bearparser/_executable_8h_source.html

#pragma once

#include <map>

#include <QMap>


#include "AbstractByteBuffer.h"

class Executable;


class ExeException : public CustomException

{

public:

    ExeException(const QString info) : CustomException(info) {}

};


class ExeBuilder {

public:

    ExeBuilder() {}

    virtual ~ExeBuilder() {}


    virtual bool signatureMatches(AbstractByteBuffer *buf) = 0;

    virtual Executable* build(AbstractByteBuffer *buf) = 0;

    virtual QString typeName() = 0;

};


//-------------------------------------------------------------


class Executable : public AbstractByteBuffer {

public:


    enum exe_bits {

        UNKNOWN = 0,

        BITS_16 = 16,

        BITS_32 = 32,

        BITS_64 = 64,

    };


    enum exe_arch {

        ARCH_UNKNOWN = 0,

        ARCH_INTEL = 1,

        ARCH_ARM = 2,

        EXE_ARCH_COUNT

    };


    enum addr_type {

        NOT_ADDR = 0,

        RAW = 1,

        RVA = 2,

        VA = 3,

        ADDR_TYPE_COUNT

    };


    static bool isBit64(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_64) ? false: true; }

    static bool isBit32(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_32) ? false: true; }


    bool isBit64() { return isBit64(this); }

    bool isBit32() { return isBit32(this); }


    virtual ~Executable(void) { }


    virtual exe_bits getBitMode() { return this->bitMode; }

    virtual exe_arch getArch() = 0;


    virtual bufsize_t getContentSize() { return buf->getContentSize(); }

    virtual BYTE* getContent() { return buf->getContent(); }

    //wrapper:

    virtual offset_t getRawSize() const { return static_cast<offset_t>(buf->getContentSize()); }


    BYTE* getContentAtPtr(BYTE* ptr, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAtPtr(ptr, size, allowExceptions); }

    BYTE* getContentAt(offset_t offset, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAt(offset, size, allowExceptions); }


    virtual BYTE* getContentAt(offset_t offset, Executable::addr_type aType, bufsize_t size, bool allowExceptions = false);

//------------------------------

    virtual bufsize_t getMappedSize(Executable::addr_type aType) = 0;

    virtual bufsize_t getAlignment(Executable::addr_type aType) const = 0;

    virtual offset_t getImageBase(bool recalculate = false) = 0;

    virtual offset_t getEntryPoint(Executable::addr_type aType = Executable::RVA) = 0;


    virtual bufsize_t getImageSize() { return getMappedSize(Executable::VA); }


    /* All Entry Points of the application, including: main EP, Exports, TLS Callbacks */


    virtual size_t getAllEntryPoints(QMap<offset_t,QString> &entrypoints, Executable::addr_type aType = Executable::RVA)

    {

        offset_t mainEP = getEntryPoint(aType);

        entrypoints.insert(mainEP, "_start");

        return 1;

    }


    /* conversions */

    virtual bool isValidAddr(offset_t addr, addr_type addrType);

    virtual bool isValidVA(offset_t va) { return isValidAddr(va, Executable::VA); }


    virtual offset_t convertAddr(offset_t inAddr, Executable::addr_type inType, Executable::addr_type outType);


    virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions = false); //any type of offset to raw

    Executable::addr_type detectAddrType(offset_t addr, Executable::addr_type hintType); //TODO


    // returns INVALID_ADDR if failed

    // FileAddr <-> RVA

    virtual offset_t rawToRva(offset_t raw) = 0;

    virtual offset_t rvaToRaw(offset_t rva) = 0;


    // VA <-> RVA

    virtual offset_t VaToRva(offset_t va, bool autodetect = false);


    virtual offset_t rvaToVa(offset_t rva)

    {

        return (rva == INVALID_ADDR) ? INVALID_ADDR : (rva + this->getImageBase());

    }


    // VA -> FileAddr


    virtual offset_t vaToRaw(offset_t va)

    {

        if (va == INVALID_ADDR) return INVALID_ADDR;


        offset_t rva = this->VaToRva(va, true);

        return rvaToRaw(rva);

    }


    QString getFileName();


    virtual bool resize(bufsize_t newSize) { return buf->resize(newSize); }


    virtual bool isResized() { return buf ? buf->isResized() : false; }


    virtual bool isTruncated() { return buf ? buf->isTruncated() : false; }


    /* wrappers */

    AbstractByteBuffer* getFileBuffer() const { return buf; }

    bufsize_t getFileSize() const;


    virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName);


protected:

    Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode);


    exe_bits bitMode;

    AbstractByteBuffer *buf;

};


AbstractByteBuffer.h

INVALID_ADDR
const offset_t INVALID_ADDR
Definition AbstractByteBuffer.h:21

offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:20

bufsize_t
size_t bufsize_t
Definition AbstractByteBuffer.h:17

AbstractByteBuffer
Definition AbstractByteBuffer.h:36

AbstractByteBuffer::AbstractByteBuffer
AbstractByteBuffer()
Definition AbstractByteBuffer.h:40

AbstractByteBuffer::getContentAtPtr
virtual BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
Definition AbstractByteBuffer.cpp:99

AbstractByteBuffer::getContentAt
virtual BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition AbstractByteBuffer.cpp:57

CustomException::CustomException
CustomException(const QString info, const int32_t code=UNKNOWN_EXCEPTION)
Definition CustomException.h:14

ExeBuilder::~ExeBuilder
virtual ~ExeBuilder()
Definition Executable.h:17

ExeBuilder::ExeBuilder
ExeBuilder()
Definition Executable.h:16

ExeBuilder::build
virtual Executable * build(AbstractByteBuffer *buf)=0

ExeBuilder::signatureMatches
virtual bool signatureMatches(AbstractByteBuffer *buf)=0

ExeBuilder::typeName
virtual QString typeName()=0

ExeException::ExeException
ExeException(const QString info)
Definition Executable.h:11

Executable
Definition Executable.h:26

Executable::buf
AbstractByteBuffer * buf
Definition Executable.h:135

Executable::isTruncated
virtual bool isTruncated()
Definition Executable.h:123

Executable::addr_type
addr_type
Definition Executable.h:42

Executable::NOT_ADDR
@ NOT_ADDR
Definition Executable.h:43

Executable::ADDR_TYPE_COUNT
@ ADDR_TYPE_COUNT
Definition Executable.h:47

Executable::RVA
@ RVA
Definition Executable.h:45

Executable::RAW
@ RAW
Definition Executable.h:44

Executable::VA
@ VA
Definition Executable.h:46

Executable::getEntryPoint
virtual offset_t getEntryPoint(Executable::addr_type aType=Executable::RVA)=0

Executable::getFileSize
bufsize_t getFileSize() const
Definition Executable.cpp:158

Executable::isBit32
bool isBit32()
Definition Executable.h:54

Executable::exe_bits
exe_bits
Definition Executable.h:28

Executable::UNKNOWN
@ UNKNOWN
Definition Executable.h:29

Executable::BITS_16
@ BITS_16
Definition Executable.h:30

Executable::BITS_32
@ BITS_32
Definition Executable.h:31

Executable::BITS_64
@ BITS_64
Definition Executable.h:32

Executable::getBitMode
virtual exe_bits getBitMode()
Definition Executable.h:58

Executable::toRaw
virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions=false)
Definition Executable.cpp:85

Executable::getArch
virtual exe_arch getArch()=0

Executable::isValidAddr
virtual bool isValidAddr(offset_t addr, addr_type addrType)
Definition Executable.cpp:19

Executable::getContentAtPtr
BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:66

Executable::getContentAt
BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:67

Executable::isBit64
bool isBit64()
Definition Executable.h:53

Executable::isBit64
static bool isBit64(Executable *exe)
Definition Executable.h:50

Executable::getImageBase
virtual offset_t getImageBase(bool recalculate=false)=0

Executable::getContent
virtual BYTE * getContent()
Definition Executable.h:62

Executable::getFileName
QString getFileName()
Definition Executable.cpp:149

Executable::vaToRaw
virtual offset_t vaToRaw(offset_t va)
Definition Executable.h:109

Executable::~Executable
virtual ~Executable(void)
Definition Executable.h:56

Executable::isValidVA
virtual bool isValidVA(offset_t va)
Definition Executable.h:88

Executable::Executable
Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode)
Definition Executable.cpp:4

Executable::getRawSize
virtual offset_t getRawSize() const
Definition Executable.h:64

Executable::getAllEntryPoints
virtual size_t getAllEntryPoints(QMap< offset_t, QString > &entrypoints, Executable::addr_type aType=Executable::RVA)
Definition Executable.h:79

Executable::getMappedSize
virtual bufsize_t getMappedSize(Executable::addr_type aType)=0

Executable::getImageSize
virtual bufsize_t getImageSize()
Definition Executable.h:76

Executable::rawToRva
virtual offset_t rawToRva(offset_t raw)=0

Executable::bitMode
exe_bits bitMode
Definition Executable.h:134

Executable::rvaToRaw
virtual offset_t rvaToRaw(offset_t rva)=0

Executable::getAlignment
virtual bufsize_t getAlignment(Executable::addr_type aType) const =0

Executable::convertAddr
virtual offset_t convertAddr(offset_t inAddr, Executable::addr_type inType, Executable::addr_type outType)
Definition Executable.cpp:46

Executable::resize
virtual bool resize(bufsize_t newSize)
Definition Executable.h:119

Executable::detectAddrType
Executable::addr_type detectAddrType(offset_t addr, Executable::addr_type hintType)
Definition Executable.cpp:125

Executable::dumpFragment
virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName)
Definition Executable.cpp:169

Executable::VaToRva
virtual offset_t VaToRva(offset_t va, bool autodetect=false)
Definition Executable.cpp:30

Executable::isBit32
static bool isBit32(Executable *exe)
Definition Executable.h:51

Executable::rvaToVa
virtual offset_t rvaToVa(offset_t rva)
Definition Executable.h:103

Executable::exe_arch
exe_arch
Definition Executable.h:35

Executable::ARCH_UNKNOWN
@ ARCH_UNKNOWN
Definition Executable.h:36

Executable::ARCH_ARM
@ ARCH_ARM
Definition Executable.h:38

Executable::EXE_ARCH_COUNT
@ EXE_ARCH_COUNT
Definition Executable.h:39

Executable::ARCH_INTEL
@ ARCH_INTEL
Definition Executable.h:37

Executable::getContentSize
virtual bufsize_t getContentSize()
Definition Executable.h:61

Executable::getFileBuffer
AbstractByteBuffer * getFileBuffer() const
Definition Executable.h:126

Executable::isResized
virtual bool isResized()
Definition Executable.h:121