BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
SecurityDirWrapper.cpp
Go to the documentation of this file.
2#include "pe/PEFile.h"
3
4pe::WIN_CERTIFICATE* SecurityDirWrapper::getCert()
5{
7
8 BYTE *ptr = m_Exe->getContentAt(rva, Executable::RAW, sizeof(pe::WIN_CERTIFICATE));
9 if (ptr == NULL) return NULL;
10
11 return (pe::WIN_CERTIFICATE*) ptr;
12}
13
15{
16 this->sizeOk = false;
17
18 pe::WIN_CERTIFICATE* cert = getCert();
19 if (cert == NULL) return false;
20
22 if (offset == INVALID_ADDR) return false;
23 BYTE *ptr = NULL;
24
25 size_t fieldsSize = sizeof(cert->dwLength) + sizeof(cert->wRevision) + sizeof(cert->dwLength);
26 size_t certSize = cert->dwLength - fieldsSize;
27 ptr = m_Exe->getContentAt(offset, Executable::RAW, static_cast<bufsize_t>(certSize));
28
29 if (ptr == NULL) return false;
30
31 this->sizeOk = true;
32 return true;
33}
34
36{
37 return getCert();
38}
39
41{
42 pe::WIN_CERTIFICATE* cert = getCert();
43 if (cert == NULL) return 0;
44
45 bufsize_t fullSize = static_cast<bufsize_t>(sizeof(pe::WIN_CERTIFICATE)); // TODO: check it
46 if (this->sizeOk) {
47 fullSize = static_cast<bufsize_t>(cert->dwLength);
48 }
49 return fullSize;
50}
51
52
53void* SecurityDirWrapper::getFieldPtr(size_t fId, size_t subField)
54{
55 pe::WIN_CERTIFICATE* cert = getCert();
56 if (cert == NULL) return 0;
57
58 switch (fId) {
59 case CERT_LEN : return &cert->dwLength;
60 case REVISION : return &cert->wRevision;
61 case TYPE : return &cert->wCertificateType;
62 case CERT_CONTENT : return &cert->bCertificate;
63 }
64 return this->getPtr();
65}
66
67QString SecurityDirWrapper::getFieldName(size_t fieldId)
68{
69 switch (fieldId) {
70 case CERT_LEN : return "Length";
71 case REVISION : return "Revision";
72 case TYPE : return "Type";
73 case CERT_CONTENT : return "Cert. Content";
74 }
75 return getName();
76}
77
79{
80 if (fieldId == CERT_CONTENT){
82 }
83 return WrappedValue::INT;
84}
85
87{
88 switch (type) {
89 case pe::WIN_CERT_TYPE_X509 : return "X.509 certificate";
90 case pe::WIN_CERT_TYPE_PKCS_SIGNED_DATA : return "PKCS Signed Data";
91 case pe::WIN_CERT_TYPE_RESERVED_1 : return "Reserved";
92 case pe::WIN_CERT_TYPE_PKCS1_SIGN : return "PKCS1 Module Sign Fields";
93 }
94 return "";
95}
96
98{
99 if (fieldId != TYPE) return "";
100
101 pe::WIN_CERTIFICATE* cert = getCert();
102 if (cert == NULL) return "";
103
104 return translateType(cert->wCertificateType);
105}
uint32_t bufsize_t
const offset_t INVALID_ADDR
uint64_t offset_t
offset_t getDirEntryAddress()
virtual offset_t getFieldOffset(size_t fieldId, size_t subField=FIELD_NONE)
BYTE * getContentAt(offset_t offset, bufsize_t size, bool allowExceptions=false)
Definition Executable.h:65
virtual QString translateFieldContent(size_t fieldId)
virtual QString getFieldName(size_t fieldId)
virtual void * getPtr()
virtual bufsize_t getSize()
virtual WrappedValue::data_type containsDataType(size_t fieldId, size_t subField=FIELD_NONE)
virtual QString getName()
QString translateType(int type)
virtual void * getFieldPtr(size_t fieldId, size_t subField)