mirror of
https://github.com/QuasarApp/pe-parse.git
synced 2025-05-07 09:09:33 +00:00
Added clang-format spec - issue #35
This commit is contained in:
Jozef Kolek
parent
e3f63e11cb
commit
cb2fd5736f
19
.clang-format
Normal file
19
.clang-format
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
AlignEscapedNewlinesLeft: true
|
||||||
|
AllowShortFunctionsOnASingleLine: false
|
||||||
|
BinPackArguments: false
|
||||||
|
BinPackParameters: false
|
||||||
|
BreakBeforeBraces: Attach
|
||||||
|
ColumnLimit: 80
|
||||||
|
IndentCaseLabels: true
|
||||||
|
IndentWidth: 2
|
||||||
|
Language: Cpp
|
||||||
|
PointerAlignment: Right
|
||||||
|
SpaceAfterCStyleCast: true
|
||||||
|
SpaceBeforeAssignmentOperators: true
|
||||||
|
SpaceBeforeParens: ControlStatements
|
||||||
|
SpaceInEmptyParentheses: false
|
||||||
|
SpacesInCStyleCastParentheses: false
|
||||||
|
SpacesInParentheses: false
|
||||||
|
Standard: Cpp11
|
||||||
|
TabWidth: 2
|
||||||
|
UseTab: Never
|
||||||
@ -22,9 +22,9 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|||||||
THE SOFTWARE.
|
THE SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include "parse.h"
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <sstream>
|
#include <sstream>
|
||||||
#include "parse.h"
|
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
using namespace peparse;
|
using namespace peparse;
|
||||||
@ -49,7 +49,7 @@ int printImports(void *N, VA impAddr, string &modName, string &symName) {
|
|||||||
|
|
||||||
int printRelocs(void *N, VA relocAddr, reloc_type type) {
|
int printRelocs(void *N, VA relocAddr, reloc_type type) {
|
||||||
cout << "TYPE: ";
|
cout << "TYPE: ";
|
||||||
switch(type) {
|
switch (type) {
|
||||||
case ABSOLUTE:
|
case ABSOLUTE:
|
||||||
cout << "ABSOLUTE";
|
cout << "ABSOLUTE";
|
||||||
break;
|
break;
|
||||||
@ -78,11 +78,15 @@ int printRelocs(void *N, VA relocAddr, reloc_type type) {
|
|||||||
|
|
||||||
cout << " VA: 0x" << to_string<VA>(relocAddr, hex) << endl;
|
cout << " VA: 0x" << to_string<VA>(relocAddr, hex) << endl;
|
||||||
|
|
||||||
return 0 ;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int printSymbols(void *N, std::string &strName, uint32_t &value,
|
int printSymbols(void *N,
|
||||||
int16_t §ionNumber, uint16_t &type, uint8_t &storageClass,
|
std::string &strName,
|
||||||
|
uint32_t &value,
|
||||||
|
int16_t §ionNumber,
|
||||||
|
uint16_t &type,
|
||||||
|
uint8_t &storageClass,
|
||||||
uint8_t &numberOfAuxSymbols) {
|
uint8_t &numberOfAuxSymbols) {
|
||||||
cout << "Symbol Name: " << strName << endl;
|
cout << "Symbol Name: " << strName << endl;
|
||||||
cout << "Symbol Value: 0x" << to_string<uint32_t>(value, hex) << endl;
|
cout << "Symbol Value: 0x" << to_string<uint32_t>(value, hex) << endl;
|
||||||
@ -192,14 +196,13 @@ int printSymbols(void *N, std::string &strName, uint32_t &value,
|
|||||||
}
|
}
|
||||||
cout << endl;
|
cout << endl;
|
||||||
|
|
||||||
cout << "Symbol Number of Aux Symbols: " << (uint32_t) numberOfAuxSymbols << endl;
|
cout << "Symbol Number of Aux Symbols: " << (uint32_t) numberOfAuxSymbols
|
||||||
|
<< endl;
|
||||||
|
|
||||||
return 0 ;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int printRsrc(void *N,
|
int printRsrc(void *N, resource r) {
|
||||||
resource r)
|
|
||||||
{
|
|
||||||
if (r.type_str.length())
|
if (r.type_str.length())
|
||||||
cout << "Type (string): " << r.type_str << endl;
|
cout << "Type (string): " << r.type_str << endl;
|
||||||
else
|
else
|
||||||
@ -218,12 +221,11 @@ int printRsrc(void *N,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int printSecs(void *N,
|
int printSecs(void *N,
|
||||||
VA secBase,
|
VA secBase,
|
||||||
string &secName,
|
string &secName,
|
||||||
image_section_header s,
|
image_section_header s,
|
||||||
bounded_buffer *data)
|
bounded_buffer *data) {
|
||||||
{
|
|
||||||
cout << "Sec Name: " << secName << endl;
|
cout << "Sec Name: " << secName << endl;
|
||||||
cout << "Sec Base: 0x" << to_string<uint64_t>(secBase, hex) << endl;
|
cout << "Sec Base: 0x" << to_string<uint64_t>(secBase, hex) << endl;
|
||||||
if (data)
|
if (data)
|
||||||
@ -234,17 +236,17 @@ int printSecs(void *N,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int main(int argc, char *argv[]) {
|
int main(int argc, char *argv[]) {
|
||||||
if(argc == 2) {
|
if (argc == 2) {
|
||||||
parsed_pe *p = ParsePEFromFile(argv[1]);
|
parsed_pe *p = ParsePEFromFile(argv[1]);
|
||||||
|
|
||||||
if(p != NULL) {
|
if (p != NULL) {
|
||||||
//print out some things
|
// print out some things
|
||||||
#define DUMP_FIELD(x) \
|
#define DUMP_FIELD(x) \
|
||||||
cout << "" #x << ": 0x"; \
|
cout << "" #x << ": 0x"; \
|
||||||
cout << to_string<uint32_t>(p->peHeader.nt.x, hex) << endl;
|
cout << to_string<uint32_t>(p->peHeader.nt.x, hex) << endl;
|
||||||
#define DUMP_DEC_FIELD(x) \
|
#define DUMP_DEC_FIELD(x) \
|
||||||
cout << "" #x << ": "; \
|
cout << "" #x << ": "; \
|
||||||
cout << to_string<uint32_t>(p->peHeader.nt.x, dec) << endl;
|
cout << to_string<uint32_t>(p->peHeader.nt.x, dec) << endl;
|
||||||
|
|
||||||
DUMP_FIELD(Signature);
|
DUMP_FIELD(Signature);
|
||||||
DUMP_FIELD(FileHeader.Machine);
|
DUMP_FIELD(FileHeader.Machine);
|
||||||
@ -323,16 +325,16 @@ int main(int argc, char *argv[]) {
|
|||||||
cout << "Exports: " << endl;
|
cout << "Exports: " << endl;
|
||||||
IterExpVA(p, printExps, NULL);
|
IterExpVA(p, printExps, NULL);
|
||||||
|
|
||||||
//read the first 8 bytes from the entry point and print them
|
// read the first 8 bytes from the entry point and print them
|
||||||
VA entryPoint;
|
VA entryPoint;
|
||||||
if(GetEntryPoint(p, entryPoint)) {
|
if (GetEntryPoint(p, entryPoint)) {
|
||||||
cout << "First 8 bytes from entry point (0x";
|
cout << "First 8 bytes from entry point (0x";
|
||||||
|
|
||||||
cout << to_string<VA>(entryPoint, hex);
|
cout << to_string<VA>(entryPoint, hex);
|
||||||
cout << "):" << endl;
|
cout << "):" << endl;
|
||||||
for(int i = 0; i < 8; i++) {
|
for (int i = 0; i < 8; i++) {
|
||||||
::uint8_t b;
|
::uint8_t b;
|
||||||
ReadByteAtVA(p, i+entryPoint, b);
|
ReadByteAtVA(p, i + entryPoint, b);
|
||||||
cout << " 0x" << to_string<uint32_t>(b, hex);
|
cout << " 0x" << to_string<uint32_t>(b, hex);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -342,9 +344,9 @@ int main(int argc, char *argv[]) {
|
|||||||
cout << "Resources: " << endl;
|
cout << "Resources: " << endl;
|
||||||
IterRsrc(p, printRsrc, NULL);
|
IterRsrc(p, printRsrc, NULL);
|
||||||
DestructParsedPE(p);
|
DestructParsedPE(p);
|
||||||
}
|
} else {
|
||||||
else {
|
cout << "Error: " << GetPEErr() << " (" << GetPEErrString() << ")"
|
||||||
cout << "Error: " << GetPEErr() << " (" << GetPEErrString() << ")" << endl;
|
<< endl;
|
||||||
cout << "Location: " << GetPEErrLoc() << endl;
|
cout << "Location: " << GetPEErrLoc() << endl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -22,17 +22,17 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|||||||
THE SOFTWARE.
|
THE SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include "parse.h"
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "parse.h"
|
|
||||||
|
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#else
|
#else
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <sys/mman.h>
|
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
#include <sys/stat.h>
|
||||||
|
#include <sys/types.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -45,71 +45,71 @@ extern ::string err_loc;
|
|||||||
|
|
||||||
struct buffer_detail {
|
struct buffer_detail {
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
HANDLE file;
|
HANDLE file;
|
||||||
HANDLE sec;
|
HANDLE sec;
|
||||||
#else
|
#else
|
||||||
int fd;
|
int fd;
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
bool readByte(bounded_buffer *b, ::uint32_t offset, ::uint8_t &out) {
|
bool readByte(bounded_buffer *b, ::uint32_t offset, ::uint8_t &out) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(offset >= b->bufLen) {
|
if (offset >= b->bufLen) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
::uint8_t *tmp = (b->buf+offset);
|
::uint8_t *tmp = (b->buf + offset);
|
||||||
out = *tmp;
|
out = *tmp;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: perform endian swap as needed
|
// TODO: perform endian swap as needed
|
||||||
bool readWord(bounded_buffer *b, ::uint32_t offset, ::uint16_t &out) {
|
bool readWord(bounded_buffer *b, ::uint32_t offset, ::uint16_t &out) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(offset >= b->bufLen) {
|
if (offset >= b->bufLen) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
::uint16_t *tmp = reinterpret_cast<uint16_t *>(b->buf+offset);
|
::uint16_t *tmp = reinterpret_cast<uint16_t *>(b->buf + offset);
|
||||||
out = *tmp;
|
out = *tmp;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: perform endian swap as needed
|
// TODO: perform endian swap as needed
|
||||||
bool readDword(bounded_buffer *b, ::uint32_t offset, ::uint32_t &out) {
|
bool readDword(bounded_buffer *b, ::uint32_t offset, ::uint32_t &out) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(offset >= b->bufLen) {
|
if (offset >= b->bufLen) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
::uint32_t *tmp = reinterpret_cast<uint32_t *>(b->buf+offset);
|
::uint32_t *tmp = reinterpret_cast<uint32_t *>(b->buf + offset);
|
||||||
out = *tmp;
|
out = *tmp;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
//TODO: perform endian swap as needed
|
// TODO: perform endian swap as needed
|
||||||
bool readQword(bounded_buffer *b, ::uint32_t offset, ::uint64_t &out) {
|
bool readQword(bounded_buffer *b, ::uint32_t offset, ::uint64_t &out) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(offset >= b->bufLen) {
|
if (offset >= b->bufLen) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
::uint64_t *tmp = reinterpret_cast<uint64_t *>(b->buf+offset);
|
::uint64_t *tmp = reinterpret_cast<uint64_t *>(b->buf + offset);
|
||||||
out = *tmp;
|
out = *tmp;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
@ -117,46 +117,46 @@ bool readQword(bounded_buffer *b, ::uint32_t offset, ::uint64_t &out) {
|
|||||||
|
|
||||||
bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
HANDLE h = CreateFileA(filePath,
|
HANDLE h = CreateFileA(filePath,
|
||||||
GENERIC_READ,
|
GENERIC_READ,
|
||||||
FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
|
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
|
||||||
nullptr,
|
nullptr,
|
||||||
OPEN_EXISTING,
|
OPEN_EXISTING,
|
||||||
FILE_ATTRIBUTE_NORMAL,
|
FILE_ATTRIBUTE_NORMAL,
|
||||||
nullptr);
|
nullptr);
|
||||||
if(h == INVALID_HANDLE_VALUE) {
|
if (h == INVALID_HANDLE_VALUE) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
DWORD fileSize = GetFileSize(h, nullptr);
|
DWORD fileSize = GetFileSize(h, nullptr);
|
||||||
|
|
||||||
if(fileSize == INVALID_FILE_SIZE) {
|
if (fileSize == INVALID_FILE_SIZE) {
|
||||||
CloseHandle(h);
|
CloseHandle(h);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
#else
|
#else
|
||||||
//only where we have mmap / open / etc
|
// only where we have mmap / open / etc
|
||||||
int fd = open(filePath, O_RDONLY);
|
int fd = open(filePath, O_RDONLY);
|
||||||
|
|
||||||
if(fd == -1) {
|
if (fd == -1) {
|
||||||
PE_ERR(PEERR_OPEN);
|
PE_ERR(PEERR_OPEN);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//make a buffer object
|
// make a buffer object
|
||||||
bounded_buffer *p = new(std::nothrow) bounded_buffer();
|
bounded_buffer *p = new (std::nothrow) bounded_buffer();
|
||||||
|
|
||||||
if(p == nullptr) {
|
if (p == nullptr) {
|
||||||
PE_ERR(PEERR_MEM);
|
PE_ERR(PEERR_MEM);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
memset(p, 0, sizeof(bounded_buffer));
|
memset(p, 0, sizeof(bounded_buffer));
|
||||||
buffer_detail *d = new(std::nothrow) buffer_detail();
|
buffer_detail *d = new (std::nothrow) buffer_detail();
|
||||||
|
|
||||||
if(d == nullptr) {
|
if (d == nullptr) {
|
||||||
delete p;
|
delete p;
|
||||||
PE_ERR(PEERR_MEM);
|
PE_ERR(PEERR_MEM);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
@ -164,13 +164,13 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
|||||||
memset(d, 0, sizeof(buffer_detail));
|
memset(d, 0, sizeof(buffer_detail));
|
||||||
p->detail = d;
|
p->detail = d;
|
||||||
|
|
||||||
//only where we have mmap / open / etc
|
// only where we have mmap / open / etc
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
p->detail->file = h;
|
p->detail->file = h;
|
||||||
|
|
||||||
HANDLE hMap = CreateFileMapping(h, nullptr, PAGE_READONLY, 0, 0, nullptr);
|
HANDLE hMap = CreateFileMapping(h, nullptr, PAGE_READONLY, 0, 0, nullptr);
|
||||||
|
|
||||||
if(hMap == nullptr) {
|
if (hMap == nullptr) {
|
||||||
CloseHandle(h);
|
CloseHandle(h);
|
||||||
PE_ERR(PEERR_MEM);
|
PE_ERR(PEERR_MEM);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
@ -178,14 +178,14 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
|||||||
|
|
||||||
p->detail->sec = hMap;
|
p->detail->sec = hMap;
|
||||||
|
|
||||||
LPVOID ptr = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
|
LPVOID ptr = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
|
||||||
|
|
||||||
if(ptr == nullptr) {
|
if (ptr == nullptr) {
|
||||||
PE_ERR(PEERR_MEM);
|
PE_ERR(PEERR_MEM);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
p->buf = (::uint8_t *)ptr;
|
p->buf = (::uint8_t *) ptr;
|
||||||
p->bufLen = fileSize;
|
p->bufLen = fileSize;
|
||||||
p->copy = false;
|
p->copy = false;
|
||||||
#else
|
#else
|
||||||
@ -193,7 +193,7 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
|||||||
|
|
||||||
struct stat s = {0};
|
struct stat s = {0};
|
||||||
|
|
||||||
if(fstat(fd, &s) != 0) {
|
if (fstat(fd, &s) != 0) {
|
||||||
close(fd);
|
close(fd);
|
||||||
delete d;
|
delete d;
|
||||||
delete p;
|
delete p;
|
||||||
@ -203,7 +203,7 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
|||||||
|
|
||||||
void *maddr = mmap(nullptr, s.st_size, PROT_READ, MAP_SHARED, fd, 0);
|
void *maddr = mmap(nullptr, s.st_size, PROT_READ, MAP_SHARED, fd, 0);
|
||||||
|
|
||||||
if(maddr == MAP_FAILED) {
|
if (maddr == MAP_FAILED) {
|
||||||
close(fd);
|
close(fd);
|
||||||
delete d;
|
delete d;
|
||||||
delete p;
|
delete p;
|
||||||
@ -219,37 +219,37 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
|
|||||||
return p;
|
return p;
|
||||||
}
|
}
|
||||||
|
|
||||||
//split buffer inclusively from from to to by offset
|
// split buffer inclusively from from to to by offset
|
||||||
bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
bounded_buffer *splitBuffer(bounded_buffer *b, ::uint32_t from, ::uint32_t to) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
//safety checks
|
// safety checks
|
||||||
if(to < from || to > b->bufLen) {
|
if (to < from || to > b->bufLen) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
//make a new buffer
|
|
||||||
bounded_buffer *newBuff = new(std::nothrow) bounded_buffer();
|
|
||||||
|
|
||||||
if(newBuff == nullptr) {
|
// make a new buffer
|
||||||
|
bounded_buffer *newBuff = new (std::nothrow) bounded_buffer();
|
||||||
|
|
||||||
|
if (newBuff == nullptr) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
newBuff->copy = true;
|
newBuff->copy = true;
|
||||||
newBuff->buf = b->buf+from;
|
newBuff->buf = b->buf + from;
|
||||||
newBuff->bufLen = (to-from);
|
newBuff->bufLen = (to - from);
|
||||||
|
|
||||||
return newBuff;
|
return newBuff;
|
||||||
}
|
}
|
||||||
|
|
||||||
void deleteBuffer(bounded_buffer *b) {
|
void deleteBuffer(bounded_buffer *b) {
|
||||||
if(b == nullptr) {
|
if (b == nullptr) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!b->copy) {
|
if (!b->copy) {
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
UnmapViewOfFile(b->buf);
|
UnmapViewOfFile(b->buf);
|
||||||
CloseHandle(b->detail->sec);
|
CloseHandle(b->detail->sec);
|
||||||
|
|||||||
@ -26,11 +26,11 @@ THE SOFTWARE.
|
|||||||
#define _NT_HEADERS
|
#define _NT_HEADERS
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
|
|
||||||
#define _offset(t, f) ((std::uint32_t)(ptrdiff_t)&(((t*)0)->f))
|
#define _offset(t, f) ((std::uint32_t)(ptrdiff_t) & (((t *) 0)->f))
|
||||||
|
|
||||||
//need to pack these structure definitions
|
// need to pack these structure definitions
|
||||||
|
|
||||||
//some constant definitions
|
// some constant definitions
|
||||||
namespace peparse {
|
namespace peparse {
|
||||||
const std::uint16_t MZ_MAGIC = 0x5A4D;
|
const std::uint16_t MZ_MAGIC = 0x5A4D;
|
||||||
const std::uint32_t NT_MAGIC = 0x00004550;
|
const std::uint32_t NT_MAGIC = 0x00004550;
|
||||||
@ -57,7 +57,7 @@ const std::uint16_t DIR_COM_DESCRIPTOR = 14;
|
|||||||
|
|
||||||
const std::uint32_t IMAGE_SCN_TYPE_NO_PAD = 0x00000008;
|
const std::uint32_t IMAGE_SCN_TYPE_NO_PAD = 0x00000008;
|
||||||
const std::uint32_t IMAGE_SCN_CNT_CODE = 0x00000020;
|
const std::uint32_t IMAGE_SCN_CNT_CODE = 0x00000020;
|
||||||
const std::uint32_t IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040;
|
const std::uint32_t IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040;
|
||||||
const std::uint32_t IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080;
|
const std::uint32_t IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080;
|
||||||
const std::uint32_t IMAGE_SCN_LNK_OTHER = 0x00000100;
|
const std::uint32_t IMAGE_SCN_LNK_OTHER = 0x00000100;
|
||||||
const std::uint32_t IMAGE_SCN_LNK_INFO = 0x00000200;
|
const std::uint32_t IMAGE_SCN_LNK_INFO = 0x00000200;
|
||||||
@ -151,35 +151,35 @@ const std::uint8_t IMAGE_SYM_CLASS_WEAK_EXTERNAL = 105;
|
|||||||
const std::uint8_t IMAGE_SYM_CLASS_CLR_TOKEN = 107;
|
const std::uint8_t IMAGE_SYM_CLASS_CLR_TOKEN = 107;
|
||||||
|
|
||||||
struct dos_header {
|
struct dos_header {
|
||||||
std::uint16_t e_magic;
|
std::uint16_t e_magic;
|
||||||
std::uint16_t e_cblp;
|
std::uint16_t e_cblp;
|
||||||
std::uint16_t e_cp;
|
std::uint16_t e_cp;
|
||||||
std::uint16_t e_crlc;
|
std::uint16_t e_crlc;
|
||||||
std::uint16_t e_cparhdr;
|
std::uint16_t e_cparhdr;
|
||||||
std::uint16_t e_minalloc;
|
std::uint16_t e_minalloc;
|
||||||
std::uint16_t e_maxalloc;
|
std::uint16_t e_maxalloc;
|
||||||
std::uint16_t e_ss;
|
std::uint16_t e_ss;
|
||||||
std::uint16_t e_sp;
|
std::uint16_t e_sp;
|
||||||
std::uint16_t e_csum;
|
std::uint16_t e_csum;
|
||||||
std::uint16_t e_ip;
|
std::uint16_t e_ip;
|
||||||
std::uint16_t e_cs;
|
std::uint16_t e_cs;
|
||||||
std::uint16_t e_lfarlc;
|
std::uint16_t e_lfarlc;
|
||||||
std::uint16_t e_ovno;
|
std::uint16_t e_ovno;
|
||||||
std::uint16_t e_res[4];
|
std::uint16_t e_res[4];
|
||||||
std::uint16_t e_oemid;
|
std::uint16_t e_oemid;
|
||||||
std::uint16_t e_oeminfo;
|
std::uint16_t e_oeminfo;
|
||||||
std::uint16_t e_res2[10];
|
std::uint16_t e_res2[10];
|
||||||
std::uint32_t e_lfanew;
|
std::uint32_t e_lfanew;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct file_header {
|
struct file_header {
|
||||||
std::uint16_t Machine;
|
std::uint16_t Machine;
|
||||||
std::uint16_t NumberOfSections;
|
std::uint16_t NumberOfSections;
|
||||||
std::uint32_t TimeDateStamp;
|
std::uint32_t TimeDateStamp;
|
||||||
std::uint32_t PointerToSymbolTable;
|
std::uint32_t PointerToSymbolTable;
|
||||||
std::uint32_t NumberOfSymbols;
|
std::uint32_t NumberOfSymbols;
|
||||||
std::uint16_t SizeOfOptionalHeader;
|
std::uint16_t SizeOfOptionalHeader;
|
||||||
std::uint16_t Characteristics;
|
std::uint16_t Characteristics;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct data_directory {
|
struct data_directory {
|
||||||
@ -188,37 +188,37 @@ struct data_directory {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct optional_header_32 {
|
struct optional_header_32 {
|
||||||
std::uint16_t Magic;
|
std::uint16_t Magic;
|
||||||
std::uint8_t MajorLinkerVersion;
|
std::uint8_t MajorLinkerVersion;
|
||||||
std::uint8_t MinorLinkerVersion;
|
std::uint8_t MinorLinkerVersion;
|
||||||
std::uint32_t SizeOfCode;
|
std::uint32_t SizeOfCode;
|
||||||
std::uint32_t SizeOfInitializedData;
|
std::uint32_t SizeOfInitializedData;
|
||||||
std::uint32_t SizeOfUninitializedData;
|
std::uint32_t SizeOfUninitializedData;
|
||||||
std::uint32_t AddressOfEntryPoint;
|
std::uint32_t AddressOfEntryPoint;
|
||||||
std::uint32_t BaseOfCode;
|
std::uint32_t BaseOfCode;
|
||||||
std::uint32_t BaseOfData;
|
std::uint32_t BaseOfData;
|
||||||
std::uint32_t ImageBase;
|
std::uint32_t ImageBase;
|
||||||
std::uint32_t SectionAlignment;
|
std::uint32_t SectionAlignment;
|
||||||
std::uint32_t FileAlignment;
|
std::uint32_t FileAlignment;
|
||||||
std::uint16_t MajorOperatingSystemVersion;
|
std::uint16_t MajorOperatingSystemVersion;
|
||||||
std::uint16_t MinorOperatingSystemVersion;
|
std::uint16_t MinorOperatingSystemVersion;
|
||||||
std::uint16_t MajorImageVersion;
|
std::uint16_t MajorImageVersion;
|
||||||
std::uint16_t MinorImageVersion;
|
std::uint16_t MinorImageVersion;
|
||||||
std::uint16_t MajorSubsystemVersion;
|
std::uint16_t MajorSubsystemVersion;
|
||||||
std::uint16_t MinorSubsystemVersion;
|
std::uint16_t MinorSubsystemVersion;
|
||||||
std::uint32_t Win32VersionValue;
|
std::uint32_t Win32VersionValue;
|
||||||
std::uint32_t SizeOfImage;
|
std::uint32_t SizeOfImage;
|
||||||
std::uint32_t SizeOfHeaders;
|
std::uint32_t SizeOfHeaders;
|
||||||
std::uint32_t CheckSum;
|
std::uint32_t CheckSum;
|
||||||
std::uint16_t Subsystem;
|
std::uint16_t Subsystem;
|
||||||
std::uint16_t DllCharacteristics;
|
std::uint16_t DllCharacteristics;
|
||||||
std::uint32_t SizeOfStackReserve;
|
std::uint32_t SizeOfStackReserve;
|
||||||
std::uint32_t SizeOfStackCommit;
|
std::uint32_t SizeOfStackCommit;
|
||||||
std::uint32_t SizeOfHeapReserve;
|
std::uint32_t SizeOfHeapReserve;
|
||||||
std::uint32_t SizeOfHeapCommit;
|
std::uint32_t SizeOfHeapCommit;
|
||||||
std::uint32_t LoaderFlags;
|
std::uint32_t LoaderFlags;
|
||||||
std::uint32_t NumberOfRvaAndSizes;
|
std::uint32_t NumberOfRvaAndSizes;
|
||||||
data_directory DataDirectory[NUM_DIR_ENTRIES];
|
data_directory DataDirectory[NUM_DIR_ENTRIES];
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -226,44 +226,44 @@ struct optional_header_32 {
|
|||||||
* except some fields don't exist here (BaseOfData), and others are bigger.
|
* except some fields don't exist here (BaseOfData), and others are bigger.
|
||||||
*/
|
*/
|
||||||
struct optional_header_64 {
|
struct optional_header_64 {
|
||||||
std::uint16_t Magic;
|
std::uint16_t Magic;
|
||||||
std::uint8_t MajorLinkerVersion;
|
std::uint8_t MajorLinkerVersion;
|
||||||
std::uint8_t MinorLinkerVersion;
|
std::uint8_t MinorLinkerVersion;
|
||||||
std::uint32_t SizeOfCode;
|
std::uint32_t SizeOfCode;
|
||||||
std::uint32_t SizeOfInitializedData;
|
std::uint32_t SizeOfInitializedData;
|
||||||
std::uint32_t SizeOfUninitializedData;
|
std::uint32_t SizeOfUninitializedData;
|
||||||
std::uint32_t AddressOfEntryPoint;
|
std::uint32_t AddressOfEntryPoint;
|
||||||
std::uint32_t BaseOfCode;
|
std::uint32_t BaseOfCode;
|
||||||
std::uint64_t ImageBase;
|
std::uint64_t ImageBase;
|
||||||
std::uint32_t SectionAlignment;
|
std::uint32_t SectionAlignment;
|
||||||
std::uint32_t FileAlignment;
|
std::uint32_t FileAlignment;
|
||||||
std::uint16_t MajorOperatingSystemVersion;
|
std::uint16_t MajorOperatingSystemVersion;
|
||||||
std::uint16_t MinorOperatingSystemVersion;
|
std::uint16_t MinorOperatingSystemVersion;
|
||||||
std::uint16_t MajorImageVersion;
|
std::uint16_t MajorImageVersion;
|
||||||
std::uint16_t MinorImageVersion;
|
std::uint16_t MinorImageVersion;
|
||||||
std::uint16_t MajorSubsystemVersion;
|
std::uint16_t MajorSubsystemVersion;
|
||||||
std::uint16_t MinorSubsystemVersion;
|
std::uint16_t MinorSubsystemVersion;
|
||||||
std::uint32_t Win32VersionValue;
|
std::uint32_t Win32VersionValue;
|
||||||
std::uint32_t SizeOfImage;
|
std::uint32_t SizeOfImage;
|
||||||
std::uint32_t SizeOfHeaders;
|
std::uint32_t SizeOfHeaders;
|
||||||
std::uint32_t CheckSum;
|
std::uint32_t CheckSum;
|
||||||
std::uint16_t Subsystem;
|
std::uint16_t Subsystem;
|
||||||
std::uint16_t DllCharacteristics;
|
std::uint16_t DllCharacteristics;
|
||||||
std::uint64_t SizeOfStackReserve;
|
std::uint64_t SizeOfStackReserve;
|
||||||
std::uint64_t SizeOfStackCommit;
|
std::uint64_t SizeOfStackCommit;
|
||||||
std::uint64_t SizeOfHeapReserve;
|
std::uint64_t SizeOfHeapReserve;
|
||||||
std::uint64_t SizeOfHeapCommit;
|
std::uint64_t SizeOfHeapCommit;
|
||||||
std::uint32_t LoaderFlags;
|
std::uint32_t LoaderFlags;
|
||||||
std::uint32_t NumberOfRvaAndSizes;
|
std::uint32_t NumberOfRvaAndSizes;
|
||||||
data_directory DataDirectory[NUM_DIR_ENTRIES];
|
data_directory DataDirectory[NUM_DIR_ENTRIES];
|
||||||
};
|
};
|
||||||
|
|
||||||
struct nt_header_32 {
|
struct nt_header_32 {
|
||||||
std::uint32_t Signature;
|
std::uint32_t Signature;
|
||||||
file_header FileHeader;
|
file_header FileHeader;
|
||||||
optional_header_32 OptionalHeader;
|
optional_header_32 OptionalHeader;
|
||||||
optional_header_64 OptionalHeader64;
|
optional_header_64 OptionalHeader64;
|
||||||
std::uint16_t OptionalMagic;
|
std::uint16_t OptionalMagic;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -278,21 +278,17 @@ struct resource_dir_entry_sz {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct resource_dir_entry {
|
struct resource_dir_entry {
|
||||||
inline resource_dir_entry(void)
|
inline resource_dir_entry(void) : ID(0), RVA(0), type(0), name(0), lang(0) {
|
||||||
: ID(0),
|
}
|
||||||
RVA(0),
|
|
||||||
type(0),
|
|
||||||
name(0),
|
|
||||||
lang(0) {}
|
|
||||||
|
|
||||||
std::uint32_t ID;
|
std::uint32_t ID;
|
||||||
std::uint32_t RVA;
|
std::uint32_t RVA;
|
||||||
std::uint32_t type;
|
std::uint32_t type;
|
||||||
std::uint32_t name;
|
std::uint32_t name;
|
||||||
std::uint32_t lang;
|
std::uint32_t lang;
|
||||||
std::string type_str;
|
std::string type_str;
|
||||||
std::string name_str;
|
std::string name_str;
|
||||||
std::string lang_str;
|
std::string lang_str;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct resource_dir_table {
|
struct resource_dir_table {
|
||||||
@ -312,19 +308,19 @@ struct resource_dat_entry {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct image_section_header {
|
struct image_section_header {
|
||||||
std::uint8_t Name[NT_SHORT_NAME_LEN];
|
std::uint8_t Name[NT_SHORT_NAME_LEN];
|
||||||
union {
|
union {
|
||||||
std::uint32_t PhysicalAddress;
|
std::uint32_t PhysicalAddress;
|
||||||
std::uint32_t VirtualSize;
|
std::uint32_t VirtualSize;
|
||||||
} Misc;
|
} Misc;
|
||||||
std::uint32_t VirtualAddress;
|
std::uint32_t VirtualAddress;
|
||||||
std::uint32_t SizeOfRawData;
|
std::uint32_t SizeOfRawData;
|
||||||
std::uint32_t PointerToRawData;
|
std::uint32_t PointerToRawData;
|
||||||
std::uint32_t PointerToRelocations;
|
std::uint32_t PointerToRelocations;
|
||||||
std::uint32_t PointerToLinenumbers;
|
std::uint32_t PointerToLinenumbers;
|
||||||
std::uint16_t NumberOfRelocations;
|
std::uint16_t NumberOfRelocations;
|
||||||
std::uint16_t NumberOfLinenumbers;
|
std::uint16_t NumberOfLinenumbers;
|
||||||
std::uint32_t Characteristics;
|
std::uint32_t Characteristics;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct import_dir_entry {
|
struct import_dir_entry {
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -24,58 +24,57 @@ THE SOFTWARE.
|
|||||||
|
|
||||||
#ifndef _PARSE_H
|
#ifndef _PARSE_H
|
||||||
#define _PARSE_H
|
#define _PARSE_H
|
||||||
#include <string>
|
|
||||||
#include <cstdint>
|
#include <cstdint>
|
||||||
|
#include <string>
|
||||||
|
|
||||||
#include "nt-headers.h"
|
#include "nt-headers.h"
|
||||||
#include "to_string.h"
|
#include "to_string.h"
|
||||||
|
|
||||||
#ifdef _MSC_VER
|
#ifdef _MSC_VER
|
||||||
#define __typeof__(x) std::remove_reference<decltype(x)>::type
|
#define __typeof__(x) std::remove_reference < decltype(x) > ::type
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define PE_ERR(x) \
|
||||||
#define PE_ERR(x) \
|
err = (pe_err) x; \
|
||||||
err = (pe_err) x; \
|
|
||||||
err_loc.assign(__func__); \
|
err_loc.assign(__func__); \
|
||||||
err_loc += ":" + to_string<std::uint32_t>(__LINE__, dec);
|
err_loc += ":" + to_string<std::uint32_t>(__LINE__, dec);
|
||||||
|
|
||||||
#define READ_WORD(b, o, inst, member) \
|
#define READ_WORD(b, o, inst, member) \
|
||||||
if (!readWord(b, o+_offset(__typeof__(inst), member), inst.member)) { \
|
if (!readWord(b, o + _offset(__typeof__(inst), member), inst.member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return false; \
|
return false; \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define READ_DWORD(b, o, inst, member) \
|
#define READ_DWORD(b, o, inst, member) \
|
||||||
if (!readDword(b, o+_offset(__typeof__(inst), member), inst.member)) { \
|
if (!readDword(b, o + _offset(__typeof__(inst), member), inst.member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return false; \
|
return false; \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define READ_QWORD(b, o, inst, member) \
|
#define READ_QWORD(b, o, inst, member) \
|
||||||
if (!readQword(b, o+_offset(__typeof__(inst), member), inst.member)) { \
|
if (!readQword(b, o + _offset(__typeof__(inst), member), inst.member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return false; \
|
return false; \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define READ_DWORD_PTR(b, o, inst, member) \
|
#define READ_DWORD_PTR(b, o, inst, member) \
|
||||||
if (!readDword(b, o+_offset(__typeof__(*inst), member), inst->member)) { \
|
if (!readDword(b, o + _offset(__typeof__(*inst), member), inst->member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return false; \
|
return false; \
|
||||||
}
|
}
|
||||||
|
|
||||||
#define READ_BYTE(b, o, inst, member) \
|
#define READ_BYTE(b, o, inst, member) \
|
||||||
if (!readByte(b, o+_offset(__typeof__(inst), member), inst.member)) { \
|
if (!readByte(b, o + _offset(__typeof__(inst), member), inst.member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return false; \
|
return false; \
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This variant returns NULL instead of false. */
|
/* This variant returns NULL instead of false. */
|
||||||
#define READ_DWORD_NULL(b, o, inst, member) \
|
#define READ_DWORD_NULL(b, o, inst, member) \
|
||||||
if (!readDword(b, o+_offset(__typeof__(inst), member), inst.member)) { \
|
if (!readDword(b, o + _offset(__typeof__(inst), member), inst.member)) { \
|
||||||
PE_ERR(PEERR_READ); \
|
PE_ERR(PEERR_READ); \
|
||||||
return NULL; \
|
return NULL; \
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace peparse {
|
namespace peparse {
|
||||||
|
|
||||||
@ -85,61 +84,61 @@ typedef std::uint64_t VA;
|
|||||||
struct buffer_detail;
|
struct buffer_detail;
|
||||||
|
|
||||||
typedef struct _bounded_buffer {
|
typedef struct _bounded_buffer {
|
||||||
std::uint8_t *buf;
|
std::uint8_t *buf;
|
||||||
std::uint32_t bufLen;
|
std::uint32_t bufLen;
|
||||||
bool copy;
|
bool copy;
|
||||||
buffer_detail *detail;
|
buffer_detail *detail;
|
||||||
} bounded_buffer;
|
} bounded_buffer;
|
||||||
|
|
||||||
struct resource {
|
struct resource {
|
||||||
std::string type_str;
|
std::string type_str;
|
||||||
std::string name_str;
|
std::string name_str;
|
||||||
std::string lang_str;
|
std::string lang_str;
|
||||||
std::uint32_t type;
|
std::uint32_t type;
|
||||||
std::uint32_t name;
|
std::uint32_t name;
|
||||||
std::uint32_t lang;
|
std::uint32_t lang;
|
||||||
std::uint32_t codepage;
|
std::uint32_t codepage;
|
||||||
std::uint32_t RVA;
|
std::uint32_t RVA;
|
||||||
std::uint32_t size;
|
std::uint32_t size;
|
||||||
bounded_buffer *buf;
|
bounded_buffer *buf;
|
||||||
};
|
};
|
||||||
|
|
||||||
// http://msdn.microsoft.com/en-us/library/ms648009(v=vs.85).aspx
|
// http://msdn.microsoft.com/en-us/library/ms648009(v=vs.85).aspx
|
||||||
enum resource_type {
|
enum resource_type {
|
||||||
RT_CURSOR = 1,
|
RT_CURSOR = 1,
|
||||||
RT_BITMAP = 2,
|
RT_BITMAP = 2,
|
||||||
RT_ICON = 3,
|
RT_ICON = 3,
|
||||||
RT_MENU = 4,
|
RT_MENU = 4,
|
||||||
RT_DIALOG = 5,
|
RT_DIALOG = 5,
|
||||||
RT_STRING = 6,
|
RT_STRING = 6,
|
||||||
RT_FONTDIR = 7,
|
RT_FONTDIR = 7,
|
||||||
RT_FONT = 8,
|
RT_FONT = 8,
|
||||||
RT_ACCELERATOR = 9,
|
RT_ACCELERATOR = 9,
|
||||||
RT_RCDATA = 10,
|
RT_RCDATA = 10,
|
||||||
RT_MESSAGETABLE = 11,
|
RT_MESSAGETABLE = 11,
|
||||||
RT_GROUP_CURSOR = 12, // MAKEINTRESOURCE((ULONG_PTR)(RT_CURSOR) + 11)
|
RT_GROUP_CURSOR = 12, // MAKEINTRESOURCE((ULONG_PTR)(RT_CURSOR) + 11)
|
||||||
RT_GROUP_ICON = 14, // MAKEINTRESOURCE((ULONG_PTR)(RT_ICON) + 11)
|
RT_GROUP_ICON = 14, // MAKEINTRESOURCE((ULONG_PTR)(RT_ICON) + 11)
|
||||||
RT_VERSION = 16,
|
RT_VERSION = 16,
|
||||||
RT_DLGINCLUDE = 17,
|
RT_DLGINCLUDE = 17,
|
||||||
RT_PLUGPLAY = 19,
|
RT_PLUGPLAY = 19,
|
||||||
RT_VXD = 20,
|
RT_VXD = 20,
|
||||||
RT_ANICURSOR = 21,
|
RT_ANICURSOR = 21,
|
||||||
RT_ANIICON = 22,
|
RT_ANIICON = 22,
|
||||||
RT_HTML = 23,
|
RT_HTML = 23,
|
||||||
RT_MANIFEST = 24
|
RT_MANIFEST = 24
|
||||||
};
|
};
|
||||||
|
|
||||||
enum pe_err {
|
enum pe_err {
|
||||||
PEERR_NONE = 0,
|
PEERR_NONE = 0,
|
||||||
PEERR_MEM = 1,
|
PEERR_MEM = 1,
|
||||||
PEERR_HDR = 2,
|
PEERR_HDR = 2,
|
||||||
PEERR_SECT = 3,
|
PEERR_SECT = 3,
|
||||||
PEERR_RESC = 4,
|
PEERR_RESC = 4,
|
||||||
PEERR_SECTVA = 5,
|
PEERR_SECTVA = 5,
|
||||||
PEERR_READ = 6,
|
PEERR_READ = 6,
|
||||||
PEERR_OPEN = 7,
|
PEERR_OPEN = 7,
|
||||||
PEERR_STAT = 8,
|
PEERR_STAT = 8,
|
||||||
PEERR_MAGIC = 9
|
PEERR_MAGIC = 9
|
||||||
};
|
};
|
||||||
|
|
||||||
bool readByte(bounded_buffer *b, std::uint32_t offset, std::uint8_t &out);
|
bool readByte(bounded_buffer *b, std::uint32_t offset, std::uint8_t &out);
|
||||||
@ -148,20 +147,19 @@ bool readDword(bounded_buffer *b, std::uint32_t offset, std::uint32_t &out);
|
|||||||
bool readQword(bounded_buffer *b, std::uint32_t offset, std::uint64_t &out);
|
bool readQword(bounded_buffer *b, std::uint32_t offset, std::uint64_t &out);
|
||||||
|
|
||||||
bounded_buffer *readFileToFileBuffer(const char *filePath);
|
bounded_buffer *readFileToFileBuffer(const char *filePath);
|
||||||
bounded_buffer *splitBuffer(bounded_buffer *b, std::uint32_t from, std::uint32_t to);
|
bounded_buffer *
|
||||||
|
splitBuffer(bounded_buffer *b, std::uint32_t from, std::uint32_t to);
|
||||||
void deleteBuffer(bounded_buffer *b);
|
void deleteBuffer(bounded_buffer *b);
|
||||||
uint64_t bufLen(bounded_buffer *b);
|
uint64_t bufLen(bounded_buffer *b);
|
||||||
|
|
||||||
struct parsed_pe_internal;
|
struct parsed_pe_internal;
|
||||||
|
|
||||||
typedef struct _pe_header {
|
typedef struct _pe_header { nt_header_32 nt; } pe_header;
|
||||||
nt_header_32 nt;
|
|
||||||
} pe_header;
|
|
||||||
|
|
||||||
typedef struct _parsed_pe {
|
typedef struct _parsed_pe {
|
||||||
bounded_buffer *fileBuffer;
|
bounded_buffer *fileBuffer;
|
||||||
parsed_pe_internal *internal;
|
parsed_pe_internal *internal;
|
||||||
pe_header peHeader;
|
pe_header peHeader;
|
||||||
} parsed_pe;
|
} parsed_pe;
|
||||||
|
|
||||||
// get parser error status as integer
|
// get parser error status as integer
|
||||||
@ -173,40 +171,47 @@ std::string GetPEErrString();
|
|||||||
// get parser error location as string
|
// get parser error location as string
|
||||||
std::string GetPEErrLoc();
|
std::string GetPEErrLoc();
|
||||||
|
|
||||||
//get a PE parse context from a file
|
// get a PE parse context from a file
|
||||||
parsed_pe *ParsePEFromFile(const char *filePath);
|
parsed_pe *ParsePEFromFile(const char *filePath);
|
||||||
|
|
||||||
//destruct a PE context
|
// destruct a PE context
|
||||||
void DestructParsedPE(parsed_pe *p);
|
void DestructParsedPE(parsed_pe *p);
|
||||||
|
|
||||||
//iterate over the resources
|
// iterate over the resources
|
||||||
typedef int (*iterRsrc)(void *, resource);
|
typedef int (*iterRsrc)(void *, resource);
|
||||||
void IterRsrc(parsed_pe *pe, iterRsrc cb, void *cbd);
|
void IterRsrc(parsed_pe *pe, iterRsrc cb, void *cbd);
|
||||||
|
|
||||||
//iterate over the imports by RVA and string
|
// iterate over the imports by RVA and string
|
||||||
typedef int (*iterVAStr)(void *, VA, std::string &, std::string &);
|
typedef int (*iterVAStr)(void *, VA, std::string &, std::string &);
|
||||||
void IterImpVAString(parsed_pe *pe, iterVAStr cb, void *cbd);
|
void IterImpVAString(parsed_pe *pe, iterVAStr cb, void *cbd);
|
||||||
|
|
||||||
//iterate over relocations in the PE file
|
// iterate over relocations in the PE file
|
||||||
typedef int (*iterReloc)(void *, VA, reloc_type);
|
typedef int (*iterReloc)(void *, VA, reloc_type);
|
||||||
void IterRelocs(parsed_pe *pe, iterReloc cb, void *cbd);
|
void IterRelocs(parsed_pe *pe, iterReloc cb, void *cbd);
|
||||||
|
|
||||||
// Iterate over symbols (symbol table) in the PE file
|
// Iterate over symbols (symbol table) in the PE file
|
||||||
typedef int (*iterSymbol)(void *, std::string &, uint32_t &, int16_t &, uint16_t &, uint8_t &, uint8_t &);
|
typedef int (*iterSymbol)(void *,
|
||||||
|
std::string &,
|
||||||
|
uint32_t &,
|
||||||
|
int16_t &,
|
||||||
|
uint16_t &,
|
||||||
|
uint8_t &,
|
||||||
|
uint8_t &);
|
||||||
void IterSymbols(parsed_pe *pe, iterSymbol cb, void *cbd);
|
void IterSymbols(parsed_pe *pe, iterSymbol cb, void *cbd);
|
||||||
|
|
||||||
//iterate over the exports
|
// iterate over the exports
|
||||||
typedef int (*iterExp)(void *, VA, std::string &, std::string &);
|
typedef int (*iterExp)(void *, VA, std::string &, std::string &);
|
||||||
void IterExpVA(parsed_pe *pe, iterExp cb, void *cbd);
|
void IterExpVA(parsed_pe *pe, iterExp cb, void *cbd);
|
||||||
|
|
||||||
//iterate over sections
|
// iterate over sections
|
||||||
typedef int (*iterSec)(void *, VA secBase, std::string &, image_section_header, bounded_buffer *b);
|
typedef int (*iterSec)(
|
||||||
|
void *, VA secBase, std::string &, image_section_header, bounded_buffer *b);
|
||||||
void IterSec(parsed_pe *pe, iterSec cb, void *cbd);
|
void IterSec(parsed_pe *pe, iterSec cb, void *cbd);
|
||||||
|
|
||||||
//get byte at VA in PE
|
// get byte at VA in PE
|
||||||
bool ReadByteAtVA(parsed_pe *pe, VA v, std::uint8_t &b);
|
bool ReadByteAtVA(parsed_pe *pe, VA v, std::uint8_t &b);
|
||||||
|
|
||||||
//get entry point into PE
|
// get entry point into PE
|
||||||
bool GetEntryPoint(parsed_pe *pe, VA &v);
|
bool GetEntryPoint(parsed_pe *pe, VA &v);
|
||||||
} // namespace peparse
|
} // namespace peparse
|
||||||
|
|
||||||
|
|||||||
@ -4,11 +4,10 @@
|
|||||||
|
|
||||||
namespace peparse {
|
namespace peparse {
|
||||||
template <class T>
|
template <class T>
|
||||||
static
|
static std::string to_string(T t, std::ios_base &(*f)(std::ios_base &) ) {
|
||||||
std::string to_string(T t, std::ios_base & (*f)(std::ios_base&)) {
|
std::ostringstream oss;
|
||||||
std::ostringstream oss;
|
oss << f << t;
|
||||||
oss << f << t;
|
return oss.str();
|
||||||
return oss.str();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
1979
python/pepy.cpp
1979
python/pepy.cpp
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user