#include <LdConfigDirWrapper.h>

Collaboration diagram for LdConfigDirWrapper:

[legend]

Public Types
enum	LdConfigDirFID { NONE = FIELD_NONE , SIZE = 0 , TIMEST , MAJOR_VER , MINOR_VER , GLOBAL_FLAGS_CLEAR , GLOBAL_FLAGS_SET , CRITICAT_SEC_TIMEOUT , DECOMMIT_FREE , DECOMMIT_TOTAL , LOCK_PREFIX , MAX_ALLOC , VIRTUAL_MEM , PROC_HEAP_FLAGS32 , PROC_AFF_MASK32 , CSD_VER , DEPENDENT_LOAD_FLAGS , EDIT_LIST , SEC_COOKIE , SEH_TABLE , SEH_COUNT , FIELD_COUNTER_OLD , GUARD_CHECK = FIELD_COUNTER_OLD , GUARD_DISPATCH = GUARD_CHECK + 1 , GUARD_TABLE , GUARD_COUNT , GUARD_FLAGS , FIELD_COUNTER_W81 , CODE_INTEGRITY_FLAGS = FIELD_COUNTER_W81 , CODE_INTEGRITY_CATALOG = CODE_INTEGRITY_FLAGS + 1 , CODE_INTEGRITY_CATALOG_OFFSET , CODE_INTEGRITY_RESERVED , GUARD_ADDR_IAT_ENTRY_TABLE , GUARD_ADDR_IAT_ENTRY_COUNT , GUARD_LONG_JUMP_TABLE , GUARD_LONG_JUMP_COUNT , DYNAMIC_VAL_RELOC , CHPE_METADATA_PTR , GUARD_FAILURE_ROUTINE , GUARD_FAILURE_ROUTINE_FUNC_PTR , DYNAMIC_VAL_RELOC_TABLE_OFFSET , DYNAMIC_VAL_RELOC_TABLE_SECTION , RESERVED2 , GUARD_VERIFY_STACK_PTR , HOT_PATCH_TABLE_OFFSET , RESERVED3 , ENCLAVE_CONFIG_PTR , VOLATILE_METADATA_PTR , GUARD_EH_CONT_TABLE , GUARD_EH_CONT_COUNT , FIELD_COUNTER }

Public Member Functions
	LdConfigDirWrapper (PEFile *pe)

bool	wrap ()

virtual void *	getPtr ()

virtual bufsize_t	getSize ()

virtual QString	getName ()

virtual size_t	getFieldsCount ()

virtual size_t	getSubFieldsCount ()

virtual void *	getFieldPtr (size_t fieldId, size_t subField)

virtual QString	getFieldName (size_t fieldId)

virtual Executable::addr_type	containsAddrType (size_t fieldId, size_t subField=FIELD_NONE)

virtual ExeNodeWrapper *	getSubfieldWrapper (size_t parentType, size_t fieldId)

virtual size_t	getSubfieldWrapperCount (size_t parentType)

virtual bool	hasSubfieldWrapper (size_t parentType)

bool	hasSupressionInfo ()

size_t	metadataSize ()

QString	translateGuardFlagsContent (const QString &delim)

virtual QString	translateFieldContent (size_t fieldId)

Public Member Functions inherited from DataDirEntryWrapper
IMAGE_DATA_DIRECTORY *	getDataDirectory ()

offset_t	getDirEntryAddress ()

bufsize_t	getDirEntrySize (bool trimToExeSize=false)

int	getDirEntryType ()

Public Member Functions inherited from PENodeWrapper
	PENodeWrapper (PEFile pe, PENodeWrapper parent=NULL)

	PENodeWrapper (PEFile pe, PENodeWrapper parent, size_t entryNumber)

virtual	~PENodeWrapper ()

PEFile *	getPE ()

virtual PENodeWrapper *	getParentNode ()

Public Member Functions inherited from ExeNodeWrapper
	ExeNodeWrapper (Executable pe, ExeNodeWrapper parent=NULL)

	ExeNodeWrapper (Executable pe, ExeNodeWrapper parent, size_t entryNumber)

virtual	~ExeNodeWrapper ()

virtual void	reloadMapping ()

virtual ExeNodeWrapper *	getEntryAt (size_t fieldId)

virtual size_t	getEntriesCount ()

virtual size_t	getEntriesNum ()

size_t	getEntryId ()

virtual void *	getSubfieldPtr (size_t fieldId, size_t subField)

virtual bufsize_t	getSubfieldSize (size_t fieldId, size_t subField)

virtual QString	getSubfieldName (size_t fieldId, size_t subField)

virtual bool	canAddEntry ()

virtual ExeNodeWrapper *	addEntry (ExeNodeWrapper *entry)

ExeNodeWrapper *	getLastEntry ()

virtual offset_t	getNextEntryOffset ()

virtual bufsize_t	geEntrySize ()

virtual bool	isValid ()

Public Member Functions inherited from ExeElementWrapper
	ExeElementWrapper (Executable *exe)

virtual	~ExeElementWrapper ()

virtual bufsize_t	getContentSize ()

virtual BYTE *	getContent ()

virtual offset_t	getOffset ()

virtual offset_t	getOffset (void *ptr, bool allowExceptions=false)

void *	getFieldPtr (size_t fieldId)

virtual bufsize_t	getFieldSize (size_t fieldId, size_t subField=FIELD_NONE)

virtual offset_t	getFieldOffset (size_t fieldId, size_t subField=FIELD_NONE)

virtual WrappedValue	getWrappedValue (size_t fieldId, size_t subField)

virtual WrappedValue	getWrappedValue (size_t fieldId)

virtual WrappedValue::data_type	containsDataType (size_t fieldId, size_t subField=FIELD_NONE)

virtual uint64_t	getNumValue (size_t fieldId, size_t subField, bool *isOk)

uint64_t	getNumValue (size_t fieldId, bool *isOk)

virtual bool	setNumValue (size_t fieldId, size_t subField, uint64_t val)

bool	setNumValue (size_t fieldId, uint64_t val)

Executable *	getExe ()

bool	isBit64 ()

bool	isBit32 ()

Public Member Functions inherited from AbstractByteBuffer
	AbstractByteBuffer ()

virtual	~AbstractByteBuffer ()

virtual bool	isTruncated ()

virtual bool	isResized ()

BYTE	operator[] (size_t idx)

virtual BYTE *	getContentAt (offset_t offset, bufsize_t size, bool allowExceptions=false)

virtual BYTE *	getContentAtPtr (BYTE *ptr, bufsize_t size, bool allowExceptions=false)

virtual bool	setBufferedValue (BYTE dstPtr, BYTE srcPtr, bufsize_t srcSize, bufsize_t paddingSize, bool allowExceptions=false)

bool	setStringValue (offset_t rawOffset, QString newText)

QString	getStringValue (offset_t rawOffset, bufsize_t len=BUFSIZE_MAX, bool acceptNonTerminated=false)

QString	getWStringValue (offset_t rawOffset, bufsize_t len)

QString	getWAsciiStringValue (offset_t rawOffset, bufsize_t len, bool acceptNonTerminated=false)

bufsize_t	getMaxSizeFromOffset (offset_t startOffset)

bufsize_t	getMaxSizeFromPtr (BYTE *ptr)

bool	isAreaEmpty (offset_t rawOffset, bufsize_t size)

bool	fillContent (BYTE filling)

bool	pasteBuffer (offset_t rawOffset, AbstractByteBuffer *buf, bool allowTrunc)

bool	containsBlock (offset_t rawOffset, bufsize_t size)

bool	intersectsBlock (offset_t rawOffset, bufsize_t size)

uint64_t	getNumValue (offset_t offset, bufsize_t size, bool *isOk)

bool	setNumValue (offset_t offset, bufsize_t size, uint64_t newVal)

bool	setTextValue (char *textPtr, std::string newText, size_t fieldLimitLen=0)

virtual bool	resize (bufsize_t newSize)

offset_t	substFragmentByFile (offset_t offset, bufsize_t contentSize, QFile &fIn)

Static Public Member Functions
static std::set< DWORD >	getGuardFlagsSet (DWORD flags)

static QString	translateGuardFlag (DWORD flags)

Static Public Member Functions inherited from AbstractByteBuffer
static bool	isValid (AbstractByteBuffer *buf)

Protected Member Functions
virtual void	clear ()

void *	firstSubEntryPtr (size_t parentId)

size_t	firstSubEntrySize (size_t parentId)

Protected Member Functions inherited from DataDirEntryWrapper
	DataDirEntryWrapper (PEFile *pe, pe::dir_entry v_entryType)

Protected Member Functions inherited from ExeNodeWrapper
size_t	getEntriesCount (std::vector< ExeNodeWrapper * > &_entries)

ExeNodeWrapper *	getEntryAt (std::vector< ExeNodeWrapper * > &_entries, size_t fieldId)

virtual void	addMapping (ExeNodeWrapper *entry)

virtual bool	loadNextEntry (size_t entryNum)

virtual ExeNodeWrapper *	addEntryAt (ExeNodeWrapper *entry, offset_t nextOffset)

virtual bool	isMyEntryType (ExeNodeWrapper *entry)

Protected Member Functions inherited from ExeElementWrapper
virtual bool	canCopyToOffset (offset_t rawOffset)

bool	copyToOffset (offset_t rawOffset)

Friends
class	LdConfigEntryWrapper

Additional Inherited Members
Protected Attributes inherited from DataDirEntryWrapper
int	entryType

Protected Attributes inherited from PENodeWrapper
PEFile *	m_PE

PENodeWrapper *	peParentNode

Protected Attributes inherited from ExeNodeWrapper
ExeNodeWrapper *	parentNode

size_t	entryNum

std::vector< ExeNodeWrapper * >	entries

Protected Attributes inherited from ExeElementWrapper
Executable *	m_Exe

Detailed Description

Definition at line 5 of file LdConfigDirWrapper.h.

Member Enumeration Documentation

◆ LdConfigDirFID

enum LdConfigDirWrapper::LdConfigDirFID

For some reason the fields:

ULONGLONG ProcessAffinityMask; DWORD ProcessHeapFlags;

are flipped in the 64 bit structure

Enumerator
NONE
SIZE
TIMEST
MAJOR_VER
MINOR_VER
GLOBAL_FLAGS_CLEAR
GLOBAL_FLAGS_SET
CRITICAT_SEC_TIMEOUT
DECOMMIT_FREE
DECOMMIT_TOTAL
LOCK_PREFIX
MAX_ALLOC
VIRTUAL_MEM
PROC_HEAP_FLAGS32
PROC_AFF_MASK32
CSD_VER
DEPENDENT_LOAD_FLAGS
EDIT_LIST
SEC_COOKIE
SEH_TABLE
SEH_COUNT
FIELD_COUNTER_OLD
GUARD_CHECK
GUARD_DISPATCH
GUARD_TABLE
GUARD_COUNT
GUARD_FLAGS
FIELD_COUNTER_W81
CODE_INTEGRITY_FLAGS
CODE_INTEGRITY_CATALOG
CODE_INTEGRITY_CATALOG_OFFSET
CODE_INTEGRITY_RESERVED
GUARD_ADDR_IAT_ENTRY_TABLE
GUARD_ADDR_IAT_ENTRY_COUNT
GUARD_LONG_JUMP_TABLE
GUARD_LONG_JUMP_COUNT
DYNAMIC_VAL_RELOC
CHPE_METADATA_PTR
GUARD_FAILURE_ROUTINE
GUARD_FAILURE_ROUTINE_FUNC_PTR
DYNAMIC_VAL_RELOC_TABLE_OFFSET
DYNAMIC_VAL_RELOC_TABLE_SECTION
RESERVED2
GUARD_VERIFY_STACK_PTR
HOT_PATCH_TABLE_OFFSET
RESERVED3
ENCLAVE_CONFIG_PTR
VOLATILE_METADATA_PTR
GUARD_EH_CONT_TABLE
GUARD_EH_CONT_COUNT
FIELD_COUNTER

Definition at line 16 of file LdConfigDirWrapper.h.

Constructor & Destructor Documentation

◆ LdConfigDirWrapper()

LdConfigDirWrapper::LdConfigDirWrapper ( PEFile * pe )

inline

Definition at line 73 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

Member Function Documentation

◆ clear()

void LdConfigDirWrapper::clear ( )

protectedvirtual

Reimplemented from ExeNodeWrapper.

Definition at line 92 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ containsAddrType()

Executable::addr_type LdConfigDirWrapper::containsAddrType	(	size_t	fieldId,
		size_t	subField = FIELD_NONE )

virtual

Reimplemented from ExeElementWrapper.

Definition at line 379 of file LdConfigDirWrapper.cpp.

◆ firstSubEntryPtr()

void * LdConfigDirWrapper::firstSubEntryPtr ( size_t parentId )

protected

Definition at line 102 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ firstSubEntrySize()

size_t LdConfigDirWrapper::firstSubEntrySize ( size_t parentId )

inlineprotected

Definition at line 158 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ getFieldName()

QString LdConfigDirWrapper::getFieldName ( size_t fieldId )

virtual

Implements ExeNodeWrapper.

Definition at line 313 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ getFieldPtr()

void * LdConfigDirWrapper::getFieldPtr	(	size_t	fieldId,
		size_t	subField )

virtual

Implements ExeElementWrapper.

Definition at line 298 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ getFieldsCount()

virtual size_t LdConfigDirWrapper::getFieldsCount ( )

inlinevirtual

Implements ExeElementWrapper.

Definition at line 82 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ getGuardFlagsSet()

std::set< DWORD > LdConfigDirWrapper::getGuardFlagsSet ( DWORD flags )

static

Definition at line 403 of file LdConfigDirWrapper.cpp.

◆ getName()

virtual QString LdConfigDirWrapper::getName ( )

inlinevirtual

Implements ExeElementWrapper.

Definition at line 80 of file LdConfigDirWrapper.h.

◆ getPtr()

void * LdConfigDirWrapper::getPtr ( )

virtual

Implements ExeElementWrapper.

Definition at line 87 of file LdConfigDirWrapper.cpp.

◆ getSize()

bufsize_t LdConfigDirWrapper::getSize ( )

virtual

Implements ExeElementWrapper.

Definition at line 118 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ getSubFieldsCount()

virtual size_t LdConfigDirWrapper::getSubFieldsCount ( )

inlinevirtual

Reimplemented from ExeNodeWrapper.

Definition at line 98 of file LdConfigDirWrapper.h.

◆ getSubfieldWrapper()

virtual ExeNodeWrapper * LdConfigDirWrapper::getSubfieldWrapper	(	size_t	parentType,
		size_t	fieldId )

inlinevirtual

Definition at line 104 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ getSubfieldWrapperCount()

virtual size_t LdConfigDirWrapper::getSubfieldWrapperCount ( size_t parentType )

inlinevirtual

Definition at line 111 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ hasSubfieldWrapper()

virtual bool LdConfigDirWrapper::hasSubfieldWrapper ( size_t parentType )

inlinevirtual

Reimplemented from ExeElementWrapper.

Definition at line 118 of file LdConfigDirWrapper.h.

◆ hasSupressionInfo()

bool LdConfigDirWrapper::hasSupressionInfo ( )

inline

Definition at line 125 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ metadataSize()

size_t LdConfigDirWrapper::metadataSize ( )

inline

Definition at line 136 of file LdConfigDirWrapper.h.

Here is the call graph for this function:

◆ translateFieldContent()

QString LdConfigDirWrapper::translateFieldContent ( size_t fieldId )

virtual

Reimplemented from ExeElementWrapper.

Definition at line 494 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ translateGuardFlag()

QString LdConfigDirWrapper::translateGuardFlag ( DWORD flags )

static

Definition at line 431 of file LdConfigDirWrapper.cpp.

◆ translateGuardFlagsContent()

QString LdConfigDirWrapper::translateGuardFlagsContent ( const QString & delim )

Definition at line 475 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

◆ wrap()

bool LdConfigDirWrapper::wrap ( )

virtual

Reimplemented from ExeNodeWrapper.

Definition at line 70 of file LdConfigDirWrapper.cpp.

Here is the call graph for this function:

Friends And Related Symbol Documentation

◆ LdConfigEntryWrapper

friend class LdConfigEntryWrapper

friend

Definition at line 191 of file LdConfigDirWrapper.h.

The documentation for this class was generated from the following files:

parser/include/bearparser/pe/LdConfigDirWrapper.h
parser/pe/LdConfigDirWrapper.cpp

Public Types

Public Member Functions

Static Public Member Functions

Protected Member Functions

Friends

Additional Inherited Members

Detailed Description

Member Enumeration Documentation

◆ LdConfigDirFID

Constructor & Destructor Documentation

◆ LdConfigDirWrapper()

Member Function Documentation

◆ clear()

◆ containsAddrType()

◆ firstSubEntryPtr()

◆ firstSubEntrySize()

◆ getFieldName()

◆ getFieldPtr()

◆ getFieldsCount()

◆ getGuardFlagsSet()

◆ getName()

◆ getPtr()

◆ getSize()

◆ getSubFieldsCount()

◆ getSubfieldWrapper()

◆ getSubfieldWrapperCount()

◆ hasSubfieldWrapper()

◆ hasSupressionInfo()

◆ metadataSize()

◆ translateFieldContent()

◆ translateGuardFlag()

◆ translateGuardFlagsContent()

◆ wrap()

Friends And Related Symbol Documentation

◆ LdConfigEntryWrapper