x64dbg
/
GleeBug
mirror of https://github.com/x64dbg/GleeBug
1
0
Fork 0
Code Releases Activity

abstraction for PE section

This commit is contained in:
mrexodia 2016-01-06 10:18:14 +01:00
parent 7d45916c96
commit c817cfc96e
7 changed files with 84 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
GleeBug/GleeBug.vcxproj
View File

@ -182,6 +182,7 @@
<ClInclude Include="Static.File.h" />
<ClInclude Include="Static.Global.h" />
<ClInclude Include="Static.Pe.h" />
<ClInclude Include="Static.Pe.Section.h" />
<ClInclude Include="Static.Region.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

3
GleeBug/GleeBug.vcxproj.filters
View File

@ -118,5 +118,8 @@
<ClInclude Include="Static.BufferFile.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="Static.Pe.Section.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

33
GleeBug/Static.Pe.Section.h Normal file
View File

@ -0,0 +1,33 @@
#ifndef STATIC_PE_SECTION_H
#define STATIC_PE_SECTION_H
#include "Static.Region.h"
namespace GleeBug
{
class Section : public Region < uint8 >
{
public:
explicit Section()
: Region()
{
}
explicit Section(std::vector<uint8>* data, uint32 offset, uint32 size, PIMAGE_SECTION_HEADER header)
: Region(data, offset, size),
mHeader(header)
{
}
PIMAGE_SECTION_HEADER GetHeader() { return mHeader; }
uint32 GetVirtualAddress() { return mHeader->VirtualAddress; }
uint32 GetVirtualSize() { return mHeader->Misc.VirtualSize; }
uint32 GetRawAddress() { return mHeader->PointerToRawData; }
uint32 GetRawSize() { return mHeader->SizeOfRawData; }
private:
PIMAGE_SECTION_HEADER mHeader;
};
};
#endif //STATIC_PE_SECTION_H

43
GleeBug/Static.Pe.cpp
View File

@ -11,18 +11,30 @@ namespace GleeBug
void Pe::Clear()
{
mFileSize = 0;
mData.clear();
mOffset = 0;
mDosHeader = Region<IMAGE_DOS_HEADER>();
mDosHeader.Clear();
mDosNtOverlap = false;
mAfterDosData = Region<uint8>();
mNtHeaders32 = Region<IMAGE_NT_HEADERS32>();
mNtHeaders64 = Region<IMAGE_NT_HEADERS64>();
mSectionHeaders = Region<IMAGE_SECTION_HEADER>();
mAfterDosData.Clear();
mNtHeaders32.Clear();
mNtHeaders64.Clear();
mAfterOptionalData.Clear();
mSectionHeaders.Clear();
mSections.clear();
}
Pe::Error Pe::ParseHeaders(bool allowOverlap)
bool Pe::IsValidPe() const
{
return IsPe64() ? mNtHeaders64.Valid() : mNtHeaders32.Valid();
}
bool Pe::IsPe64() const
{
return IsValidPe() ? mNtHeaders64.Valid() : false;
}
Pe::Error Pe::Parse(bool allowOverlap)
{
//clear all current data
Clear();
@ -139,17 +151,20 @@ namespace GleeBug
auto sectionCount = ifh->NumberOfSections;
mSectionHeaders = readRegion<IMAGE_SECTION_HEADER>(sectionCount);
//parse the sections
auto sectionsError = parseSections();
if (sectionsError != ErrorOk)
return sectionsError;
//TODO: parse data directories
return ErrorOk;
}
bool Pe::IsValidPe() const
Pe::Error Pe::parseSections()
{
return mSectionHeaders.Valid();
}
bool Pe::IsPe64() const
{
return IsValidPe() ? mNtHeaders64.Valid() : false;
auto numberOfSections = mSectionHeaders.Count();
//TODO: parse section data
return ErrorOk;
}
uint32 Pe::readData(uint32 size)

10
GleeBug/Static.Pe.h
View File

@ -3,6 +3,7 @@
#include "Static.File.h"
#include "Static.Region.h"
#include "Static.Pe.Section.h"
namespace GleeBug
{
@ -31,10 +32,10 @@ namespace GleeBug
explicit Pe(File & file);
void Clear();
Error ParseHeaders(bool allowOverlap = false);
bool IsValidPe() const;
bool IsPe64() const;
void Clear();
Error Parse(bool allowOverlap = false);
const Region<IMAGE_DOS_HEADER> & GetDosHeader() const { return mDosHeader; }
bool GetDosNtOverlap() const { return mDosNtOverlap; }
@ -43,8 +44,10 @@ namespace GleeBug
const Region<IMAGE_NT_HEADERS64> & GetNtHeaders64() const { return mNtHeaders64; }
const Region<uint8> & GetAfterOptionalData() const { return mAfterOptionalData; }
const Region<IMAGE_SECTION_HEADER> & GetSectionHeaders() const { return mSectionHeaders; }
const std::vector<Section> & GetSections() const { return mSections; }
private:
Error parseSections();
uint32 readData(uint32 size);
void setupErrorMap();
@ -55,8 +58,8 @@ namespace GleeBug
}
std::unordered_map<Error, const char*> mErrorMap;
File & mFile;
uint32 mFileSize;
std::vector<uint8> mData;
uint32 mOffset;
@ -67,6 +70,7 @@ namespace GleeBug
Region<IMAGE_NT_HEADERS64> mNtHeaders64;
Region<uint8> mAfterOptionalData;
Region<IMAGE_SECTION_HEADER> mSectionHeaders;
std::vector<Section> mSections;
};
};

10
GleeBug/Static.Region.h
View File

@ -34,6 +34,14 @@ namespace GleeBug
{
}
/**
\brief Clears and invalidates this region.
*/
void Clear()
{
*this = Region<T>();
}
/**
\brief Returns a pointer inside the data to the start of this region.
\return nullptr if the region is invalid, a pointer to the data otherwise.
@ -109,7 +117,7 @@ namespace GleeBug
return Data();
}
private:
protected:
std::vector<uint8>* mData;
uint32 mOffset;
uint32 mCount;

4
MyDebugger/main.cpp
View File

@ -50,7 +50,7 @@ static bool testPeFile(const wchar_t* szFileName, bool dumpData = true)
{
BufferFile file(diskData.data(), diskSize);
Pe pe(file);
auto parseError = pe.ParseHeaders(true);
auto parseError = pe.Parse(true);
if (parseError == Pe::ErrorOk)
{
result = true;
@ -107,7 +107,7 @@ static bool testPeFile(const wchar_t* szFileName, bool dumpData = true)
}
}
else
printf("Pe::ParseHeaders failed (%d)!\n", parseError);
printf("Pe::Parse failed (%d)!\n", parseError);
}
else
puts("File::Read failed!");