BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
RichHdrWrapper.cpp
Go to the documentation of this file.
1#include "pe/RichHdrWrapper.h"
2#include "pe/PEFile.h"
3#include <iostream>
4
5
6bool RichHdrWrapper::wrap()
7{
8 this->richSign = m_PE->getRichHeaderSign();
9 this->dansHdr = m_PE->getRichHeaderBgn(richSign);
10 if (!this->richSign || !this->dansHdr) {
11 this->compIdCounter = 0;
12 return false;
13 }
14 this->compIdCounter = this->compIdCount();
15 return true;
16}
17
18void* RichHdrWrapper::getPtr()
19{
20 if (!this->dansHdr) {
21 wrap();
22 }
23 return (void*)this->dansHdr;
24}
25
26size_t RichHdrWrapper::compIdCount()
27{
28 if (!this->richSign || !this->dansHdr) {
29 return 0;
30 }
31 const pe::RICH_DANS_HEADER dans_empty = { 0 };
32 const bufsize_t dif = ((ULONGLONG)richSign - (ULONGLONG)dansHdr) - (sizeof(dans_empty.dansId) + sizeof(dans_empty.cPad));
33 bufsize_t count = dif / sizeof(pe::RICH_COMP_ID);
34 return (size_t) count;
35}
36
37bufsize_t RichHdrWrapper::getSize()
38{
39 if (!this->richSign || !this->dansHdr) {
40 return 0;
41 }
42 const offset_t dansOffset = getOffset(this->dansHdr);
43 const offset_t richOffset = getOffset(this->richSign);
44 offset_t diff = richOffset - dansOffset;
45
46 pe::RICH_SIGNATURE rich1 = { 0 };
47 diff += sizeof(rich1);
48 return diff;
49}
50
51size_t RichHdrWrapper::getFieldsCount()
52{
53 if (getSize() == 0) return 0;
54 return this->compIdCounter + FIELD_COUNTER - 1;
55}
56
57void* RichHdrWrapper::getFieldPtr(size_t fieldId, size_t subField)
58{
59 if (!this->richSign || !this->dansHdr) {
60 return NULL;
61 }
62 if (this->compIdCounter == 0) {
63 return NULL;
64 }
65
66 const size_t cnt = this->compIdCounter - 1;
67 switch (fieldId) {
68 case DANS_ID: return (void*) &dansHdr->dansId;
69 case CPAD0: return (void*) &dansHdr->cPad[0];
70 case CPAD1: return (void*) &dansHdr->cPad[1];
71 case CPAD2: return (void*) &dansHdr->cPad[2];
72 }
73 if (fieldId >= COMP_ID_1 && fieldId <= COMP_ID_1 + cnt)
74 {
75 size_t compIdNum = fieldId - COMP_ID_1;
76 return (void*)(ULONGLONG(&dansHdr->compId) + (sizeof(pe::RICH_COMP_ID)*compIdNum));
77 }
78 if (fieldId == RICH_ID + cnt) return (void*) &richSign->richId;
79 if (fieldId == CHECKSUM + cnt) return (void*) &richSign->checksum;
80 return (void*) dansHdr;
81}
82
83bufsize_t RichHdrWrapper::getFieldSize(size_t fieldId, size_t subField)
84{
85 if (!this->richSign || !this->dansHdr) {
86 return 0;
87 }
88 if (this->compIdCounter == 0) {
89 return 0;
90 }
91 const size_t cnt = this->compIdCounter - 1;
92 switch (fieldId) {
93 case DANS_ID:
94 return sizeof(dansHdr->dansId);
95 case CPAD0:
96 case CPAD1:
97 case CPAD2:
98 return sizeof(dansHdr->cPad[0]);
99 }
100 if (fieldId >= COMP_ID_1 && fieldId <= COMP_ID_1 + cnt)
101 {
102 return sizeof(pe::RICH_COMP_ID);
103 }
104 if (fieldId == RICH_ID + cnt) return sizeof(richSign->richId);
105 if (fieldId == CHECKSUM + cnt) return sizeof(richSign->checksum);
106 return 0;
107}
108
109QString RichHdrWrapper::getFieldName(size_t fieldId)
110{
111 if (!this->richSign || !this->dansHdr) {
112 return "";
113 }
114 const size_t cnt = this->compIdCounter - 1;
115
116 switch (fieldId) {
117 case DANS_ID: return("DanS ID");
118 case CPAD0: case CPAD1: case CPAD2: return ("Checksumed padding");
119 }
120 if (fieldId >= COMP_ID_1 && fieldId <= COMP_ID_1 + cnt)
121 {
122 return("Comp ID");
123 }
124 if (fieldId == RICH_ID + cnt) return("Rich ID");
125 if (fieldId == CHECKSUM + cnt) return("Checksum");
126 return "";
127}
128
129pe::RICH_COMP_ID RichHdrWrapper::getCompId(size_t fieldId)
130{
131 pe::RICH_COMP_ID emptyId = { 0 };
132 if (!this->richSign || !this->dansHdr) {
133 return emptyId;
134 }
135 const uint32_t xorVal = this->richSign->checksum;
136 const size_t cnt = this->compIdCounter - 1;
137 bool isOk = false;
138 uint64_t num = this->getNumValue(fieldId, &isOk);
139 if (!isOk) {
140 return emptyId;
141 }
142 if (fieldId >= COMP_ID_1 && fieldId <= COMP_ID_1 + cnt)
143 {
144 uint64_t xorVal2 = xorVal | ((uint64_t)xorVal << sizeof(uint32_t)*8);
145 uint64_t my_num = static_cast<uint64_t>(num) ^ (xorVal2);
146 pe::RICH_COMP_ID* myCompId = reinterpret_cast<pe::RICH_COMP_ID*>(&my_num);
147 return *myCompId;
148 }
149 return emptyId;
150}
151
152
153inline DWORD rol32(DWORD temp, DWORD i)
154{
155 return ((temp << (i%32)) | (temp >> (32-(i%32))));
156}
157
158DWORD RichHdrWrapper::calcChecksum()
159{
160 BYTE *data = m_Exe->getContent();
161 const size_t dataSize = m_Exe->getContentSize();
162 const size_t dansOffset = getOffset(this->dansHdr);
163
164 if (!data || dansOffset == INVALID_ADDR) return 0;
165
166 DWORD cksum = dansOffset;
167 for (size_t i = 0; i < (size_t)dansOffset && i < dataSize; i++) {
168 //skip e_lfanew
169 if (i >= 0x3c && i < 0x40) {
170 continue;
171 }
172 BYTE temp = data[i];
173 cksum += rol32(temp,i);
174 }
175 size_t compKeys = compIdCount();
176 for (size_t k = COMP_ID_1; k < (COMP_ID_1 + compKeys); k++) {
177 pe::RICH_COMP_ID compId = this->getCompId(k);
178
179 DWORD temp = compId.prodId << 16 | compId.CV;
180 DWORD roled = rol32(temp, compId.count);
181 cksum += roled;
182 }
183 return cksum;
184}
185
186Executable::addr_type RichHdrWrapper::containsAddrType(uint32_t fieldId, uint32_t subField)
187{
188 return Executable::NOT_ADDR;
189}
190
191QString RichHdrWrapper::translateFieldContent(size_t fieldId)
192{
193 if (!this->richSign || !this->dansHdr) {
194 return "";
195 }
196 const uint32_t xorVal = this->richSign->checksum;
197 const size_t cnt = this->compIdCounter - 1;
198
199 bool isOk = false;
200 uint64_t num = this->getNumValue(fieldId, &isOk);
201 if (!isOk) {
202 return "?";
203 }
204 switch (fieldId) {
205 case DANS_ID:
206 case CPAD0: case CPAD1: case CPAD2: {
207 uint32_t my_num = static_cast<uint32_t>(num) ^ xorVal;
208 if (my_num == pe::DANS_HDR_MAGIC) return "DanS";
209 return QString::number(my_num, 16);
210 }
211 }
212
213 if (fieldId == CHECKSUM + cnt) {
214 return QString::number(this->calcChecksum(), 16);
215 }
216
217 if (fieldId >= COMP_ID_1 && fieldId <= COMP_ID_1 + cnt)
218 {
219 uint64_t xorVal2 = xorVal | ((uint64_t)xorVal << sizeof(uint32_t)*8);
220 uint64_t my_num = static_cast<uint64_t>(num) ^ (xorVal2);
221 pe::RICH_COMP_ID* myCompId = reinterpret_cast<pe::RICH_COMP_ID*>(&my_num);
222 return QString::number(myCompId->CV, 10) + "." + QString::number(myCompId->prodId, 10) + "." + QString::number(myCompId->count, 10);
223 }
224 if (fieldId == RICH_ID + cnt) {
225 if (static_cast<uint32_t>(num) == pe::RICH_HDR_MAGIC) return "Rich";
226 }
227 return "";
228}
229
230
231const QString RichHdr_ProdIdToVSversion(WORD i)
232{
233 //list based on: https://github.com/kirschju/richheader + pnx's notes
234 if (i >= 0x0106 && i < (0x010a + 1))
235 return "Visual Studio 2017 14.01+";
236 if (i >= 0x00fd && i < (0x0106))
237 return "Visual Studio 2015 14.00";
238 if (i >= 0x00eb && i < 0x00fd)
239 return "Visual Studio 2013 12.10";
240 if (i >= 0x00d9 && i < 0x00eb)
241 return "Visual Studio 2013 12.00";
242 if (i >= 0x00c7 && i < 0x00d9)
243 return "Visual Studio 2012 11.00";
244 if (i >= 0x00b5 && i < 0x00c7)
245 return "Visual Studio 2010 10.10";
246 if (i >= 0x0098 && i < 0x00b5)
247 return "Visual Studio 2010 10.00";
248 if (i >= 0x0083 && i < 0x0098)
249 return "Visual Studio 2008 09.00";
250 if (i >= 0x006d && i < 0x0083)
251 return "Visual Studio 2005 08.00";
252 if (i >= 0x005a && i < 0x006d)
253 return "Visual Studio 2003 07.10";
254 if (i >= 0x0019 && i < (0x0045 + 1))
255 return "Visual Studio 2002 07.00";
256 if (i == 0xA || i == 0xB || i == 0xD || i == 0x15 || i == 0x16 )
257 return "Visual Studio 6.0 06.00";
258 if (i == 0x2 || i == 0x6 || i == 0xC || i == 0xE)
259 return "Visual Studio 97 05.00";
260 if (i == 1)
261 return "Visual Studio";
262 return "";
263}
264
265const QString RichHdr_translateProdId(WORD prodId)
266{
267 //list from: https://github.com/kirschju/richheader
268 switch (prodId) {
269 case 0x0000: return "Unknown";
270 case 0x0001: return "Import0";
271 case 0x0002: return "Linker510";
272 case 0x0003: return "Cvtomf510";
273 case 0x0004: return "Linker600";
274 case 0x0005: return "Cvtomf600";
275 case 0x0006: return "Cvtres500";
276 case 0x0007: return "Utc11_Basic";
277 case 0x0008: return "Utc11_C";
278 case 0x0009: return "Utc12_Basic";
279 case 0x000a: return "Utc12_C";
280 case 0x000b: return "Utc12_CPP";
281 case 0x000c: return "AliasObj60";
282 case 0x000d: return "VisualBasic60";
283 case 0x000e: return "Masm613";
284 case 0x000f: return "Masm710";
285 case 0x0010: return "Linker511";
286 case 0x0011: return "Cvtomf511";
287 case 0x0012: return "Masm614";
288 case 0x0013: return "Linker512";
289 case 0x0014: return "Cvtomf512";
290 case 0x0015: return "Utc12_C_Std";
291 case 0x0016: return "Utc12_CPP_Std";
292 case 0x0017: return "Utc12_C_Book";
293 case 0x0018: return "Utc12_CPP_Book";
294 case 0x0019: return "Implib700";
295 case 0x001a: return "Cvtomf700";
296 case 0x001b: return "Utc13_Basic";
297 case 0x001c: return "Utc13_C";
298 case 0x001d: return "Utc13_CPP";
299 case 0x001e: return "Linker610";
300 case 0x001f: return "Cvtomf610";
301 case 0x0020: return "Linker601";
302 case 0x0021: return "Cvtomf601";
303 case 0x0022: return "Utc12_1_Basic";
304 case 0x0023: return "Utc12_1_C";
305 case 0x0024: return "Utc12_1_CPP";
306 case 0x0025: return "Linker620";
307 case 0x0026: return "Cvtomf620";
308 case 0x0027: return "AliasObj70";
309 case 0x0028: return "Linker621";
310 case 0x0029: return "Cvtomf621";
311 case 0x002a: return "Masm615";
312 case 0x002b: return "Utc13_LTCG_C";
313 case 0x002c: return "Utc13_LTCG_CPP";
314 case 0x002d: return "Masm620";
315 case 0x002e: return "ILAsm100";
316 case 0x002f: return "Utc12_2_Basic";
317 case 0x0030: return "Utc12_2_C";
318 case 0x0031: return "Utc12_2_CPP";
319 case 0x0032: return "Utc12_2_C_Std";
320 case 0x0033: return "Utc12_2_CPP_Std";
321 case 0x0034: return "Utc12_2_C_Book";
322 case 0x0035: return "Utc12_2_CPP_Book";
323 case 0x0036: return "Implib622";
324 case 0x0037: return "Cvtomf622";
325 case 0x0038: return "Cvtres501";
326 case 0x0039: return "Utc13_C_Std";
327 case 0x003a: return "Utc13_CPP_Std";
328 case 0x003b: return "Cvtpgd1300";
329 case 0x003c: return "Linker622";
330 case 0x003d: return "Linker700";
331 case 0x003e: return "Export622";
332 case 0x003f: return "Export700";
333 case 0x0040: return "Masm700";
334 case 0x0041: return "Utc13_POGO_I_C";
335 case 0x0042: return "Utc13_POGO_I_CPP";
336 case 0x0043: return "Utc13_POGO_O_C";
337 case 0x0044: return "Utc13_POGO_O_CPP";
338 case 0x0045: return "Cvtres700";
339 case 0x0046: return "Cvtres710p";
340 case 0x0047: return "Linker710p";
341 case 0x0048: return "Cvtomf710p";
342 case 0x0049: return "Export710p";
343 case 0x004a: return "Implib710p";
344 case 0x004b: return "Masm710p";
345 case 0x004c: return "Utc1310p_C";
346 case 0x004d: return "Utc1310p_CPP";
347 case 0x004e: return "Utc1310p_C_Std";
348 case 0x004f: return "Utc1310p_CPP_Std";
349 case 0x0050: return "Utc1310p_LTCG_C";
350 case 0x0051: return "Utc1310p_LTCG_CPP";
351 case 0x0052: return "Utc1310p_POGO_I_C";
352 case 0x0053: return "Utc1310p_POGO_I_CPP";
353 case 0x0054: return "Utc1310p_POGO_O_C";
354 case 0x0055: return "Utc1310p_POGO_O_CPP";
355 case 0x0056: return "Linker624";
356 case 0x0057: return "Cvtomf624";
357 case 0x0058: return "Export624";
358 case 0x0059: return "Implib624";
359 case 0x005a: return "Linker710";
360 case 0x005b: return "Cvtomf710";
361 case 0x005c: return "Export710";
362 case 0x005d: return "Implib710";
363 case 0x005e: return "Cvtres710";
364 case 0x005f: return "Utc1310_C";
365 case 0x0060: return "Utc1310_CPP";
366 case 0x0061: return "Utc1310_C_Std";
367 case 0x0062: return "Utc1310_CPP_Std";
368 case 0x0063: return "Utc1310_LTCG_C";
369 case 0x0064: return "Utc1310_LTCG_CPP";
370 case 0x0065: return "Utc1310_POGO_I_C";
371 case 0x0066: return "Utc1310_POGO_I_CPP";
372 case 0x0067: return "Utc1310_POGO_O_C";
373 case 0x0068: return "Utc1310_POGO_O_CPP";
374 case 0x0069: return "AliasObj710";
375 case 0x006a: return "AliasObj710p";
376 case 0x006b: return "Cvtpgd1310";
377 case 0x006c: return "Cvtpgd1310p";
378 case 0x006d: return "Utc1400_C";
379 case 0x006e: return "Utc1400_CPP";
380 case 0x006f: return "Utc1400_C_Std";
381 case 0x0070: return "Utc1400_CPP_Std";
382 case 0x0071: return "Utc1400_LTCG_C";
383 case 0x0072: return "Utc1400_LTCG_CPP";
384 case 0x0073: return "Utc1400_POGO_I_C";
385 case 0x0074: return "Utc1400_POGO_I_CPP";
386 case 0x0075: return "Utc1400_POGO_O_C";
387 case 0x0076: return "Utc1400_POGO_O_CPP";
388 case 0x0077: return "Cvtpgd1400";
389 case 0x0078: return "Linker800";
390 case 0x0079: return "Cvtomf800";
391 case 0x007a: return "Export800";
392 case 0x007b: return "Implib800";
393 case 0x007c: return "Cvtres800";
394 case 0x007d: return "Masm800";
395 case 0x007e: return "AliasObj800";
396 case 0x007f: return "PhoenixPrerelease";
397 case 0x0080: return "Utc1400_CVTCIL_C";
398 case 0x0081: return "Utc1400_CVTCIL_CPP";
399 case 0x0082: return "Utc1400_LTCG_MSIL";
400 case 0x0083: return "Utc1500_C";
401 case 0x0084: return "Utc1500_CPP";
402 case 0x0085: return "Utc1500_C_Std";
403 case 0x0086: return "Utc1500_CPP_Std";
404 case 0x0087: return "Utc1500_CVTCIL_C";
405 case 0x0088: return "Utc1500_CVTCIL_CPP";
406 case 0x0089: return "Utc1500_LTCG_C";
407 case 0x008a: return "Utc1500_LTCG_CPP";
408 case 0x008b: return "Utc1500_LTCG_MSIL";
409 case 0x008c: return "Utc1500_POGO_I_C";
410 case 0x008d: return "Utc1500_POGO_I_CPP";
411 case 0x008e: return "Utc1500_POGO_O_C";
412 case 0x008f: return "Utc1500_POGO_O_CPP";
413 case 0x0090: return "Cvtpgd1500";
414 case 0x0091: return "Linker900";
415 case 0x0092: return "Export900";
416 case 0x0093: return "Implib900";
417 case 0x0094: return "Cvtres900";
418 case 0x0095: return "Masm900";
419 case 0x0096: return "AliasObj900";
420 case 0x0097: return "Resource";
421 case 0x0098: return "AliasObj1000";
422 case 0x0099: return "Cvtpgd1600";
423 case 0x009a: return "Cvtres1000";
424 case 0x009b: return "Export1000";
425 case 0x009c: return "Implib1000";
426 case 0x009d: return "Linker1000";
427 case 0x009e: return "Masm1000";
428 case 0x009f: return "Phx1600_C";
429 case 0x00a0: return "Phx1600_CPP";
430 case 0x00a1: return "Phx1600_CVTCIL_C";
431 case 0x00a2: return "Phx1600_CVTCIL_CPP";
432 case 0x00a3: return "Phx1600_LTCG_C";
433 case 0x00a4: return "Phx1600_LTCG_CPP";
434 case 0x00a5: return "Phx1600_LTCG_MSIL";
435 case 0x00a6: return "Phx1600_POGO_I_C";
436 case 0x00a7: return "Phx1600_POGO_I_CPP";
437 case 0x00a8: return "Phx1600_POGO_O_C";
438 case 0x00a9: return "Phx1600_POGO_O_CPP";
439 case 0x00aa: return "Utc1600_C";
440 case 0x00ab: return "Utc1600_CPP";
441 case 0x00ac: return "Utc1600_CVTCIL_C";
442 case 0x00ad: return "Utc1600_CVTCIL_CPP";
443 case 0x00ae: return "Utc1600_LTCG_C";
444 case 0x00af: return "Utc1600_LTCG_CPP";
445 case 0x00b0: return "Utc1600_LTCG_MSIL";
446 case 0x00b1: return "Utc1600_POGO_I_C";
447 case 0x00b2: return "Utc1600_POGO_I_CPP";
448 case 0x00b3: return "Utc1600_POGO_O_C";
449 case 0x00b4: return "Utc1600_POGO_O_CPP";
450 case 0x00b5: return "AliasObj1010";
451 case 0x00b6: return "Cvtpgd1610";
452 case 0x00b7: return "Cvtres1010";
453 case 0x00b8: return "Export1010";
454 case 0x00b9: return "Implib1010";
455 case 0x00ba: return "Linker1010";
456 case 0x00bb: return "Masm1010";
457 case 0x00bc: return "Utc1610_C";
458 case 0x00bd: return "Utc1610_CPP";
459 case 0x00be: return "Utc1610_CVTCIL_C";
460 case 0x00bf: return "Utc1610_CVTCIL_CPP";
461 case 0x00c0: return "Utc1610_LTCG_C";
462 case 0x00c1: return "Utc1610_LTCG_CPP";
463 case 0x00c2: return "Utc1610_LTCG_MSIL";
464 case 0x00c3: return "Utc1610_POGO_I_C";
465 case 0x00c4: return "Utc1610_POGO_I_CPP";
466 case 0x00c5: return "Utc1610_POGO_O_C";
467 case 0x00c6: return "Utc1610_POGO_O_CPP";
468 case 0x00c7: return "AliasObj1100";
469 case 0x00c8: return "Cvtpgd1700";
470 case 0x00c9: return "Cvtres1100";
471 case 0x00ca: return "Export1100";
472 case 0x00cb: return "Implib1100";
473 case 0x00cc: return "Linker1100";
474 case 0x00cd: return "Masm1100";
475 case 0x00ce: return "Utc1700_C";
476 case 0x00cf: return "Utc1700_CPP";
477 case 0x00d0: return "Utc1700_CVTCIL_C";
478 case 0x00d1: return "Utc1700_CVTCIL_CPP";
479 case 0x00d2: return "Utc1700_LTCG_C";
480 case 0x00d3: return "Utc1700_LTCG_CPP";
481 case 0x00d4: return "Utc1700_LTCG_MSIL";
482 case 0x00d5: return "Utc1700_POGO_I_C";
483 case 0x00d6: return "Utc1700_POGO_I_CPP";
484 case 0x00d7: return "Utc1700_POGO_O_C";
485 case 0x00d8: return "Utc1700_POGO_O_CPP";
486 case 0x00d9: return "AliasObj1200";
487 case 0x00da: return "Cvtpgd1800";
488 case 0x00db: return "Cvtres1200";
489 case 0x00dc: return "Export1200";
490 case 0x00dd: return "Implib1200";
491 case 0x00de: return "Linker1200";
492 case 0x00df: return "Masm1200";
493 case 0x00e0: return "Utc1800_C";
494 case 0x00e1: return "Utc1800_CPP";
495 case 0x00e2: return "Utc1800_CVTCIL_C";
496 case 0x00e3: return "Utc1800_CVTCIL_CPP";
497 case 0x00e4: return "Utc1800_LTCG_C";
498 case 0x00e5: return "Utc1800_LTCG_CPP";
499 case 0x00e6: return "Utc1800_LTCG_MSIL";
500 case 0x00e7: return "Utc1800_POGO_I_C";
501 case 0x00e8: return "Utc1800_POGO_I_CPP";
502 case 0x00e9: return "Utc1800_POGO_O_C";
503 case 0x00ea: return "Utc1800_POGO_O_CPP";
504 case 0x00eb: return "AliasObj1210";
505 case 0x00ec: return "Cvtpgd1810";
506 case 0x00ed: return "Cvtres1210";
507 case 0x00ee: return "Export1210";
508 case 0x00ef: return "Implib1210";
509 case 0x00f0: return "Linker1210";
510 case 0x00f1: return "Masm1210";
511 case 0x00f2: return "Utc1810_C";
512 case 0x00f3: return "Utc1810_CPP";
513 case 0x00f4: return "Utc1810_CVTCIL_C";
514 case 0x00f5: return "Utc1810_CVTCIL_CPP";
515 case 0x00f6: return "Utc1810_LTCG_C";
516 case 0x00f7: return "Utc1810_LTCG_CPP";
517 case 0x00f8: return "Utc1810_LTCG_MSIL";
518 case 0x00f9: return "Utc1810_POGO_I_C";
519 case 0x00fa: return "Utc1810_POGO_I_CPP";
520 case 0x00fb: return "Utc1810_POGO_O_C";
521 case 0x00fc: return "Utc1810_POGO_O_CPP";
522 case 0x00fd: return "AliasObj1400";
523 case 0x00fe: return "Cvtpgd1900";
524 case 0x00ff: return "Cvtres1400";
525 case 0x0100: return "Export1400";
526 case 0x0101: return "Implib1400";
527 case 0x0102: return "Linker1400";
528 case 0x0103: return "Masm1400";
529 case 0x0104: return "Utc1900_C";
530 case 0x0105: return "Utc1900_CPP";
531 case 0x0106: return "Utc1900_CVTCIL_C";
532 case 0x0107: return "Utc1900_CVTCIL_CPP";
533 case 0x0108: return "Utc1900_LTCG_C";
534 case 0x0109: return "Utc1900_LTCG_CPP";
535 case 0x010a: return "Utc1900_LTCG_MSIL";
536 case 0x010b: return ": 'Utc1900_POGO_I_C";
537 case 0x010c: return "Utc1900_POGO_I_CPP";
538 case 0x010d: return "Utc1900_POGO_O_C";
539 case 0x010e: return "Utc1900_POGO_O_CPP";
540 }
541 return "?";
542}
INVALID_ADDR
const offset_t INVALID_ADDR
Definition AbstractByteBuffer.h:21
offset_t
uint64_t offset_t
Definition AbstractByteBuffer.h:20
bufsize_t
size_t bufsize_t
Definition AbstractByteBuffer.h:17
RichHdr_translateProdId
const QString RichHdr_translateProdId(WORD prodId)
Definition RichHdrWrapper.cpp:265
rol32
DWORD rol32(DWORD temp, DWORD i)
Definition RichHdrWrapper.cpp:153
RichHdr_ProdIdToVSversion
const QString RichHdr_ProdIdToVSversion(WORD i)
Definition RichHdrWrapper.cpp:231
ExeElementWrapper::getOffset
virtual offset_t getOffset()
Definition ExeElementWrapper.cpp:39
ExeElementWrapper::getNumValue
virtual uint64_t getNumValue(size_t fieldId, size_t subField, bool *isOk)
Definition ExeElementWrapper.cpp:73
RichHdrWrapper::containsAddrType
virtual Executable::addr_type containsAddrType(uint32_t fieldId, uint32_t subField=FIELD_NONE)
Definition RichHdrWrapper.cpp:186
RichHdrWrapper::getPtr
virtual void * getPtr()
Definition RichHdrWrapper.cpp:18
RichHdrWrapper::getFieldPtr
virtual void * getFieldPtr(size_t fieldId, size_t subField=FIELD_NONE)
Definition RichHdrWrapper.cpp:57
RichHdrWrapper::dansHdr
pe::RICH_DANS_HEADER * dansHdr
Definition RichHdrWrapper.h:50
RichHdrWrapper::wrap
virtual bool wrap()
Definition RichHdrWrapper.cpp:6
RichHdrWrapper::getSize
virtual bufsize_t getSize()
Definition RichHdrWrapper.cpp:37
RichHdrWrapper::getCompId
pe::RICH_COMP_ID getCompId(size_t fieldId)
Definition RichHdrWrapper.cpp:129
RichHdrWrapper::getFieldSize
virtual bufsize_t getFieldSize(size_t fieldId, size_t subField=FIELD_NONE)
Definition RichHdrWrapper.cpp:83
RichHdrWrapper::getFieldsCount
virtual size_t getFieldsCount()
Definition RichHdrWrapper.cpp:51
RichHdrWrapper::getFieldName
virtual QString getFieldName(size_t fieldId)
Definition RichHdrWrapper.cpp:109
RichHdrWrapper::richSign
pe::RICH_SIGNATURE * richSign
Definition RichHdrWrapper.h:49
RichHdrWrapper::translateFieldContent
virtual QString translateFieldContent(size_t fieldId)
Definition RichHdrWrapper.cpp:191
Generated by doxygen 1.17.0