BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
ImportBaseDirWrapper.cpp
Go to the documentation of this file.
1#include "pe/ImportBaseDirWrapper.h"
2
3//---------------------------------
4
5bufsize_t ImportBaseEntryWrapper::NameLenLimit = 0xFF;
6
7bool imports_util::isNameValid(Executable *pe, char* myName)
8{
9 if (!myName) return false; // do not parse, invalid entry
10 bufsize_t upperLimit = pe->getMaxSizeFromPtr((BYTE*) myName);
11 if (upperLimit == 0) return false;
12
13 bool isInvalid = pe_util::hasNonPrintable(myName, upperLimit);
14 if (isInvalid) return false;
15 if (pe_util::noWhiteCount(myName) == 0) return false;
16
17 return true;
18}
19//---------------------------------
20
21using namespace imports_util;
22
23bufsize_t ImportBaseDirWrapper::thunkSize(Executable::exe_bits bits) {
24 if (bits == Executable::BITS_32) return sizeof (uint32_t);
25 else if (bits == Executable::BITS_64) return sizeof (uint64_t);
26 return 0;
27}
28
29
30void ImportBaseDirWrapper::addMapping(ExeNodeWrapper *funcNode)
31{
32 ImportBaseFuncWrapper* func = dynamic_cast<ImportBaseFuncWrapper*> (funcNode);
33 if (func == NULL) return;
34
35 offset_t via = func->callVia();
36 if (via == INVALID_ADDR) return;
37 /*
38 if (m_Exe->isValidVA(via)) {
39 via = m_Exe->VaToRva(via);
40 }*/
41 ImportBaseEntryWrapper* lib = dynamic_cast<ImportBaseEntryWrapper*>(func->getParentNode());
42 if (!lib) return;
43
44 this->thunksList.push_back(via);
45 size_t num = lib->getEntryId();
46 thunkToLibMap[via] = num;
47
48 num = func->getEntryId();
49 lib->thunkToFuncMap[via] = num;
50}
51
52void ImportBaseDirWrapper::clearMapping()
53{
54 thunksList.clear();
55 thunkToLibMap.clear();
56}
57
58
59void ImportBaseDirWrapper::reloadMapping()
60{
61 clearMapping();
62 size_t entriesCount = this->entries.size();
63
64 for (size_t i = 0; i < entriesCount; i++) {
65 ImportBaseEntryWrapper* lib = dynamic_cast<ImportBaseEntryWrapper*> (this->getEntryAt(i));
66 if (!lib) continue;
67
68 size_t funcCount = lib->getEntriesCount();
69 for (size_t fI = 0; fI < funcCount; fI++) {
70 addMapping(lib->getEntryAt(fI));
71 }
72 }
73}
74
75ImportBaseEntryWrapper* ImportBaseDirWrapper::thunkToLib(offset_t thunk)
76{
77 std::map<offset_t, size_t>::iterator libItr = thunkToLibMap.find(thunk);
78 if (libItr == thunkToLibMap.end()) return NULL;
79
80 size_t libId = libItr->second;
81 ImportBaseEntryWrapper* lib = dynamic_cast<ImportBaseEntryWrapper*>(this->getEntryAt(libId));
82 return lib;
83}
84
85ImportBaseFuncWrapper* ImportBaseDirWrapper::thunkToFunction(offset_t thunk)
86{
87 ImportBaseEntryWrapper* lib = thunkToLib(thunk);
88 if (!lib) return NULL;
89
90 std::map<offset_t, size_t>::iterator funcItr = lib->thunkToFuncMap.find(thunk);
91 if (funcItr == lib->thunkToFuncMap.end()) return NULL;
92
93 ImportBaseFuncWrapper* func = dynamic_cast<ImportBaseFuncWrapper*>(lib->getEntryAt(funcItr->second));
94 return func;
95}
96
97QString ImportBaseDirWrapper::thunkToFuncName(offset_t thunk, bool shortName)
98{
99 ImportBaseFuncWrapper* func = thunkToFunction(thunk);
100 if (func == NULL) return "";
101 if (shortName) {
102 return func->getShortName();
103 }
104 return func->getName();
105}
106
107QString ImportBaseDirWrapper::thunkToLibName(offset_t thunk)
108{
109 ImportBaseEntryWrapper* lib = thunkToLib(thunk);
110 if (!lib) return "";
111 return lib->getName();
112}
113
114bool ImportBaseDirWrapper::wrap()
115{
116 clearMapping();
117 clear();
118
119 size_t oldCount = this->importsCount;
120 this->importsCount = 0;
121 this->invalidEntries = 0;
122
123 if (!getDataDirectory()) {
124 return (oldCount != this->importsCount); //has count changed
125 }
126
127 const size_t LIMIT = (-1);
128 const size_t INVALID_LIMIT = 100;
129 size_t cntr = 0;
130 size_t invalidSeries = 0;
131 for (cntr = 0; cntr < LIMIT; cntr++) {
132 if (loadNextEntry(cntr) == false) break;
133 ExeNodeWrapper* entry = this->entries.at(cntr);
134 if (!entry) break;
135 if (entry->isValid()) {
136 invalidSeries = 0;
137 }
138 else {
139 invalidSeries++;
140 this->invalidEntries++;
141 if (invalidSeries >= INVALID_LIMIT) break;
142 }
143 }
144
145 this->importsCount = cntr;
146 return (oldCount != this->importsCount); //has count changed
147}
148
149bool ImportBaseDirWrapper::isValid()
150{
151 if (this->invalidEntries > 0) return false;
152
153 const QList<offset_t> thunks = getThunksList();
154 if (!thunks.size()) return false;
155 return true;
156}
157
158//--------------------------------------------------------------------------------------------------------------
159
160bool ImportBaseEntryWrapper::isValid()
161{
162 if (this->invalidEntries > 0) return false;
163 char *libName = this->getLibraryName();
164 if (!imports_util::isNameValid(m_Exe, libName)) return false;
165 return true;
166}
167
168bool ImportBaseEntryWrapper::wrap()
169{
170 clear();
171 thunkToFuncMap.clear();
172
173 this->invalidEntries = 0;
174
175 const size_t LIMIT = (-1);
176 const size_t INVALID_LIMIT = 100;
177 if (!isValid()) {
178 return false;
179 }
180
181 if (this->getPtr() == NULL) {
182 return false;
183 }
184
185 size_t cntr = 0;
186 size_t invalidSeries = 0;
187 for (cntr = 0; cntr < LIMIT; cntr++) {
188 if (loadNextEntry(cntr) == false) break;
189 ExeNodeWrapper* entry = this->entries.at(cntr);
190 if (!entry) break;
191 if (entry->isValid()) {
192 invalidSeries = 0;
193 }
194 else {
195 invalidSeries++;
196 this->invalidEntries++;
197 if (invalidSeries >= INVALID_LIMIT) break;
198 }
199 }
200 //printf("Entries: %d\n", entries.size());
201 return true;
202}
203
204//--------------------------------------------------------------------------------------------------------------
205QString ImportBaseFuncWrapper::getShortName()
206{
207 QString functionName;
208 if (isByOrdinal()) {
209 uint64_t val = getOrdinal();
210 QString out;
211#if QT_VERSION >= 0x050000
212 out = QString::asprintf("<ord: %llX>", static_cast<unsigned long long>(val));
213#else
214 out.sprintf("<ord: %llX>", static_cast<unsigned long long>(val));
215#endif
216 functionName = out;
217 } else {
218 char *fName = this->getFunctionName();
219 if (!fName) return "";
220 functionName = fName;
221 }
222 return functionName;
223}
224
225QString ImportBaseFuncWrapper::getLibName()
226{
227 ImportBaseEntryWrapper *p = dynamic_cast<ImportBaseEntryWrapper*>(this->getParentNode());
228 if (!p) return "";
229
230 char *libName = p->getLibraryName();
231 if (!libName) return "";
232
233 return QString(libName);
234}
235
236QString ImportBaseFuncWrapper::getName()
237{
238 QString libName = getLibName();
239 QString functionName = getShortName();
240
241 if (!libName.length()) return functionName;
242
243 return "[" + QString(libName) + "]." + functionName;
244}
245
246bool ImportBaseFuncWrapper::isValid()
247{
248 ImportBaseEntryWrapper *p = dynamic_cast<ImportBaseEntryWrapper*>(this->getParentNode());
249 if (!p) return false;
250
251 char *libName = p->getLibraryName();
252 if (!imports_util::isNameValid(m_Exe, libName)) return false;
253
254 if (!isByOrdinal()) {
255 char *fName = this->getFunctionName();
256 if (!imports_util::isNameValid(m_Exe, fName)) return false;
257 }
258 return true;
259}
INVALID_ADDR
const offset_t INVALID_ADDR
Definition AbstractByteBuffer.h:21
offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:20
bufsize_t
size_t bufsize_t
Definition AbstractByteBuffer.h:17
DataDirEntryWrapper::getDataDirectory
IMAGE_DATA_DIRECTORY * getDataDirectory()
Definition DataDirEntryWrapper.cpp:10
ExeElementWrapper::getPtr
virtual void * getPtr()=0
ExeElementWrapper::getName
virtual QString getName()=0
ExeNodeWrapper::ExeNodeWrapper
ExeNodeWrapper(Executable *pe, ExeNodeWrapper *parent=NULL)
Definition ExeNodeWrapper.cpp:3
ExeNodeWrapper::getEntryAt
virtual ExeNodeWrapper * getEntryAt(size_t fieldId)
Definition ExeNodeWrapper.cpp:15
ExeNodeWrapper::entries
std::vector< ExeNodeWrapper * > entries
Definition ExeNodeWrapper.h:56
ExeNodeWrapper::getEntryId
size_t getEntryId()
Definition ExeNodeWrapper.h:25
ExeNodeWrapper::loadNextEntry
virtual bool loadNextEntry(size_t entryNum)
Definition ExeNodeWrapper.h:48
ExeNodeWrapper::isValid
virtual bool isValid()
Definition ExeNodeWrapper.h:40
ExeNodeWrapper::getEntriesCount
virtual size_t getEntriesCount()
Definition ExeNodeWrapper.h:20
ExeNodeWrapper::clear
virtual void clear()
Definition ExeNodeWrapper.cpp:30
ImportBaseDirWrapper::thunkSize
static bufsize_t thunkSize(Executable::exe_bits bits)
Definition ImportBaseDirWrapper.cpp:23
ImportBaseDirWrapper::thunkToLib
ImportBaseEntryWrapper * thunkToLib(offset_t thunk)
Definition ImportBaseDirWrapper.cpp:75
ImportBaseDirWrapper::thunksList
QList< offset_t > thunksList
Definition ImportBaseDirWrapper.h:57
ImportBaseDirWrapper::ImportBaseEntryWrapper
friend class ImportBaseEntryWrapper
Definition ImportBaseDirWrapper.h:62
ImportBaseDirWrapper::thunkToLibMap
std::map< offset_t, size_t > thunkToLibMap
Definition ImportBaseDirWrapper.h:56
ImportBaseDirWrapper::getThunksList
QList< offset_t > getThunksList()
Definition ImportBaseDirWrapper.h:35
ImportBaseDirWrapper::thunkToLibName
QString thunkToLibName(offset_t thunk)
Definition ImportBaseDirWrapper.cpp:107
ImportBaseDirWrapper::thunkToFunction
ImportBaseFuncWrapper * thunkToFunction(offset_t thunk)
Definition ImportBaseDirWrapper.cpp:85
ImportBaseDirWrapper::addMapping
void addMapping(ExeNodeWrapper *func)
Definition ImportBaseDirWrapper.cpp:30
ImportBaseDirWrapper::thunkToFuncName
QString thunkToFuncName(offset_t thunk, bool shortName=true)
Definition ImportBaseDirWrapper.cpp:97
ImportBaseEntryWrapper
Definition ImportBaseDirWrapper.h:67
ImportBaseEntryWrapper::invalidEntries
size_t invalidEntries
Definition ImportBaseDirWrapper.h:88
ImportBaseEntryWrapper::NameLenLimit
static bufsize_t NameLenLimit
Definition ImportBaseDirWrapper.h:69
ImportBaseEntryWrapper::wrap
bool wrap()
Definition ImportBaseDirWrapper.cpp:168
ImportBaseEntryWrapper::isValid
virtual bool isValid()
Definition ImportBaseDirWrapper.cpp:160
ImportBaseEntryWrapper::getLibraryName
virtual char * getLibraryName()=0
ImportBaseEntryWrapper::thunkToFuncMap
std::map< offset_t, size_t > thunkToFuncMap
Definition ImportBaseDirWrapper.h:85
ImportBaseFuncWrapper::getOrdinal
virtual uint64_t getOrdinal()=0
ImportBaseFuncWrapper::getFunctionName
virtual char * getFunctionName()=0
ImportBaseFuncWrapper::callVia
virtual offset_t callVia()=0
ImportBaseFuncWrapper::isByOrdinal
virtual bool isByOrdinal()=0
PENodeWrapper::getParentNode
virtual PENodeWrapper * getParentNode()
Definition PENodeWrapper.h:33
imports_util
Definition ImportBaseDirWrapper.h:10
imports_util::isNameValid
bool isNameValid(Executable *pe, char *myName)
Definition ImportBaseDirWrapper.cpp:7
pe_util::hasNonPrintable
bool hasNonPrintable(const char *ptr, size_t maxInp)
Definition Util.cpp:70
pe_util::noWhiteCount
size_t noWhiteCount(char *buf, size_t bufSize)
Definition Util.cpp:131
Generated by doxygen 1.17.0