BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
Executable.h
Go to the documentation of this file.
1#pragma once
2#include <map>
3#include <QMap>
4
5#include "AbstractByteBuffer.h"
6class Executable;
7
8class ExeException : public CustomException
9{
10public:
11 ExeException(const QString info) : CustomException(info) {}
12};
13
14class ExeBuilder {
15public:
16 ExeBuilder() {}
17 virtual ~ExeBuilder() {}
18
19 virtual bool signatureMatches(AbstractByteBuffer *buf) = 0;
20 virtual Executable* build(AbstractByteBuffer *buf) = 0;
21 virtual QString typeName() = 0;
22};
23
24//-------------------------------------------------------------
25
26class Executable : public AbstractByteBuffer {
27public:
28 enum exe_bits {
29 UNKNOWN = 0,
30 BITS_16 = 16,
31 BITS_32 = 32,
32 BITS_64 = 64,
33 };
34
40
41 enum addr_type {
42 NOT_ADDR = 0,
43 RAW = 1,
44 RVA = 2,
45 VA = 3
46 };
47
48 static bool isBit64(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_64) ? false: true; }
49 static bool isBit32(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_32) ? false: true; }
50
51 bool isBit64() { return isBit64(this); }
52 bool isBit32() { return isBit32(this); }
53
54 virtual ~Executable(void) { }
55
56 virtual exe_bits getBitMode() { return this->bitMode; }
57 virtual exe_arch getArch() = 0;
58
59 virtual bufsize_t getContentSize() { return buf->getContentSize(); }
60 virtual BYTE* getContent() { return buf->getContent(); }
61 //wrapper:
62 virtual offset_t getRawSize() const { return static_cast<offset_t>(buf->getContentSize()); }
63
64 BYTE* getContentAtPtr(BYTE* ptr, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAtPtr(ptr, size, allowExceptions); }
65 BYTE* getContentAt(offset_t offset, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAt(offset, size, allowExceptions); }
66
67 virtual BYTE* getContentAt(offset_t offset, Executable::addr_type aType, bufsize_t size, bool allowExceptions = false);
68//------------------------------
69 virtual bufsize_t getMappedSize(Executable::addr_type aType) = 0;
70 virtual bufsize_t getAlignment(Executable::addr_type aType) const = 0;
71 virtual offset_t getImageBase(bool recalculate = false) = 0;
72 virtual offset_t getEntryPoint(Executable::addr_type aType = Executable::RVA) = 0;
73
74 virtual bufsize_t getImageSize() { return getMappedSize(Executable::VA); }
75
76 /* All Entry Points of the application, including: main EP, Exports, TLS Callbacks */
77 virtual size_t getAllEntryPoints(QMap<offset_t,QString> &entrypoints, Executable::addr_type aType = Executable::RVA)
78 {
79 offset_t mainEP = getEntryPoint(aType);
80 entrypoints.insert(mainEP, "_start");
81 return 1;
82 }
83
84 /* conversions */
85 virtual bool isValidAddr(offset_t addr, addr_type addrType);
86 virtual bool isValidVA(offset_t va) { return isValidAddr(va, Executable::VA); }
87
88 virtual offset_t convertAddr(offset_t inAddr, Executable::addr_type inType, Executable::addr_type outType);
89
90 virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions = false); //any type of offset to raw
91 Executable::addr_type detectAddrType(offset_t addr, Executable::addr_type hintType); //TODO
92
93 // returns INVALID_ADDR if failed
94 // FileAddr <-> RVA
95 virtual offset_t rawToRva(offset_t raw) = 0;
96 virtual offset_t rvaToRaw(offset_t rva) = 0;
97
98 // VA <-> RVA
99 virtual offset_t VaToRva(offset_t va, bool autodetect = false);
100
101 virtual offset_t rvaToVa(offset_t rva)
102 {
103 return (rva == INVALID_ADDR) ? INVALID_ADDR : (rva + this->getImageBase());
104 }
105
106 // VA -> FileAddr
107 virtual offset_t vaToRaw(offset_t va)
108 {
109 if (va == INVALID_ADDR) return INVALID_ADDR;
110
111 offset_t rva = this->VaToRva(va, true);
112 return rvaToRaw(rva);
113 }
114
115 QString getFileName();
116
117 virtual bool resize(bufsize_t newSize) { return buf->resize(newSize); }
118
119 virtual bool isResized() { return buf ? buf->isResized() : false; }
120
121 virtual bool isTruncated() { return buf ? buf->isTruncated() : false; }
122
123 /* wrappers */
124 AbstractByteBuffer* getFileBuffer() const { return buf; }
125 bufsize_t getFileSize() const;
126
127 virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName);
128
129protected:
130 Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode);
131
132 exe_bits bitMode;
133 AbstractByteBuffer *buf;
134};
135
bufsize_t
uint32_t bufsize_t
Definition AbstractByteBuffer.h:14
INVALID_ADDR
const offset_t INVALID_ADDR
Definition AbstractByteBuffer.h:18
offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:17
AbstractByteBuffer::getContentSize
virtual bufsize_t getContentSize()=0
AbstractByteBuffer::isTruncated
virtual bool isTruncated()
Definition AbstractByteBuffer.h:41
AbstractByteBuffer::getContentAtPtr
virtual BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
Definition AbstractByteBuffer.cpp:99
AbstractByteBuffer::isResized
virtual bool isResized()
Definition AbstractByteBuffer.h:42
AbstractByteBuffer::getContent
virtual BYTE * getContent()=0
AbstractByteBuffer::getContentAt
virtual BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition AbstractByteBuffer.cpp:57
AbstractByteBuffer::resize
virtual bool resize(bufsize_t newSize)
Definition AbstractByteBuffer.h:72
ExeBuilder::~ExeBuilder
virtual ~ExeBuilder()
Definition Executable.h:17
ExeBuilder::build
virtual Executable * build(AbstractByteBuffer *buf)=0
ExeBuilder::signatureMatches
virtual bool signatureMatches(AbstractByteBuffer *buf)=0
ExeBuilder::typeName
virtual QString typeName()=0
ExeException::ExeException
ExeException(const QString info)
Definition Executable.h:11
Executable::buf
AbstractByteBuffer * buf
Definition Executable.h:133
Executable::isTruncated
virtual bool isTruncated()
Definition Executable.h:121
Executable::getEntryPoint
virtual offset_t getEntryPoint(Executable::addr_type aType=Executable::RVA)=0
Executable::getFileSize
bufsize_t getFileSize() const
Definition Executable.cpp:158
Executable::isBit32
bool isBit32()
Definition Executable.h:52
Executable::getBitMode
virtual exe_bits getBitMode()
Definition Executable.h:56
Executable::toRaw
virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions=false)
Definition Executable.cpp:85
Executable::getArch
virtual exe_arch getArch()=0
Executable::isValidAddr
virtual bool isValidAddr(offset_t addr, addr_type addrType)
Definition Executable.cpp:19
Executable::getContentAtPtr
BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:64
Executable::getContentAt
BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:65
Executable::isBit64
bool isBit64()
Definition Executable.h:51
Executable::isBit64
static bool isBit64(Executable *exe)
Definition Executable.h:48
Executable::getImageBase
virtual offset_t getImageBase(bool recalculate=false)=0
Executable::getContent
virtual BYTE * getContent()
Definition Executable.h:60
Executable::getFileName
QString getFileName()
Definition Executable.cpp:149
Executable::vaToRaw
virtual offset_t vaToRaw(offset_t va)
Definition Executable.h:107
Executable::~Executable
virtual ~Executable(void)
Definition Executable.h:54
Executable::isValidVA
virtual bool isValidVA(offset_t va)
Definition Executable.h:86
Executable::Executable
Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode)
Definition Executable.cpp:4
Executable::getRawSize
virtual offset_t getRawSize() const
Definition Executable.h:62
Executable::getAllEntryPoints
virtual size_t getAllEntryPoints(QMap< offset_t, QString > &entrypoints, Executable::addr_type aType=Executable::RVA)
Definition Executable.h:77
Executable::getMappedSize
virtual bufsize_t getMappedSize(Executable::addr_type aType)=0
Executable::getImageSize
virtual bufsize_t getImageSize()
Definition Executable.h:74
Executable::rawToRva
virtual offset_t rawToRva(offset_t raw)=0
Executable::bitMode
exe_bits bitMode
Definition Executable.h:132
Executable::rvaToRaw
virtual offset_t rvaToRaw(offset_t rva)=0
Executable::getAlignment
virtual bufsize_t getAlignment(Executable::addr_type aType) const =0
Executable::convertAddr
virtual offset_t convertAddr(offset_t inAddr, Executable::addr_type inType, Executable::addr_type outType)
Definition Executable.cpp:46
Executable::resize
virtual bool resize(bufsize_t newSize)
Definition Executable.h:117
Executable::detectAddrType
Executable::addr_type detectAddrType(offset_t addr, Executable::addr_type hintType)
Definition Executable.cpp:125
Executable::dumpFragment
virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName)
Definition Executable.cpp:169
Executable::VaToRva
virtual offset_t VaToRva(offset_t va, bool autodetect=false)
Definition Executable.cpp:30
Executable::isBit32
static bool isBit32(Executable *exe)
Definition Executable.h:49
Executable::rvaToVa
virtual offset_t rvaToVa(offset_t rva)
Definition Executable.h:101
Executable::getContentSize
virtual bufsize_t getContentSize()
Definition Executable.h:59
Executable::getFileBuffer
AbstractByteBuffer * getFileBuffer() const
Definition Executable.h:124
Executable::isResized
virtual bool isResized()
Definition Executable.h:119
Generated by doxygen 1.12.0