BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
DelayImpDirWrapper.h
Go to the documentation of this file.
1#pragma once
2
3#include "ImportBaseDirWrapper.h"
4#include "pe_formats.h"
5
6class DelayImpFuncWrapper;
7
8class DelayImpDirWrapper : public ImportBaseDirWrapper
9{
10public:
11 DelayImpDirWrapper(PEFile *pe)
12 : ImportBaseDirWrapper(pe, pe::DIR_DELAY_IMPORT) { wrap(); }
13
14 virtual void* getPtr();
15 virtual bufsize_t getSize();
16 virtual QString getName() { return "DelayImports"; }
17
18protected:
19 virtual bool loadNextEntry(size_t cntr);
20
21 bool is64(); // autodetect! 64bit PE may use IMAGE_DELAY_LOAD32!
22 bool is32() { return !is64(); }
23
24 pe::IMAGE_DELAY_LOAD* firstDelayLd() { return (pe::IMAGE_DELAY_LOAD*) firstDelayLd(sizeof(pe::IMAGE_DELAY_LOAD)); }
25 void* firstDelayLd(bufsize_t size);
26 bufsize_t getEntrySize();
27
28friend class DelayImpEntryWrapper;
29};
30
31class DelayImpEntryWrapper : public ImportBaseEntryWrapper
32{
33public:
46
47 DelayImpEntryWrapper(PEFile *pe, DelayImpDirWrapper *importsDir, size_t entryNumber)
48 : ImportBaseEntryWrapper(pe, importsDir, entryNumber) { wrap(); }
49
50 //bool wrap();
51
52 virtual void* getPtr();
53 virtual bufsize_t getSize();
54 virtual QString getName();
55 virtual char* getLibraryName();
56 virtual size_t getFieldsCount() { return FIELD_COUNTER; }
57
58 virtual void* getFieldPtr(size_t fieldId, size_t subField);
59 virtual QString getFieldName(size_t fieldId);
60 virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField = FIELD_NONE);
61
62protected:
63 bool loadNextEntry(size_t entryNum);
64
65 virtual IMAGE_IMPORT_BY_NAME* getFirstImpByNamePtr();
66
67friend class DelayImpFuncWrapper;
68friend class DelayImpDirWrapper;
69};
70
71class DelayImpFuncWrapper : public ImportBaseFuncWrapper
72{
73public:
74 // fields :
83
84 DelayImpFuncWrapper(PEFile *pe, DelayImpEntryWrapper *parentDir, size_t entryNumber)
85 : ImportBaseFuncWrapper(pe, parentDir, entryNumber) { this->parentDir = parentDir; }
86
87 // full structure boundaries
88 virtual void* getPtr() { return getFieldPtr(IAT_ADDR); }
89 virtual bufsize_t getSize() { return sizeof(DWORD); }
90
91 //virtual QString getName();
92 virtual size_t getFieldsCount() { return FIELD_COUNTER; }
93 virtual size_t getSubFieldsCount() { return 1; }
94
95 // specific field boundaries
96 virtual void* getFieldPtr(size_t fieldId, size_t subField = FIELD_NONE);
97 virtual bufsize_t getFieldSize(size_t fieldId, size_t subField = FIELD_NONE);
98 virtual QString getFieldName(size_t fieldId);
99 virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField);
100
101 char* getFunctionName();
102 uint16_t getHint();
103 bool isByOrdinal();
104 virtual uint64_t getOrdinal();
105 offset_t callVia();
106
107private:
108 size_t ptrLen() { return (m_Exe->getBitMode() == Executable::BITS_64) ? sizeof(uint64_t) : sizeof(uint32_t); }
109 virtual IMAGE_IMPORT_BY_NAME* getImportByNamePtr();
110 DelayImpEntryWrapper* parentDir;
111};
bufsize_t
uint32_t bufsize_t
Definition AbstractByteBuffer.h:14
offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:17
FIELD_NONE
#define FIELD_NONE
Definition ExeElementWrapper.h:9
DelayImpDirWrapper::DelayImpDirWrapper
DelayImpDirWrapper(PEFile *pe)
Definition DelayImpDirWrapper.h:11
DelayImpDirWrapper::getName
virtual QString getName()
Definition DelayImpDirWrapper.h:16
DelayImpDirWrapper::firstDelayLd
pe::IMAGE_DELAY_LOAD * firstDelayLd()
Definition DelayImpDirWrapper.h:24
DelayImpDirWrapper::loadNextEntry
virtual bool loadNextEntry(size_t cntr)
Definition DelayImpDirWrapper.cpp:34
DelayImpDirWrapper::getSize
virtual bufsize_t getSize()
Definition DelayImpDirWrapper.cpp:58
DelayImpDirWrapper::getPtr
virtual void * getPtr()
Definition DelayImpDirWrapper.cpp:52
DelayImpEntryWrapper
Definition DelayImpDirWrapper.h:32
DelayImpEntryWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField)
Definition DelayImpDirWrapper.cpp:153
DelayImpEntryWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition DelayImpDirWrapper.cpp:171
DelayImpEntryWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField=FIELD_NONE)
Definition DelayImpDirWrapper.cpp:186
DelayImpEntryWrapper::getLibraryName
virtual char * getLibraryName()
Definition DelayImpDirWrapper.cpp:138
DelayImpEntryWrapper::getPtr
virtual void * getPtr()
Definition DelayImpDirWrapper.cpp:102
DelayImpEntryWrapper::getSize
virtual bufsize_t getSize()
Definition DelayImpDirWrapper.cpp:125
DelayImpEntryWrapper::getFieldsCount
virtual size_t getFieldsCount()
Definition DelayImpDirWrapper.h:56
DelayImpEntryWrapper::DelayImpEntryWrapper
DelayImpEntryWrapper(PEFile *pe, DelayImpDirWrapper *importsDir, size_t entryNumber)
Definition DelayImpDirWrapper.h:47
DelayImpEntryWrapper::getFirstImpByNamePtr
virtual IMAGE_IMPORT_BY_NAME * getFirstImpByNamePtr()
Definition DelayImpDirWrapper.cpp:71
DelayImpEntryWrapper::DelayImpDirFID
DelayImpDirFID
Definition DelayImpDirWrapper.h:34
DelayImpEntryWrapper::TIMESTAMP
@ TIMESTAMP
Definition DelayImpDirWrapper.h:43
DelayImpEntryWrapper::BOUND_IAT
@ BOUND_IAT
Definition DelayImpDirWrapper.h:41
DelayImpEntryWrapper::UNLOAD_IAT
@ UNLOAD_IAT
Definition DelayImpDirWrapper.h:42
DelayImpEntryWrapper::IAT
@ IAT
Definition DelayImpDirWrapper.h:39
DelayImpEntryWrapper::MOD
@ MOD
Definition DelayImpDirWrapper.h:38
DelayImpEntryWrapper::ATTRS
@ ATTRS
Definition DelayImpDirWrapper.h:36
DelayImpEntryWrapper::NAME
@ NAME
Definition DelayImpDirWrapper.h:37
DelayImpEntryWrapper::NONE
@ NONE
Definition DelayImpDirWrapper.h:35
DelayImpEntryWrapper::FIELD_COUNTER
@ FIELD_COUNTER
Definition DelayImpDirWrapper.h:44
DelayImpEntryWrapper::INT
@ INT
Definition DelayImpDirWrapper.h:40
DelayImpEntryWrapper::loadNextEntry
bool loadNextEntry(size_t entryNum)
Definition DelayImpDirWrapper.cpp:82
DelayImpEntryWrapper::getName
virtual QString getName()
Definition DelayImpDirWrapper.cpp:131
DelayImpFuncWrapper::getFieldsCount
virtual size_t getFieldsCount()
Definition DelayImpDirWrapper.h:92
DelayImpFuncWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField)
Definition DelayImpDirWrapper.cpp:318
DelayImpFuncWrapper::DelayImpFuncWrapper
DelayImpFuncWrapper(PEFile *pe, DelayImpEntryWrapper *parentDir, size_t entryNumber)
Definition DelayImpDirWrapper.h:84
DelayImpFuncWrapper::getFieldSize
virtual bufsize_t getFieldSize(size_t fieldId, size_t subField=FIELD_NONE)
Definition DelayImpDirWrapper.cpp:309
DelayImpFuncWrapper::getOrdinal
virtual uint64_t getOrdinal()
Definition DelayImpDirWrapper.cpp:223
DelayImpFuncWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition DelayImpDirWrapper.cpp:298
DelayImpFuncWrapper::getSubFieldsCount
virtual size_t getSubFieldsCount()
Definition DelayImpDirWrapper.h:93
DelayImpFuncWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField=FIELD_NONE)
Definition DelayImpDirWrapper.cpp:257
DelayImpFuncWrapper::getPtr
virtual void * getPtr()
Definition DelayImpDirWrapper.h:88
DelayImpFuncWrapper::getSize
virtual bufsize_t getSize()
Definition DelayImpDirWrapper.h:89
Executable::getBitMode
virtual exe_bits getBitMode()
Definition Executable.h:56
ImportBaseEntryWrapper
Definition ImportBaseDirWrapper.h:67
ImportBaseEntryWrapper::wrap
bool wrap()
Definition ImportBaseDirWrapper.cpp:168
Generated by doxygen 1.12.0