This repository was archived by the owner on May 9, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpe.h
193 lines (125 loc) · 4.61 KB
/
pe.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
/*
Copyright(c) 2011. Kim Zhang [analyst004 at gmail.com].
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
*/
#ifndef LIB_PE_H_
#define LIB_PE_H_
//#include "petype.h"
#include "peformat.h"
#ifdef __cplusplus
extern "C" {
#endif
#ifndef ECANCELED
#define ECANCELED 401
#endif
typedef uint32_t rva_t;
typedef uint32_t raw_t;
typedef uint32_t va_t;
#define INVALID_PE (int)0
#define INVALID_RAW (raw_t)-1
#define INVALID_RVA (raw_t)-1
#define INVALID_SECTION_ID (raw_t)-1
#define IS_RESOURCE_DIRECTORY(entry) entry->DataIsDirectory
/**
* Description: parse pe format
* Parameter: stream
* size
* Return: INVALID_PE parse pe fail, errno
*
*/
int pe_open(const char* stream, size_t size);
int pe_open_file(const char* file);
int pe_size(int fd);
uint8_t* pe_stream(int fd);
/**
* Description: clean and close pe format
* Parameter: fd pe descriptor, return by pe_open()
* Return: void
*
*/
void pe_close(int fd);
IMAGE_NT_HEADERS32* pe_nt_header(int fd);
IMAGE_DOS_HEADER* pe_dos_header(int fd);
/*
* Description: 根据虚拟地址计算文件偏移地址
* Parameter: lpFileData 文件数据
* Return: INVALID_FILE_OFFSET 计算失败
* 否则, 返回文件偏移地址的值
*/
raw_t rva_to_raw(int fd, rva_t rva);
/*
* Description: 根据文件偏移地址计算虚拟地址
* Parameter: stream 文件数据
* raw 文件偏移地址
* Return: INVALID_VIRTUAL_ADDRESS 计算失败
* 否则, 返回虚拟地址的值
*/
rva_t raw_to_rva(int fd, rva_t raw);
/*
* 获取PE格式附加数据相关的信息
*/
IMAGE_OVERLAY* pe_overlay(int fd);
IMAGE_EXPORT_FUNCTION *pe_export_first(int fd);
IMAGE_EXPORT_FUNCTION *pe_export_next(IMAGE_EXPORT_FUNCTION* iter);
const char* pe_export_dllname(int fd);
bool pe_import_dllname(
int fd,
IMAGE_IMPORT_DESCRIPTOR* import_dll,
char* dllname,
int name_len);
int pe_import_dll_count(int fd);
IMAGE_IMPORT_DESCRIPTOR* pe_import_dll_first(int fd);
IMAGE_IMPORT_DESCRIPTOR* pe_import_dll_next(IMAGE_IMPORT_DESCRIPTOR* iter);
int pe_import_api_count(IMAGE_IMPORT_DESCRIPTOR* dll);
IMAGE_IMPORT_FUNCTION* pe_import_api_first(IMAGE_IMPORT_DESCRIPTOR* import_dll);
IMAGE_IMPORT_FUNCTION* pe_import_api_next(IMAGE_IMPORT_FUNCTION* iter);
IMAGE_RESOURCE_DATA_ENTRY* pe_resource_data(
int fd,
IMAGE_RESOURCE_DIRECTORY_ENTRY* entry);
IMAGE_RELOCATION_ITEM* pe_reloc_first(int fd);
IMAGE_RELOCATION_ITEM* pe_reloc_next(IMAGE_RELOCATION_ITEM* iter);
const char* pe_bound_import_dllname(int fd, IMAGE_BOUND_IMPORT_DESCRIPTOR* dll);
IMAGE_BOUND_IMPORT_DESCRIPTOR* pe_bound_import_first(int fd);
IMAGE_BOUND_IMPORT_DESCRIPTOR* pe_bound_import_next(
IMAGE_BOUND_IMPORT_DESCRIPTOR* iter);
IMAGE_SECTION_HEADER* pe_section_first(int fd);
IMAGE_SECTION_HEADER* pe_section_next(IMAGE_SECTION_HEADER* it);
int pe_section_by_rva(int fd, rva_t rva);
int pe_section_by_raw(int fd, raw_t raw);
bool pe_icon_file(int fd, const char* ico_file);
IMAGE_ICON_ENTRY* pe_icon_first(int fd);
IMAGE_ICON_ENTRY* pe_icon_next(IMAGE_ICON_ENTRY* iter);
IMAGE_VERSION* pe_version_first(int fd);
IMAGE_VERSION* pe_version_next(IMAGE_VERSION* iter);
bool pe_remove_last_section(int fd);
IMAGE_RESOURCE_DIRECTORY_ENTRY* pe_resource_first(
int fd,
IMAGE_RESOURCE_DIRECTORY_ENTRY* parent);
IMAGE_RESOURCE_DIRECTORY_ENTRY* pe_resource_next(
IMAGE_RESOURCE_DIRECTORY_ENTRY* prev);
bool pe_resource_name(int fd, IMAGE_RESOURCE_DIRECTORY_ENTRY* res,
char* name, int max_len);
IMAGE_RESOURCE_DIRECTORY_ENTRY* pe_resource_first(
int fd,
IMAGE_RESOURCE_DIRECTORY_ENTRY* parent);
IMAGE_RESOURCE_DIRECTORY_ENTRY* pe_resource_next(
IMAGE_RESOURCE_DIRECTORY_ENTRY* prev);
IMAGE_GAP* pe_gap_first(int fd);
IMAGE_GAP* pe_gap_next(IMAGE_GAP* iter);
bool copy_section_header(int fd,int sect_id, IMAGE_SECTION_HEADER *sect_header);
IMAGE_SECTION_HEADER* pe_section_header(int fd, int sect_id);
uint8_t* pe_data_by_raw(int fd, raw_t raw);
uint8_t* pe_data_by_rva(int fd, rva_t rva);
IMAGE_SIGNATURE* pe_sign(int fd);
char* pe_restype_name(int res_type);
#ifdef __cplusplus
}
#endif
#endif /* LIB_PE_H_ */