Main Page   Namespace List   Class Hierarchy   Alphabetical List   Compound List   File List   Compound Members   File Members  

pefile.hpp

Go to the documentation of this file.
00001 /*
00002 PeRdr - PE file disassembler
00003 Copyright (C) 1999-2002 Frediano Ziglio
00004 -----
00005 
00006 This program is free software; you can redistribute it and/or modify
00007 it under the terms of the GNU General Public License as published by
00008 the Free Software Foundation; either version 2 of the License, or
00009 (at your option) any later version.
00010 
00011 This program is distributed in the hope that it will be useful,
00012 but WITHOUT ANY WARRANTY; without even the implied warranty of
00013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014 GNU General Public License for more details.
00015 
00016 You should have received a copy of the GNU General Public License
00017 along with this program; if not, write to the Free Software
00018 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00019 -----
00020 
00021 INFORMATION
00022   www: https://freddy77.tripod.com/perdr/
00023   e-mail: freddy77@angelfire.com
00024 */
00025 #ifndef FILE_PEFILE_HPP
00026 #define FILE_PEFILE_HPP
00027 
00028 #include "peformat.h"
00029 #include "file.hpp"
00030 
00031 typedef uint16_t unicode_t;
00032 
00033 class RVAFileTranslator;
00034 
00035 typedef struct PeResourceId
00036 {
00037   unicode_t* name; // name of directory
00038   unsigned id;   // valid if name == 0
00039 } PeResourceId;
00040 
00041 typedef struct PeResourceDirectoryInfo: public PeResourceId
00042 {
00043   PE_IMAGE_RESOURCE_DIRECTORY dir;
00044   PeResourceDirectoryInfo* highLevel;
00045 } PeResourceDirectoryInfo;
00046 
00047 typedef struct PeResourceDirectoryData: public PeResourceId
00048 {
00049   PE_IMAGE_RESOURCE_DATA_ENTRY data;
00050 } PeResourceDirectoryData;
00051 
00052 class PeFile
00053 {
00054 public:
00055   PeFile(ICFile& file);
00056   ~PeFile();
00057 
00058   // headers access
00059   const PE_IMAGE_FILE_HEADER&     GetFileHeader() const
00060   { return nt_hdr.FileHeader; };
00061   const PE_IMAGE_OPTIONAL_HEADER& GetOptionalHeader() const
00062   { return nt_hdr.OptionalHeader; };
00063 
00064   // section access
00065   const PE_IMAGE_SECTION_HEADER*  GetSections() const
00066   { return sections; };
00067   const PE_IMAGE_SECTION_HEADER&  GetSection(int n) const
00068   { return sections[n]; };
00069   unsigned GetSectionCount() const
00070   { return numSection; };
00071 
00072   // directory access
00073   const PE_IMAGE_DATA_DIRECTORY& GetDataDirectory(unsigned n) const
00074   { return GetOptionalHeader().DataDirectory[n]; };
00075 
00076   // other access
00077   uint32_t GetImageBase() const
00078   { return GetOptionalHeader().ImageBase; };
00079 
00080   // write to stdout
00081         static void WriteFileHdr(const PE_IMAGE_FILE_HEADER& hdr);
00082         static void WriteOptionalHdr(const PE_IMAGE_OPTIONAL_HEADER& hdr);
00083         static void WriteSectionHdr(const PE_IMAGE_SECTION_HEADER& hdr);
00084         static void WriteExport(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param);
00085         static void WriteImport(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param);
00086         static void WriteRelocation(uint32_t address,unsigned type,void* param);
00087   void WriteResource();
00088 
00089   // directory parsing
00090         typedef void (*PImportProc)(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param);
00091         void ParseImport(PImportProc proc,void* param);
00092         typedef void (*PRelocationProc)(uint32_t address,unsigned type,void* param);
00093   void ParseRelocations(PRelocationProc proc,void* param);
00094 
00095   // called by ParseResource for every resource
00096   //   file is the pe file. File position point to resource data if data available
00097   //   data pointer to data information. If directory data == NULL
00098   //   info point to directory information. Valid also for data information
00099   //   level level of directory. First time called with level == 0 and data == NULL (init)
00100   //   param user parameter
00101   typedef void (*PResourceProc)(ICFile& file,const PeResourceDirectoryData* data,const PeResourceDirectoryInfo* info,unsigned level,void* param);
00102   void ParseResource(PResourceProc proc,void* param);
00103 
00104   typedef void (*PExportProc)(uint32_t address,uint32_t hint,const char* dll_name,const char* func_name,void* param);
00105   void ParseExport(PExportProc proc,void* param);
00106 
00107 //  RVAFileTranslator& GetRVA() { return *(RVAFileTranslator*)rva; }
00108   RVAFileTranslator& GetRVA() { return *rva; }
00109 //  const RVAFileTranslator& GetRVA() const { return *(const RVAFileTranslator*)rva; }
00110   const RVAFileTranslator& GetRVA() const { return *rva; }
00111 private:
00112   PE_IMAGE_NT_HEADERS nt_hdr;
00113   PE_IMAGE_SECTION_HEADER *sections;
00114   unsigned numSection;
00115   ICFile& file;
00116 //  char rva[sizeof(RVAFileTranslator)];
00117   RVAFileTranslator* rva;
00118 };
00119 #endif //FILE_PEFILE_HPP
Generated on Mon Jan 13 22:20:34 2003 for perdr by doxygen1.2.15