QuasarApp/pe-parse
4
0
Fork 0
mirror of https://github.com/QuasarApp/pe-parse.git synced 2025-05-08 09:39:34 +00:00
Code Issues Projects Releases Wiki Activity

some definitions

Browse Source
This commit is contained in:
Andrew 2013-07-26 17:12:47 -04:00
parent 214b9c0329
commit 3e1b2ea8d2
3 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
parser-library/nt-headers.h
View File

@ -36,6 +36,21 @@ const boost::uint32_t NT_MAGIC = 0x00004550;
const boost::uint16_t NUM_DIR_ENTRIES = 16; const boost::uint16_t NUM_DIR_ENTRIES = 16;
const boost::uint16_t NT_OPTIONAL_32_MAGIC = 0x10B; const boost::uint16_t NT_OPTIONAL_32_MAGIC = 0x10B;
const boost::uint16_t NT_SHORT_NAME_LEN = 8; const boost::uint16_t NT_SHORT_NAME_LEN = 8;
const boost::uint16_t DIR_EXPORT = 0;
const boost::uint16_t DIR_IMPORT = 1;
const boost::uint16_t DIR_RESOURCE = 2;
const boost::uint16_t DIR_EXCEPTION = 3;
const boost::uint16_t DIR_SECURITY = 4;
const boost::uint16_t DIR_BASERELOC = 5;
const boost::uint16_t DIR_DEBUG = 6;
const boost::uint16_t DIR_ARCHITECTURE = 7;
const boost::uint16_t DIR_GLOBALPTR = 8;
const boost::uint16_t DIR_TLS = 9;
const boost::uint16_t DIR_LOAD_CONFIG = 10;
const boost::uint16_t DIR_BOUND_IMPORT = 11;
const boost::uint16_t DIR_IAT = 12;
const boost::uint16_t DIR_DELAY_IMPORT = 13;
const boost::uint16_t DIR_COM_DESCRIPTOR = 14;
struct dos_header { struct dos_header {
boost::uint16_t e_magic; boost::uint16_t e_magic;

9
parser-library/parse.cpp
View File

@ -36,6 +36,12 @@ struct section {
image_section_header sec; image_section_header sec;
}; };
struct exportent {
RVA exportAddr;
string symbolName;
string moduleName;
};
struct reloc { struct reloc {
RVA shiftedAddr; RVA shiftedAddr;
RVA shiftedTo; RVA shiftedTo;
@ -43,6 +49,7 @@ struct reloc {
struct parsed_pe_internal { struct parsed_pe_internal {
list<section> secs; list<section> secs;
list<exportent> exports;
}; };
bool getSections( bounded_buffer *b, bool getSections( bounded_buffer *b,
@ -301,8 +308,6 @@ parsed_pe *ParsePEFromFile(const char *filePath) {
return NULL; return NULL;
} }
//now, we need to do some actual PE parsing and file carving.
//get header information //get header information
bounded_buffer *remaining = NULL; bounded_buffer *remaining = NULL;
if(getHeader(p->fileBuffer, p->peHeader, remaining) == false) { if(getHeader(p->fileBuffer, p->peHeader, remaining) == false) {

4
parser-library/parse.h
View File

@ -71,8 +71,8 @@ void IterImpRVAString(parsed_pe *pe, iterRVAStr cb, void *cbd);
typedef void (*iterReloc)(void *, RVA); typedef void (*iterReloc)(void *, RVA);
void IterRelocs(parsed_pe *pe, iterReloc cb, void *cbd); void IterRelocs(parsed_pe *pe, iterReloc cb, void *cbd);
//iterate over the exports by RVA //iterate over the exports
typedef void (*iterRVA)(void *, RVA); typedef void (*iterRVA)(void *, RVA, std::string &, std::string &);
void IterExpRVA(parsed_pe *pe, iterRVA cb, void *cbd); void IterExpRVA(parsed_pe *pe, iterRVA cb, void *cbd);
//iterate over sections //iterate over sections