1 // copyright (c) 2017-2021 hors<horsicq@gmail.com> 2 // 3 // Permission is hereby granted, free of charge, to any person obtaining a copy 4 // of this software and associated documentation files (the "Software"), to deal 5 // in the Software without restriction, including without limitation the rights 6 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 // copies of the Software, and to permit persons to whom the Software is 8 // furnished to do so, subject to the following conditions: 9 10 // The above copyright notice and this permission notice shall be included in all 11 // copies or substantial portions of the Software. 12 13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 19 // SOFTWARE. 20 // 21 #ifndef XPE_H 22 #define XPE_H 23 24 #include "xmsdos.h" 25 #include "xpe_def.h" 26 27 class XPE : public XMSDOS 28 { 29 Q_OBJECT 30 31 public: 32 struct SECTION_RECORD 33 { 34 QString sName; 35 qint64 nOffset; 36 qint64 nRVA; 37 qint64 nSize; 38 qint64 nCharacteristics; 39 }; 40 41 struct SECTIONRVA_RECORD 42 { 43 qint64 nRVA; 44 qint64 nSize; 45 qint64 nCharacteristics; 46 }; 47 48 struct IMPORT_RECORD 49 { 50 qint64 nOffset; 51 qint64 nRVA; 52 QString sLibrary; 53 QString sFunction; 54 }; 55 56 struct IMPORT_POSITION 57 { 58 qint64 nThunkRVA; 59 qint64 nThunkOffset; 60 quint64 nThunkValue; 61 QString sName; 62 quint16 nHint; 63 qint64 nOrdinal; 64 QString sFunction; 65 }; 66 67 struct IMPORT_HEADER 68 { 69 QString sName; 70 quint32 nFirstThunk; // For patch only! 71 QList<IMPORT_POSITION> listPositions; 72 }; 73 74 struct DELAYIMPORT_POSITION 75 { 76 qint64 nNameThunkRVA; 77 qint64 nNameThunkOffset; 78 quint64 nNameThunkValue; 79 QString sName; 80 quint16 nHint; 81 qint64 nOrdinal; 82 QString sFunction; 83 qint64 nAddressThunkRVA; 84 qint64 nAddressThunkOffset; 85 quint64 nAddressThunkValue; 86 qint64 nBoundThunkRVA; 87 qint64 nBoundThunkOffset; 88 quint64 nBoundThunkValue; 89 }; 90 91 struct EXPORT_RECORD 92 { 93 quint32 nOrdinal; 94 QString sFunctionName; 95 qint64 nLibraryBase; 96 QString sLibraryName; 97 }; 98 99 struct EXPORT_POSITION 100 { 101 quint16 nOrdinal; 102 quint32 nRVA; 103 qint64 nAddress; 104 quint32 nNameRVA; 105 QString sFunctionName; 106 }; 107 108 struct EXPORT_HEADER 109 { 110 XPE_DEF::IMAGE_EXPORT_DIRECTORY directory; 111 QString sName; 112 QList<EXPORT_POSITION> listPositions; 113 }; 114 115 struct TLS_HEADER 116 { 117 quint64 StartAddressOfRawData; 118 quint64 EndAddressOfRawData; 119 quint64 AddressOfIndex; 120 quint64 AddressOfCallBacks; 121 quint32 SizeOfZeroFill; 122 quint32 Characteristics; 123 }; 124 125 struct RESOURCES_ID_NAME 126 { 127 bool bIsName; 128 quint32 nID; 129 QString sName; 130 quint32 nNameOffset; 131 }; 132 133 struct RESOURCE_RECORD 134 { 135 RESOURCES_ID_NAME irin[3]; 136 qint64 nIRDEOffset; 137 qint64 nAddress; 138 qint64 nRVA; 139 qint64 nOffset; 140 qint64 nSize; 141 }; 142 143 struct RESOURCE_POSITION 144 { 145 qint64 nOffset; 146 bool bIsValid; 147 quint32 nLevel; 148 bool bIsDataDirectory; 149 RESOURCES_ID_NAME rin; 150 XPE_DEF::IMAGE_RESOURCE_DIRECTORY directory; 151 XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY dirEntry; 152 XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY dataEntry; 153 qint64 nDataAddress; 154 qint64 nDataOffset; 155 QList<RESOURCE_POSITION> listPositions; 156 }; 157 158 struct RESOURCE_HEADER 159 { 160 qint64 nOffset; 161 XPE_DEF::IMAGE_RESOURCE_DIRECTORY directory; 162 QList<RESOURCE_POSITION> listPositions; 163 }; 164 165 struct RELOCS_POSITION 166 { 167 qint16 nTypeOffset; 168 quint32 nType; 169 qint64 nAddress; 170 }; 171 172 struct RELOCS_HEADER 173 { 174 qint64 nOffset; 175 XPE_DEF::IMAGE_BASE_RELOCATION baseRelocation; 176 qint32 nCount; 177 }; 178 179 struct DUMP_OPTIONS 180 { 181 quint32 nImageBase; 182 quint32 nAddressOfEntryPoint; 183 // TODO Check 184 // bool bClearHeader; 185 // bool bCheckImport; 186 // QMap<qint64,QString> mapImport; 187 // QMap<qint64,quint64> mapInitImportOffsets; 188 // bool bIs64; 189 // bool bSaveIAT; 190 }; 191 192 struct RESOURCE_VERSION 193 { 194 qint64 nFixedFileInfoOffset; 195 XPE_DEF::tagVS_FIXEDFILEINFO fileInfo; 196 QList<QString> listRecords; // TODO rename 197 // TODO VarFileInfo 198 }; 199 200 struct CLI_METADATA_HEADER 201 { 202 quint32 nSignature; 203 quint16 nMajorVersion; 204 quint16 nMinorVersion; 205 quint32 nReserved; 206 quint32 nVersionStringLength; 207 QString sVersion; 208 quint16 nFlags; 209 quint16 nStreams; 210 }; 211 212 struct CLI_METADATA_STREAM 213 { 214 qint64 nOffset; 215 qint64 nSize; 216 QString sName; 217 }; 218 219 struct CLI_METADATA 220 { 221 CLI_METADATA_HEADER header; 222 QList<CLI_METADATA_STREAM> listStreams; 223 qint64 nTablesHeaderOffset; 224 qint64 nTablesSize; 225 quint32 nTables_Reserved1; 226 quint8 cTables_MajorVersion; 227 quint8 cTables_MinorVersion; 228 quint8 cTables_HeapOffsetSizes; 229 quint8 cTables_Reserved2; 230 quint64 nTables_Valid; 231 quint64 nTables_Sorted; 232 quint32 nTables_Valid_NumberOfRows; 233 quint32 Tables_TablesNumberOfIndexes[64]; // TODO const 234 qint64 Tables_TablesOffsets[64]; // TODO const 235 qint64 Tables_TablesSizes[64]; // TODO const 236 qint64 nStringsOffset; 237 qint64 nStringsSize; 238 qint64 nUSOffset; 239 qint64 nUSSize; 240 qint64 nBlobOffset; 241 qint64 nBlobSize; 242 qint64 nGUIDOffset; 243 qint64 nGUIDSize; 244 qint64 nEntryPoint; 245 qint64 nEntryPointSize; 246 QList<QString> listAnsiStrings; 247 QList<QString> listUnicodeStrings; 248 }; 249 250 struct CLI_INFO 251 { 252 bool bValid; 253 bool bHidden; 254 qint64 nHeaderOffset; 255 XPE_DEF::IMAGE_COR20_HEADER header; 256 qint64 nMetaDataOffset; 257 CLI_METADATA metaData; 258 }; 259 260 struct IMAGE_IMPORT_DESCRIPTOR_EX 261 { 262 union 263 { 264 quint32 Characteristics; 265 quint32 OriginalFirstThunk; 266 }; 267 quint32 TimeDateStamp; 268 quint32 ForwarderChain; 269 quint32 Name; 270 quint32 FirstThunk; 271 QString sLibrary; // Extra 272 }; 273 274 struct BOUND_IMPORT_POSITION 275 { 276 XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR descriptor; 277 QString sName; 278 }; 279 280 struct CERT_TAG 281 { 282 bool bIsValid; 283 quint32 nTag; 284 qint64 nOffset; 285 qint32 nHeaderSize; 286 qint32 nSize; 287 }; 288 289 struct CERT_RECORD 290 { 291 CERT_TAG certTag; 292 QVariant varValue; 293 QList<CERT_RECORD> listRecords; 294 }; 295 296 struct CERT 297 { 298 qint64 nOffset; 299 XPE_DEF::WIN_CERT_RECORD record; 300 bool bIsValid; 301 CERT_RECORD certRecord; 302 }; 303 304 enum TYPE 305 { 306 // mb TODO CEDLL 307 TYPE_UNKNOWN=0, 308 TYPE_GUI, 309 TYPE_CONSOLE, 310 TYPE_DLL, 311 TYPE_DRIVER, 312 TYPE_EFIBOOT, 313 TYPE_EFI, 314 TYPE_EFIRUNTIMEDRIVER, 315 TYPE_XBOX, 316 TYPE_OS2, 317 TYPE_POSIX, 318 TYPE_CE 319 // TODO more from subsystems 320 }; 321 322 explicit XPE(QIODevice *pDevice=nullptr,bool bIsImage=false,qint64 nModuleAddress=-1); 323 virtual bool isValid(); 324 static bool isValid(QIODevice *pDevice,bool bIsImage=false,qint64 nModuleAddress=-1); 325 static MODE getMode(QIODevice *pDevice,bool bIsImage=false,qint64 nModuleAddress=-1); 326 327 virtual MODE getMode(); 328 virtual QString getArch(); 329 virtual bool isBigEndian(); 330 331 virtual FT getFileType(); 332 virtual int getType(); 333 virtual QString typeIdToString(int nType); 334 335 virtual bool isSigned(); 336 virtual OFFSETSIZE getSignOS(); 337 338 qint64 getNtHeadersOffset(); 339 quint32 getNtHeaders_Signature(); 340 void setNtHeaders_Signature(quint32 nValue); 341 qint64 getFileHeaderOffset(); 342 qint64 getFileHeaderSize(); 343 344 XPE_DEF::IMAGE_FILE_HEADER getFileHeader(); 345 void setFileHeader(XPE_DEF::IMAGE_FILE_HEADER *pFileHeader); 346 347 quint16 getFileHeader_Machine(); 348 quint16 getFileHeader_NumberOfSections(); 349 quint32 getFileHeader_TimeDateStamp(); 350 quint32 getFileHeader_PointerToSymbolTable(); 351 quint32 getFileHeader_NumberOfSymbols(); 352 quint16 getFileHeader_SizeOfOptionalHeader(); 353 quint16 getFileHeader_Characteristics(); 354 355 void setFileHeader_Machine(quint16 nValue); 356 void setFileHeader_NumberOfSections(quint16 nValue); 357 void setFileHeader_TimeDateStamp(quint32 nValue); 358 void setFileHeader_PointerToSymbolTable(quint32 nValue); 359 void setFileHeader_NumberOfSymbols(quint32 nValue); 360 void setFileHeader_SizeOfOptionalHeader(quint16 nValue); 361 void setFileHeader_Characteristics(quint16 nValue); 362 363 qint64 getOptionalHeaderOffset(); 364 qint64 getOptionalHeaderSize(); 365 366 XPE_DEF::IMAGE_OPTIONAL_HEADER32 getOptionalHeader32(); 367 XPE_DEF::IMAGE_OPTIONAL_HEADER64 getOptionalHeader64(); 368 369 void setOptionalHeader32(XPE_DEF::IMAGE_OPTIONAL_HEADER32 *pOptionalHeader32); 370 void setOptionalHeader64(XPE_DEF::IMAGE_OPTIONAL_HEADER64 *pOptionalHeader64); 371 372 XPE_DEF::IMAGE_OPTIONAL_HEADER32S getOptionalHeader32S(); 373 XPE_DEF::IMAGE_OPTIONAL_HEADER64S getOptionalHeader64S(); 374 375 void setOptionalHeader32S(XPE_DEF::IMAGE_OPTIONAL_HEADER32S *pOptionalHeader32S); 376 void setOptionalHeader64S(XPE_DEF::IMAGE_OPTIONAL_HEADER64S *pOptionalHeader64S); 377 378 quint16 getOptionalHeader_Magic(); 379 quint8 getOptionalHeader_MajorLinkerVersion(); 380 quint8 getOptionalHeader_MinorLinkerVersion(); 381 quint32 getOptionalHeader_SizeOfCode(); 382 quint32 getOptionalHeader_SizeOfInitializedData(); 383 quint32 getOptionalHeader_SizeOfUninitializedData(); 384 quint32 getOptionalHeader_AddressOfEntryPoint(); 385 quint32 getOptionalHeader_BaseOfCode(); 386 quint32 getOptionalHeader_BaseOfData(); 387 quint64 getOptionalHeader_ImageBase(); 388 quint32 getOptionalHeader_SectionAlignment(); 389 quint32 getOptionalHeader_FileAlignment(); 390 quint16 getOptionalHeader_MajorOperatingSystemVersion(); 391 quint16 getOptionalHeader_MinorOperatingSystemVersion(); 392 quint16 getOptionalHeader_MajorImageVersion(); 393 quint16 getOptionalHeader_MinorImageVersion(); 394 quint16 getOptionalHeader_MajorSubsystemVersion(); 395 quint16 getOptionalHeader_MinorSubsystemVersion(); 396 quint32 getOptionalHeader_Win32VersionValue(); 397 quint32 getOptionalHeader_SizeOfImage(); 398 quint32 getOptionalHeader_SizeOfHeaders(); 399 quint32 getOptionalHeader_CheckSum(); 400 quint16 getOptionalHeader_Subsystem(); 401 quint16 getOptionalHeader_DllCharacteristics(); 402 qint64 getOptionalHeader_SizeOfStackReserve(); 403 qint64 getOptionalHeader_SizeOfStackCommit(); 404 qint64 getOptionalHeader_SizeOfHeapReserve(); 405 qint64 getOptionalHeader_SizeOfHeapCommit(); 406 quint32 getOptionalHeader_LoaderFlags(); 407 quint32 getOptionalHeader_NumberOfRvaAndSizes(); 408 409 void setOptionalHeader_Magic(quint16 nValue); 410 void setOptionalHeader_MajorLinkerVersion(quint8 nValue); 411 void setOptionalHeader_MinorLinkerVersion(quint8 nValue); 412 void setOptionalHeader_SizeOfCode(quint32 nValue); 413 void setOptionalHeader_SizeOfInitializedData(quint32 nValue); 414 void setOptionalHeader_SizeOfUninitializedData(quint32 nValue); 415 void setOptionalHeader_AddressOfEntryPoint(quint32 nValue); 416 void setOptionalHeader_BaseOfCode(quint32 nValue); 417 void setOptionalHeader_BaseOfData(quint32 nValue); 418 void setOptionalHeader_ImageBase(quint64 nValue); 419 void setOptionalHeader_SectionAlignment(quint32 nValue); 420 void setOptionalHeader_FileAlignment(quint32 nValue); 421 void setOptionalHeader_MajorOperatingSystemVersion(quint16 nValue); 422 void setOptionalHeader_MinorOperatingSystemVersion(quint16 nValue); 423 void setOptionalHeader_MajorImageVersion(quint16 nValue); 424 void setOptionalHeader_MinorImageVersion(quint16 nValue); 425 void setOptionalHeader_MajorSubsystemVersion(quint16 nValue); 426 void setOptionalHeader_MinorSubsystemVersion(quint16 nValue); 427 void setOptionalHeader_Win32VersionValue(quint32 nValue); 428 void setOptionalHeader_SizeOfImage(quint32 nValue); 429 void setOptionalHeader_SizeOfHeaders(quint32 nValue); 430 void setOptionalHeader_CheckSum(quint32 nValue); 431 void setOptionalHeader_Subsystem(quint16 nValue); 432 void setOptionalHeader_DllCharacteristics(quint16 nValue); 433 void setOptionalHeader_SizeOfStackReserve(quint64 nValue); 434 void setOptionalHeader_SizeOfStackCommit(quint64 nValue); 435 void setOptionalHeader_SizeOfHeapReserve(quint64 nValue); 436 void setOptionalHeader_SizeOfHeapCommit(quint64 nValue); 437 void setOptionalHeader_LoaderFlags(quint32 nValue); 438 void setOptionalHeader_NumberOfRvaAndSizes(quint32 nValue); 439 440 XPE_DEF::IMAGE_DATA_DIRECTORY read_IMAGE_DATA_DIRECTORY(qint64 nOffset); 441 void write_IMAGE_DATA_DIRECTORY(qint64 nOffset,XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory); 442 443 XPE_DEF::IMAGE_DATA_DIRECTORY getOptionalHeader_DataDirectory(quint32 nNumber); 444 void setOptionalHeader_DataDirectory(quint32 nNumber,XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory); 445 void setOptionalHeader_DataDirectory_VirtualAddress(quint32 nNumber,quint32 nValue); 446 void setOptionalHeader_DataDirectory_Size(quint32 nNumber,quint32 nValue); 447 448 void clearOptionalHeader_DataDirectory(quint32 nNumber); 449 bool isOptionalHeader_DataDirectoryPresent(quint32 nNumber); 450 451 QList<XPE_DEF::IMAGE_DATA_DIRECTORY> getDirectories(); 452 void setDirectories(QList<XPE_DEF::IMAGE_DATA_DIRECTORY> *pListDirectories); 453 454 qint64 getDataDirectoryOffset(quint32 nNumber); 455 qint64 getDataDirectoryOffset(_MEMORY_MAP *pMemoryMap,quint32 nNumber); 456 QByteArray getDataDirectory(quint32 nNumber); 457 QByteArray getDataDirectory(_MEMORY_MAP *pMemoryMap,quint32 nNumber); 458 459 qint64 getSectionsTableOffset(); 460 qint64 getSectionHeaderOffset(quint32 nNumber); 461 qint64 getSectionHeaderSize(); 462 463 bool isSectionsTablePresent(); 464 465 XPE_DEF::IMAGE_SECTION_HEADER getSectionHeader(quint32 nNumber); 466 void setSectionHeader(quint32 nNumber,XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader); 467 468 QList<XPE_DEF::IMAGE_SECTION_HEADER> getSectionHeaders(); 469 // TODO with __getSectionOffsetAndSize TODO Check !!! 470 static QList<SECTION_RECORD> getSectionRecords(QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders,bool bIsImage); 471 static QList<QString> getSectionNames(QList<XPE::SECTION_RECORD> *pListSectionRecords); 472 473 QList<SECTIONRVA_RECORD> getSectionRVARecords(); 474 475 QString getSection_NameAsString(quint32 nNumber); 476 quint32 getSection_VirtualSize(quint32 nNumber); 477 quint32 getSection_VirtualAddress(quint32 nNumber); 478 quint32 getSection_SizeOfRawData(quint32 nNumber); 479 quint32 getSection_PointerToRawData(quint32 nNumber); 480 quint32 getSection_PointerToRelocations(quint32 nNumber); 481 quint32 getSection_PointerToLinenumbers(quint32 nNumber); 482 quint16 getSection_NumberOfRelocations(quint32 nNumber); 483 quint16 getSection_NumberOfLinenumbers(quint32 nNumber); 484 quint32 getSection_Characteristics(quint32 nNumber); 485 486 void setSection_NameAsString(quint32 nNumber,QString sName); 487 void setSection_VirtualSize(quint32 nNumber,quint32 nValue); 488 void setSection_VirtualAddress(quint32 nNumber,quint32 nValue); 489 void setSection_SizeOfRawData(quint32 nNumber,quint32 nValue); 490 void setSection_PointerToRawData(quint32 nNumber,quint32 nValue); 491 void setSection_PointerToRelocations(quint32 nNumber,quint32 nValue); 492 void setSection_PointerToLinenumbers(quint32 nNumber,quint32 nValue); 493 void setSection_NumberOfRelocations(quint32 nNumber,quint16 nValue); 494 void setSection_NumberOfLinenumbers(quint32 nNumber,quint16 nValue); 495 void setSection_Characteristics(quint32 nNumber,quint32 nValue); 496 497 QString getSection_NameAsString(quint32 nNumber,QList<QString> *pListSectionNameStrings); 498 quint32 getSection_VirtualSize(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 499 quint32 getSection_VirtualAddress(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 500 quint32 getSection_SizeOfRawData(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 501 quint32 getSection_PointerToRawData(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 502 quint32 getSection_PointerToRelocations(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 503 quint32 getSection_PointerToLinenumbers(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 504 quint16 getSection_NumberOfRelocations(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 505 quint16 getSection_NumberOfLinenumbers(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 506 quint32 getSection_Characteristics(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 507 508 bool isSectionNamePresent(QString sSectionName); 509 static bool isSectionNamePresent(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 510 static XPE_DEF::IMAGE_SECTION_HEADER getSectionByName(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 511 512 static SECTION_RECORD getSectionRecordByName(QString sSectionName,QList<SECTION_RECORD> *pListSectionRecords); 513 514 qint32 getSectionNumber(QString sSectionName); 515 static qint32 getSectionNumber(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders); 516 517 bool isImportPresent(); 518 519 QList<IMPORT_RECORD> getImportRecords(); 520 QList<IMPORT_RECORD> getImportRecords(_MEMORY_MAP *pMemoryMap); 521 522 quint64 getImportHash64(_MEMORY_MAP *pMemoryMap); 523 quint32 getImportHash32(_MEMORY_MAP *pMemoryMap); 524 525 qint64 getImportDescriptorOffset(quint32 nNumber); 526 qint64 getImportDescriptorSize(); 527 528 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> getImportDescriptors(); 529 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> getImportDescriptors(_MEMORY_MAP *pMemoryMap); 530 QList<IMAGE_IMPORT_DESCRIPTOR_EX> getImportDescriptorsEx(); 531 QList<IMAGE_IMPORT_DESCRIPTOR_EX> getImportDescriptorsEx(_MEMORY_MAP *pMemoryMap); 532 533 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR getImportDescriptor(quint32 nNumber); 534 void setImportDescriptor(quint32 nNumber,XPE_DEF::IMAGE_IMPORT_DESCRIPTOR *pImportDescriptor); 535 536 void setImportDescriptor_OriginalFirstThunk(quint32 nNumber,quint32 nValue); 537 void setImportDescriptor_TimeDateStamp(quint32 nNumber,quint32 nValue); 538 void setImportDescriptor_ForwarderChain(quint32 nNumber,quint32 nValue); 539 void setImportDescriptor_Name(quint32 nNumber,quint32 nValue); 540 void setImportDescriptor_FirstThunk(quint32 nNumber,quint32 nValue); 541 542 QList<IMPORT_HEADER> getImports(); 543 QList<IMPORT_HEADER> getImports(_MEMORY_MAP *pMemoryMap); 544 545 QList<IMPORT_POSITION> _getImportPositions(XBinary::_MEMORY_MAP *pMemoryMap,qint64 nThunksRVA,qint64 nRVA); 546 QList<IMPORT_POSITION> getImportPositions(int nIndex); 547 548 QList<quint32> getImportPositionHashes(QList<IMPORT_HEADER> *pListImport); 549 550 bool isImportLibraryPresentI(QString sLibrary); 551 static bool isImportLibraryPresentI(QString sLibrary,QList<IMPORT_HEADER> *pListImportHeaders); 552 553 bool isImportFunctionPresentI(QString sLibrary,QString sFunction); 554 static bool isImportFunctionPresentI(QString sLibrary,QString sFunction,QList<IMPORT_HEADER> *pListImportHeaders); 555 556 bool setImports(QList<IMPORT_HEADER> *pListImportHeaders); 557 bool setImports(QIODevice *pDevice,bool bIsImage,QList<IMPORT_HEADER> *pListImportHeaders); 558 bool setImports(QString sFileName,bool bIsImage,QList<IMPORT_HEADER> *pListImportHeaders); 559 560 QString getImportFunctionName(quint32 nImport,quint32 nFunctionNumber,QList<IMPORT_HEADER> *pListImportHeaders); 561 562 RESOURCE_HEADER getResourceHeader(); 563 RESOURCE_HEADER getResourceHeader(_MEMORY_MAP *pMemoryMap); 564 QList<RESOURCE_RECORD> getResources(); 565 QList<RESOURCE_RECORD> getResources(_MEMORY_MAP *pMemoryMap); 566 567 static RESOURCE_RECORD getResourceRecord(quint32 nID1,quint32 nID2,QList<RESOURCE_RECORD> *pListResourceRecords); 568 static RESOURCE_RECORD getResourceRecord(quint32 nID1,QString sName2,QList<RESOURCE_RECORD> *pListResourceRecords); 569 static RESOURCE_RECORD getResourceRecord(QString sName1,quint32 nID2,QList<RESOURCE_RECORD> *pListResourceRecords); 570 static RESOURCE_RECORD getResourceRecord(QString sName1,QString sName2,QList<RESOURCE_RECORD> *pListResourceRecords); 571 572 static bool isResourcePresent(quint32 nID1,quint32 nID2,QList<RESOURCE_RECORD> *pListResourceRecords); 573 static bool isResourcePresent(quint32 nID1,QString sName2,QList<RESOURCE_RECORD> *pListResourceRecords); 574 static bool isResourcePresent(QString sName1,quint32 nID2,QList<RESOURCE_RECORD> *pListResourceRecords); 575 static bool isResourcePresent(QString sName1,QString sName2,QList<RESOURCE_RECORD> *pListResourceRecords); 576 577 bool isResourceManifestPresent(); 578 bool isResourceManifestPresent(QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 579 580 QString getResourceManifest(); 581 QString getResourceManifest(QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 582 583 bool isResourceVersionPresent(); 584 bool isResourceVersionPresent(QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 585 586 RESOURCE_VERSION getResourceVersion(); 587 XPE_DEF::S_VS_VERSION_INFO readVS_VERSION_INFO(qint64 nOffset); 588 589 RESOURCE_VERSION getResourceVersion(QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 590 591 QString getFileVersion(); 592 QString getFileVersion(RESOURCE_VERSION *pResourceVersion); 593 594 void setFixedFileInfo_dwSignature(quint32 nValue); 595 void setFixedFileInfo_dwStrucVersion(quint32 nValue); 596 void setFixedFileInfo_dwFileVersionMS(quint32 nValue); 597 void setFixedFileInfo_dwFileVersionLS(quint32 nValue); 598 void setFixedFileInfo_dwProductVersionMS(quint32 nValue); 599 void setFixedFileInfo_dwProductVersionLS(quint32 nValue); 600 void setFixedFileInfo_dwFileFlagsMask(quint32 nValue); 601 void setFixedFileInfo_dwFileFlags(quint32 nValue); 602 void setFixedFileInfo_dwFileOS(quint32 nValue); 603 void setFixedFileInfo_dwFileType(quint32 nValue); 604 void setFixedFileInfo_dwFileSubtype(quint32 nValue); 605 void setFixedFileInfo_dwFileDateMS(quint32 nValue); 606 void setFixedFileInfo_dwFileDateLS(quint32 nValue); 607 608 QString getResourceVersionValue(QString sKey); 609 static QString getResourceVersionValue(QString sKey,XPE::RESOURCE_VERSION *pResourceVersion); 610 611 quint32 getResourceIdByNumber(quint32 nNumber); 612 quint32 getResourceIdByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 613 QString getResourceNameByNumber(quint32 nNumber); 614 QString getResourceNameByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 615 qint64 getResourceOffsetByNumber(quint32 nNumber); 616 qint64 getResourceOffsetByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 617 qint64 getResourceSizeByNumber(quint32 nNumber); 618 qint64 getResourceSizeByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 619 quint32 getResourceTypeByNumber(quint32 nNumber); 620 quint32 getResourceTypeByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 621 622 qint64 getResourceNameOffset(QString sName); 623 qint64 getResourceNameOffset(QString sName,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 624 qint64 getResourceGroupNameOffset(QString sName); 625 qint64 getResourceGroupNameOffset(QString sName,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 626 qint64 getResourceGroupIdOffset(quint32 nID); 627 qint64 getResourceGroupIdOffset(quint32 nID,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 628 bool isResourceNamePresent(QString sName); 629 bool isResourceNamePresent(QString sName,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 630 bool isResourceGroupNamePresent(QString sName); 631 bool isResourceGroupNamePresent(QString sName,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 632 bool isResourceGroupIdPresent(quint32 nID); 633 bool isResourceGroupIdPresent(quint32 nID,QList<XPE::RESOURCE_RECORD> *pListResourceRecords); 634 635 virtual _MEMORY_MAP getMemoryMap(); 636 virtual qint64 getBaseAddress(); 637 virtual void setBaseAddress(qint64 nBaseAddress); 638 virtual qint64 getEntryPointOffset(_MEMORY_MAP *pMemoryMap); 639 virtual void setEntryPointOffset(qint64 nEntryPointOffset); 640 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR read_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset); 641 void write_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset,XPE_DEF::IMAGE_IMPORT_DESCRIPTOR idd); 642 643 XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR _read_IMAGE_DELAYLOAD_DESCRIPTOR(qint64 nOffset); 644 645 bool isExportPresent(); 646 647 EXPORT_HEADER getExport(bool bValidOnly=false); 648 EXPORT_HEADER getExport(_MEMORY_MAP *pMemoryMap,bool bValidOnly=false); 649 QList<QString> getExportFunctionsList(); 650 static QList<QString> getExportFunctionsList(EXPORT_HEADER *pExportHeader); 651 652 XPE_DEF::IMAGE_EXPORT_DIRECTORY getExportDirectory(); 653 void setExportDirectory(XPE_DEF::IMAGE_EXPORT_DIRECTORY *pExportDirectory); 654 655 void setExportDirectory_Characteristics(quint32 nValue); 656 void setExportDirectory_TimeDateStamp(quint32 nValue); 657 void setExportDirectory_MajorVersion(quint16 nValue); 658 void setExportDirectory_MinorVersion(quint16 nValue); 659 void setExportDirectory_Name(quint32 nValue); 660 void setExportDirectory_Base(quint32 nValue); 661 void setExportDirectory_NumberOfFunctions(quint32 nValue); 662 void setExportDirectory_NumberOfNames(quint32 nValue); 663 void setExportDirectory_AddressOfFunctions(quint32 nValue); 664 void setExportDirectory_AddressOfNames(quint32 nValue); 665 void setExportDirectory_AddressOfNameOrdinals(quint32 nValue); 666 667 QByteArray getHeaders(); 668 669 OFFSETSIZE __getSectionOffsetAndSize(quint32 nSection); // TODO move to Xbinary 670 671 QByteArray getSection(quint32 nSection); // TODO move to Xbinary 672 673 QString getSectionHash(HASH hash,quint32 nSection); // TODO move to Xbinary 674 double getSectionEntropy(quint32 nSection); // TODO move to Xbinary 675 676 bool addImportSection(QMap<qint64,QString> *pMapIAT); 677 bool addImportSection(QIODevice *pDevice,bool bIsImage,QMap<qint64,QString> *pMapIAT); 678 bool addImportSection(QString sFileName,bool bIsImage,QMap<qint64,QString> *pMapIAT); 679 680 static QList<XPE::IMPORT_HEADER> mapIATToList(QMap<qint64,QString> *pMapIAT,bool bIs64); 681 682 quint32 calculateCheckSum(); 683 684 bool addSection(XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader,char *pData,qint64 nDataSize); 685 bool addSection(QString sFileName,bool bIsImage,XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader,char *pData,qint64 nDataSize); 686 bool addSection(QIODevice *pDevice,bool bIsImage,XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader,char *pData,qint64 nDataSize); 687 688 bool removeLastSection(); 689 static bool removeLastSection(QIODevice *pDevice,bool bIsImage); 690 static bool removeLastSection(QString sFileName,bool bIsImage); 691 // TODO copy Overlay function -> XBinary 692 XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY read_IMAGE_RESOURCE_DIRECTORY_ENTRY(qint64 nOffset); 693 XPE_DEF::IMAGE_RESOURCE_DIRECTORY read_IMAGE_RESOURCE_DIRECTORY(qint64 nOffset); 694 XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY read_IMAGE_RESOURCE_DATA_ENTRY(qint64 nOffset); 695 XPE::RESOURCES_ID_NAME getResourcesIDName(qint64 nResourceOffset,quint32 nValue); 696 697 QList<qint64> getRelocsAsRVAList(); 698 699 QList<RELOCS_HEADER> getRelocsHeaders(); 700 QList<RELOCS_POSITION> getRelocsPositions(qint64 nOffset); 701 702 XPE_DEF::IMAGE_BASE_RELOCATION _readIMAGE_BASE_RELOCATION(qint64 nOffset); 703 704 quint32 getRelocsVirtualAddress(qint64 nOffset); 705 quint32 getRelocsSizeOfBlock(qint64 nOffset); 706 void setRelocsVirtualAddress(qint64 nOffset,quint32 nValue); 707 void setRelocsSizeOfBlock(qint64 nOffset,quint32 nValue); 708 709 bool addRelocsSection(QList<qint64> *pList); 710 bool addRelocsSection(QIODevice *pDevice,bool bIsImage,QList<qint64> *pListRelocs); 711 bool addRelocsSection(QString sFileName,bool bIsImage,QList<qint64> *pListRelocs); 712 static QByteArray relocsAsRVAListToByteArray(QList<qint64> *pListRelocs,bool bIs64); 713 714 bool isResourcesPresent(); 715 bool isRelocsPresent(); 716 bool isDebugPresent(); 717 bool isTLSPresent(); 718 bool isSignPresent(); 719 bool isExceptionPresent(); 720 bool isLoadConfigPresent(); 721 bool isBoundImportPresent(); 722 bool isDelayImportPresent(); 723 724 qint64 getTLSHeaderOffset(); 725 qint64 getTLSHeaderSize(); 726 727 XPE_DEF::S_IMAGE_TLS_DIRECTORY32 getTLSDirectory32(); 728 XPE_DEF::S_IMAGE_TLS_DIRECTORY64 getTLSDirectory64(); 729 730 quint64 getTLS_StartAddressOfRawData(); 731 quint64 getTLS_EndAddressOfRawData(); 732 quint64 getTLS_AddressOfIndex(); 733 quint64 getTLS_AddressOfCallBacks(); 734 quint32 getTLS_SizeOfZeroFill(); 735 quint32 getTLS_Characteristics(); 736 737 void setTLS_StartAddressOfRawData(quint64 nValue); 738 void setTLS_EndAddressOfRawData(quint64 nValue); 739 void setTLS_AddressOfIndex(quint64 nValue); 740 void setTLS_AddressOfCallBacks(quint64 nValue); 741 void setTLS_SizeOfZeroFill(quint32 nValue); 742 void setTLS_Characteristics(quint32 nValue); 743 744 QList<qint64> getTLS_CallbacksList(); 745 QList<qint64> getTLS_CallbacksList(XBinary::_MEMORY_MAP *pMemoryMap); 746 747 TLS_HEADER getTLSHeader(); 748 749 static QMap<quint64,QString> getImageNtHeadersSignatures(); 750 static QMap<quint64,QString> getImageNtHeadersSignaturesS(); 751 static QMap<quint64,QString> getImageMagics(); 752 static QMap<quint64,QString> getImageMagicsS(); 753 static QMap<quint64,QString> getImageFileHeaderMachines(); 754 static QMap<quint64,QString> getImageFileHeaderMachinesS(); 755 static QMap<quint64,QString> getImageFileHeaderCharacteristics(); 756 static QMap<quint64,QString> getImageFileHeaderCharacteristicsS(); 757 static QMap<quint64,QString> getImageOptionalHeaderMagic(); 758 static QMap<quint64,QString> getImageOptionalHeaderMagicS(); 759 static QMap<quint64,QString> getImageOptionalHeaderSubsystem(); 760 static QMap<quint64,QString> getImageOptionalHeaderSubsystemS(); 761 static QMap<quint64,QString> getImageOptionalHeaderDllCharacteristics(); 762 static QMap<quint64,QString> getImageOptionalHeaderDllCharacteristicsS(); 763 static QMap<quint64,QString> getImageOptionalHeaderDataDirectory(); 764 static QMap<quint64,QString> getImageOptionalHeaderDataDirectoryS(); 765 static QMap<quint64,QString> getImageSectionHeaderFlags(); 766 static QMap<quint64,QString> getImageSectionHeaderFlagsS(); 767 static QMap<quint64,QString> getImageSectionHeaderAligns(); 768 static QMap<quint64,QString> getImageSectionHeaderAlignsS(); 769 static QMap<quint64,QString> getResourceTypes(); 770 static QMap<quint64,QString> getResourceTypesS(); 771 static QMap<quint64,QString> getImageRelBased(); 772 static QMap<quint64,QString> getImageRelBasedS(); 773 static QMap<quint64,QString> getComImageFlags(); 774 static QMap<quint64,QString> getComImageFlagsS(); 775 static QMap<quint64,QString> getDebugTypes(); 776 static QMap<quint64,QString> getDebugTypesS(); 777 778 qint64 calculateHeadersSize(); 779 qint64 _calculateHeadersSize(qint64 nSectionsTableOffset,quint32 nNumberOfSections); 780 781 bool isDll(); 782 static bool isDll(QString sFileName); 783 bool isConsole(); 784 bool isDriver(); 785 bool isNETPresent(); 786 787 CLI_INFO getCliInfo(bool bFindHidden); 788 CLI_INFO getCliInfo(bool bFindHidden,XBinary::_MEMORY_MAP *pMemoryMap); 789 790 OFFSETSIZE getNet_MetadataOffsetSize(); 791 792 CLI_METADATA_HEADER _read_MetadataHeader(qint64 nOffset); 793 794 void setMetadataHeader_Signature(quint32 nValue); 795 void setMetadataHeader_MajorVersion(quint16 nValue); 796 void setMetadataHeader_MinorVersion(quint16 nValue); 797 void setMetadataHeader_Reserved(quint32 nValue); 798 void setMetadataHeader_VersionStringLength(quint32 nValue); 799 void setMetadataHeader_Version(QString sValue); 800 void setMetadataHeader_Flags(quint16 nValue); 801 void setMetadataHeader_Streams(quint16 nValue); 802 803 bool isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory); 804 bool isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory,XBinary::_MEMORY_MAP *pMemoryMap); 805 806 bool isNetMetadataPresent(); 807 bool isNetMetadataPresent(CLI_INFO *pCliInfo,XBinary::_MEMORY_MAP *pMemoryMap); 808 809 bool isNETAnsiStringPresent(QString sString); 810 static bool isNETAnsiStringPresent(QString sString,CLI_INFO *pCliInfo); 811 812 bool isNETUnicodeStringPresent(QString sString); 813 static bool isNETUnicodeStringPresent(QString sString,CLI_INFO *pCliInfo); 814 815 int getEntryPointSection(); 816 int getEntryPointSection(XBinary::_MEMORY_MAP *pMemoryMap); 817 int getImportSection(); 818 int getImportSection(XBinary::_MEMORY_MAP *pMemoryMap); 819 int getExportSection(); 820 int getExportSection(XBinary::_MEMORY_MAP *pMemoryMap); 821 int getTLSSection(); 822 int getTLSSection(XBinary::_MEMORY_MAP *pMemoryMap); 823 int getResourcesSection(); 824 int getResourcesSection(XBinary::_MEMORY_MAP *pMemoryMap); 825 int getRelocsSection(); 826 int getRelocsSection(XBinary::_MEMORY_MAP *pMemoryMap); 827 int getNormalCodeSection(); 828 int getNormalCodeSection(XBinary::_MEMORY_MAP *pMemoryMap); 829 int getNormalDataSection(); 830 int getNormalDataSection(XBinary::_MEMORY_MAP *pMemoryMap); 831 int getConstDataSection(); 832 int getConstDataSection(XBinary::_MEMORY_MAP *pMemoryMap); 833 834 // TODO .INIT section Check 835 836 struct REBUILD_OPTIONS 837 { 838 bool bOptimize; 839 bool bClearHeader; 840 // bool bRemoveLastSection; 841 bool bSetEntryPoint; 842 quint32 nEntryPoint; 843 // bool bAddImportSection; 844 QMap<qint64,QString> mapIAT; 845 QMap<qint64,quint64> mapPatches; 846 // bool bAddRelocsSection; 847 QList<qint64> listRelocsRVAs; 848 bool bRenameSections; 849 QString sSectionName; 850 bool bFixChecksum; 851 }; 852 853 bool rebuildDump(QString sResultFile,REBUILD_OPTIONS *pRebuildOptions); 854 static bool rebuildDump(QString sInputFile,QString sResultFile,REBUILD_OPTIONS *pRebuildOptions); 855 static bool fixCheckSum(QString sFileName,bool bIsImage); 856 void fixCheckSum(); 857 858 static QList<XPE_DEF::IMAGE_SECTION_HEADER> splitSection(QByteArray *pbaData,XPE_DEF::IMAGE_SECTION_HEADER sectionHeaderOriginal,quint32 nBlockSize); 859 860 struct HEADER_OPTIONS // TODO Check 861 { 862 quint16 nMachine; 863 quint16 nCharacteristics; 864 quint16 nMagic; 865 quint64 nImagebase; 866 quint16 nSubsystem; 867 quint16 nDllcharacteristics; 868 quint8 nMajorOperationSystemVersion; 869 quint8 nMinorOperationSystemVersion; 870 quint32 nFileAlignment; 871 quint32 nSectionAlignment; 872 quint32 nAddressOfEntryPoint; 873 quint32 nResourceRVA; 874 quint32 nResourceSize; 875 }; 876 877 static QByteArray createHeaderStub(HEADER_OPTIONS *pHeaderOptions); 878 879 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32 getLoadConfigDirectory32(); // TODO check size 880 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64 getLoadConfigDirectory64(); // TODO check size 881 882 qint64 getLoadConfigDirectoryOffset(); 883 qint64 getLoadConfigDirectorySize(); 884 885 quint32 getLoadConfig_Size(); 886 quint32 getLoadConfig_TimeDateStamp(); 887 quint16 getLoadConfig_MajorVersion(); 888 quint16 getLoadConfig_MinorVersion(); 889 quint32 getLoadConfig_GlobalFlagsClear(); 890 quint32 getLoadConfig_GlobalFlagsSet(); 891 quint32 getLoadConfig_CriticalSectionDefaultTimeout(); 892 quint64 getLoadConfig_DeCommitFreeBlockThreshold(); 893 quint64 getLoadConfig_DeCommitTotalFreeThreshold(); 894 quint64 getLoadConfig_LockPrefixTable(); 895 quint64 getLoadConfig_MaximumAllocationSize(); 896 quint64 getLoadConfig_VirtualMemoryThreshold(); 897 quint64 getLoadConfig_ProcessAffinityMask(); 898 quint16 getLoadConfig_CSDVersion(); 899 quint16 getLoadConfig_DependentLoadFlags(); 900 quint64 getLoadConfig_EditList(); 901 quint64 getLoadConfig_SecurityCookie(); 902 quint64 getLoadConfig_SEHandlerTable(); 903 quint64 getLoadConfig_SEHandlerCount(); 904 quint64 getLoadConfig_GuardCFCheckFunctionPointer(); 905 quint64 getLoadConfig_GuardCFDispatchFunctionPointer(); 906 quint64 getLoadConfig_GuardCFFunctionTable(); 907 quint64 getLoadConfig_GuardCFFunctionCount(); 908 quint32 getLoadConfig_GuardFlags(); 909 quint16 getLoadConfig_CodeIntegrity_Flags(); 910 quint16 getLoadConfig_CodeIntegrity_Catalog(); 911 quint32 getLoadConfig_CodeIntegrity_CatalogOffset(); 912 quint32 getLoadConfig_CodeIntegrity_Reserved(); 913 quint64 getLoadConfig_GuardAddressTakenIatEntryTable(); 914 quint64 getLoadConfig_GuardAddressTakenIatEntryCount(); 915 quint64 getLoadConfig_GuardLongJumpTargetTable(); 916 quint64 getLoadConfig_GuardLongJumpTargetCount(); 917 quint64 getLoadConfig_DynamicValueRelocTable(); 918 quint64 getLoadConfig_CHPEMetadataPointer(); 919 quint64 getLoadConfig_GuardRFFailureRoutine(); 920 quint64 getLoadConfig_GuardRFFailureRoutineFunctionPointer(); 921 quint32 getLoadConfig_DynamicValueRelocTableOffset(); 922 quint16 getLoadConfig_DynamicValueRelocTableSection(); 923 quint16 getLoadConfig_Reserved2(); 924 quint64 getLoadConfig_GuardRFVerifyStackPointerFunctionPointer(); 925 quint32 getLoadConfig_HotPatchTableOffset(); 926 quint32 getLoadConfig_Reserved3(); 927 quint64 getLoadConfig_EnclaveConfigurationPointer(); 928 quint64 getLoadConfig_VolatileMetadataPointer(); 929 quint64 getLoadConfig_GuardEHContinuationTable(); 930 quint64 getLoadConfig_GuardEHContinuationCount(); 931 quint64 getLoadConfig_GuardXFGCheckFunctionPointer(); 932 quint64 getLoadConfig_GuardXFGDispatchFunctionPointer(); 933 quint64 getLoadConfig_GuardXFGTableDispatchFunctionPointer(); 934 quint64 getLoadConfig_CastGuardOsDeterminedFailureMode(); 935 936 void setLoadConfig_Size(quint32 nValue); 937 void setLoadConfig_TimeDateStamp(quint32 nValue); 938 void setLoadConfig_MajorVersion(quint16 nValue); 939 void setLoadConfig_MinorVersion(quint16 nValue); 940 void setLoadConfig_GlobalFlagsClear(quint32 nValue); 941 void setLoadConfig_GlobalFlagsSet(quint32 nValue); 942 void setLoadConfig_CriticalSectionDefaultTimeout(quint32 nValue); 943 void setLoadConfig_DeCommitFreeBlockThreshold(quint64 nValue); 944 void setLoadConfig_DeCommitTotalFreeThreshold(quint64 nValue); 945 void setLoadConfig_LockPrefixTable(quint64 nValue); 946 void setLoadConfig_MaximumAllocationSize(quint64 nValue); 947 void setLoadConfig_VirtualMemoryThreshold(quint64 nValue); 948 void setLoadConfig_ProcessAffinityMask(quint64 nValue); 949 void setLoadConfig_CSDVersion(quint16 nValue); 950 void setLoadConfig_DependentLoadFlags(quint16 nValue); 951 void setLoadConfig_EditList(quint64 nValue); 952 void setLoadConfig_SecurityCookie(quint64 nValue); 953 void setLoadConfig_SEHandlerTable(quint64 nValue); 954 void setLoadConfig_SEHandlerCount(quint64 nValue); 955 void setLoadConfig_GuardCFCheckFunctionPointer(quint64 nValue); 956 void setLoadConfig_GuardCFDispatchFunctionPointer(quint64 nValue); 957 void setLoadConfig_GuardCFFunctionTable(quint64 nValue); 958 void setLoadConfig_GuardCFFunctionCount(quint64 nValue); 959 void setLoadConfig_GuardFlags(quint32 nValue); 960 void setLoadConfig_CodeIntegrity_Flags(quint16 nValue); 961 void setLoadConfig_CodeIntegrity_Catalog(quint16 nValue); 962 void setLoadConfig_CodeIntegrity_CatalogOffset(quint32 nValue); 963 void setLoadConfig_CodeIntegrity_Reserved(quint32 nValue); 964 void setLoadConfig_GuardAddressTakenIatEntryTable(quint64 nValue); 965 void setLoadConfig_GuardAddressTakenIatEntryCount(quint64 nValue); 966 void setLoadConfig_GuardLongJumpTargetTable(quint64 nValue); 967 void setLoadConfig_GuardLongJumpTargetCount(quint64 nValue); 968 void setLoadConfig_DynamicValueRelocTable(quint64 nValue); 969 void setLoadConfig_CHPEMetadataPointer(quint64 nValue); 970 void setLoadConfig_GuardRFFailureRoutine(quint64 nValue); 971 void setLoadConfig_GuardRFFailureRoutineFunctionPointer(quint64 nValue); 972 void setLoadConfig_DynamicValueRelocTableOffset(quint32 nValue); 973 void setLoadConfig_DynamicValueRelocTableSection(quint16 nValue); 974 void setLoadConfig_Reserved2(quint16 nValue); 975 void setLoadConfig_GuardRFVerifyStackPointerFunctionPointer(quint64 nValue); 976 void setLoadConfig_HotPatchTableOffset(quint32 nValue); 977 void setLoadConfig_Reserved3(quint32 nValue); 978 void setLoadConfig_EnclaveConfigurationPointer(quint64 nValue); 979 void setLoadConfig_VolatileMetadataPointer(quint64 nValue); 980 void setLoadConfig_GuardEHContinuationTable(quint64 nValue); 981 void setLoadConfig_GuardEHContinuationCount(quint64 nValue); 982 void setLoadConfig_GuardXFGCheckFunctionPointer(quint64 nValue); 983 void setLoadConfig_GuardXFGDispatchFunctionPointer(quint64 nValue); 984 void setLoadConfig_GuardXFGTableDispatchFunctionPointer(quint64 nValue); 985 void setLoadConfig_CastGuardOsDeterminedFailureMode(quint64 nValue); 986 987 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY _read_IMAGE_RUNTIME_FUNCTION_ENTRY(qint64 nOffset); 988 989 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY _getException(qint32 nNumber); 990 991 void setException_BeginAddress(qint32 nNumber,quint32 nValue); 992 void setException_EndAddress(qint32 nNumber,quint32 nValue); 993 void setException_UnwindInfoAddress(qint32 nNumber,quint32 nValue); 994 995 qint64 getExceptionRecordOffset(qint32 nNumber); 996 qint64 getExceptionRecordSize(); 997 998 QList<XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY> getExceptionsList(); 999 QList<XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY> getExceptionsList(XBinary::_MEMORY_MAP *pMemoryMap); 1000 1001 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY _read_IMAGE_DEBUG_DIRECTORY(qint64 nOffset); 1002 1003 QList<XPE_DEF::S_IMAGE_DEBUG_DIRECTORY> getDebugList(); 1004 QList<XPE_DEF::S_IMAGE_DEBUG_DIRECTORY> getDebugList(XBinary::_MEMORY_MAP *pMemoryMap); 1005 1006 qint64 getDebugHeaderOffset(quint32 nNumber); 1007 qint64 getDebugHeaderSize(); 1008 1009 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY getDebugHeader(quint32 nNumber); 1010 // TODO Get 1011 void setDebugHeader_Characteristics(quint32 nNumber,quint32 nValue); 1012 void setDebugHeader_TimeDateStamp(quint32 nNumber,quint32 nValue); 1013 void setDebugHeader_MajorVersion(quint32 nNumber,quint16 nValue); 1014 void setDebugHeader_MinorVersion(quint32 nNumber,quint16 nValue); 1015 void setDebugHeader_Type(quint32 nNumber,quint32 nValue); 1016 void setDebugHeader_SizeOfData(quint32 nNumber,quint32 nValue); 1017 void setDebugHeader_AddressOfRawData(quint32 nNumber,quint32 nValue); 1018 void setDebugHeader_PointerToRawData(quint32 nNumber,quint32 nValue); 1019 1020 qint64 getDelayImportRecordOffset(qint32 nNumber); 1021 qint64 getDelayImportRecordSize(); 1022 1023 QList<XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR> getDelayImportsList(); 1024 QList<XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR> getDelayImportsList(XBinary::_MEMORY_MAP *pMemoryMap); 1025 // TODO Get 1026 void setDelayImport_AllAttributes(quint32 nNumber,quint32 nValue); 1027 void setDelayImport_DllNameRVA(quint32 nNumber,quint32 nValue); 1028 void setDelayImport_ModuleHandleRVA(quint32 nNumber,quint32 nValue); 1029 void setDelayImport_ImportAddressTableRVA(quint32 nNumber,quint32 nValue); 1030 void setDelayImport_ImportNameTableRVA(quint32 nNumber,quint32 nValue); 1031 void setDelayImport_BoundImportAddressTableRVA(quint32 nNumber,quint32 nValue); 1032 void setDelayImport_UnloadInformationTableRVA(quint32 nNumber,quint32 nValue); 1033 void setDelayImport_TimeDateStamp(quint32 nNumber,quint32 nValue); 1034 1035 QList<DELAYIMPORT_POSITION> getDelayImportPositions(int nIndex); 1036 QList<DELAYIMPORT_POSITION> getDelayImportPositions(XBinary::_MEMORY_MAP *pMemoryMap,int nIndex); 1037 1038 QList<BOUND_IMPORT_POSITION> getBoundImportPositions(); 1039 QList<BOUND_IMPORT_POSITION> getBoundImportPositions(XBinary::_MEMORY_MAP *pMemoryMap); 1040 1041 XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR _read_IMAGE_BOUND_IMPORT_DESCRIPTOR(qint64 nOffset); 1042 1043 qint64 getBoundImportRecordOffset(qint32 nNumber); 1044 qint64 getBoundImportRecordSize(); 1045 1046 void setBoundImport_TimeDateStamp(quint32 nNumber,quint32 nValue); 1047 void setBoundImport_OffsetModuleName(quint32 nNumber,quint16 nValue); 1048 void setBoundImport_NumberOfModuleForwarderRefs(quint32 nNumber,quint16 nValue); 1049 1050 qint32 getNumberOfImports(); 1051 QString getImportLibraryName(quint32 nNumber); 1052 QString getImportLibraryName(quint32 nNumber,QList<XPE::IMPORT_HEADER> *pListImport); 1053 1054 qint32 getNumberOfImportThunks(quint32 nNumber); 1055 qint32 getNumberOfImportThunks(quint32 nNumber,QList<XPE::IMPORT_HEADER> *pListImport); 1056 1057 qint64 getNetHeaderOffset(); 1058 qint64 getNetHeaderSize(); 1059 1060 XPE_DEF::IMAGE_COR20_HEADER _read_IMAGE_COR20_HEADER(qint64 nOffset); 1061 1062 XPE_DEF::IMAGE_COR20_HEADER getNetHeader(); 1063 1064 quint32 getNetHeader_cb(); 1065 quint16 getNetHeader_MajorRuntimeVersion(); 1066 quint16 getNetHeader_MinorRuntimeVersion(); 1067 quint32 getNetHeader_MetaData_Address(); 1068 quint32 getNetHeader_MetaData_Size(); 1069 quint32 getNetHeader_Flags(); 1070 quint32 getNetHeader_EntryPoint(); 1071 quint32 getNetHeader_Resources_Address(); 1072 quint32 getNetHeader_Resources_Size(); 1073 quint32 getNetHeader_StrongNameSignature_Address(); 1074 quint32 getNetHeader_StrongNameSignature_Size(); 1075 quint32 getNetHeader_CodeManagerTable_Address(); 1076 quint32 getNetHeader_CodeManagerTable_Size(); 1077 quint32 getNetHeader_VTableFixups_Address(); 1078 quint32 getNetHeader_VTableFixups_Size(); 1079 quint32 getNetHeader_ExportAddressTableJumps_Address(); 1080 quint32 getNetHeader_ExportAddressTableJumps_Size(); 1081 quint32 getNetHeader_ManagedNativeHeader_Address(); 1082 quint32 getNetHeader_ManagedNativeHeader_Size(); 1083 1084 void setNetHeader_cb(quint32 nValue); 1085 void setNetHeader_MajorRuntimeVersion(quint16 nValue); 1086 void setNetHeader_MinorRuntimeVersion(quint16 nValue); 1087 void setNetHeader_MetaData_Address(quint32 nValue); 1088 void setNetHeader_MetaData_Size(quint32 nValue); 1089 void setNetHeader_Flags(quint32 nValue); 1090 void setNetHeader_EntryPoint(quint32 nValue); 1091 void setNetHeader_Resources_Address(quint32 nValue); 1092 void setNetHeader_Resources_Size(quint32 nValue); 1093 void setNetHeader_StrongNameSignature_Address(quint32 nValue); 1094 void setNetHeader_StrongNameSignature_Size(quint32 nValue); 1095 void setNetHeader_CodeManagerTable_Address(quint32 nValue); 1096 void setNetHeader_CodeManagerTable_Size(quint32 nValue); 1097 void setNetHeader_VTableFixups_Address(quint32 nValue); 1098 void setNetHeader_VTableFixups_Size(quint32 nValue); 1099 void setNetHeader_ExportAddressTableJumps_Address(quint32 nValue); 1100 void setNetHeader_ExportAddressTableJumps_Size(quint32 nValue); 1101 void setNetHeader_ManagedNativeHeader_Address(quint32 nValue); 1102 void setNetHeader_ManagedNativeHeader_Size(quint32 nValue); 1103 1104 virtual QList<SYMBOL_RECORD> getSymbolRecords(XBinary::_MEMORY_MAP *pMemoryMap,SYMBOL_TYPE symbolType=SYMBOL_TYPE_ALL); 1105 1106 XPE_DEF::WIN_CERT_RECORD read_WIN_CERT_RECORD(qint64 nOffset); 1107 QList<CERT> getCertList(); 1108 QList<CERT> getCertList(qint64 nOffset,qint64 nSize); 1109 static QList<CERT> getCertList(QIODevice *pDevice,qint64 nOffset,qint64 nSize); 1110 1111 static QString certListToString(QList<CERT> *pCertList); 1112 static QString certRecordToString(CERT_RECORD certRecord,qint32 nLevel); 1113 1114 CERT_TAG read_CertTag(qint64 nOffset,qint32 nTag); 1115 QString read_ASN_OIDString(qint64 nOffset,qint64 nSize); // TODO move to XBinary; 1116 qint64 read_ASN_Integer(qint64 nOffset,qint64 nSize); 1117 bool read_ASN_Bool(qint64 nOffset,qint64 nSize); 1118 QDateTime read_ASN_DateTime(qint64 nOffset,qint64 nSize); 1119 1120 void getCertRecord(CERT *pCert,qint64 nOffset,qint64 nSize,CERT_RECORD *pCertRecord); 1121 1122 static QString certTagToString(quint32 nTag); 1123 static QString objectIdToString(QString sObjectID); 1124 1125 QString getCertHash(HASH hash); 1126 1127 private: 1128 quint16 _checkSum(qint64 nStartValue,qint64 nDataSize); 1129 RESOURCE_POSITION _getResourcePosition(_MEMORY_MAP *pMemoryMap,qint64 nBaseAddress,qint64 nResourceOffset,qint64 nOffset,quint32 nLevel); 1130 qint64 _fixHeadersSize(); 1131 qint64 _getMinSectionOffset(); // TODO move to XBinary 1132 void _fixFileOffsets(qint64 nDelta); 1133 quint32 __getResourceVersion(RESOURCE_VERSION *pResourceVersionResult,qint64 nOffset,qint64 nSize,QString sPrefix,int nLevel); 1134 }; 1135 1136 #endif // XPE_H 1137