7 @@ bool readNtHeader(bounded_buffer *b, nt_header_32 &header) {
  return true;
 }

-bool getHeader(bounded_buffer *file) {
-  pe_header p;
-
+bool getHeader(bounded_buffer *file, pe_header &p) {
  if(file == NULL) {
    return false;
  }
@ -197,11 +195,12 @@ bool getHeader(bounded_buffer *file) {
  curOffset += offset; 

  //now, we can read out the fields of the NT headers
-  nt_header_32 nt;
-  if(readNtHeader(splitBuffer(file, curOffset, file->bufLen), nt) == false) {
+  if(readNtHeader(splitBuffer(file, curOffset, file->bufLen), p.nt) == false) {
    return false;
  }

+  //and done, headers populated
+
  return true;
 }

@ -232,7 +231,7 @@ parsed_pe *ParsePEFromFile(const char *filePath) {
  //now, we need to do some actual PE parsing and file carving.

  //get header information
-  if(getHeader(p->fileBuffer) == false) {
+  if(getHeader(p->fileBuffer, p->peHeader) == false) {
    deleteBuffer(p->fileBuffer);
    delete p;
    return NULL;
--- a/parser-library/parse.h
+++ b/parser-library/parse.h
@ -27,6 +27,8 @@ THE SOFTWARE.
 #include <string>
 #include <boost/cstdint.hpp>

+#include "nt-headers.h"
+
 typedef boost::uint32_t RVA;

 typedef struct _bounded_buffer {
@ -46,8 +48,7 @@ void deleteBuffer(bounded_buffer *b);
 struct parsed_pe_internal;

 typedef struct _pe_header {
-  RVA             entryPoint;
-  bounded_buffer  headerData;
+  nt_header_32  nt;
 } pe_header;

 typedef struct _parsed_pe {