pe-sieve/stats_8h_source.html

#pragma once


#include <windows.h>

#include <sstream>


#include "entropy.h"

#include "../utils/byte_buffer.h"

#include "../utils/format_util.h"


namespace pesieve {


    struct StatsSettings {

    public:

        StatsSettings() {}

        virtual bool isFilled() = 0;

    };


    class AreaStats {

    public:


        AreaStats()

            : area_start(0), area_size(0)

        {

        }


        void setStartOffset(size_t _area_start)

        {

            area_start = _area_start;

        }


        void appendVal(BYTE val)

        {

            _appendVal(val);

            area_size++;

        }


        const virtual void fieldsToJSON(std::stringstream& outs, size_t level) = 0;


        bool isFilled() const

        {

            return area_size > 0 ? true : false;

        }


        virtual void summarize() = 0;


        virtual bool fillSettings(StatsSettings* _settings) { return false; }


        const virtual bool toJSON(std::stringstream& outs, size_t level)

        {

            if (!isFilled()) {

                return false;

            }

            OUT_PADDED(outs, level, "\"stats\" : {\n");

            fieldsToJSON(outs, level + 1);

            outs << "\n";

            OUT_PADDED(outs, level, "}");

            return true;

        }


    protected:

        virtual void _appendVal(BYTE val) = 0;


        size_t area_size;

        size_t area_start;


        friend class AreaStatsCalculator;


    }; // AreaStats


    class AreaStatsCalculator {

    public:


        AreaStatsCalculator(const util::ByteBuffer& _buffer)

            : buffer(_buffer)

        {

        }


        bool fill(AreaStats& stats, StatsSettings* settings)

        {

            const bool skipPadding = true;

            const size_t data_size = buffer.getDataSize(skipPadding);

            const BYTE* data_buf = buffer.getData(skipPadding);

            if (!data_size || !data_buf) {

                return false;

            }

            if (settings && !stats.fillSettings(settings)) {

                std::cerr << "Settings initialization failed!\n";

            }

            stats.setStartOffset(buffer.getStartOffset(skipPadding));

            BYTE lastVal = 0;

            for (size_t i = 0; i < data_size; ++i) {

                const BYTE val = data_buf[i];

                stats.appendVal(val);

            }

            stats.summarize();

            return true;

        }


    private:

        const util::ByteBuffer& buffer;

    };


}; //pesieve

byte_buffer.h

pesieve::AreaStatsCalculator
A class responsible for filling in the statistics with the data from the particular buffer.
Definition stats.h:73

pesieve::AreaStatsCalculator::fill
bool fill(AreaStats &stats, StatsSettings *settings)
Definition stats.h:80

pesieve::AreaStatsCalculator::AreaStatsCalculator
AreaStatsCalculator(const util::ByteBuffer &_buffer)
Definition stats.h:75

pesieve::AreaStats
Base class for the statistics from analyzed buffer.
Definition stats.h:20

pesieve::AreaStats::isFilled
bool isFilled() const
Definition stats.h:40

pesieve::AreaStats::_appendVal
virtual void _appendVal(BYTE val)=0

pesieve::AreaStats::toJSON
virtual const bool toJSON(std::stringstream &outs, size_t level)
Definition stats.h:49

pesieve::AreaStats::summarize
virtual void summarize()=0

pesieve::AreaStats::setStartOffset
void setStartOffset(size_t _area_start)
Definition stats.h:27

pesieve::AreaStats::fillSettings
virtual bool fillSettings(StatsSettings *_settings)
Definition stats.h:47

pesieve::AreaStats::area_size
size_t area_size
Definition stats.h:64

pesieve::AreaStats::AreaStats
AreaStats()
Definition stats.h:22

pesieve::AreaStats::area_start
size_t area_start
Definition stats.h:65

pesieve::AreaStats::appendVal
void appendVal(BYTE val)
Definition stats.h:32

pesieve::AreaStats::fieldsToJSON
virtual const void fieldsToJSON(std::stringstream &outs, size_t level)=0

entropy.h

format_util.h

OUT_PADDED
#define OUT_PADDED(stream, field_size, str)
Definition format_util.h:12

pesieve
Definition pesieve.py:1

pesieve::fill_iat
size_t fill_iat(BYTE *vBuf, size_t vBufSize, IN const peconv::ExportsMapper *exportsMap, IN OUT IATBlock &iat, IN ThunkFoundCallback *callback)
Definition iat_finder.h:31

pesieve::StatsSettings
Base class for settings defining what type of stats should be collected.
Definition stats.h:13

pesieve::StatsSettings::isFilled
virtual bool isFilled()=0

pesieve::StatsSettings::StatsSettings
StatsSettings()
Definition stats.h:15

pesieve::util::BasicBuffer::getDataSize
size_t getDataSize(bool trimmed=false) const
Definition byte_buffer.h:55

pesieve::util::BasicBuffer::getData
const BYTE * getData(bool trimmed=false) const
Definition byte_buffer.h:65

pesieve::util::BasicBuffer::getStartOffset
size_t getStartOffset(bool trimmed) const
Definition byte_buffer.h:48

pesieve::util::ByteBuffer
Definition byte_buffer.h:89