mirror of
https://github.com/QuasarApp/pe-parse.git
synced 2025-05-07 17:19:33 +00:00
.
This commit is contained in:
Andrew
parent
faf770c598
commit
91118152c2
@ -82,7 +82,7 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
||||
//split buffer inclusively from from to to by offset
|
||||
bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
||||
//safety checks
|
||||
if(to < from || to >= b->bufLen) {
|
||||
if(to < from || to > b->bufLen) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -94,9 +94,8 @@ bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
||||
}
|
||||
|
||||
newBuff->copy = true;
|
||||
::uint8_t *newPtr = b->buf+from;
|
||||
newBuff->buf = newPtr;
|
||||
newBuff->bufLen = b->bufLen-(to-from);
|
||||
newBuff->buf = b->buf+from;
|
||||
newBuff->bufLen = (to-from);
|
||||
|
||||
return newBuff;
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@
|
||||
|
||||
//some constant definitions
|
||||
const boost::uint16_t MZ_MAGIC = 0x5A4D;
|
||||
const boost::uint32_t NT_MAGIC = 0x00004550;
|
||||
const boost::uint16_t NUM_DIR_ENTRIES = 16;
|
||||
|
||||
struct dos_header {
|
||||
|
||||
@ -26,11 +26,42 @@ list<section> getSections(bounded_buffer *file) {
|
||||
return sections;
|
||||
}
|
||||
|
||||
bool readOptionalHeader(bounded_buffer *b, optional_header_32 &header) {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool readFileHeader(bounded_buffer *b, file_header &header) {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool readNtHeader(bounded_buffer *b, nt_header_32 &header) {
|
||||
if(b == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
||||
::uint32_t pe_magic;
|
||||
::uint32_t curOffset =0;
|
||||
if(readDword(b, curOffset, pe_magic) == false || pe_magic != NT_MAGIC) {
|
||||
return false;
|
||||
}
|
||||
|
||||
header.Signature = pe_magic;
|
||||
bounded_buffer *fhb =
|
||||
splitBuffer(b, _offset(nt_header_32, FileHeader), b->bufLen);
|
||||
|
||||
if(readFileHeader(fhb, header.FileHeader) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
bounded_buffer *ohb =
|
||||
splitBuffer(b, _offset(nt_header_32, OptionalHeader), b->bufLen);
|
||||
|
||||
if(readOptionalHeader(ohb, header.OptionalHeader) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -51,15 +82,14 @@ bool getHeader(bounded_buffer *file) {
|
||||
|
||||
//read the offset to the NT headers
|
||||
::uint32_t offset;
|
||||
curOffset = _offset(dos_header, e_lfanew)+curOffset;
|
||||
if(readDword(file, curOffset, offset) == false) {
|
||||
if(readDword(file, _offset(dos_header, e_lfanew), offset) == false) {
|
||||
return false;
|
||||
}
|
||||
curOffset += offset;
|
||||
|
||||
//now, we can read out the fields of the NT headers
|
||||
nt_header_32 nt;
|
||||
if(readNtHeader(splitBuffer(file, curOffset, file->bufLen-1), nt) == false) {
|
||||
if(readNtHeader(splitBuffer(file, curOffset, file->bufLen), nt) == false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user