bearparser/_opt_hdr_wrapper_8h_source.html

#pragma once


#include "PENodeWrapper.h"


class OptHdrWrapper : public PEElementWrapper

{

public:

    /* fields :*/


    enum OptHdrFID {

        NONE = FIELD_NONE,

        MAGIC = 0,

        LINKER_MAJOR,

        LINKER_MINOR,

        CODE_SIZE,

        INITDATA_SIZE,

        UNINITDATA_SIZE,

        EP,

        CODE_BASE,

        DATA_BASE,


        IMAGE_BASE,

        SEC_ALIGN,

        FILE_ALIGN,

        OSVER_MAJOR,

        OSVER_MINOR,

        IMGVER_MAJOR,

        IMGVER_MINOR,

        SUBSYSVER_MAJOR,

        SUBSYSVER_MINOR,

        WIN32_VER,

        IMAGE_SIZE,

        HDRS_SIZE,

        CHECKSUM,

        SUBSYS,

        DLL_CHARACT,

        STACK_RSRV_SIZE,

        STACK_COMMIT_SIZE,

        HEAP_RSRV_SIZE,

        HEAP_COMMIT_SIZE,

        LDR_FLAGS,

        RVAS_SIZES_NUM,

        DATA_DIR,

        FIELD_COUNTER

    };


    static std::map<DWORD, QString> s_optMagic;

    static std::map<std::pair<WORD,WORD>, QString> s_osVersion;

    static std::map<DWORD, QString> s_dllCharact;

    static std::map<DWORD, QString> s_subsystem;


    static void initDllCharact();

    static std::vector<DWORD> splitDllCharact(DWORD characteristics);

    static QString translateDllCharacteristics(DWORD charact);


    static QString translateOptMagic(DWORD magic);

    static QString translateOSVersion(WORD major, WORD minor);

    static QString translateSubsystem(DWORD subsystem);

    //----


    OptHdrWrapper(PEFile *pe) : PEElementWrapper(pe), opt32(NULL), opt64(NULL) { wrap(); }

    bool wrap();


    /* full structure boundaries */

    virtual void* getPtr();

    virtual bufsize_t getSize();

    virtual QString getName() { return "Optional Hdr"; }

    virtual size_t getFieldsCount() { return FIELD_COUNTER; }


    /* specific field boundaries */

    virtual void* getFieldPtr(size_t fieldId, size_t subField = FIELD_NONE);

    virtual bufsize_t getFieldSize(size_t fieldId, size_t subField = FIELD_NONE);


    virtual QString translateFieldContent(size_t fieldId);


    virtual QString getFieldName(size_t fieldId);

    virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField = FIELD_NONE);


    Executable::exe_bits getHdrBitMode();

    IMAGE_NT_HEADERS32* nt32();

    IMAGE_NT_HEADERS64* nt64();


    //DataDirWrapper dataDir;

protected:

    IMAGE_OPTIONAL_HEADER32* opt32;

    IMAGE_OPTIONAL_HEADER64* opt64;

    std::vector<DWORD> dllCharact;

};


bufsize_t
uint32_t bufsize_t
Definition AbstractByteBuffer.h:14

FIELD_NONE
#define FIELD_NONE
Definition ExeElementWrapper.h:9

PENodeWrapper.h

Executable::addr_type
addr_type
Definition Executable.h:41

Executable::exe_bits
exe_bits
Definition Executable.h:28

OptHdrWrapper
Definition OptHdrWrapper.h:6

OptHdrWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField=FIELD_NONE)
Definition OptHdrWrapper.cpp:331

OptHdrWrapper::translateOptMagic
static QString translateOptMagic(DWORD magic)
Definition OptHdrWrapper.cpp:50

OptHdrWrapper::nt64
IMAGE_NT_HEADERS64 * nt64()
Definition OptHdrWrapper.cpp:138

OptHdrWrapper::translateSubsystem
static QString translateSubsystem(DWORD subsystem)
Definition OptHdrWrapper.cpp:84

OptHdrWrapper::translateFieldContent
virtual QString translateFieldContent(size_t fieldId)
Definition OptHdrWrapper.cpp:264

OptHdrWrapper::initDllCharact
static void initDllCharact()
Definition OptHdrWrapper.cpp:11

OptHdrWrapper::getHdrBitMode
Executable::exe_bits getHdrBitMode()
Definition OptHdrWrapper.cpp:120

OptHdrWrapper::opt64
IMAGE_OPTIONAL_HEADER64 * opt64
Definition OptHdrWrapper.h:84

OptHdrWrapper::s_optMagic
static std::map< DWORD, QString > s_optMagic
Definition OptHdrWrapper.h:45

OptHdrWrapper::opt32
IMAGE_OPTIONAL_HEADER32 * opt32
Definition OptHdrWrapper.h:83

OptHdrWrapper::OptHdrFID
OptHdrFID
Definition OptHdrWrapper.h:9

OptHdrWrapper::IMGVER_MAJOR
@ IMGVER_MAJOR
Definition OptHdrWrapper.h:26

OptHdrWrapper::WIN32_VER
@ WIN32_VER
Definition OptHdrWrapper.h:30

OptHdrWrapper::OSVER_MAJOR
@ OSVER_MAJOR
Definition OptHdrWrapper.h:24

OptHdrWrapper::UNINITDATA_SIZE
@ UNINITDATA_SIZE
Definition OptHdrWrapper.h:16

OptHdrWrapper::LINKER_MAJOR
@ LINKER_MAJOR
Definition OptHdrWrapper.h:12

OptHdrWrapper::STACK_RSRV_SIZE
@ STACK_RSRV_SIZE
Definition OptHdrWrapper.h:36

OptHdrWrapper::SUBSYS
@ SUBSYS
Definition OptHdrWrapper.h:34

OptHdrWrapper::IMAGE_BASE
@ IMAGE_BASE
Definition OptHdrWrapper.h:21

OptHdrWrapper::FILE_ALIGN
@ FILE_ALIGN
Definition OptHdrWrapper.h:23

OptHdrWrapper::CHECKSUM
@ CHECKSUM
Definition OptHdrWrapper.h:33

OptHdrWrapper::EP
@ EP
Definition OptHdrWrapper.h:17

OptHdrWrapper::SUBSYSVER_MAJOR
@ SUBSYSVER_MAJOR
Definition OptHdrWrapper.h:28

OptHdrWrapper::HEAP_COMMIT_SIZE
@ HEAP_COMMIT_SIZE
Definition OptHdrWrapper.h:39

OptHdrWrapper::DLL_CHARACT
@ DLL_CHARACT
Definition OptHdrWrapper.h:35

OptHdrWrapper::OSVER_MINOR
@ OSVER_MINOR
Definition OptHdrWrapper.h:25

OptHdrWrapper::IMGVER_MINOR
@ IMGVER_MINOR
Definition OptHdrWrapper.h:27

OptHdrWrapper::FIELD_COUNTER
@ FIELD_COUNTER
Definition OptHdrWrapper.h:43

OptHdrWrapper::LDR_FLAGS
@ LDR_FLAGS
Definition OptHdrWrapper.h:40

OptHdrWrapper::DATA_DIR
@ DATA_DIR
Definition OptHdrWrapper.h:42

OptHdrWrapper::HDRS_SIZE
@ HDRS_SIZE
Definition OptHdrWrapper.h:32

OptHdrWrapper::DATA_BASE
@ DATA_BASE
Definition OptHdrWrapper.h:19

OptHdrWrapper::NONE
@ NONE
Definition OptHdrWrapper.h:10

OptHdrWrapper::STACK_COMMIT_SIZE
@ STACK_COMMIT_SIZE
Definition OptHdrWrapper.h:37

OptHdrWrapper::MAGIC
@ MAGIC
Definition OptHdrWrapper.h:11

OptHdrWrapper::SUBSYSVER_MINOR
@ SUBSYSVER_MINOR
Definition OptHdrWrapper.h:29

OptHdrWrapper::IMAGE_SIZE
@ IMAGE_SIZE
Definition OptHdrWrapper.h:31

OptHdrWrapper::CODE_BASE
@ CODE_BASE
Definition OptHdrWrapper.h:18

OptHdrWrapper::INITDATA_SIZE
@ INITDATA_SIZE
Definition OptHdrWrapper.h:15

OptHdrWrapper::CODE_SIZE
@ CODE_SIZE
Definition OptHdrWrapper.h:14

OptHdrWrapper::RVAS_SIZES_NUM
@ RVAS_SIZES_NUM
Definition OptHdrWrapper.h:41

OptHdrWrapper::LINKER_MINOR
@ LINKER_MINOR
Definition OptHdrWrapper.h:13

OptHdrWrapper::HEAP_RSRV_SIZE
@ HEAP_RSRV_SIZE
Definition OptHdrWrapper.h:38

OptHdrWrapper::SEC_ALIGN
@ SEC_ALIGN
Definition OptHdrWrapper.h:22

OptHdrWrapper::translateDllCharacteristics
static QString translateDllCharacteristics(DWORD charact)
Definition OptHdrWrapper.cpp:28

OptHdrWrapper::translateOSVersion
static QString translateOSVersion(WORD major, WORD minor)
Definition OptHdrWrapper.cpp:61

OptHdrWrapper::getFieldsCount
virtual size_t getFieldsCount()
Definition OptHdrWrapper.h:66

OptHdrWrapper::dllCharact
std::vector< DWORD > dllCharact
Definition OptHdrWrapper.h:85

OptHdrWrapper::OptHdrWrapper
OptHdrWrapper(PEFile *pe)
Definition OptHdrWrapper.h:59

OptHdrWrapper::wrap
bool wrap()
Definition OptHdrWrapper.cpp:106

OptHdrWrapper::nt32
IMAGE_NT_HEADERS32 * nt32()
Definition OptHdrWrapper.cpp:128

OptHdrWrapper::getFieldSize
virtual bufsize_t getFieldSize(size_t fieldId, size_t subField=FIELD_NONE)
Definition OptHdrWrapper.cpp:174

OptHdrWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition OptHdrWrapper.cpp:282

OptHdrWrapper::getPtr
virtual void * getPtr()
Definition OptHdrWrapper.cpp:149

OptHdrWrapper::getSize
virtual bufsize_t getSize()
Definition OptHdrWrapper.cpp:164

OptHdrWrapper::getName
virtual QString getName()
Definition OptHdrWrapper.h:65

OptHdrWrapper::s_dllCharact
static std::map< DWORD, QString > s_dllCharact
Definition OptHdrWrapper.h:47

OptHdrWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField=FIELD_NONE)
Definition OptHdrWrapper.cpp:184

OptHdrWrapper::splitDllCharact
static std::vector< DWORD > splitDllCharact(DWORD characteristics)
Definition OptHdrWrapper.cpp:36

OptHdrWrapper::s_osVersion
static std::map< std::pair< WORD, WORD >, QString > s_osVersion
Definition OptHdrWrapper.h:46

OptHdrWrapper::s_subsystem
static std::map< DWORD, QString > s_subsystem
Definition OptHdrWrapper.h:48

PEElementWrapper
Definition PENodeWrapper.h:9

PEFile
Definition PEFile.h:45