BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
Executable.h
Go to the documentation of this file.
1#pragma once
2#include <map>
3#include <QMap>
4
6class Executable;
7
9{
10public:
11 ExeException(const QString info) : CustomException(info) {}
12};
13
15public:
17 virtual ~ExeBuilder() {}
18
19 virtual bool signatureMatches(AbstractByteBuffer *buf) = 0;
21 virtual QString typeName() = 0;
22};
23
24//-------------------------------------------------------------
25
27public:
28 enum exe_bits {
30 BITS_16 = 16,
31 BITS_32 = 32,
32 BITS_64 = 64,
33 };
34
40
41 enum addr_type {
43 RAW = 1,
44 RVA = 2,
45 VA = 3
46 };
47
48 static bool isBit64(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_64) ? false: true; }
49 static bool isBit32(Executable *exe) { return (!exe || exe->getBitMode() != Executable::BITS_32) ? false: true; }
50
51 bool isBit64() { return isBit64(this); }
52 bool isBit32() { return isBit32(this); }
53
54 virtual ~Executable(void) { }
55
56 virtual exe_bits getBitMode() { return this->bitMode; }
57 virtual exe_arch getArch() = 0;
58
59 virtual bufsize_t getContentSize() { return buf->getContentSize(); }
60 virtual BYTE* getContent() { return buf->getContent(); }
61 //wrapper:
62 virtual offset_t getRawSize() const { return static_cast<offset_t>(buf->getContentSize()); }
63
64 BYTE* getContentAtPtr(BYTE* ptr, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAtPtr(ptr, size, allowExceptions); }
65 BYTE* getContentAt(offset_t offset, bufsize_t size, bool allowExceptions = false) { return AbstractByteBuffer::getContentAt(offset, size, allowExceptions); }
66
67 virtual BYTE* getContentAt(offset_t offset, Executable::addr_type aType, bufsize_t size, bool allowExceptions = false);
68//------------------------------
71 virtual offset_t getImageBase(bool recalculate = false) = 0;
73
75
76 /* All Entry Points of the application, including: main EP, Exports, TLS Callbacks */
77 virtual size_t getAllEntryPoints(QMap<offset_t,QString> &entrypoints, Executable::addr_type aType = Executable::RVA)
78 {
79 offset_t mainEP = getEntryPoint(aType);
80 entrypoints.insert(mainEP, "_start");
81 return 1;
82 }
83
84 /* conversions */
85 virtual bool isValidAddr(offset_t addr, addr_type addrType);
86 virtual bool isValidVA(offset_t va) { return isValidAddr(va, Executable::VA); }
87
89
90 virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions = false); //any type of offset to raw
92
93 // returns INVALID_ADDR if failed
94 // FileAddr <-> RVA
95 virtual offset_t rawToRva(offset_t raw) = 0;
96 virtual offset_t rvaToRaw(offset_t rva) = 0;
97
98 // VA <-> RVA
99 virtual offset_t VaToRva(offset_t va, bool autodetect = false);
100
102 {
103 return (rva == INVALID_ADDR) ? INVALID_ADDR : (rva + this->getImageBase());
104 }
105
106 // VA -> FileAddr
108 {
109 if (va == INVALID_ADDR) return INVALID_ADDR;
110
111 offset_t rva = this->VaToRva(va, true);
112 return rvaToRaw(rva);
113 }
114
115 QString getFileName();
116
117 virtual bool resize(bufsize_t newSize) { return buf->resize(newSize); }
118
119 virtual bool isResized() { return buf ? buf->isResized() : false; }
120
121 virtual bool isTruncated() { return buf ? buf->isTruncated() : false; }
122
123 /* wrappers */
125 bufsize_t getFileSize() const;
126
127 virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName);
128
129protected:
130 Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode);
131
134};
135
uint32_t bufsize_t
const offset_t INVALID_ADDR
uint64_t offset_t
virtual bufsize_t getContentSize()=0
virtual bool isTruncated()
virtual BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
virtual bool isResized()
virtual BYTE * getContent()=0
virtual BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
virtual bool resize(bufsize_t newSize)
virtual ~ExeBuilder()
Definition Executable.h:17
virtual Executable * build(AbstractByteBuffer *buf)=0
virtual bool signatureMatches(AbstractByteBuffer *buf)=0
virtual QString typeName()=0
ExeException(const QString info)
Definition Executable.h:11
AbstractByteBuffer * buf
Definition Executable.h:133
virtual bool isTruncated()
Definition Executable.h:121
virtual offset_t getEntryPoint(Executable::addr_type aType=Executable::RVA)=0
bufsize_t getFileSize() const
bool isBit32()
Definition Executable.h:52
virtual exe_bits getBitMode()
Definition Executable.h:56
virtual offset_t toRaw(offset_t offset, addr_type addrType, bool allowExceptions=false)
virtual exe_arch getArch()=0
virtual bool isValidAddr(offset_t addr, addr_type addrType)
BYTE * getContentAtPtr(BYTE *ptr, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:64
BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:65
bool isBit64()
Definition Executable.h:51
static bool isBit64(Executable *exe)
Definition Executable.h:48
virtual offset_t getImageBase(bool recalculate=false)=0
virtual BYTE * getContent()
Definition Executable.h:60
QString getFileName()
virtual offset_t vaToRaw(offset_t va)
Definition Executable.h:107
virtual ~Executable(void)
Definition Executable.h:54
virtual bool isValidVA(offset_t va)
Definition Executable.h:86
Executable(AbstractByteBuffer *v_buf, exe_bits v_bitMode)
Definition Executable.cpp:4
virtual offset_t getRawSize() const
Definition Executable.h:62
virtual size_t getAllEntryPoints(QMap< offset_t, QString > &entrypoints, Executable::addr_type aType=Executable::RVA)
Definition Executable.h:77
virtual bufsize_t getMappedSize(Executable::addr_type aType)=0
virtual bufsize_t getImageSize()
Definition Executable.h:74
virtual offset_t rawToRva(offset_t raw)=0
exe_bits bitMode
Definition Executable.h:132
virtual offset_t rvaToRaw(offset_t rva)=0
virtual bufsize_t getAlignment(Executable::addr_type aType) const =0
virtual offset_t convertAddr(offset_t inAddr, Executable::addr_type inType, Executable::addr_type outType)
virtual bool resize(bufsize_t newSize)
Definition Executable.h:117
Executable::addr_type detectAddrType(offset_t addr, Executable::addr_type hintType)
virtual bool dumpFragment(offset_t offset, bufsize_t size, QString fileName)
virtual offset_t VaToRva(offset_t va, bool autodetect=false)
static bool isBit32(Executable *exe)
Definition Executable.h:49
virtual offset_t rvaToVa(offset_t rva)
Definition Executable.h:101
virtual bufsize_t getContentSize()
Definition Executable.h:59
AbstractByteBuffer * getFileBuffer() const
Definition Executable.h:124
virtual bool isResized()
Definition Executable.h:119