bearparser/_dos_hdr_wrapper_8cpp_source.html

#include "pe/DosHdrWrapper.h"

#include "pe/DOSExe.h"


void* DosHdrWrapper::getFieldPtr(size_t fieldId, size_t subField)

{

/*

    DOSExe *dosExe = dynamic_cast<DOSExe*> (m_Exe);

    if (dosExe == NULL) return NULL;

*/

    offset_t myOff = 0;//dosExe->dosHeaderOffset();

    IMAGE_DOS_HEADER* dosHdr = (IMAGE_DOS_HEADER*) m_Exe->getContentAt(myOff, sizeof(IMAGE_DOS_HEADER));

    if (dosHdr == NULL) return NULL; //error


    switch (fieldId) {

        case MAGIC: return (void*) &dosHdr->e_magic;

        case CBLP: return (void*) &dosHdr->e_cblp;

        case CP: return (void*) &dosHdr->e_cp;

        case CRLC: return (void*) &dosHdr->e_crlc;

        case CPARHDR: return (void*) &dosHdr->e_cparhdr;

        case MINALLOC: return (void*) &dosHdr->e_minalloc;

        case MAXALLOC: return (void*) &dosHdr->e_maxalloc;

        case SS: return (void*) &dosHdr->e_ss;

        case SP: return (void*) &dosHdr->e_sp;

        case CSUM: return (void*) &dosHdr->e_csum;

        case IP: return (void*) &dosHdr->e_ip;

        case CS: return (void*) &dosHdr->e_cs;

        case LFARLC: return (void*) &dosHdr->e_lfarlc;

        case OVNO: return (void*) &dosHdr->e_ovno;

        case RES: return (void*) &dosHdr->e_res[0];

        case OEMID: return (void*) &dosHdr->e_oemid;

        case OEMINFO: return (void*) &dosHdr->e_oeminfo;

        case RES2: return (void*) &dosHdr->e_res2[0];

        case LFNEW: return (void*) &dosHdr->e_lfanew;

        case FIELD_COUNTER: return (void*) (&dosHdr->e_lfanew + 1);

    }

    return (void*)dosHdr;

}


QString DosHdrWrapper::getFieldName(size_t fieldId)

{

    switch (fieldId) {

        case MAGIC: return "Magic number";

        case CBLP: return "Bytes on last page of file";

        case CP: return "Pages in file";

        case CRLC: return "Relocations";

        case CPARHDR: return "Size of header in paragraphs";

        case MINALLOC: return "Minimum extra paragraphs needed";

        case MAXALLOC: return "Maximum extra paragraphs needed";

        case SS: return "Initial (relative) SS value";

        case SP: return "Initial SP value";

        case CSUM: return "Checksum";

        case IP: return "Initial IP value";

        case CS: return "Initial (relative) CS value";

        case LFARLC: return "File address of relocation table";

        case OVNO: return "Overlay number";

        case RES: return "Reserved words[4]";

        case OEMID: return "OEM identifier (for OEM information)";

        case OEMINFO: return "OEM information; OEM identifier specific";

        case RES2: return "Reserved words[10]";

        case LFNEW: return "File address of new exe header";

    }

    return "";

}


Executable::addr_type DosHdrWrapper::containsAddrType(size_t fieldId, size_t subField)

{

    switch (fieldId) {

        case LFARLC: return Executable::RAW;

        case LFNEW: return Executable::RAW;

    }

    return Executable::NOT_ADDR;

}


offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:17

DOSExe.h

DosHdrWrapper.h

DosHdrWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField=FIELD_NONE)
Definition DosHdrWrapper.cpp:65

DosHdrWrapper::SS
@ SS
Definition DosHdrWrapper.h:21

DosHdrWrapper::CP
@ CP
Definition DosHdrWrapper.h:16

DosHdrWrapper::FIELD_COUNTER
@ FIELD_COUNTER
Definition DosHdrWrapper.h:33

DosHdrWrapper::CPARHDR
@ CPARHDR
Definition DosHdrWrapper.h:18

DosHdrWrapper::CBLP
@ CBLP
Definition DosHdrWrapper.h:15

DosHdrWrapper::MAXALLOC
@ MAXALLOC
Definition DosHdrWrapper.h:20

DosHdrWrapper::CS
@ CS
Definition DosHdrWrapper.h:25

DosHdrWrapper::LFARLC
@ LFARLC
Definition DosHdrWrapper.h:26

DosHdrWrapper::CSUM
@ CSUM
Definition DosHdrWrapper.h:23

DosHdrWrapper::OEMINFO
@ OEMINFO
Definition DosHdrWrapper.h:30

DosHdrWrapper::SP
@ SP
Definition DosHdrWrapper.h:22

DosHdrWrapper::MAGIC
@ MAGIC
Definition DosHdrWrapper.h:14

DosHdrWrapper::LFNEW
@ LFNEW
Definition DosHdrWrapper.h:32

DosHdrWrapper::MINALLOC
@ MINALLOC
Definition DosHdrWrapper.h:19

DosHdrWrapper::RES
@ RES
Definition DosHdrWrapper.h:28

DosHdrWrapper::IP
@ IP
Definition DosHdrWrapper.h:24

DosHdrWrapper::OEMID
@ OEMID
Definition DosHdrWrapper.h:29

DosHdrWrapper::CRLC
@ CRLC
Definition DosHdrWrapper.h:17

DosHdrWrapper::OVNO
@ OVNO
Definition DosHdrWrapper.h:27

DosHdrWrapper::RES2
@ RES2
Definition DosHdrWrapper.h:31

DosHdrWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField=FIELD_NONE)
Definition DosHdrWrapper.cpp:4

DosHdrWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition DosHdrWrapper.cpp:39

ExeElementWrapper::m_Exe
Executable * m_Exe
Definition ExeElementWrapper.h:65

Executable::addr_type
addr_type
Definition Executable.h:41

Executable::NOT_ADDR
@ NOT_ADDR
Definition Executable.h:42

Executable::RAW
@ RAW
Definition Executable.h:43

Executable::getContentAt
BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:65