File: PE32.cpp

package info (click to toggle)
edb-debugger 1.3.0-2.2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 5,124 kB
  • sloc: cpp: 46,241; xml: 4,998; ansic: 3,088; sh: 52; asm: 33; makefile: 5
file content (121 lines) | stat: -rw-r--r-- 3,024 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
/*
Copyright (C) 2006 - 2015 Evan Teran
                          evan.teran@gmail.com

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "PE32.h"
#include "IDebugger.h"
#include "IProcess.h"
#include "IRegion.h"
#include "edb.h"
#include "libPE/pe_binary.h"
#include "string_hash.h"
#include <QDebug>

namespace BinaryInfoPlugin {

PEBinaryException::PEBinaryException(Reason reason)
	: reason_(reason) {
}
const char *PEBinaryException::what() const noexcept {
	return "PEBinaryException";
}

/**
 * @brief PE32::PE32
 * @param region
 */
PE32::PE32(const std::shared_ptr<IRegion> &region)
	: region_(region) {
#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
	constexpr WORD DosMagic = 0x5A4D;
	constexpr LONG PeMagic  = 0x00004550;
#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
	constexpr WORD dos_magic = 0x4D5A;
	constexpr LONG pe_magic  = 0x50450000;
#endif

	if (!region_) {
		throw PEBinaryException(PEBinaryException::Reason::INVALID_ARGUMENTS);
	}
	IProcess *process = edb::v1::debugger_core->process();

	if (!process) {
		throw PEBinaryException(PEBinaryException::Reason::READ_FAILURE);
	}

	if (!process->readBytes(region_->start(), &dos_, sizeof(dos_))) {
		throw PEBinaryException(PEBinaryException::Reason::READ_FAILURE);
	}

	if (dos_.e_magic != DosMagic || dos_.e_lfanew == 0) {
		throw PEBinaryException(PEBinaryException::Reason::INVALID_PE);
	}

	if (!process->readBytes(region_->start() + dos_.e_lfanew, &pe_, sizeof(pe_))) {
		throw PEBinaryException(PEBinaryException::Reason::READ_FAILURE);
	}

	if (pe_.Signature != PeMagic) {
		throw PEBinaryException(PEBinaryException::Reason::INVALID_PE);
	}
}

/**
 * @brief PE32::entryPoint
 * @return
 */
edb::address_t PE32::entryPoint() {
	// TODO(eteran): relative to pe_.OptionalHeader.ImageBase;?
	return pe_.OptionalHeader.AddressOfEntryPoint;
}

/**
 * @brief PE32::native
 * @return
 */
bool PE32::native() const {
	return true;
}

/**
 * @brief PE32::headerSize
 * @return
 */
size_t PE32::headerSize() const {
	return sizeof(pe_) + dos_.e_lfanew;
}

/**
 * @brief PE32::headers
 * @return a list of all headers in this binary
 */
std::vector<IBinary::Header> PE32::headers() const {
	std::vector<Header> results = {
		{region_->start(), sizeof(pe_) + dos_.e_lfanew}};
	return results;
}

/**
 * @brief PE32::header
 * @return a copy of the file header or nullptr if the region wasn't a valid,
 * known binary type
 */
const void *PE32::header() const {
	return nullptr;
}

}