x64dbg
/
GleeBug
mirror of https://github.com/x64dbg/GleeBug
1
0
Fork 0
Code Releases Activity

abstraction for PE section

This commit is contained in:
mrexodia 2016-01-06 10:18:14 +01:00
parent 7d45916c96
commit c817cfc96e
7 changed files with 84 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
GleeBug/GleeBug.vcxproj
View File

@ -182,6 +182,7 @@
<ClInclude Include="Static.File.h" /> <ClInclude Include="Static.File.h" />
<ClInclude Include="Static.Global.h" /> <ClInclude Include="Static.Global.h" />
<ClInclude Include="Static.Pe.h" /> <ClInclude Include="Static.Pe.h" />
<ClInclude Include="Static.Pe.Section.h" />
<ClInclude Include="Static.Region.h" /> <ClInclude Include="Static.Region.h" />
</ItemGroup> </ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

3
GleeBug/GleeBug.vcxproj.filters
View File

@ -118,5 +118,8 @@
<ClInclude Include="Static.BufferFile.h"> <ClInclude Include="Static.BufferFile.h">
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="Static.Pe.Section.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
</Project> </Project>

33
GleeBug/Static.Pe.Section.h Normal file
View File

@ -0,0 +1,33 @@
#ifndef STATIC_PE_SECTION_H
#define STATIC_PE_SECTION_H
#include "Static.Region.h"
namespace GleeBug
{
class Section : public Region < uint8 >
{
public:
explicit Section()
: Region()
{
}
explicit Section(std::vector<uint8>* data, uint32 offset, uint32 size, PIMAGE_SECTION_HEADER header)
: Region(data, offset, size),
mHeader(header)
{
}
PIMAGE_SECTION_HEADER GetHeader() { return mHeader; }
uint32 GetVirtualAddress() { return mHeader->VirtualAddress; }
uint32 GetVirtualSize() { return mHeader->Misc.VirtualSize; }
uint32 GetRawAddress() { return mHeader->PointerToRawData; }
uint32 GetRawSize() { return mHeader->SizeOfRawData; }
private:
PIMAGE_SECTION_HEADER mHeader;
};
};
#endif //STATIC_PE_SECTION_H

43
GleeBug/Static.Pe.cpp
View File

@ -11,18 +11,30 @@ namespace GleeBug
void Pe::Clear() void Pe::Clear()
{ {
mFileSize = 0;
mData.clear(); mData.clear();
mOffset = 0; mOffset = 0;
mDosHeader = Region<IMAGE_DOS_HEADER>();
mDosHeader.Clear();
mDosNtOverlap = false; mDosNtOverlap = false;
mAfterDosData = Region<uint8>(); mAfterDosData.Clear();
mNtHeaders32 = Region<IMAGE_NT_HEADERS32>(); mNtHeaders32.Clear();
mNtHeaders64 = Region<IMAGE_NT_HEADERS64>(); mNtHeaders64.Clear();
mSectionHeaders = Region<IMAGE_SECTION_HEADER>(); mAfterOptionalData.Clear();
mSectionHeaders.Clear();
mSections.clear();
} }
Pe::Error Pe::ParseHeaders(bool allowOverlap) bool Pe::IsValidPe() const
{
return IsPe64() ? mNtHeaders64.Valid() : mNtHeaders32.Valid();
}
bool Pe::IsPe64() const
{
return IsValidPe() ? mNtHeaders64.Valid() : false;
}
Pe::Error Pe::Parse(bool allowOverlap)
{ {
//clear all current data //clear all current data
Clear(); Clear();
@ -139,17 +151,20 @@ namespace GleeBug
auto sectionCount = ifh->NumberOfSections; auto sectionCount = ifh->NumberOfSections;
mSectionHeaders = readRegion<IMAGE_SECTION_HEADER>(sectionCount); mSectionHeaders = readRegion<IMAGE_SECTION_HEADER>(sectionCount);
//parse the sections
auto sectionsError = parseSections();
if (sectionsError != ErrorOk)
return sectionsError;
//TODO: parse data directories
return ErrorOk; return ErrorOk;
} }
bool Pe::IsValidPe() const Pe::Error Pe::parseSections()
{ {
return mSectionHeaders.Valid(); auto numberOfSections = mSectionHeaders.Count();
} //TODO: parse section data
return ErrorOk;
bool Pe::IsPe64() const
{
return IsValidPe() ? mNtHeaders64.Valid() : false;
} }
uint32 Pe::readData(uint32 size) uint32 Pe::readData(uint32 size)

10
GleeBug/Static.Pe.h
View File

@ -3,6 +3,7 @@
#include "Static.File.h" #include "Static.File.h"
#include "Static.Region.h" #include "Static.Region.h"
#include "Static.Pe.Section.h"
namespace GleeBug namespace GleeBug
{ {
@ -31,10 +32,10 @@ namespace GleeBug
explicit Pe(File & file); explicit Pe(File & file);
void Clear();
Error ParseHeaders(bool allowOverlap = false);
bool IsValidPe() const; bool IsValidPe() const;
bool IsPe64() const; bool IsPe64() const;
void Clear();
Error Parse(bool allowOverlap = false);
const Region<IMAGE_DOS_HEADER> & GetDosHeader() const { return mDosHeader; } const Region<IMAGE_DOS_HEADER> & GetDosHeader() const { return mDosHeader; }
bool GetDosNtOverlap() const { return mDosNtOverlap; } bool GetDosNtOverlap() const { return mDosNtOverlap; }
@ -43,8 +44,10 @@ namespace GleeBug
const Region<IMAGE_NT_HEADERS64> & GetNtHeaders64() const { return mNtHeaders64; } const Region<IMAGE_NT_HEADERS64> & GetNtHeaders64() const { return mNtHeaders64; }
const Region<uint8> & GetAfterOptionalData() const { return mAfterOptionalData; } const Region<uint8> & GetAfterOptionalData() const { return mAfterOptionalData; }
const Region<IMAGE_SECTION_HEADER> & GetSectionHeaders() const { return mSectionHeaders; } const Region<IMAGE_SECTION_HEADER> & GetSectionHeaders() const { return mSectionHeaders; }
const std::vector<Section> & GetSections() const { return mSections; }
private: private:
Error parseSections();
uint32 readData(uint32 size); uint32 readData(uint32 size);
void setupErrorMap(); void setupErrorMap();
@ -55,8 +58,8 @@ namespace GleeBug
} }
std::unordered_map<Error, const char*> mErrorMap; std::unordered_map<Error, const char*> mErrorMap;
File & mFile; File & mFile;
uint32 mFileSize;
std::vector<uint8> mData; std::vector<uint8> mData;
uint32 mOffset; uint32 mOffset;
@ -67,6 +70,7 @@ namespace GleeBug
Region<IMAGE_NT_HEADERS64> mNtHeaders64; Region<IMAGE_NT_HEADERS64> mNtHeaders64;
Region<uint8> mAfterOptionalData; Region<uint8> mAfterOptionalData;
Region<IMAGE_SECTION_HEADER> mSectionHeaders; Region<IMAGE_SECTION_HEADER> mSectionHeaders;
std::vector<Section> mSections;
}; };
}; };

10
GleeBug/Static.Region.h
View File

@ -34,6 +34,14 @@ namespace GleeBug
{ {
} }
/**
\brief Clears and invalidates this region.
*/
void Clear()
{
*this = Region<T>();
}
/** /**
\brief Returns a pointer inside the data to the start of this region. \brief Returns a pointer inside the data to the start of this region.
\return nullptr if the region is invalid, a pointer to the data otherwise. \return nullptr if the region is invalid, a pointer to the data otherwise.
@ -109,7 +117,7 @@ namespace GleeBug
return Data(); return Data();
} }
private: protected:
std::vector<uint8>* mData; std::vector<uint8>* mData;
uint32 mOffset; uint32 mOffset;
uint32 mCount; uint32 mCount;

4
MyDebugger/main.cpp
View File

@ -50,7 +50,7 @@ static bool testPeFile(const wchar_t* szFileName, bool dumpData = true)
{ {
BufferFile file(diskData.data(), diskSize); BufferFile file(diskData.data(), diskSize);
Pe pe(file); Pe pe(file);
auto parseError = pe.ParseHeaders(true); auto parseError = pe.Parse(true);
if (parseError == Pe::ErrorOk) if (parseError == Pe::ErrorOk)
{ {
result = true; result = true;
@ -107,7 +107,7 @@ static bool testPeFile(const wchar_t* szFileName, bool dumpData = true)
} }
} }
else else
printf("Pe::ParseHeaders failed (%d)!\n", parseError); printf("Pe::Parse failed (%d)!\n", parseError);
} }
else else
puts("File::Read failed!"); puts("File::Read failed!");