BearParser
Portable Executable parsing library (from PE-bear)
Loading...
Searching...
No Matches
Util.cpp
Go to the documentation of this file.
1#include "Util.h"
2#include <stdarg.h>
3
4using namespace pe_util;
5
6#define MAX_LINE 255
7
8bool Logger::append(dbg_level lvl, const char* format, ...)
9{
10 if (lvl > DBG_LVL) {
11 return false;
12 }
13 if (format == NULL) {
14 return false;
15 }
16 va_list argptr;
17 // Initializing arguments to store all values after format
18 va_start(argptr, format);
19
20 char line[MAX_LINE + 1];
21 memset(line, 0, MAX_LINE + 1);
22
23 int printed = vsnprintf(line, MAX_LINE, format, argptr);
24
25 //cleaning up the list:
26 va_end(argptr);
27 if (printed <= 0) return false;
28
29 const char *prefixes[D_LVL_COUNT] = { "ERROR", "WARNING", "INFO" };
30 if (static_cast<unsigned>(lvl) > static_cast<unsigned>(D_LVL_COUNT)) {
31 lvl = Logger::D_ERROR;
32 }
33
34 fprintf(stderr, "[%s] %s\n", prefixes[lvl], line);
35 return true;
36}
37
38bool pe_util::isStrLonger(const char *inp, size_t maxLen)
39{
40 for (size_t i = 0; i < maxLen; i++ ) {
41 if (inp[i] == '\0') return false;
42 }
43 return true;
44}
45
46size_t pe_util::getAsciiLen(const char *inp, size_t maxInp, bool acceptNotTerminated)
47{
48 size_t i = 0;
49 for (; i < maxInp; i++) {
50 const char c = inp[i];
51 if (c == '\0') return i; //end of string
52 if (!IS_PRINTABLE(c) && !IS_ENDLINE(c)) break;
53 }
54 if (acceptNotTerminated) return i;
55 return 0;
56}
57
58size_t pe_util::getAsciiLenW(const WORD *inp, size_t maxInp, bool acceptNotTerminated)
59{
60 size_t i = 0;
61 for (; i < maxInp; i++) {
62 const WORD w = inp[i];
63 if (w == 0) return i; //end of string
64 if (!IS_PRINTABLE(w) && !IS_ENDLINE(w)) break;
65 }
66 if (acceptNotTerminated) return i;
67 return 0;
68}
69
70bool pe_util::hasNonPrintable(const char *inp, size_t maxInp)
71{
72 unsigned int i = 0;
73 for ( i = 0; i < maxInp; i++) {
74 char c = inp[i];
75 if (c == '\0') break; //end of string
76 if (!IS_PRINTABLE(c)) return true;
77 }
78 return false;
79}
80
81bool _isFuncChar(const char c)
82{
83 if ((c >= 'a' && c <= 'z')
84 || (c >= 'A' && c <= 'Z')
85 || (c >= '0' && c <= '9')
86 || (c == '_')
87 || (c == '.')
88 || (c== '#')
89 || (c == '@')
90 || (c == '?')
91 || (c == '-')
92 || (c == '\\')
93 || (c == '/')
94 || (c == ':')
95 )
96 {
97 return true;
98 }
99 return false;
100}
101
102bool pe_util::validateFuncName(const char* fPtr, size_t bufSize)
103{
104 if (!fPtr || !bufSize) return false;
105
106 for (char i = 0; i < bufSize; i++) {
107 const char c = fPtr[i];
108 if (c == 0) break;
109 if (!_isFuncChar(c)) {
110 return false;
111 }
112 }
113 return true;
114}
115
116size_t pe_util::forwarderNameLen(const char* fPtr, size_t bufSize)
117{
118 if (!fPtr || bufSize == 0) return 0;
119
120 // names can be also mangled, i.e. MSVCRT.??0__non_rtti_object@std@@QAE@ABV01@@Z
121 bool has_dot = false;
122 size_t len = 0;
123 while ((*fPtr == '.') || _isFuncChar(*fPtr))
124 {
125 if (*fPtr == '.') has_dot = true;
126 len++;
127 if ((--bufSize) == 0) break;
128 fPtr++;
129 }
130 if (*fPtr == '\0') {
131 if (!has_dot) {
132 return 0; //this is not a valid forwarder
133 }
134 return len;
135 }
136 return 0;
137}
138
139size_t pe_util::noWhiteCount(char *buf, size_t bufSize) {
140 size_t cntr = 0;
141 size_t i = 0;
142 for (i = 0; i < bufSize; i++) {
143 if (IS_PRINTABLE(buf[i]) && buf[i] != ' ')
144 cntr++;
145 }
146 return cntr;
147}
148
149size_t pe_util::noWhiteCount(std::string s)
150{
151 size_t bufSize = s.length();
152 size_t cntr = 0;
153 size_t i = 0;
154 for (i = 0; i < bufSize; i++) {
155 if (IS_PRINTABLE(s[i]) && s[i] != ' ')
156 cntr++;
157 }
158 return cntr;
159}
160
161bool pe_util::isSpaceClear(void* ptr, uint64_t size)
162{
163 BYTE* testblock = (BYTE*) calloc(size, sizeof(BYTE));
164 bool isClear = true;
165 if (memcmp (testblock, ptr, size)) {
166 isClear = false;
167 }
168 free(testblock);
169 return isClear;
170}
171
173{
174 if (isdigit(c)) return true;
175 if (c >= 'A' && c <= 'F') return true;
176 if (c >= 'a' && c <= 'f') return true;
177 return false;
178}
179
180void pe_util::hexdump(BYTE *buf, size_t bufSize, size_t pad)
181{
182 if (buf == NULL) return;
183 printf("\n---\n");
184 for (size_t i = 0; i < bufSize; i++) {
185 if (i % pad == 0) printf("\n");
186 printf("0x%02X ", buf[i]);
187 }
188 printf("\n---\n");
189}
190
191bool pe_util::endsWith(std::string str, std::string endStr)
192{
193 if (str.length() < endStr.length()) {
194 return false;
195 }
196 size_t pos = str.length() - endStr.length();
197 std::string str3 = str.substr(pos);
198 if ( str3 == endStr ) {
199 return true;
200 }
201 return false;
202}
#define MAX_LINE
Definition Util.cpp:6
bool _isFuncChar(const char c)
Definition Util.cpp:81
#define IS_ENDLINE(c)
Definition Util.h:12
#define IS_PRINTABLE(c)
Definition Util.h:11
#define DBG_LVL
Definition Util.h:18
bool append(dbg_level lvl, const char *format,...)
Definition Util.cpp:8
dbg_level
Definition Util.h:25
@ D_LVL_COUNT
Definition Util.h:26
@ D_ERROR
Definition Util.h:26
Definition Util.h:31
bool hasNonPrintable(const char *ptr, size_t maxInp)
Definition Util.cpp:70
size_t forwarderNameLen(const char *ptr, size_t max_len)
Definition Util.cpp:116
size_t getAsciiLen(const char *ptr, size_t maxCount, bool acceptNotTerminated=false)
Definition Util.cpp:46
bool isStrLonger(const char *inp, size_t maxLen)
Definition Util.cpp:38
size_t noWhiteCount(char *buf, size_t bufSize)
Definition Util.cpp:139
bool validateFuncName(const char *fPtr, size_t bufSize)
Definition Util.cpp:102
void hexdump(BYTE *buf, size_t bufSize, size_t pad)
Definition Util.cpp:180
bool isSpaceClear(void *ptr, uint64_t size)
Definition Util.cpp:161
size_t getAsciiLenW(const WORD *ptr, size_t maxCount, bool acceptNotTerminated=false)
Definition Util.cpp:58
bool isHexChar(char c)
Definition Util.cpp:172
bool endsWith(std::string string, std::string endStr)
Definition Util.cpp:191