PeLib: PeLibAux.h Source File

00001 /* 00002 * PeLibAux.cpp - Part of the PeLib library. 00003 * 00004 * Copyright (c) 2004 Sebastian Porst (webmaster@the-interweb.com) 00005 * All rights reserved. 00006 * 00007 * This software is licensed under the zlib/libpng License. 00008 * For more details see http://www.opensource.org/licenses/zlib-license.php 00009 * or the license information file (license.htm) in the root directory 00010 * of PeLib. 00011 */ 00012 00013 #ifndef PELIBAUX_H 00014 #define PELIBAUX_H 00015 00016 //#include "PeLibInc.h" 00017 //#include "PeHeader.h" 00018 #include "buffer/OutputBuffer.h" 00019 #include "buffer/InputBuffer.h" 00020 //#include "buffer/ResTree.h" 00021 #include <numeric> 00022 00023 namespace PeLib 00024 { 00025 class PeFile; 00026 00027 // It's necessary to make sure that a byte has 8 bits and that the platform has a 8 bit type, 00028 // a 16bit type and a bit type. That's because binary PE files are pretty picky about their 00029 // structure. 00030 00031 #if CHAR_BIT == 8 00032 #if UCHAR_MAX == 255 00033 typedef unsigned char byte; 00034 // typedef std::bitset<8> byte; 00035 #else 00036 #error You need to change some typedefs (Code: 8). Please read the PeLib documentation. 00037 #endif 00038 00039 #if USHRT_MAX == 65535U 00040 typedef unsigned short word; 00041 // typedef std::bitset<16> word; 00042 #else 00043 #error You need to change some typedefs (Code: 16). Please read the PeLib documentation. 00044 #endif 00045 00046 #if UINT_MAX == 4294967295UL 00047 typedef unsigned int dword; 00048 // typedef std::bitset<32> dword; 00049 #else 00050 #error You need to change some typedefs (Code: 32). Please read the PeLib documentation. 00051 #endif 00052 00053 typedef unsigned long long qword; 00054 00055 // #if ULLONG_MAX == 18446744073709551615 00056 // typedef unsigned long long qword; 00057 // #else 00058 // #error You need to change some typedefs (Code: 32). Please read the PeLib documentation. 00059 // #endif 00060 #else 00061 #error You need to change some typedefs. Please read the PeLib documentation. 00062 #endif 00063 00064 00065 /* enum bits {BITS_BYTE = 8, BITS_WORD = 16, BITS_DWORD = 32}; 00066 00067 template<bits value> 00068 class DataType 00069 { 00070 private: 00071 std::bitset<value> bsValue; 00072 unsigned long ulValue; 00073 00074 public: 00075 void operator=(unsigned long ulValue) 00076 { 00077 bsValue = ulValue; 00078 } 00079 00080 operator unsigned long() const 00081 { 00082 return bsValue.to_ulong(); 00083 } 00084 00085 const int operator&() 00086 { 00087 ulValue = bsValue; 00088 return ulValue; 00089 } 00090 00091 }; 00092 00093 typedef DataType<BITS_BYTE> byte; 00094 typedef DataType<BITS_WORD> word; 00095 typedef DataType<BITS_DWORD> dword; 00096 */ 00097 00098 enum {PEFILE32 = 32, 00099 PEFILE64 = 64, 00100 PEFILE_UNKNOWN = 0}; 00101 00102 enum {BoundImportDirectoryId = 1, 00103 ComHeaderDirectoryId, 00104 ExportDirectoryId, 00105 IatDirectoryId, 00106 ImportDirectoryId, 00107 MzHeaderId, 00108 PeHeaderId, 00109 RelocationsId, 00110 PeFileId, 00111 ResourceDirectoryId, 00112 DebugDirectoryId, 00113 TlsDirectoryId 00114 }; 00115 00116 #undef IMAGE_DOS_SIGNATURE 00117 const word IMAGE_DOS_SIGNATURE = 0x5A4D; 00118 00119 #undef IMAGE_NT_SIGNATURE 00120 const dword IMAGE_NT_SIGNATURE = 0x00004550; 00121 00122 #undef IMAGE_ORDINAL_FLAG 00123 00124 template<int bits> 00125 struct IMAGE_ORDINAL_FLAGS; 00126 00127 template<> 00128 struct IMAGE_ORDINAL_FLAGS<32> 00129 { 00130 static const dword IMAGE_ORDINAL_FLAG = 0x80000000; 00131 }; 00132 00133 template<> 00134 struct IMAGE_ORDINAL_FLAGS<64> 00135 { 00136 static const qword IMAGE_ORDINAL_FLAG; 00137 }; 00138 00139 #undef IMAGE_NUMBEROF_DIRECTORY_ENTRIES 00140 const unsigned long IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16; 00141 00142 #undef IMAGE_RESOURCE_NAME_IS_STRING 00143 const unsigned long IMAGE_RESOURCE_NAME_IS_STRING = 0x80000000; 00144 00145 #undef IMAGE_RESOURCE_DATA_IS_DIRECTORY 00146 const unsigned long IMAGE_RESOURCE_DATA_IS_DIRECTORY = 0x80000000; 00147 00148 #undef IMAGE_DIRECTORY_ENTRY_EXPORT 00149 #undef IMAGE_DIRECTORY_ENTRY_IMPORT 00150 #undef IMAGE_DIRECTORY_ENTRY_RESOURCE 00151 #undef IMAGE_DIRECTORY_ENTRY_EXCEPTION 00152 #undef IMAGE_DIRECTORY_ENTRY_SECURITY 00153 #undef IMAGE_DIRECTORY_ENTRY_BASERELOC 00154 #undef IMAGE_DIRECTORY_ENTRY_DEBUG 00155 #undef IMAGE_DIRECTORY_ENTRY_ARCHITECTURE 00156 #undef IMAGE_DIRECTORY_ENTRY_GLOBALPTR 00157 #undef IMAGE_DIRECTORY_ENTRY_TLS 00158 #undef IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 00159 #undef IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 00160 #undef IMAGE_DIRECTORY_ENTRY_IAT 00161 #undef IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 00162 #undef IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 00163 00164 enum 00165 { 00166 IMAGE_DIRECTORY_ENTRY_EXPORT, // OK 00167 IMAGE_DIRECTORY_ENTRY_IMPORT, // OK 00168 IMAGE_DIRECTORY_ENTRY_RESOURCE, // OK 00169 IMAGE_DIRECTORY_ENTRY_EXCEPTION, 00170 IMAGE_DIRECTORY_ENTRY_SECURITY, 00171 IMAGE_DIRECTORY_ENTRY_BASERELOC, // OK 00172 IMAGE_DIRECTORY_ENTRY_DEBUG, 00173 IMAGE_DIRECTORY_ENTRY_ARCHITECTURE, 00174 IMAGE_DIRECTORY_ENTRY_GLOBALPTR, 00175 IMAGE_DIRECTORY_ENTRY_TLS, 00176 IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, 00177 IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT, // OK 00178 IMAGE_DIRECTORY_ENTRY_IAT, // OK 00179 IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, 00180 IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 00181 }; 00182 00183 #undef IMAGE_SCN_TYPE_NO_PAD 00184 #undef IMAGE_SCN_CNT_CODE 00185 #undef IMAGE_SCN_CNT_INITIALIZED_DATA 00186 #undef IMAGE_SCN_CNT_UNINITIALIZED_DATA 00187 #undef IMAGE_SCN_LNK_OTHER 00188 #undef IMAGE_SCN_LNK_INFO 00189 #undef IMAGE_SCN_LNK_REMOVE 00190 #undef IMAGE_SCN_LNK_COMDAT 00191 #undef IMAGE_SCN_NO_DEFER_SPEC_EXC 00192 #undef IMAGE_SCN_GPREL 00193 #undef IMAGE_SCN_MEM_FARDATA 00194 #undef IMAGE_SCN_MEM_PURGEABLE 00195 #undef IMAGE_SCN_MEM_16BIT 00196 #undef IMAGE_SCN_MEM_LOCKED 00197 #undef IMAGE_SCN_MEM_PRELOAD 00198 #undef IMAGE_SCN_ALIGN_1BYTES 00199 #undef IMAGE_SCN_ALIGN_2BYTES 00200 #undef IMAGE_SCN_ALIGN_4BYTES 00201 #undef IMAGE_SCN_ALIGN_8BYTES 00202 #undef IMAGE_SCN_ALIGN_16BYTES 00203 #undef IMAGE_SCN_ALIGN_32BYTES 00204 #undef IMAGE_SCN_ALIGN_64BYTES 00205 #undef IMAGE_SCN_ALIGN_128BYTES 00206 #undef IMAGE_SCN_ALIGN_256BYTES 00207 #undef IMAGE_SCN_ALIGN_512BYTES 00208 #undef IMAGE_SCN_ALIGN_1024BYTES 00209 #undef IMAGE_SCN_ALIGN_2048BYTES 00210 #undef IMAGE_SCN_ALIGN_4096BYTES 00211 #undef IMAGE_SCN_ALIGN_8192BYTES 00212 #undef IMAGE_SCN_LNK_NRELOC_OVFL 00213 #undef IMAGE_SCN_MEM_DISCARDABLE 00214 #undef IMAGE_SCN_MEM_NOT_CACHED 00215 #undef IMAGE_SCN_MEM_NOT_PAGED 00216 #undef IMAGE_SCN_MEM_SHARED 00217 #undef IMAGE_SCN_MEM_EXECUTE 00218 #undef IMAGE_SCN_MEM_READ 00219 #undef IMAGE_SCN_MEM_WRITE 00220 00221 enum 00222 { 00223 IMAGE_SCN_TYPE_NO_PAD = 0x00000008, 00224 IMAGE_SCN_CNT_CODE = 0x00000020, 00225 IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040, 00226 IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080, 00227 IMAGE_SCN_LNK_OTHER = 0x00000100, 00228 IMAGE_SCN_LNK_INFO = 0x00000200, 00229 IMAGE_SCN_LNK_REMOVE = 0x00000800, 00230 IMAGE_SCN_LNK_COMDAT = 0x00001000, 00231 IMAGE_SCN_NO_DEFER_SPEC_EXC = 0x00004000, 00232 IMAGE_SCN_GPREL = 0x00008000, 00233 IMAGE_SCN_MEM_FARDATA = 0x00008000, 00234 IMAGE_SCN_MEM_PURGEABLE = 0x00020000, 00235 IMAGE_SCN_MEM_16BIT = 0x00020000, 00236 IMAGE_SCN_MEM_LOCKED = 0x00040000, 00237 IMAGE_SCN_MEM_PRELOAD = 0x00080000, 00238 IMAGE_SCN_ALIGN_1BYTES = 0x00100000, 00239 IMAGE_SCN_ALIGN_2BYTES = 0x00200000, 00240 IMAGE_SCN_ALIGN_4BYTES = 0x00300000, 00241 IMAGE_SCN_ALIGN_8BYTES = 0x00400000, 00242 IMAGE_SCN_ALIGN_16BYTES = 0x00500000, 00243 IMAGE_SCN_ALIGN_BYTES = 0x00600000, 00244 IMAGE_SCN_ALIGN_64BYTES = 0x00700000, 00245 IMAGE_SCN_ALIGN_128BYTES = 0x00800000, 00246 IMAGE_SCN_ALIGN_256BYTES = 0x00900000, 00247 IMAGE_SCN_ALIGN_512BYTES = 0x00A00000, 00248 IMAGE_SCN_ALIGN_1024BYTES = 0x00B00000, 00249 IMAGE_SCN_ALIGN_2048BYTES = 0x00C00000, 00250 IMAGE_SCN_ALIGN_4096BYTES = 0x00D00000, 00251 IMAGE_SCN_ALIGN_8192BYTES = 0x00E00000, 00252 IMAGE_SCN_LNK_NRELOC_OVFL = 0x01000000, 00253 IMAGE_SCN_MEM_DISCARDABLE = 0x02000000, 00254 IMAGE_SCN_MEM_NOT_CACHED = 0x04000000, 00255 IMAGE_SCN_MEM_NOT_PAGED = 0x08000000, 00256 IMAGE_SCN_MEM_SHARED = 0x10000000, 00257 IMAGE_SCN_MEM_EXECUTE = 0x20000000, 00258 IMAGE_SCN_MEM_READ = 0x40000000, 00259 IMAGE_SCN_MEM_WRITE = 0x80000000 00260 }; 00261 00262 #undef IMAGE_FILE_MACHINE_UNKNOWN 00263 #undef IMAGE_FILE_MACHINE_I386 00264 #undef IMAGE_FILE_MACHINE_R3000 00265 #undef IMAGE_FILE_MACHINE_R4000 00266 #undef IMAGE_FILE_MACHINE_R10000 00267 #undef IMAGE_FILE_MACHINE_WCEMIPSV2 00268 #undef IMAGE_FILE_MACHINE_ALPHA 00269 #undef IMAGE_FILE_MACHINE_POWERPC 00270 #undef IMAGE_FILE_MACHINE_SH3 00271 #undef IMAGE_FILE_MACHINE_SH3E 00272 #undef IMAGE_FILE_MACHINE_SH4 00273 #undef IMAGE_FILE_MACHINE_ARM 00274 #undef IMAGE_FILE_MACHINE_THUMB 00275 #undef IMAGE_FILE_MACHINE_IA64 00276 #undef IMAGE_FILE_MACHINE_MIPS16 00277 #undef IMAGE_FILE_MACHINE_MIPSFPU 00278 #undef IMAGE_FILE_MACHINE_MIPSFPU16 00279 #undef IMAGE_FILE_MACHINE_ALPHA64 00280 #undef IMAGE_FILE_MACHINE_AXP64 00281 00282 enum 00283 { 00284 IMAGE_FILE_MACHINE_UNKNOWN = 0, 00285 IMAGE_FILE_MACHINE_I386 = 0x014c, 00286 IMAGE_FILE_MACHINE_R3000 = 0x0162, 00287 IMAGE_FILE_MACHINE_R4000 = 0x0166, 00288 IMAGE_FILE_MACHINE_R10000 = 0x0168, 00289 IMAGE_FILE_MACHINE_WCEMIPSV2 = 0x0169, 00290 IMAGE_FILE_MACHINE_ALPHA = 0x0184, 00291 IMAGE_FILE_MACHINE_POWERPC = 0x01F0, 00292 IMAGE_FILE_MACHINE_SH3 = 0x01a2, 00293 IMAGE_FILE_MACHINE_SH3E = 0x01a4, 00294 IMAGE_FILE_MACHINE_SH4 = 0x01a6, 00295 IMAGE_FILE_MACHINE_ARM = 0x01c0, 00296 IMAGE_FILE_MACHINE_THUMB = 0x01c2, 00297 IMAGE_FILE_MACHINE_IA64 = 0x0200, 00298 IMAGE_FILE_MACHINE_MIPS16 = 0x0266, 00299 IMAGE_FILE_MACHINE_MIPSFPU = 0x0366, 00300 IMAGE_FILE_MACHINE_MIPSFPU16 = 0x0466, 00301 IMAGE_FILE_MACHINE_ALPHA64 = 0x0284, 00302 IMAGE_FILE_MACHINE_AXP64 = IMAGE_FILE_MACHINE_ALPHA64 00303 }; 00304 00305 #undef IMAGE_FILE_RELOCS_STRIPPED 00306 #undef IMAGE_FILE_EXECUTABLE_IMAGE 00307 #undef IMAGE_FILE_LINE_NUMS_STRIPPED 00308 #undef IMAGE_FILE_LOCAL_SYMS_STRIPPED 00309 #undef IMAGE_FILE_AGGRESIVE_WS_TRIM 00310 #undef IMAGE_FILE_LARGE_ADDRESS_AWARE 00311 #undef IMAGE_FILE_BYTES_REVERSED_LO 00312 #undef IMAGE_FILE_32BIT_MACHINE 00313 #undef IMAGE_FILE_DEBUG_STRIPPED 00314 #undef IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP 00315 #undef IMAGE_FILE_NET_RUN_FROM_SWAP 00316 #undef IMAGE_FILE_SYSTEM 00317 #undef IMAGE_FILE_DLL 00318 #undef IMAGE_FILE_UP_SYSTEM_ONLY 00319 #undef IMAGE_FILE_BYTES_REVERSED_HI 00320 00321 enum 00322 { 00323 IMAGE_FILE_RELOCS_STRIPPED = 0x0001, 00324 IMAGE_FILE_EXECUTABLE_IMAGE = 0x0002, 00325 IMAGE_FILE_LINE_NUMS_STRIPPED = 0x0004, 00326 IMAGE_FILE_LOCAL_SYMS_STRIPPED = 0x0008, 00327 IMAGE_FILE_AGGRESIVE_WS_TRIM = 0x0010, 00328 IMAGE_FILE_LARGE_ADDRESS_AWARE = 0x0020, 00329 IMAGE_FILE_BYTES_REVERSED_LO = 0x0080, 00330 IMAGE_FILE_32BIT_MACHINE = 0x0100, 00331 IMAGE_FILE_DEBUG_STRIPPED = 0x0200, 00332 IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP = 0x0400, 00333 IMAGE_FILE_NET_RUN_FROM_SWAP = 0x0800, 00334 IMAGE_FILE_SYSTEM = 0x1000, 00335 IMAGE_FILE_DLL = 0x2000, 00336 IMAGE_FILE_UP_SYSTEM_ONLY = 0x4000, 00337 IMAGE_FILE_BYTES_REVERSED_HI = 0x8000 00338 }; 00339 00340 #undef IMAGE_NT_OPTIONAL_HDR32_MAGIC 00341 #undef IMAGE_NT_OPTIONAL_HDR64_MAGIC 00342 #undef IMAGE_ROM_OPTIONAL_HDR_MAGIC 00343 00344 enum 00345 { 00346 IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b, 00347 IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b, 00348 IMAGE_ROM_OPTIONAL_HDR_MAGIC = 0x107 00349 }; 00350 00351 #undef IMAGE_SUBSYSTEM_UNKNOWN 00352 #undef IMAGE_SUBSYSTEM_NATIVE 00353 #undef IMAGE_SUBSYSTEM_WINDOWS_GUI 00354 #undef IMAGE_SUBSYSTEM_WINDOWS_CUI 00355 #undef IMAGE_SUBSYSTEM_OS2_CUI 00356 #undef IMAGE_SUBSYSTEM_POSIX_CUI 00357 #undef IMAGE_SUBSYSTEM_NATIVE_WINDOWS 00358 #undef IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 00359 00360 enum 00361 { 00362 IMAGE_SUBSYSTEM_UNKNOWN = 0, 00363 IMAGE_SUBSYSTEM_NATIVE = 1, 00364 IMAGE_SUBSYSTEM_WINDOWS_GUI = 2, 00365 IMAGE_SUBSYSTEM_WINDOWS_CUI = 3, 00366 IMAGE_SUBSYSTEM_OS2_CUI = 5, 00367 IMAGE_SUBSYSTEM_POSIX_CUI = 7, 00368 IMAGE_SUBSYSTEM_NATIVE_WINDOWS = 8, 00369 IMAGE_SUBSYSTEM_WINDOWS_CE_GUI = 9 00370 }; 00371 00372 #undef RT_CURSOR 00373 #undef RT_BITMAP 00374 #undef RT_ICON 00375 #undef RT_MENU 00376 #undef RT_DIALOG 00377 #undef RT_STRING 00378 #undef RT_FONTDIR 00379 #undef RT_FONT 00380 #undef RT_ACCELERATOR 00381 #undef RT_RCDATA 00382 #undef RT_MESSAGETABLE 00383 #undef RT_GROUP_CURSOR 00384 #undef RT_GROUP_ICON 00385 #undef RT_VERSION 00386 #undef RT_DLGINCLUDE 00387 #undef RT_PLUGPLAY 00388 #undef RT_VXD 00389 #undef RT_ANICURSOR 00390 #undef RT_ANIICON 00391 #undef RT_HTML 00392 #undef RT_MANIFEST 00393 00394 enum 00395 { 00396 RT_CURSOR = 1, // 1 00397 RT_BITMAP, // 2 00398 RT_ICON, // 3 00399 RT_MENU, // 4 00400 RT_DIALOG, // 5 00401 RT_STRING, // 6 00402 RT_FONTDIR, // 7 00403 RT_FONT, // 8 00404 RT_ACCELERATOR, // 9 00405 RT_RCDATA, // 10 00406 RT_MESSAGETABLE, // 11 00407 RT_GROUP_CURSOR, // 12 00408 RT_GROUP_ICON = 14, // 14 00409 RT_VERSION = 16, 00410 RT_DLGINCLUDE, 00411 RT_PLUGPLAY = 19, 00412 RT_VXD, 00413 RT_ANICURSOR, 00414 RT_ANIICON, 00415 RT_HTML, 00416 RT_MANIFEST 00417 }; 00418 00419 template<typename T> 00420 unsigned int accumulate(unsigned int size, const T& v) 00421 { 00422 return size + v.size(); 00423 } 00424 00425 00426 struct PELIB_IMAGE_DOS_HEADER 00427 { 00428 word e_magic; 00429 word e_cblp; 00430 word e_cp; 00431 word e_crlc; 00432 word e_cparhdr; 00433 word e_minalloc; 00434 word e_maxalloc; 00435 word e_ss; 00436 word e_sp; 00437 word e_csum; 00438 word e_ip; 00439 word e_cs; 00440 word e_lfarlc; 00441 word e_ovno; 00442 word e_res[4]; 00443 word e_oemid; 00444 word e_oeminfo; 00445 word e_res2[10]; 00446 dword e_lfanew; 00447 00448 PELIB_IMAGE_DOS_HEADER(); 00449 00450 static inline unsigned int size() {return 64;} 00451 }; 00452 00453 struct PELIB_IMAGE_FILE_HEADER 00454 { 00455 word Machine; 00456 word NumberOfSections; 00457 dword TimeDateStamp; 00458 dword PointerToSymbolTable; 00459 dword NumberOfSymbols; 00460 word SizeOfOptionalHeader; 00461 word Characteristics; 00462 00463 PELIB_IMAGE_FILE_HEADER() 00464 { 00465 Machine = 0; 00466 NumberOfSections = 0; 00467 TimeDateStamp = 0; 00468 PointerToSymbolTable = 0; 00469 NumberOfSymbols = 0; 00470 SizeOfOptionalHeader = 0; 00471 Characteristics = 0; 00472 } 00473 00474 static inline unsigned int size() {return 20;} 00475 }; 00476 00477 struct PELIB_IMAGE_DATA_DIRECTORY 00478 { 00479 dword VirtualAddress; 00480 dword Size; 00481 00482 PELIB_IMAGE_DATA_DIRECTORY() 00483 { 00484 VirtualAddress = 0; 00485 Size = 0; 00486 } 00487 00488 static inline unsigned int size() {return 8;} 00489 }; 00490 00491 template<int> 00492 struct FieldSizes; 00493 00494 template<> 00495 struct FieldSizes<32> 00496 { 00497 typedef dword VAR4_8; 00498 }; 00499 00500 template<> 00501 struct FieldSizes<64> 00502 { 00503 typedef qword VAR4_8; 00504 }; 00505 00506 template<int x> 00507 struct PELIB_IMAGE_OPTIONAL_HEADER_BASE 00508 { 00509 typedef typename FieldSizes<x>::VAR4_8 VAR4_8; 00510 00511 word Magic; 00512 byte MajorLinkerVersion; 00513 byte MinorLinkerVersion; 00514 dword SizeOfCode; 00515 dword SizeOfInitializedData; 00516 dword SizeOfUninitializedData; 00517 dword AddressOfEntryPoint; 00518 dword BaseOfCode; 00519 dword BaseOfData; 00520 VAR4_8 ImageBase; 00521 dword SectionAlignment; 00522 dword FileAlignment; 00523 word MajorOperatingSystemVersion; 00524 word MinorOperatingSystemVersion; 00525 word MajorImageVersion; 00526 word MinorImageVersion; 00527 word MajorSubsystemVersion; 00528 word MinorSubsystemVersion; 00529 dword Win32VersionValue; 00530 dword SizeOfImage; 00531 dword SizeOfHeaders; 00532 dword CheckSum; 00533 word Subsystem; 00534 word DllCharacteristics; 00535 VAR4_8 SizeOfStackReserve; 00536 VAR4_8 SizeOfStackCommit; 00537 VAR4_8 SizeOfHeapReserve; 00538 VAR4_8 SizeOfHeapCommit; 00539 dword LoaderFlags; 00540 dword NumberOfRvaAndSizes; 00541 // PELIB_IMAGE_DATA_DIRECTORY DataDirectory[IMAGE_NUMBEROF_DIRECTORY_ENTRIES]; 00542 00543 PELIB_IMAGE_OPTIONAL_HEADER_BASE(); 00544 }; 00545 00546 template<int x> 00547 PELIB_IMAGE_OPTIONAL_HEADER_BASE<x>::PELIB_IMAGE_OPTIONAL_HEADER_BASE() 00548 { 00549 Magic = 0; 00550 MajorLinkerVersion = 0; 00551 MinorLinkerVersion = 0; 00552 SizeOfCode = 0; 00553 SizeOfInitializedData = 0; 00554 SizeOfUninitializedData = 0; 00555 AddressOfEntryPoint = 0; 00556 BaseOfCode = 0; 00557 // BaseOfData = 0; 00558 ImageBase = 0; 00559 SectionAlignment = 0; 00560 FileAlignment = 0; 00561 MajorOperatingSystemVersion = 0; 00562 MinorOperatingSystemVersion = 0; 00563 MajorImageVersion = 0; 00564 MinorImageVersion = 0; 00565 MajorSubsystemVersion = 0; 00566 MinorSubsystemVersion = 0; 00567 Win32VersionValue = 0; 00568 SizeOfImage = 0; 00569 SizeOfHeaders = 0; 00570 CheckSum = 0; 00571 Subsystem = 0; 00572 DllCharacteristics = 0; 00573 SizeOfStackReserve = 0; 00574 SizeOfStackCommit = 0; 00575 SizeOfHeapReserve = 0; 00576 SizeOfHeapCommit = 0; 00577 LoaderFlags = 0; 00578 NumberOfRvaAndSizes = 0; 00579 } 00580 00581 template<int> 00582 struct PELIB_IMAGE_OPTIONAL_HEADER; 00583 00584 template<> 00585 struct PELIB_IMAGE_OPTIONAL_HEADER<32> : public PELIB_IMAGE_OPTIONAL_HEADER_BASE<32> 00586 { 00587 dword BaseOfData; 00588 00589 static inline unsigned int size() {return 224 - 0x10 * 8;} 00590 }; 00591 00592 template<> 00593 struct PELIB_IMAGE_OPTIONAL_HEADER<64> : public PELIB_IMAGE_OPTIONAL_HEADER_BASE<64> 00594 { 00595 static inline unsigned int size() {return 240 - 0x10 * 8;} 00596 }; 00597 00598 template<int x> 00599 struct PELIB_IMAGE_NT_HEADERS 00600 { 00601 dword Signature; 00602 PELIB_IMAGE_FILE_HEADER FileHeader; 00603 PELIB_IMAGE_OPTIONAL_HEADER<x> OptionalHeader; 00604 std::vector<PELIB_IMAGE_DATA_DIRECTORY> dataDirectories; 00605 00606 unsigned int size() const 00607 { 00608 return sizeof(dword) 00609 + PELIB_IMAGE_FILE_HEADER::size() 00610 + PELIB_IMAGE_OPTIONAL_HEADER<x>::size() 00611 + static_cast<unsigned int>(dataDirectories.size()) * PELIB_IMAGE_DATA_DIRECTORY::size(); 00612 } 00613 00614 PELIB_IMAGE_NT_HEADERS() 00615 { 00616 Signature = 0; 00617 } 00618 }; 00619 00620 #undef IMAGE_SIZEOF_SHORT_NAME 00621 const unsigned int IMAGE_SIZEOF_SHORT_NAME = 8; 00622 00623 struct PELIB_IMAGE_SECTION_HEADER 00624 { 00625 byte Name[IMAGE_SIZEOF_SHORT_NAME]; 00626 dword VirtualSize; 00627 dword VirtualAddress; 00628 dword SizeOfRawData; 00629 dword PointerToRawData; 00630 dword PointerToRelocations; 00631 dword PointerToLinenumbers; 00632 word NumberOfRelocations; 00633 word NumberOfLinenumbers; 00634 dword Characteristics; 00635 00636 PELIB_IMAGE_SECTION_HEADER() 00637 { 00638 VirtualSize = 0; 00639 VirtualAddress = 0; 00640 SizeOfRawData = 0; 00641 PointerToRawData = 0; 00642 PointerToRelocations = 0; 00643 PointerToLinenumbers = 0; 00644 NumberOfRelocations = 0; 00645 NumberOfLinenumbers = 0; 00646 Characteristics = 0; 00647 } 00648 00649 static inline unsigned int size() {return 40;} 00650 bool biggerFileOffset(const PELIB_IMAGE_SECTION_HEADER& ish) const; 00651 bool biggerVirtualAddress(const PELIB_IMAGE_SECTION_HEADER& ish) const; 00652 }; 00653 00654 template<int bits> 00655 struct PELIB_IMAGE_THUNK_DATA 00656 { 00657 typename FieldSizes<bits>::VAR4_8 Ordinal; 00658 00659 PELIB_IMAGE_THUNK_DATA() 00660 { 00661 Ordinal = 0; 00662 } 00663 00664 static inline unsigned int size() {return 4;} 00665 }; 00666 00667 struct PELIB_IMAGE_IMPORT_DESCRIPTOR 00668 { 00669 dword OriginalFirstThunk; 00670 dword TimeDateStamp; 00671 dword ForwarderChain; 00672 dword Name; 00673 dword FirstThunk; 00674 00675 PELIB_IMAGE_IMPORT_DESCRIPTOR() 00676 { 00677 OriginalFirstThunk = 0; 00678 TimeDateStamp = 0; 00679 ForwarderChain = 0; 00680 Name = 0; 00681 FirstThunk = 0; 00682 } 00683 00684 static inline unsigned int size() {return 20;} 00685 }; 00686 00687 struct PELIB_IMAGE_EXPORT_DIRECTORY 00688 { 00689 dword Characteristics; 00690 dword TimeDateStamp; 00691 word MajorVersion; 00692 word MinorVersion; 00693 dword Name; 00694 dword Base; 00695 dword NumberOfFunctions; 00696 dword NumberOfNames; 00697 dword AddressOfFunctions; 00698 dword AddressOfNames; 00699 dword AddressOfNameOrdinals; 00700 00701 PELIB_IMAGE_EXPORT_DIRECTORY() 00702 { 00703 Characteristics = 0; 00704 TimeDateStamp = 0; 00705 MajorVersion = 0; 00706 MinorVersion = 0; 00707 Name = 0; 00708 Base = 0; 00709 NumberOfFunctions = 0; 00710 NumberOfNames = 0; 00711 AddressOfFunctions = 0; 00712 NumberOfNames = 0; 00713 AddressOfNameOrdinals = 0; 00714 } 00715 00716 static inline unsigned int size() {return 40;} 00717 }; 00718 00719 struct PELIB_IMAGE_BOUND_IMPORT_DESCRIPTOR 00720 { 00721 dword TimeDateStamp; 00722 word OffsetModuleName; 00723 word NumberOfModuleForwarderRefs; 00724 00725 PELIB_IMAGE_BOUND_IMPORT_DESCRIPTOR() 00726 { 00727 TimeDateStamp = 0; 00728 OffsetModuleName = 0; 00729 NumberOfModuleForwarderRefs = 0; 00730 } 00731 00732 static unsigned int size() 00733 { 00734 return 8; 00735 } 00736 }; 00737 00738 // Stores all necessary information about a BoundImport field. 00739 struct PELIB_IMAGE_BOUND_DIRECTORY 00740 { 00741 PELIB_IMAGE_BOUND_IMPORT_DESCRIPTOR ibdDescriptor; 00742 std::string strModuleName; 00743 std::vector<PELIB_IMAGE_BOUND_DIRECTORY> moduleForwarders; 00744 00745 // Will be used in std::find_if 00746 // Passing by-reference not possible (see C++ Standard Core Language Defect Reports, Revision 29, Issue 106) 00748 bool equal(const std::string strModuleName) const; 00749 00750 unsigned int size() const; 00751 }; 00752 00753 struct PELIB_EXP_FUNC_INFORMATION 00754 { 00755 dword addroffunc; 00756 dword addrofname; 00757 word ordinal; 00758 std::string funcname; 00759 00760 PELIB_EXP_FUNC_INFORMATION(); 00761 00762 bool equal(const std::string strFunctionName) const; 00763 inline unsigned int size() const 00764 { 00765 unsigned int uiSize = 4; 00766 if (addroffunc) uiSize += 2;// + 4; 00767 if (!funcname.empty()) uiSize += 4 + (unsigned int)funcname.size() + 1; 00768 return uiSize; 00769 } 00770 }; 00771 00772 struct PELIB_IMAGE_RESOURCE_DIRECTORY 00773 { 00774 dword Characteristics; 00775 dword TimeDateStamp; 00776 word MajorVersion; 00777 word MinorVersion; 00778 word NumberOfNamedEntries; 00779 word NumberOfIdEntries; 00780 00781 PELIB_IMAGE_RESOURCE_DIRECTORY(); 00782 00783 static inline unsigned int size() {return 16;} 00784 }; 00785 00786 struct PELIB_IMAGE_RESOURCE_DIRECTORY_ENTRY 00787 { 00788 dword Name; 00789 dword OffsetToData; 00790 PELIB_IMAGE_RESOURCE_DIRECTORY_ENTRY(); 00791 static inline unsigned int size() {return 8;} 00792 }; 00793 00794 #undef IMAGE_SIZEOF_BASE_RELOCATION 00795 00796 const unsigned int IMAGE_SIZEOF_BASE_RELOCATION = 8; 00797 00798 struct PELIB_IMG_RES_DIR_ENTRY 00799 { 00800 PELIB_IMAGE_RESOURCE_DIRECTORY_ENTRY irde; 00801 std::string wstrName; 00802 00803 bool operator<(const PELIB_IMG_RES_DIR_ENTRY& first) const; 00804 00805 }; 00806 00807 struct PELIB_IMAGE_BASE_RELOCATION 00808 { 00809 dword VirtualAddress; 00810 dword SizeOfBlock; 00811 00812 PELIB_IMAGE_BASE_RELOCATION(); 00813 static inline unsigned int size() {return 8;} 00814 }; 00815 00816 struct PELIB_IMAGE_COR20_HEADER 00817 { 00818 dword cb; 00819 word MajorRuntimeVersion; 00820 word MinorRuntimeVersion; 00821 PELIB_IMAGE_DATA_DIRECTORY MetaData; 00822 dword Flags; 00823 dword EntryPointToken; 00824 PELIB_IMAGE_DATA_DIRECTORY Resources; 00825 PELIB_IMAGE_DATA_DIRECTORY StrongNameSignature; 00826 PELIB_IMAGE_DATA_DIRECTORY CodeManagerTable; 00827 PELIB_IMAGE_DATA_DIRECTORY VTableFixups; 00828 PELIB_IMAGE_DATA_DIRECTORY ExportAddressTableJumps; 00829 PELIB_IMAGE_DATA_DIRECTORY ManagedNativeHeader; 00830 00831 PELIB_IMAGE_COR20_HEADER(); 00832 static inline unsigned int size() {return 72;} 00833 }; 00834 00835 // Used to store a file's export table. 00836 struct PELIB_IMAGE_EXP_DIRECTORY 00837 { 00839 PELIB_IMAGE_EXPORT_DIRECTORY ied; 00841 std::string name; 00842 std::vector<PELIB_EXP_FUNC_INFORMATION> functions; 00843 inline unsigned int size() const 00844 { 00845 return PELIB_IMAGE_EXPORT_DIRECTORY::size() + name.size() + 1 + 00846 std::accumulate(functions.begin(), functions.end(), 0, accumulate<PELIB_EXP_FUNC_INFORMATION>); 00847 } 00848 }; 00849 00850 // Used for parsing a file's import table. It combines the function name, the hint 00851 // and the IMAGE_THUNK_DATA of an imported function. 00852 template<int bits> 00853 struct PELIB_THUNK_DATA 00854 { 00856 PELIB_IMAGE_THUNK_DATA<bits> itd; 00858 word hint; 00860 std::string fname; 00861 00862 bool equalHint(word wHint) const 00863 { 00864 return hint == wHint; 00865 // return itd.Ordinal == (wHint | IMAGE_ORDINAL_FLAGS<bits>::IMAGE_ORDINAL_FLAG); 00866 } 00867 00868 bool equalFunctionName(std::string strFunctionName) const 00869 { 00870 return isEqualNc(fname, strFunctionName); 00871 } 00872 00873 unsigned int size() const {return PELIB_IMAGE_THUNK_DATA<bits>::size() + fname.size() + 1 + sizeof(hint);} 00874 }; 00875 00876 // Used to store a file's import table. Every struct of this sort 00877 // can store import information of one DLL. 00878 template<int bits> 00879 struct PELIB_IMAGE_IMPORT_DIRECTORY 00880 { 00882 PELIB_IMAGE_IMPORT_DESCRIPTOR impdesc; 00884 std::string name; 00886 std::vector<PELIB_THUNK_DATA<bits> > originalfirstthunk; 00888 std::vector<PELIB_THUNK_DATA<bits> > firstthunk; 00889 00890 // bool operator==(std::string strFilename) const; 00891 inline unsigned int size() const 00892 { 00893 return PELIB_IMAGE_IMPORT_DESCRIPTOR::size() + name.size() + 1 + // descriptor + dllname 00894 std::accumulate(originalfirstthunk.begin(), originalfirstthunk.end(), 0, accumulate<PELIB_THUNK_DATA<bits> >) + // thunks (PeLib uses only one thunk) 00895 PELIB_IMAGE_THUNK_DATA<bits>::size(); // zero-termination 00896 } 00897 00898 bool operator==(std::string strFilename) const 00899 { 00900 return isEqualNc(this->name, strFilename); 00901 } 00902 }; 00903 00904 struct PELIB_IMAGE_RESOURCE_DATA_ENTRY 00905 { 00906 dword OffsetToData; 00907 dword Size; 00908 dword CodePage; 00909 dword Reserved; 00910 00911 static inline unsigned int size() {return 16;} 00912 }; 00913 00914 struct PELIB_IMAGE_RESOURCE_DATA 00915 { 00916 PELIB_IMAGE_RESOURCE_DATA_ENTRY irdEntry; 00917 std::vector<byte> vData; 00918 }; 00919 00920 struct IMG_BASE_RELOC 00921 { 00922 PELIB_IMAGE_BASE_RELOCATION ibrRelocation; 00923 std::vector<word> vRelocData; 00924 }; 00925 00926 struct PELIB_IMAGE_DEBUG_DIRECTORY 00927 { 00928 dword Characteristics; 00929 dword TimeDateStamp; 00930 word MajorVersion; 00931 word MinorVersion; 00932 dword Type; 00933 dword SizeOfData; 00934 dword AddressOfRawData; 00935 dword PointerToRawData; 00936 00937 static unsigned int size() {return 28;} 00938 }; 00939 00940 struct PELIB_IMG_DEBUG_DIRECTORY 00941 { 00942 PELIB_IMAGE_DEBUG_DIRECTORY idd; 00943 std::vector<byte> data; 00944 }; 00945 00946 template<int bits> 00947 struct PELIB_IMAGE_TLS_DIRECTORY_BASE 00948 { 00949 typename FieldSizes<bits>::VAR4_8 StartAddressOfRawData; 00950 typename FieldSizes<bits>::VAR4_8 EndAddressOfRawData; 00951 typename FieldSizes<bits>::VAR4_8 AddressOfIndex; 00952 typename FieldSizes<bits>::VAR4_8 AddressOfCallBacks; 00953 dword SizeOfZeroFill; 00954 dword Characteristics; 00955 }; 00956 00957 template<int bits> 00958 struct PELIB_IMAGE_TLS_DIRECTORY;// : public PELIB_IMAGE_TLS_DIRECTORY_BASE<bits> 00959 00960 template<> 00961 struct PELIB_IMAGE_TLS_DIRECTORY<32> : public PELIB_IMAGE_TLS_DIRECTORY_BASE<32> 00962 { 00963 enum {size = 24}; 00964 // unsigned int size(){return 24;} 00965 }; 00966 00967 template<> 00968 struct PELIB_IMAGE_TLS_DIRECTORY<64> : public PELIB_IMAGE_TLS_DIRECTORY_BASE<64> 00969 { 00970 enum {size = 40}; 00971 // unsigned int size(){return 40;} 00972 }; 00973 00974 unsigned int fileSize(const std::string& filename); 00975 unsigned int fileSize(std::ifstream& file); 00976 unsigned int fileSize(std::ofstream& file); 00977 unsigned int fileSize(std::fstream& file); 00978 bool isEqualNc(const std::string& s1, const std::string& s2); 00979 unsigned int alignOffset(unsigned int uiOffset, unsigned int uiAlignment); 00980 00982 unsigned int getFileType(const std::string strFilename); 00983 00985 PeFile* openPeFile(const std::string& strFilename); 00986 00987 /* enum MzHeader_Field {e_magic, e_cblp, e_cp, e_crlc, e_cparhdr, e_minalloc, e_maxalloc, 00988 e_ss, e_sp, e_csum, e_ip, e_cs, e_lfarlc, e_ovno, e_res, e_oemid, 00989 e_oeminfo, e_res2, e_lfanew}; 00990 enum PeHeader_Field {NtSignature, Machine, NumberOfSections, TimeDateStamp, PointerToSymbolTable, 00991 NumberOfSymbols, SizeOfOptionalHeader, Characteristics, Magic, 00992 MajorLinkerVersion, MinorLinkerVersion, SizeOfCode, SizeOfInitializedData, 00993 SizeOfUninitializedData, AddressOfEntryPoint, BaseOfCode, BaseOfData, ImageBase, 00994 SectionAlignment, FileAlignment, MajorOperatingSystemVersion, MinorOperatingSystemVersion, 00995 MajorImageVersion, MinorImageVersion, MajorSubsystemVersion, MinorSubsystemVersion, 00996 Win32VersionValue, SizeOfImage, SizeOfHeaders, CheckSum, Subsystem, DllCharacteristics, 00997 SizeOfStackReserve, SizeOfStackCommit, SizeOfHeapReserve, SizeOfHeapCommit, 00998 LoaderFlags, NumberOfRvaAndSizes, DataDirectoryRva, DataDirectorySize}; 00999 enum Section_Field {SectionName, VirtualSize, VirtualAddress, SizeOfRawData, PointerToRawData, PointerToRelocations, 01000 PointerToLinenumbers, NumberOfRelocations, NumberOfLinenumbers, SectionCharacteristics}; 01001 */ 01002 } 01003 01004 #endif