Instead of constantly defining and redefining the macros to read values
just define them once. There are now the three main ones (READ_WORD,
READ_DWORD and READ_BYTE) along with READ_DWORD_PTR and READ_DWORD_NULL.
Each macro takes a pointer to a bounded_buffer (what to read), an offset
(where to read), a structure and member (what to read into). You should
use READ_DWORD_PTR when you have a pointer to a structure. You can
use READ_DWORD_NULL when failure to read should return NULL as all the
rest return false.
Fixes#7.
I have a UPX packed sample that corrupted the resource directory. These changes
allow the resources to be properly parsed.
They add an RVA and size to the resource struct. This is the address and size
of the resource as it is declared in the directory. If the address is invalid
create a zero-length buffer for the data. If the size is invalid (ie: it goes
off the end of the .rsrc section) create a zero-length buffer for the data.
Otherwise, return the actual data.
This allows consumers of the rsrc to figure out if the resource is corrupt
or not by comparing the length of the buffer to the size element. If the
size is greater than 0 but buffer is empty then it's invalid.
Also, it should never happen but just to be safe make pepy catch NULL
buffers (in pepy_data_converter) and return an empty bytearray.
I had initially written this in such a way that it would break if there
were multiple entries anywhere other than the first table. This change
now works across more complex samples that I have tested against.
While here, I did a little moving around and had to create a structure
that isn't used other than to know how far to move the offset when
parsing. This is because the struct into which I am parsing the data
keeps track of other things along the way, so it's size is incorrect.
While here, change parse_resource() to be parse_resource_table() as it
is more accurate to what it really does.
