BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
DosHdrWrapper.cpp
Go to the documentation of this file.
1#include "pe/DosHdrWrapper.h"
2#include "pe/DOSExe.h"
3
4void* DosHdrWrapper::getFieldPtr(size_t fieldId, size_t subField)
5{
6/*
7 DOSExe *dosExe = dynamic_cast<DOSExe*> (m_Exe);
8 if (dosExe == NULL) return NULL;
9*/
10 offset_t myOff = 0;//dosExe->dosHeaderOffset();
11 IMAGE_DOS_HEADER* dosHdr = (IMAGE_DOS_HEADER*) m_Exe->getContentAt(myOff, sizeof(IMAGE_DOS_HEADER));
12 if (dosHdr == NULL) return NULL; //error
13
14 switch (fieldId) {
15 case MAGIC: return (void*) &dosHdr->e_magic;
16 case CBLP: return (void*) &dosHdr->e_cblp;
17 case CP: return (void*) &dosHdr->e_cp;
18 case CRLC: return (void*) &dosHdr->e_crlc;
19 case CPARHDR: return (void*) &dosHdr->e_cparhdr;
20 case MINALLOC: return (void*) &dosHdr->e_minalloc;
21 case MAXALLOC: return (void*) &dosHdr->e_maxalloc;
22 case SS: return (void*) &dosHdr->e_ss;
23 case SP: return (void*) &dosHdr->e_sp;
24 case CSUM: return (void*) &dosHdr->e_csum;
25 case IP: return (void*) &dosHdr->e_ip;
26 case CS: return (void*) &dosHdr->e_cs;
27 case LFARLC: return (void*) &dosHdr->e_lfarlc;
28 case OVNO: return (void*) &dosHdr->e_ovno;
29 case RES: return (void*) &dosHdr->e_res[0];
30 case OEMID: return (void*) &dosHdr->e_oemid;
31 case OEMINFO: return (void*) &dosHdr->e_oeminfo;
32 case RES2: return (void*) &dosHdr->e_res2[0];
33 case LFNEW: return (void*) &dosHdr->e_lfanew;
34 case FIELD_COUNTER: return (void*) (&dosHdr->e_lfanew + 1);
35 }
36 return (void*)dosHdr;
37}
38
39QString DosHdrWrapper::getFieldName(size_t fieldId)
40{
41 switch (fieldId) {
42 case MAGIC: return "Magic number";
43 case CBLP: return "Bytes on last page of file";
44 case CP: return "Pages in file";
45 case CRLC: return "Relocations";
46 case CPARHDR: return "Size of header in paragraphs";
47 case MINALLOC: return "Minimum extra paragraphs needed";
48 case MAXALLOC: return "Maximum extra paragraphs needed";
49 case SS: return "Initial (relative) SS value";
50 case SP: return "Initial SP value";
51 case CSUM: return "Checksum";
52 case IP: return "Initial IP value";
53 case CS: return "Initial (relative) CS value";
54 case LFARLC: return "File address of relocation table";
55 case OVNO: return "Overlay number";
56 case RES: return "Reserved words[4]";
57 case OEMID: return "OEM identifier (for OEM information)";
58 case OEMINFO: return "OEM information; OEM identifier specific";
59 case RES2: return "Reserved words[10]";
60 case LFNEW: return "File address of new exe header";
61 }
62 return "";
63}
64
65Executable::addr_type DosHdrWrapper::containsAddrType(size_t fieldId, size_t subField)
66{
67 switch (fieldId) {
68 case LFARLC: return Executable::RAW;
69 case LFNEW: return Executable::RAW;
70 }
71 return Executable::NOT_ADDR;
72}
73
offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:20
DosHdrWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField=FIELD_NONE)
Definition DosHdrWrapper.cpp:65
DosHdrWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField=FIELD_NONE)
Definition DosHdrWrapper.cpp:4
DosHdrWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition DosHdrWrapper.cpp:39
Generated by doxygen 1.13.2