1 // copyright (c) 2017-2021 hors<horsicq@gmail.com>
2 //
3 // Permission is hereby granted, free of charge, to any person obtaining a copy
4 // of this software and associated documentation files (the "Software"), to deal
5 // in the Software without restriction, including without limitation the rights
6 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7 // copies of the Software, and to permit persons to whom the Software is
8 // furnished to do so, subject to the following conditions:
9
10 // The above copyright notice and this permission notice shall be included in all
11 // copies or substantial portions of the Software.
12
13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 // SOFTWARE.
20 //
21 #include "xpe.h"
22
XPE(QIODevice * pDevice,bool bIsImage,qint64 nModuleAddress)23 XPE::XPE(QIODevice *pDevice, bool bIsImage, qint64 nModuleAddress): XMSDOS(pDevice,bIsImage,nModuleAddress)
24 {
25 }
26
isValid()27 bool XPE::isValid()
28 {
29 bool bResult=false;
30
31 quint16 magic=get_magic();
32
33 if( (magic==XMSDOS_DEF::S_IMAGE_DOS_SIGNATURE_MZ)||
34 (magic==XMSDOS_DEF::S_IMAGE_DOS_SIGNATURE_ZM))
35 {
36 qint32 lfanew=get_lfanew();
37
38 if(lfanew>0)
39 {
40 quint32 signature=read_uint32(lfanew);
41
42 if(signature==XPE_DEF::S_IMAGE_NT_SIGNATURE)
43 {
44 bResult=true;
45 }
46 }
47 }
48
49 return bResult;
50 }
51
isValid(QIODevice * pDevice,bool bIsImage,qint64 nModuleAddress)52 bool XPE::isValid(QIODevice *pDevice, bool bIsImage, qint64 nModuleAddress)
53 {
54 XPE xpe(pDevice,bIsImage,nModuleAddress);
55
56 return xpe.isValid();
57 }
58
getMode(QIODevice * pDevice,bool bIsImage,qint64 nModuleAddress)59 XBinary::MODE XPE::getMode(QIODevice *pDevice, bool bIsImage, qint64 nModuleAddress)
60 {
61 XPE xpe(pDevice,bIsImage,nModuleAddress);
62
63 return xpe.getMode();
64 }
65
getMode()66 XBinary::MODE XPE::getMode()
67 {
68 MODE result=MODE_32;
69
70 quint16 nMachine=getFileHeader_Machine();
71
72 if( (nMachine==XPE_DEF::S_IMAGE_FILE_MACHINE_AMD64)||
73 (nMachine==XPE_DEF::S_IMAGE_FILE_MACHINE_IA64)||
74 (nMachine==XPE_DEF::S_IMAGE_FILE_MACHINE_ARM64))
75 {
76 result=MODE_64;
77 }
78 else
79 {
80 result=MODE_32;
81 }
82
83 return result;
84 }
85
getArch()86 QString XPE::getArch()
87 {
88 return getImageFileHeaderMachinesS().value(getFileHeader_Machine(),QString("UNKNOWN"));
89 }
90
isBigEndian()91 bool XPE::isBigEndian()
92 {
93 // TODO Check Machine
94 return false;
95 }
96
getFileType()97 XBinary::FT XPE::getFileType()
98 {
99 FT result=FT_PE32;
100
101 MODE mode=getMode();
102
103 if(mode==MODE_32)
104 {
105 result=FT_PE32;
106 }
107 else if(mode==MODE_64)
108 {
109 result=FT_PE64;
110 }
111
112 return result;
113 }
114
getType()115 int XPE::getType()
116 {
117 TYPE result=TYPE_UNKNOWN;
118
119 quint16 nSubsystem=getOptionalHeader_Subsystem();
120
121 if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_NATIVE)
122 {
123 result=TYPE_DRIVER;
124 }
125 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_WINDOWS_CUI)
126 {
127 result=TYPE_CONSOLE;
128 }
129 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_WINDOWS_GUI)
130 {
131 result=TYPE_GUI;
132 }
133 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER)
134 {
135 result=TYPE_EFIBOOT;
136 }
137 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_EFI_APPLICATION)
138 {
139 result=TYPE_EFI;
140 }
141 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER)
142 {
143 result=TYPE_EFIRUNTIMEDRIVER;
144 }
145 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_XBOX)
146 {
147 result=TYPE_XBOX;
148 }
149 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_OS2_CUI)
150 {
151 result=TYPE_OS2;
152 }
153 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_POSIX_CUI)
154 {
155 result=TYPE_POSIX;
156 }
157 else if(nSubsystem==XPE_DEF::S_IMAGE_SUBSYSTEM_WINDOWS_CE_GUI)
158 {
159 result=TYPE_CE;
160 }
161
162 if(result!=TYPE_DRIVER) // TODO Check
163 {
164 if((getFileHeader_Characteristics()&XPE_DEF::S_IMAGE_FILE_DLL))
165 {
166 result=TYPE_DLL;
167 }
168 }
169
170 return result;
171 }
172
typeIdToString(int nType)173 QString XPE::typeIdToString(int nType)
174 {
175 QString sResult="Unknown"; // mb TODO translate
176
177 switch(nType)
178 {
179 case TYPE_UNKNOWN: sResult=QString("Unknown"); break; // mb TODO translate
180 case TYPE_GUI: sResult=QString("GUI"); break;
181 case TYPE_CONSOLE: sResult=QString("Console"); break;
182 case TYPE_DLL: sResult=QString("DLL"); break;
183 case TYPE_DRIVER: sResult=QString("Driver"); break;
184 case TYPE_EFIBOOT: sResult=QString("EFI Boot"); break;
185 case TYPE_EFI: sResult=QString("EFI"); break;
186 case TYPE_EFIRUNTIMEDRIVER: sResult=QString("EFI Runtime driver"); break;
187 case TYPE_XBOX: sResult=QString("XBOX"); break;
188 case TYPE_OS2: sResult=QString("OS2"); break;
189 case TYPE_POSIX: sResult=QString("POSIX"); break;
190 case TYPE_CE: sResult=QString("CE"); break;
191 }
192
193 return sResult;
194 }
195
isSigned()196 bool XPE::isSigned()
197 {
198 return getSignOS().nSize;
199 }
200
getSignOS()201 XBinary::OFFSETSIZE XPE::getSignOS()
202 {
203 OFFSETSIZE result={};
204
205 XPE_DEF::IMAGE_DATA_DIRECTORY idSecurity=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_SECURITY);
206
207 OFFSETSIZE osSecurity={};
208 osSecurity.nOffset=idSecurity.VirtualAddress;
209 osSecurity.nSize=idSecurity.Size;
210
211 if(checkOffsetSize(osSecurity))
212 {
213 result=osSecurity;
214 }
215
216 return result;
217 }
218
getNtHeadersOffset()219 qint64 XPE::getNtHeadersOffset()
220 {
221 qint64 result=get_lfanew();
222
223 if(!_isOffsetValid(result))
224 {
225 result=-1;
226 }
227
228 return result;
229 }
230
getNtHeaders_Signature()231 quint32 XPE::getNtHeaders_Signature()
232 {
233 qint64 nOffset=getNtHeadersOffset();
234
235 return read_uint32(nOffset);
236 }
237
setNtHeaders_Signature(quint32 nValue)238 void XPE::setNtHeaders_Signature(quint32 nValue)
239 {
240 write_uint32(getNtHeadersOffset(),nValue);
241 }
242
getFileHeaderOffset()243 qint64 XPE::getFileHeaderOffset()
244 {
245 qint64 result=get_lfanew()+4;
246
247 if(!_isOffsetValid(result))
248 {
249 result=-1;
250 }
251
252 return result;
253 }
254
getFileHeaderSize()255 qint64 XPE::getFileHeaderSize()
256 {
257 return sizeof(XPE_DEF::IMAGE_FILE_HEADER);
258 }
259
getFileHeader()260 XPE_DEF::IMAGE_FILE_HEADER XPE::getFileHeader()
261 {
262 XPE_DEF::IMAGE_FILE_HEADER result={};
263
264 qint64 nFileHeaderOffset=getFileHeaderOffset();
265
266 if(nFileHeaderOffset!=-1)
267 {
268 result.Machine=read_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Machine));
269 result.NumberOfSections=read_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSections));
270 result.TimeDateStamp=read_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,TimeDateStamp));
271 result.PointerToSymbolTable=read_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,PointerToSymbolTable));
272 result.NumberOfSymbols=read_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSymbols));
273 result.SizeOfOptionalHeader=read_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,SizeOfOptionalHeader));
274 result.Characteristics=read_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Characteristics));
275 }
276
277 return result;
278 }
279
setFileHeader(XPE_DEF::IMAGE_FILE_HEADER * pFileHeader)280 void XPE::setFileHeader(XPE_DEF::IMAGE_FILE_HEADER *pFileHeader)
281 {
282 qint64 nFileHeaderOffset=getFileHeaderOffset();
283
284 if(nFileHeaderOffset!=-1)
285 {
286 write_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Machine),pFileHeader->Machine);
287 write_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSections),pFileHeader->NumberOfSections);
288 write_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,TimeDateStamp),pFileHeader->TimeDateStamp);
289 write_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,PointerToSymbolTable),pFileHeader->PointerToSymbolTable);
290 write_uint32(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSymbols),pFileHeader->NumberOfSymbols);
291 write_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,SizeOfOptionalHeader),pFileHeader->SizeOfOptionalHeader);
292 write_uint16(nFileHeaderOffset+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Characteristics),pFileHeader->Characteristics);
293 }
294 }
295
getFileHeader_Machine()296 quint16 XPE::getFileHeader_Machine()
297 {
298 return read_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Machine));
299 }
300
getFileHeader_NumberOfSections()301 quint16 XPE::getFileHeader_NumberOfSections()
302 {
303 return read_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSections));
304 }
305
getFileHeader_TimeDateStamp()306 quint32 XPE::getFileHeader_TimeDateStamp()
307 {
308 return read_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,TimeDateStamp));
309 }
310
getFileHeader_PointerToSymbolTable()311 quint32 XPE::getFileHeader_PointerToSymbolTable()
312 {
313 return read_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,PointerToSymbolTable));
314 }
315
getFileHeader_NumberOfSymbols()316 quint32 XPE::getFileHeader_NumberOfSymbols()
317 {
318 return read_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSymbols));
319 }
320
getFileHeader_SizeOfOptionalHeader()321 quint16 XPE::getFileHeader_SizeOfOptionalHeader()
322 {
323 return read_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,SizeOfOptionalHeader));
324 }
325
getFileHeader_Characteristics()326 quint16 XPE::getFileHeader_Characteristics()
327 {
328 return read_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Characteristics));
329 }
330
setFileHeader_Machine(quint16 nValue)331 void XPE::setFileHeader_Machine(quint16 nValue)
332 {
333 write_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Machine),nValue);
334 }
335
setFileHeader_NumberOfSections(quint16 nValue)336 void XPE::setFileHeader_NumberOfSections(quint16 nValue)
337 {
338 write_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSections),nValue);
339 }
340
setFileHeader_TimeDateStamp(quint32 nValue)341 void XPE::setFileHeader_TimeDateStamp(quint32 nValue)
342 {
343 write_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,TimeDateStamp),nValue);
344 }
345
setFileHeader_PointerToSymbolTable(quint32 nValue)346 void XPE::setFileHeader_PointerToSymbolTable(quint32 nValue)
347 {
348 write_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,PointerToSymbolTable),nValue);
349 }
350
setFileHeader_NumberOfSymbols(quint32 nValue)351 void XPE::setFileHeader_NumberOfSymbols(quint32 nValue)
352 {
353 write_uint32(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,NumberOfSymbols),nValue);
354 }
355
setFileHeader_SizeOfOptionalHeader(quint16 nValue)356 void XPE::setFileHeader_SizeOfOptionalHeader(quint16 nValue)
357 {
358 write_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,SizeOfOptionalHeader),nValue);
359 }
360
setFileHeader_Characteristics(quint16 nValue)361 void XPE::setFileHeader_Characteristics(quint16 nValue)
362 {
363 write_uint16(getFileHeaderOffset()+offsetof(XPE_DEF::IMAGE_FILE_HEADER,Characteristics),nValue);
364 }
365
getOptionalHeaderOffset()366 qint64 XPE::getOptionalHeaderOffset()
367 {
368 qint64 result=get_lfanew()+4+sizeof(XPE_DEF::IMAGE_FILE_HEADER);
369
370 if(!_isOffsetValid(result))
371 {
372 result=-1;
373 }
374
375 return result;
376 }
377
getOptionalHeaderSize()378 qint64 XPE::getOptionalHeaderSize()
379 {
380 qint64 nResult=0;
381
382 if(is64())
383 {
384 nResult=sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER64);
385 }
386 else
387 {
388 nResult=sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER32);
389 }
390
391 return nResult;
392 }
393
getOptionalHeader32()394 XPE_DEF::IMAGE_OPTIONAL_HEADER32 XPE::getOptionalHeader32()
395 {
396 XPE_DEF::IMAGE_OPTIONAL_HEADER32 result={};
397 // TODO
398 read_array(getOptionalHeaderOffset(),(char *)&result,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER32));
399
400 return result;
401 }
402
getOptionalHeader64()403 XPE_DEF::IMAGE_OPTIONAL_HEADER64 XPE::getOptionalHeader64()
404 {
405 XPE_DEF::IMAGE_OPTIONAL_HEADER64 result={};
406 // TODO
407 read_array(getOptionalHeaderOffset(),(char *)&result,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER64));
408
409 return result;
410 }
411
setOptionalHeader32(XPE_DEF::IMAGE_OPTIONAL_HEADER32 * pOptionalHeader32)412 void XPE::setOptionalHeader32(XPE_DEF::IMAGE_OPTIONAL_HEADER32 *pOptionalHeader32)
413 {
414 // TODO
415 write_array(getOptionalHeaderOffset(),(char *)pOptionalHeader32,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER32));
416 }
417
setOptionalHeader64(XPE_DEF::IMAGE_OPTIONAL_HEADER64 * pOptionalHeader64)418 void XPE::setOptionalHeader64(XPE_DEF::IMAGE_OPTIONAL_HEADER64 *pOptionalHeader64)
419 {
420 // TODO
421 write_array(getOptionalHeaderOffset(),(char *)pOptionalHeader64,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER64));
422 }
423
getOptionalHeader32S()424 XPE_DEF::IMAGE_OPTIONAL_HEADER32S XPE::getOptionalHeader32S()
425 {
426 XPE_DEF::IMAGE_OPTIONAL_HEADER32S result={};
427 // TODO
428 read_array(getOptionalHeaderOffset(),(char *)&result,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER32S));
429
430 return result;
431 }
432
getOptionalHeader64S()433 XPE_DEF::IMAGE_OPTIONAL_HEADER64S XPE::getOptionalHeader64S()
434 {
435 XPE_DEF::IMAGE_OPTIONAL_HEADER64S result={};
436 // TODO
437 read_array(getOptionalHeaderOffset(),(char *)&result,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER64S));
438
439 return result;
440 }
441
setOptionalHeader32S(XPE_DEF::IMAGE_OPTIONAL_HEADER32S * pOptionalHeader32S)442 void XPE::setOptionalHeader32S(XPE_DEF::IMAGE_OPTIONAL_HEADER32S *pOptionalHeader32S)
443 {
444 // TODO check -1
445 write_array(getOptionalHeaderOffset(),(char *)pOptionalHeader32S,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER32S));
446 }
447
setOptionalHeader64S(XPE_DEF::IMAGE_OPTIONAL_HEADER64S * pOptionalHeader64S)448 void XPE::setOptionalHeader64S(XPE_DEF::IMAGE_OPTIONAL_HEADER64S *pOptionalHeader64S)
449 {
450 // TODO check -1
451 write_array(getOptionalHeaderOffset(),(char *)pOptionalHeader64S,sizeof(XPE_DEF::IMAGE_OPTIONAL_HEADER64S));
452 }
453
getOptionalHeader_Magic()454 quint16 XPE::getOptionalHeader_Magic()
455 {
456 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Magic));
457 }
458
getOptionalHeader_MajorLinkerVersion()459 quint8 XPE::getOptionalHeader_MajorLinkerVersion()
460 {
461 return read_uint8(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorLinkerVersion));
462 }
463
getOptionalHeader_MinorLinkerVersion()464 quint8 XPE::getOptionalHeader_MinorLinkerVersion()
465 {
466 return read_uint8(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorLinkerVersion));
467 }
468
getOptionalHeader_SizeOfCode()469 quint32 XPE::getOptionalHeader_SizeOfCode()
470 {
471 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfCode));
472 }
473
getOptionalHeader_SizeOfInitializedData()474 quint32 XPE::getOptionalHeader_SizeOfInitializedData()
475 {
476 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfInitializedData));
477 }
478
getOptionalHeader_SizeOfUninitializedData()479 quint32 XPE::getOptionalHeader_SizeOfUninitializedData()
480 {
481 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfUninitializedData));
482 }
483
getOptionalHeader_AddressOfEntryPoint()484 quint32 XPE::getOptionalHeader_AddressOfEntryPoint()
485 {
486 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,AddressOfEntryPoint));
487 }
488
getOptionalHeader_BaseOfCode()489 quint32 XPE::getOptionalHeader_BaseOfCode()
490 {
491 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,BaseOfCode));
492 }
493
getOptionalHeader_BaseOfData()494 quint32 XPE::getOptionalHeader_BaseOfData()
495 {
496 // TODO no for x64
497 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,BaseOfData));
498 }
499
getOptionalHeader_ImageBase()500 quint64 XPE::getOptionalHeader_ImageBase()
501 {
502 quint64 nResult=0;
503
504 if(is64())
505 {
506 nResult=read_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,ImageBase));
507 }
508 else
509 {
510 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,ImageBase));
511 }
512
513 return nResult;
514 }
515
getOptionalHeader_SectionAlignment()516 quint32 XPE::getOptionalHeader_SectionAlignment()
517 {
518 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SectionAlignment));
519 }
520
getOptionalHeader_FileAlignment()521 quint32 XPE::getOptionalHeader_FileAlignment()
522 {
523 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,FileAlignment));
524 }
525
getOptionalHeader_MajorOperatingSystemVersion()526 quint16 XPE::getOptionalHeader_MajorOperatingSystemVersion()
527 {
528 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorOperatingSystemVersion));
529 }
530
getOptionalHeader_MinorOperatingSystemVersion()531 quint16 XPE::getOptionalHeader_MinorOperatingSystemVersion()
532 {
533 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorOperatingSystemVersion));
534 }
535
getOptionalHeader_MajorImageVersion()536 quint16 XPE::getOptionalHeader_MajorImageVersion()
537 {
538 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorImageVersion));
539 }
540
getOptionalHeader_MinorImageVersion()541 quint16 XPE::getOptionalHeader_MinorImageVersion()
542 {
543 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorImageVersion));
544 }
545
getOptionalHeader_MajorSubsystemVersion()546 quint16 XPE::getOptionalHeader_MajorSubsystemVersion()
547 {
548 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorSubsystemVersion));
549 }
550
getOptionalHeader_MinorSubsystemVersion()551 quint16 XPE::getOptionalHeader_MinorSubsystemVersion()
552 {
553 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorSubsystemVersion));
554 }
555
getOptionalHeader_Win32VersionValue()556 quint32 XPE::getOptionalHeader_Win32VersionValue()
557 {
558 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Win32VersionValue));
559 }
560
getOptionalHeader_SizeOfImage()561 quint32 XPE::getOptionalHeader_SizeOfImage()
562 {
563 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfImage));
564 }
565
getOptionalHeader_SizeOfHeaders()566 quint32 XPE::getOptionalHeader_SizeOfHeaders()
567 {
568 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeaders));
569 }
570
getOptionalHeader_CheckSum()571 quint32 XPE::getOptionalHeader_CheckSum()
572 {
573 return read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,CheckSum));
574 }
575
getOptionalHeader_Subsystem()576 quint16 XPE::getOptionalHeader_Subsystem()
577 {
578 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Subsystem));
579 }
580
getOptionalHeader_DllCharacteristics()581 quint16 XPE::getOptionalHeader_DllCharacteristics()
582 {
583 return read_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DllCharacteristics));
584 }
585
getOptionalHeader_SizeOfStackReserve()586 qint64 XPE::getOptionalHeader_SizeOfStackReserve()
587 {
588 qint64 nResult=0;
589
590 if(is64())
591 {
592 nResult=read_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfStackReserve));
593 }
594 else
595 {
596 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfStackReserve));
597 }
598
599 return nResult;
600 }
601
getOptionalHeader_SizeOfStackCommit()602 qint64 XPE::getOptionalHeader_SizeOfStackCommit()
603 {
604 qint64 nResult=0;
605
606 if(is64())
607 {
608 nResult=read_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfStackCommit));
609 }
610 else
611 {
612 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfStackCommit));
613 }
614
615 return nResult;
616 }
617
getOptionalHeader_SizeOfHeapReserve()618 qint64 XPE::getOptionalHeader_SizeOfHeapReserve()
619 {
620 qint64 nResult=0;
621
622 if(is64())
623 {
624 nResult=read_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfHeapReserve));
625 }
626 else
627 {
628 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeapReserve));
629 }
630
631 return nResult;
632 }
633
getOptionalHeader_SizeOfHeapCommit()634 qint64 XPE::getOptionalHeader_SizeOfHeapCommit()
635 {
636 qint64 nResult=0;
637
638 if(is64())
639 {
640 nResult=read_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfHeapCommit));
641 }
642 else
643 {
644 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeapCommit));
645 }
646
647 return nResult;
648 }
649
getOptionalHeader_LoaderFlags()650 quint32 XPE::getOptionalHeader_LoaderFlags()
651 {
652 quint32 nResult=0;
653
654 if(is64())
655 {
656 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,LoaderFlags));
657 }
658 else
659 {
660 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,LoaderFlags));
661 }
662
663 return nResult;
664 }
665
getOptionalHeader_NumberOfRvaAndSizes()666 quint32 XPE::getOptionalHeader_NumberOfRvaAndSizes()
667 {
668 quint32 nResult=0;
669
670 if(is64())
671 {
672 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,NumberOfRvaAndSizes));
673 }
674 else
675 {
676 nResult=read_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,NumberOfRvaAndSizes));
677 }
678
679 return nResult;
680 }
681
setOptionalHeader_Magic(quint16 nValue)682 void XPE::setOptionalHeader_Magic(quint16 nValue)
683 {
684 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Magic),nValue);
685 }
686
setOptionalHeader_MajorLinkerVersion(quint8 nValue)687 void XPE::setOptionalHeader_MajorLinkerVersion(quint8 nValue)
688 {
689 write_uint8(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorLinkerVersion),nValue);
690 }
691
setOptionalHeader_MinorLinkerVersion(quint8 nValue)692 void XPE::setOptionalHeader_MinorLinkerVersion(quint8 nValue)
693 {
694 write_uint8(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorLinkerVersion),nValue);
695 }
696
setOptionalHeader_SizeOfCode(quint32 nValue)697 void XPE::setOptionalHeader_SizeOfCode(quint32 nValue)
698 {
699 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfCode),nValue);
700 }
701
setOptionalHeader_SizeOfInitializedData(quint32 nValue)702 void XPE::setOptionalHeader_SizeOfInitializedData(quint32 nValue)
703 {
704 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfInitializedData),nValue);
705 }
706
setOptionalHeader_SizeOfUninitializedData(quint32 nValue)707 void XPE::setOptionalHeader_SizeOfUninitializedData(quint32 nValue)
708 {
709 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfUninitializedData),nValue);
710 }
711
setOptionalHeader_AddressOfEntryPoint(quint32 nValue)712 void XPE::setOptionalHeader_AddressOfEntryPoint(quint32 nValue)
713 {
714 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,AddressOfEntryPoint),nValue);
715 }
716
setOptionalHeader_BaseOfCode(quint32 nValue)717 void XPE::setOptionalHeader_BaseOfCode(quint32 nValue)
718 {
719 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,BaseOfCode),nValue);
720 }
721
setOptionalHeader_BaseOfData(quint32 nValue)722 void XPE::setOptionalHeader_BaseOfData(quint32 nValue)
723 {
724 if(is64()) // There is no BaseOfData for PE64
725 {
726 // TODO error string
727 }
728 else
729 {
730 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,BaseOfData),nValue);
731 }
732 }
733
setOptionalHeader_ImageBase(quint64 nValue)734 void XPE::setOptionalHeader_ImageBase(quint64 nValue)
735 {
736 if(is64())
737 {
738 write_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,ImageBase),nValue);
739 }
740 else
741 {
742 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,ImageBase),nValue);
743 }
744 }
745
setOptionalHeader_SectionAlignment(quint32 nValue)746 void XPE::setOptionalHeader_SectionAlignment(quint32 nValue)
747 {
748 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SectionAlignment),nValue);
749 }
750
setOptionalHeader_FileAlignment(quint32 nValue)751 void XPE::setOptionalHeader_FileAlignment(quint32 nValue)
752 {
753 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,FileAlignment),nValue);
754 }
755
setOptionalHeader_MajorOperatingSystemVersion(quint16 nValue)756 void XPE::setOptionalHeader_MajorOperatingSystemVersion(quint16 nValue)
757 {
758 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorOperatingSystemVersion),nValue);
759 }
760
setOptionalHeader_MinorOperatingSystemVersion(quint16 nValue)761 void XPE::setOptionalHeader_MinorOperatingSystemVersion(quint16 nValue)
762 {
763 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorOperatingSystemVersion),nValue);
764 }
765
setOptionalHeader_MajorImageVersion(quint16 nValue)766 void XPE::setOptionalHeader_MajorImageVersion(quint16 nValue)
767 {
768 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorImageVersion),nValue);
769 }
770
setOptionalHeader_MinorImageVersion(quint16 nValue)771 void XPE::setOptionalHeader_MinorImageVersion(quint16 nValue)
772 {
773 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorImageVersion),nValue);
774 }
775
setOptionalHeader_MajorSubsystemVersion(quint16 nValue)776 void XPE::setOptionalHeader_MajorSubsystemVersion(quint16 nValue)
777 {
778 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MajorSubsystemVersion),nValue);
779 }
780
setOptionalHeader_MinorSubsystemVersion(quint16 nValue)781 void XPE::setOptionalHeader_MinorSubsystemVersion(quint16 nValue)
782 {
783 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,MinorSubsystemVersion),nValue);
784 }
785
setOptionalHeader_Win32VersionValue(quint32 nValue)786 void XPE::setOptionalHeader_Win32VersionValue(quint32 nValue)
787 {
788 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Win32VersionValue),nValue);
789 }
790
setOptionalHeader_SizeOfImage(quint32 nValue)791 void XPE::setOptionalHeader_SizeOfImage(quint32 nValue)
792 {
793 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfImage),nValue);
794 }
795
setOptionalHeader_SizeOfHeaders(quint32 nValue)796 void XPE::setOptionalHeader_SizeOfHeaders(quint32 nValue)
797 {
798 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeaders),nValue);
799 }
800
setOptionalHeader_CheckSum(quint32 nValue)801 void XPE::setOptionalHeader_CheckSum(quint32 nValue)
802 {
803 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,CheckSum),nValue);
804 }
805
setOptionalHeader_Subsystem(quint16 nValue)806 void XPE::setOptionalHeader_Subsystem(quint16 nValue)
807 {
808 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,Subsystem),nValue);
809 }
810
setOptionalHeader_DllCharacteristics(quint16 nValue)811 void XPE::setOptionalHeader_DllCharacteristics(quint16 nValue)
812 {
813 write_uint16(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DllCharacteristics),nValue);
814 }
815
setOptionalHeader_SizeOfStackReserve(quint64 nValue)816 void XPE::setOptionalHeader_SizeOfStackReserve(quint64 nValue)
817 {
818 if(is64())
819 {
820 write_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfStackReserve),nValue);
821 }
822 else
823 {
824 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfStackReserve),nValue);
825 }
826 }
827
setOptionalHeader_SizeOfStackCommit(quint64 nValue)828 void XPE::setOptionalHeader_SizeOfStackCommit(quint64 nValue)
829 {
830 if(is64())
831 {
832 write_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfStackCommit),nValue);
833 }
834 else
835 {
836 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfStackCommit),nValue);
837 }
838 }
839
setOptionalHeader_SizeOfHeapReserve(quint64 nValue)840 void XPE::setOptionalHeader_SizeOfHeapReserve(quint64 nValue)
841 {
842 if(is64())
843 {
844 write_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfHeapReserve),nValue);
845 }
846 else
847 {
848 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeapReserve),nValue);
849 }
850 }
851
setOptionalHeader_SizeOfHeapCommit(quint64 nValue)852 void XPE::setOptionalHeader_SizeOfHeapCommit(quint64 nValue)
853 {
854 if(is64())
855 {
856 write_uint64(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,SizeOfHeapCommit),nValue);
857 }
858 else
859 {
860 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,SizeOfHeapCommit),nValue);
861 }
862 }
863
setOptionalHeader_LoaderFlags(quint32 nValue)864 void XPE::setOptionalHeader_LoaderFlags(quint32 nValue)
865 {
866 if(is64())
867 {
868 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,LoaderFlags),nValue);
869 }
870 else
871 {
872 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,LoaderFlags),nValue);
873 }
874 }
875
setOptionalHeader_NumberOfRvaAndSizes(quint32 nValue)876 void XPE::setOptionalHeader_NumberOfRvaAndSizes(quint32 nValue)
877 {
878 if(is64())
879 {
880 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,NumberOfRvaAndSizes),nValue);
881 }
882 else
883 {
884 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,NumberOfRvaAndSizes),nValue);
885 }
886 }
887
read_IMAGE_DATA_DIRECTORY(qint64 nOffset)888 XPE_DEF::IMAGE_DATA_DIRECTORY XPE::read_IMAGE_DATA_DIRECTORY(qint64 nOffset)
889 {
890 XPE_DEF::IMAGE_DATA_DIRECTORY result={};
891
892 result.VirtualAddress=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,VirtualAddress));
893 result.Size=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,Size));
894
895 return result;
896 }
897
write_IMAGE_DATA_DIRECTORY(qint64 nOffset,XPE_DEF::IMAGE_DATA_DIRECTORY * pDataDirectory)898 void XPE::write_IMAGE_DATA_DIRECTORY(qint64 nOffset, XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory)
899 {
900 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,VirtualAddress),pDataDirectory->VirtualAddress);
901 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,Size),pDataDirectory->Size);
902 }
903
getOptionalHeader_DataDirectory(quint32 nNumber)904 XPE_DEF::IMAGE_DATA_DIRECTORY XPE::getOptionalHeader_DataDirectory(quint32 nNumber)
905 {
906 XPE_DEF::IMAGE_DATA_DIRECTORY result={};
907
908 // if(nNumber<getOptionalHeader_NumberOfRvaAndSizes()) // There are some protectors with false NumberOfRvaAndSizes
909 if(nNumber<16)
910 {
911 if(is64())
912 {
913 result=read_IMAGE_DATA_DIRECTORY(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY));
914 }
915 else
916 {
917 result=read_IMAGE_DATA_DIRECTORY(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY));
918 }
919 }
920
921 return result;
922 }
923
setOptionalHeader_DataDirectory(quint32 nNumber,XPE_DEF::IMAGE_DATA_DIRECTORY * pDataDirectory)924 void XPE::setOptionalHeader_DataDirectory(quint32 nNumber,XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory)
925 {
926 // if(nNumber<16)
927 if(nNumber<getOptionalHeader_NumberOfRvaAndSizes()) // TODO Check!!!
928 {
929 if(is64())
930 {
931 write_IMAGE_DATA_DIRECTORY(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY),pDataDirectory);
932 }
933 else
934 {
935 write_IMAGE_DATA_DIRECTORY(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY),pDataDirectory);
936 }
937 }
938 }
939
setOptionalHeader_DataDirectory_VirtualAddress(quint32 nNumber,quint32 nValue)940 void XPE::setOptionalHeader_DataDirectory_VirtualAddress(quint32 nNumber, quint32 nValue)
941 {
942 if(nNumber<getOptionalHeader_NumberOfRvaAndSizes())
943 {
944 if(is64())
945 {
946 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY)+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,VirtualAddress),nValue);
947 }
948 else
949 {
950 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY)+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,VirtualAddress),nValue);
951 }
952 }
953 }
954
setOptionalHeader_DataDirectory_Size(quint32 nNumber,quint32 nValue)955 void XPE::setOptionalHeader_DataDirectory_Size(quint32 nNumber, quint32 nValue)
956 {
957 if(nNumber<getOptionalHeader_NumberOfRvaAndSizes())
958 {
959 if(is64())
960 {
961 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY)+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,Size),nValue);
962 }
963 else
964 {
965 write_uint32(getOptionalHeaderOffset()+offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory)+nNumber*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY)+offsetof(XPE_DEF::IMAGE_DATA_DIRECTORY,Size),nValue);
966 }
967 }
968 }
969
clearOptionalHeader_DataDirectory(quint32 nNumber)970 void XPE::clearOptionalHeader_DataDirectory(quint32 nNumber)
971 {
972 XPE_DEF::IMAGE_DATA_DIRECTORY dd={};
973
974 setOptionalHeader_DataDirectory(nNumber,&dd);
975 }
976
isOptionalHeader_DataDirectoryPresent(quint32 nNumber)977 bool XPE::isOptionalHeader_DataDirectoryPresent(quint32 nNumber)
978 {
979 XPE_DEF::IMAGE_DATA_DIRECTORY dd=getOptionalHeader_DataDirectory(nNumber);
980
981 // return (dd.Size)&&(dd.VirtualAddress)&&(isAddressValid(dd.VirtualAddress+getBaseAddress())); // TODO Check
982 // return (dd.Size)&&(dd.VirtualAddress);
983 // TODO more checks
984 return (dd.VirtualAddress);
985 }
986
getDirectories()987 QList<XPE_DEF::IMAGE_DATA_DIRECTORY> XPE::getDirectories()
988 {
989 QList<XPE_DEF::IMAGE_DATA_DIRECTORY> listResult;
990
991 int nNumberNumberOfRvaAndSizes=getOptionalHeader_NumberOfRvaAndSizes();
992 nNumberNumberOfRvaAndSizes=qMin(nNumberNumberOfRvaAndSizes,16);
993
994 qint64 nDirectoriesOffset=getOptionalHeaderOffset();
995
996 if(is64())
997 {
998 nDirectoriesOffset+=offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory);
999 }
1000 else
1001 {
1002 nDirectoriesOffset+=offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory);
1003 }
1004
1005 for(int i=0; i<nNumberNumberOfRvaAndSizes; i++)
1006 {
1007 XPE_DEF::IMAGE_DATA_DIRECTORY record={};
1008
1009 read_array(nDirectoriesOffset+i*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY),(char *)&record,sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY));
1010
1011 listResult.append(record);
1012 }
1013
1014 return listResult;
1015 }
1016
setDirectories(QList<XPE_DEF::IMAGE_DATA_DIRECTORY> * pListDirectories)1017 void XPE::setDirectories(QList<XPE_DEF::IMAGE_DATA_DIRECTORY> *pListDirectories)
1018 {
1019 int nNumberOfRvaAndSizes=getOptionalHeader_NumberOfRvaAndSizes();
1020 nNumberOfRvaAndSizes=qMin(nNumberOfRvaAndSizes,16);
1021
1022 qint64 nDirectoriesOffset=getOptionalHeaderOffset();
1023
1024 if(is64())
1025 {
1026 nDirectoriesOffset+=offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER64,DataDirectory);
1027 }
1028 else
1029 {
1030 nDirectoriesOffset+=offsetof(XPE_DEF::IMAGE_OPTIONAL_HEADER32,DataDirectory);
1031 }
1032
1033 for(int i=0; i<nNumberOfRvaAndSizes; i++)
1034 {
1035 write_array(nDirectoriesOffset+i*sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY),(char *)&(pListDirectories->at(i)),sizeof(XPE_DEF::IMAGE_DATA_DIRECTORY));
1036 }
1037 }
1038
getDataDirectoryOffset(quint32 nNumber)1039 qint64 XPE::getDataDirectoryOffset(quint32 nNumber)
1040 {
1041 _MEMORY_MAP memoryMap=getMemoryMap();
1042
1043 return getDataDirectoryOffset(&memoryMap,nNumber);
1044 }
1045
getDataDirectoryOffset(XBinary::_MEMORY_MAP * pMemoryMap,quint32 nNumber)1046 qint64 XPE::getDataDirectoryOffset(XBinary::_MEMORY_MAP *pMemoryMap, quint32 nNumber)
1047 {
1048 qint64 nResult=-1;
1049
1050 XPE_DEF::IMAGE_DATA_DIRECTORY dataResources=getOptionalHeader_DataDirectory(nNumber);
1051
1052 if(dataResources.VirtualAddress)
1053 {
1054 nResult=addressToOffset(pMemoryMap,dataResources.VirtualAddress+pMemoryMap->nModuleAddress);
1055 }
1056
1057 return nResult;
1058 }
1059
getDataDirectory(quint32 nNumber)1060 QByteArray XPE::getDataDirectory(quint32 nNumber)
1061 {
1062 _MEMORY_MAP memoryMap=getMemoryMap();
1063
1064 return getDataDirectory(&memoryMap,nNumber);
1065 }
1066
getDataDirectory(XBinary::_MEMORY_MAP * pMemoryMap,quint32 nNumber)1067 QByteArray XPE::getDataDirectory(XBinary::_MEMORY_MAP *pMemoryMap, quint32 nNumber)
1068 {
1069 QByteArray baResult;
1070
1071 XPE_DEF::IMAGE_DATA_DIRECTORY dataDirectory=getOptionalHeader_DataDirectory(nNumber);
1072
1073 if(dataDirectory.VirtualAddress)
1074 {
1075 qint64 nOffset=addressToOffset(pMemoryMap,dataDirectory.VirtualAddress+pMemoryMap->nModuleAddress);
1076
1077 if(nOffset!=-1)
1078 {
1079 baResult=read_array(nOffset,dataDirectory.Size);
1080 }
1081 }
1082
1083 return baResult;
1084 }
1085
getSectionsTableOffset()1086 qint64 XPE::getSectionsTableOffset()
1087 {
1088 qint64 nResult=-1;
1089
1090 qint64 nOptionalHeaderOffset=getOptionalHeaderOffset();
1091
1092 if(nOptionalHeaderOffset!=-1)
1093 {
1094 nResult=nOptionalHeaderOffset+getFileHeader_SizeOfOptionalHeader();
1095 }
1096
1097 return nResult;
1098 }
1099
getSectionHeaderOffset(quint32 nNumber)1100 qint64 XPE::getSectionHeaderOffset(quint32 nNumber)
1101 {
1102 qint64 nResult=-1;
1103
1104 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1105
1106 if(nNumber<nNumberOfSections)
1107 {
1108 qint64 nSectionsTableOffset=getSectionsTableOffset();
1109
1110 if(nSectionsTableOffset!=-1)
1111 {
1112 nResult=nSectionsTableOffset+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER);
1113 }
1114 }
1115
1116 return nResult;
1117 }
1118
getSectionHeaderSize()1119 qint64 XPE::getSectionHeaderSize()
1120 {
1121 return sizeof(XPE_DEF::IMAGE_SECTION_HEADER);
1122 }
1123
isSectionsTablePresent()1124 bool XPE::isSectionsTablePresent()
1125 {
1126 return (bool)getFileHeader_NumberOfSections();
1127 }
1128
getSectionHeader(quint32 nNumber)1129 XPE_DEF::IMAGE_SECTION_HEADER XPE::getSectionHeader(quint32 nNumber)
1130 {
1131 // TODO
1132 XPE_DEF::IMAGE_SECTION_HEADER result={};
1133
1134 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1135
1136 if(nNumber<nNumberOfSections)
1137 {
1138 // TODO
1139 read_array(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER),(char *)&result,sizeof(XPE_DEF::IMAGE_SECTION_HEADER));
1140 }
1141
1142 return result;
1143 }
1144
setSectionHeader(quint32 nNumber,XPE_DEF::IMAGE_SECTION_HEADER * pSectionHeader)1145 void XPE::setSectionHeader(quint32 nNumber, XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader)
1146 {
1147 // TODO
1148 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1149
1150 if(nNumber<nNumberOfSections)
1151 {
1152 write_array(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER),(char *)pSectionHeader,sizeof(XPE_DEF::IMAGE_SECTION_HEADER));
1153 }
1154 }
1155
getSectionHeaders()1156 QList<XPE_DEF::IMAGE_SECTION_HEADER> XPE::getSectionHeaders()
1157 {
1158 QList<XPE_DEF::IMAGE_SECTION_HEADER> listResult;
1159
1160 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1161 qint64 nSectionOffset=getSectionsTableOffset();
1162
1163 // Fix
1164 if(nNumberOfSections>100) // TODO const
1165 {
1166 nNumberOfSections=100;
1167 }
1168
1169 for(int i=0; i<(int)nNumberOfSections; i++)
1170 {
1171 XPE_DEF::IMAGE_SECTION_HEADER record={};
1172
1173 read_array(nSectionOffset+i*sizeof(XPE_DEF::IMAGE_SECTION_HEADER),(char *)&record,sizeof(XPE_DEF::IMAGE_SECTION_HEADER));
1174
1175 listResult.append(record);
1176 }
1177
1178 return listResult;
1179 }
1180
getSectionRecords(QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders,bool bIsImage)1181 QList<XPE::SECTION_RECORD> XPE::getSectionRecords(QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders, bool bIsImage)
1182 {
1183 QList<SECTION_RECORD> listResult;
1184
1185 int nNumberOfSections=pListSectionHeaders->count();
1186
1187 for(int i=0; i<nNumberOfSections; i++)
1188 {
1189 SECTION_RECORD record={};
1190
1191 record.sName=QString((char *)pListSectionHeaders->at(i).Name);
1192 record.sName.resize(qMin(record.sName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
1193
1194 if(bIsImage)
1195 {
1196 record.nOffset=pListSectionHeaders->at(i).VirtualAddress;
1197 }
1198 else
1199 {
1200 record.nOffset=pListSectionHeaders->at(i).PointerToRawData;
1201 }
1202 record.nRVA=pListSectionHeaders->at(i).VirtualAddress;
1203
1204 record.nSize=pListSectionHeaders->at(i).SizeOfRawData;
1205 record.nCharacteristics=pListSectionHeaders->at(i).Characteristics;
1206
1207 listResult.append(record);
1208 }
1209
1210 return listResult;
1211 }
1212
getSectionNames(QList<XPE::SECTION_RECORD> * pListSectionRecords)1213 QList<QString> XPE::getSectionNames(QList<XPE::SECTION_RECORD> *pListSectionRecords)
1214 {
1215 QList<QString> listResult;
1216
1217 int nNumberOfSections=pListSectionRecords->count();
1218
1219 for(int i=0; i<nNumberOfSections; i++)
1220 {
1221 listResult.append(pListSectionRecords->at(i).sName);
1222 }
1223
1224 return listResult;
1225 }
1226
getSectionRVARecords()1227 QList<XPE::SECTIONRVA_RECORD> XPE::getSectionRVARecords()
1228 {
1229 QList<SECTIONRVA_RECORD> listResult;
1230
1231 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSH=getSectionHeaders();
1232 qint32 nSectionAlignment=getOptionalHeader_SectionAlignment();
1233
1234 int nNumberOfSections=listSH.count();
1235
1236 for(int i=0; i<nNumberOfSections; i++)
1237 {
1238 SECTIONRVA_RECORD record={};
1239
1240 record.nRVA=listSH.at(i).VirtualAddress;
1241 record.nSize=S_ALIGN_UP(listSH.at(i).Misc.VirtualSize,nSectionAlignment);
1242 record.nCharacteristics=listSH.at(i).Characteristics;
1243
1244 listResult.append(record);
1245 }
1246
1247 return listResult;
1248 }
1249
getSection_NameAsString(quint32 nNumber)1250 QString XPE::getSection_NameAsString(quint32 nNumber)
1251 {
1252 QString sResult;
1253
1254 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1255
1256 char cBuffer[9]={0};
1257
1258 if(nNumber<nNumberOfSections)
1259 {
1260 XBinary::read_array(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Name),cBuffer,8);
1261 }
1262
1263 sResult.append(cBuffer);
1264
1265 return sResult;
1266 }
1267
getSection_VirtualSize(quint32 nNumber)1268 quint32 XPE::getSection_VirtualSize(quint32 nNumber)
1269 {
1270 quint32 nResult=0;
1271
1272 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1273
1274 if(nNumber<nNumberOfSections)
1275 {
1276 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Misc.VirtualSize));
1277 }
1278
1279 return nResult;
1280 }
1281
getSection_VirtualAddress(quint32 nNumber)1282 quint32 XPE::getSection_VirtualAddress(quint32 nNumber)
1283 {
1284 quint32 nResult=0;
1285
1286 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1287
1288 if(nNumber<nNumberOfSections)
1289 {
1290 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,VirtualAddress));
1291 }
1292
1293 return nResult;
1294 }
1295
getSection_SizeOfRawData(quint32 nNumber)1296 quint32 XPE::getSection_SizeOfRawData(quint32 nNumber)
1297 {
1298 quint32 nResult=0;
1299
1300 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1301
1302 if(nNumber<nNumberOfSections)
1303 {
1304 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,SizeOfRawData));
1305 }
1306
1307 return nResult;
1308 }
1309
getSection_PointerToRawData(quint32 nNumber)1310 quint32 XPE::getSection_PointerToRawData(quint32 nNumber)
1311 {
1312 quint32 nResult=0;
1313
1314 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1315
1316 if(nNumber<nNumberOfSections)
1317 {
1318 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToRawData));
1319 }
1320
1321 return nResult;
1322 }
1323
getSection_PointerToRelocations(quint32 nNumber)1324 quint32 XPE::getSection_PointerToRelocations(quint32 nNumber)
1325 {
1326 quint32 nResult=0;
1327
1328 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1329
1330 if(nNumber<nNumberOfSections)
1331 {
1332 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToRelocations));
1333 }
1334
1335 return nResult;
1336 }
1337
getSection_PointerToLinenumbers(quint32 nNumber)1338 quint32 XPE::getSection_PointerToLinenumbers(quint32 nNumber)
1339 {
1340 quint32 nResult=0;
1341
1342 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1343
1344 if(nNumber<nNumberOfSections)
1345 {
1346 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToLinenumbers));
1347 }
1348
1349 return nResult;
1350 }
1351
getSection_NumberOfRelocations(quint32 nNumber)1352 quint16 XPE::getSection_NumberOfRelocations(quint32 nNumber)
1353 {
1354 quint16 nResult=0;
1355
1356 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1357
1358 if(nNumber<nNumberOfSections)
1359 {
1360 nResult=read_uint16(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,NumberOfRelocations));
1361 }
1362
1363 return nResult;
1364 }
1365
getSection_NumberOfLinenumbers(quint32 nNumber)1366 quint16 XPE::getSection_NumberOfLinenumbers(quint32 nNumber)
1367 {
1368 quint16 nResult=0;
1369
1370 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1371
1372 if(nNumber<nNumberOfSections)
1373 {
1374 nResult=read_uint16(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,NumberOfLinenumbers));
1375 }
1376
1377 return nResult;
1378 }
1379
getSection_Characteristics(quint32 nNumber)1380 quint32 XPE::getSection_Characteristics(quint32 nNumber)
1381 {
1382 quint32 nResult=0;
1383
1384 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1385
1386 if(nNumber<nNumberOfSections)
1387 {
1388 nResult=read_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Characteristics));
1389 }
1390
1391 return nResult;
1392 }
1393
setSection_NameAsString(quint32 nNumber,QString sName)1394 void XPE::setSection_NameAsString(quint32 nNumber, QString sName)
1395 {
1396 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1397
1398 if(nNumber<nNumberOfSections)
1399 {
1400 write_ansiStringFix(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Name),8,sName);
1401 }
1402 }
1403
setSection_VirtualSize(quint32 nNumber,quint32 nValue)1404 void XPE::setSection_VirtualSize(quint32 nNumber, quint32 nValue)
1405 {
1406 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1407
1408 if(nNumber<nNumberOfSections)
1409 {
1410 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Misc.VirtualSize),nValue);
1411 }
1412 }
1413
setSection_VirtualAddress(quint32 nNumber,quint32 nValue)1414 void XPE::setSection_VirtualAddress(quint32 nNumber, quint32 nValue)
1415 {
1416 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1417
1418 if(nNumber<nNumberOfSections)
1419 {
1420 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,VirtualAddress),nValue);
1421 }
1422 }
1423
setSection_SizeOfRawData(quint32 nNumber,quint32 nValue)1424 void XPE::setSection_SizeOfRawData(quint32 nNumber, quint32 nValue)
1425 {
1426 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1427
1428 if(nNumber<nNumberOfSections)
1429 {
1430 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,SizeOfRawData),nValue);
1431 }
1432 }
1433
setSection_PointerToRawData(quint32 nNumber,quint32 nValue)1434 void XPE::setSection_PointerToRawData(quint32 nNumber, quint32 nValue)
1435 {
1436 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1437
1438 if(nNumber<nNumberOfSections)
1439 {
1440 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToRawData),nValue);
1441 }
1442 }
1443
setSection_PointerToRelocations(quint32 nNumber,quint32 nValue)1444 void XPE::setSection_PointerToRelocations(quint32 nNumber, quint32 nValue)
1445 {
1446 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1447
1448 if(nNumber<nNumberOfSections)
1449 {
1450 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToRelocations),nValue);
1451 }
1452 }
1453
setSection_PointerToLinenumbers(quint32 nNumber,quint32 nValue)1454 void XPE::setSection_PointerToLinenumbers(quint32 nNumber, quint32 nValue)
1455 {
1456 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1457
1458 if(nNumber<nNumberOfSections)
1459 {
1460 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,PointerToLinenumbers),nValue);
1461 }
1462 }
1463
setSection_NumberOfRelocations(quint32 nNumber,quint16 nValue)1464 void XPE::setSection_NumberOfRelocations(quint32 nNumber, quint16 nValue)
1465 {
1466 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1467
1468 if(nNumber<nNumberOfSections)
1469 {
1470 write_uint16(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,NumberOfRelocations),nValue);
1471 }
1472 }
1473
setSection_NumberOfLinenumbers(quint32 nNumber,quint16 nValue)1474 void XPE::setSection_NumberOfLinenumbers(quint32 nNumber, quint16 nValue)
1475 {
1476 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1477
1478 if(nNumber<nNumberOfSections)
1479 {
1480 write_uint16(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,NumberOfLinenumbers),nValue);
1481 }
1482 }
1483
setSection_Characteristics(quint32 nNumber,quint32 nValue)1484 void XPE::setSection_Characteristics(quint32 nNumber, quint32 nValue)
1485 {
1486 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
1487
1488 if(nNumber<nNumberOfSections)
1489 {
1490 write_uint32(getSectionsTableOffset()+nNumber*sizeof(XPE_DEF::IMAGE_SECTION_HEADER)+offsetof(XPE_DEF::IMAGE_SECTION_HEADER,Characteristics),nValue);
1491 }
1492 }
1493
getSection_NameAsString(quint32 nNumber,QList<QString> * pListSectionNameStrings)1494 QString XPE::getSection_NameAsString(quint32 nNumber, QList<QString> *pListSectionNameStrings)
1495 {
1496 QString sResult;
1497
1498 if(nNumber<(quint32)pListSectionNameStrings->count())
1499 {
1500 sResult=pListSectionNameStrings->at(nNumber);
1501 }
1502
1503 return sResult;
1504 }
1505
getSection_VirtualSize(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1506 quint32 XPE::getSection_VirtualSize(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1507 {
1508 quint32 nResult=0;
1509
1510 if(nNumber<(quint32)pListSectionHeaders->count())
1511 {
1512 nResult=pListSectionHeaders->at(nNumber).Misc.VirtualSize;
1513 }
1514
1515 return nResult;
1516 }
1517
getSection_VirtualAddress(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1518 quint32 XPE::getSection_VirtualAddress(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1519 {
1520 quint32 nResult=0;
1521
1522 if(nNumber<(quint32)pListSectionHeaders->count())
1523 {
1524 nResult=pListSectionHeaders->at(nNumber).VirtualAddress;
1525 }
1526
1527 return nResult;
1528 }
1529
getSection_SizeOfRawData(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1530 quint32 XPE::getSection_SizeOfRawData(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1531 {
1532 quint32 nResult=0;
1533
1534 if(nNumber<(quint32)pListSectionHeaders->count())
1535 {
1536 nResult=pListSectionHeaders->at(nNumber).SizeOfRawData;
1537 }
1538
1539 return nResult;
1540 }
1541
getSection_PointerToRawData(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1542 quint32 XPE::getSection_PointerToRawData(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1543 {
1544 quint32 nResult=0;
1545
1546 if(nNumber<(quint32)pListSectionHeaders->count())
1547 {
1548 nResult=pListSectionHeaders->at(nNumber).PointerToRawData;
1549 }
1550
1551 return nResult;
1552 }
1553
getSection_PointerToRelocations(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1554 quint32 XPE::getSection_PointerToRelocations(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1555 {
1556 quint32 nResult=0;
1557
1558 if(nNumber<(quint32)pListSectionHeaders->count())
1559 {
1560 nResult=pListSectionHeaders->at(nNumber).PointerToRelocations;
1561 }
1562
1563 return nResult;
1564 }
1565
getSection_PointerToLinenumbers(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1566 quint32 XPE::getSection_PointerToLinenumbers(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1567 {
1568 quint32 nResult=0;
1569
1570 if(nNumber<(quint32)pListSectionHeaders->count())
1571 {
1572 nResult=pListSectionHeaders->at(nNumber).PointerToLinenumbers;
1573 }
1574
1575 return nResult;
1576 }
1577
getSection_NumberOfRelocations(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1578 quint16 XPE::getSection_NumberOfRelocations(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1579 {
1580 quint16 nResult=0;
1581
1582 if(nNumber<(quint32)pListSectionHeaders->count())
1583 {
1584 nResult=pListSectionHeaders->at(nNumber).NumberOfRelocations;
1585 }
1586
1587 return nResult;
1588 }
1589
getSection_NumberOfLinenumbers(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1590 quint16 XPE::getSection_NumberOfLinenumbers(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1591 {
1592 quint16 nResult=0;
1593
1594 if(nNumber<(quint32)pListSectionHeaders->count())
1595 {
1596 nResult=pListSectionHeaders->at(nNumber).NumberOfLinenumbers;
1597 }
1598
1599 return nResult;
1600 }
1601
getSection_Characteristics(quint32 nNumber,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1602 quint32 XPE::getSection_Characteristics(quint32 nNumber, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1603 {
1604 quint32 nResult=0;
1605
1606 if(nNumber<(quint32)pListSectionHeaders->count())
1607 {
1608 nResult=pListSectionHeaders->at(nNumber).Characteristics;
1609 }
1610
1611 return nResult;
1612 }
1613
isSectionNamePresent(QString sSectionName)1614 bool XPE::isSectionNamePresent(QString sSectionName)
1615 {
1616 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSectionHeaders=getSectionHeaders();
1617
1618 return isSectionNamePresent(sSectionName,&listSectionHeaders);
1619 }
1620
isSectionNamePresent(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1621 bool XPE::isSectionNamePresent(QString sSectionName, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1622 {
1623 bool bResult=false;
1624
1625 int nNumberOfSections=pListSectionHeaders->count();
1626
1627 for(int i=0; i<nNumberOfSections; i++)
1628 {
1629 QString _sSectionName=QString((char *)pListSectionHeaders->at(i).Name);
1630 _sSectionName.resize(qMin(_sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
1631
1632 if(_sSectionName==sSectionName)
1633 {
1634 bResult=true;
1635 break;
1636 }
1637 }
1638
1639 return bResult;
1640 }
1641
getSectionByName(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1642 XPE_DEF::IMAGE_SECTION_HEADER XPE::getSectionByName(QString sSectionName, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1643 {
1644 XPE_DEF::IMAGE_SECTION_HEADER result={};
1645
1646 int nNumberOfSections=pListSectionHeaders->count();
1647
1648 for(int i=0; i<nNumberOfSections; i++)
1649 {
1650 QString _sSectionName=QString((char *)pListSectionHeaders->at(i).Name);
1651 _sSectionName.resize(qMin(_sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
1652
1653 if(_sSectionName==sSectionName)
1654 {
1655 result=pListSectionHeaders->at(i);
1656
1657 break;
1658 }
1659 }
1660
1661 return result;
1662 }
1663
getSectionRecordByName(QString sSectionName,QList<SECTION_RECORD> * pListSectionRecords)1664 XPE::SECTION_RECORD XPE::getSectionRecordByName(QString sSectionName, QList<SECTION_RECORD> *pListSectionRecords)
1665 {
1666 SECTION_RECORD result={};
1667
1668 int nNumberOfSections=pListSectionRecords->count();
1669
1670 for(int i=0; i<nNumberOfSections; i++)
1671 {
1672 if(pListSectionRecords->at(i).sName==sSectionName)
1673 {
1674 result=pListSectionRecords->at(i);
1675
1676 break;
1677 }
1678 }
1679
1680 return result;
1681 }
1682
getSectionNumber(QString sSectionName)1683 qint32 XPE::getSectionNumber(QString sSectionName)
1684 {
1685 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSectionHeaders=getSectionHeaders();
1686
1687 return getSectionNumber(sSectionName,&listSectionHeaders);
1688 }
1689
getSectionNumber(QString sSectionName,QList<XPE_DEF::IMAGE_SECTION_HEADER> * pListSectionHeaders)1690 qint32 XPE::getSectionNumber(QString sSectionName, QList<XPE_DEF::IMAGE_SECTION_HEADER> *pListSectionHeaders)
1691 {
1692 qint32 nResult=-1;
1693
1694 int nNumberOfSections=pListSectionHeaders->count();
1695
1696 for(int i=0; i<nNumberOfSections; i++)
1697 {
1698 QString _sSectionName=QString((char *)pListSectionHeaders->at(i).Name);
1699 _sSectionName.resize(qMin(_sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
1700
1701 if(_sSectionName==sSectionName)
1702 {
1703 nResult=i;
1704 break;
1705 }
1706 }
1707
1708 return nResult;
1709 }
1710
isImportPresent()1711 bool XPE::isImportPresent()
1712 {
1713 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
1714 }
1715
getMemoryMap()1716 XBinary::_MEMORY_MAP XPE::getMemoryMap()
1717 {
1718 _MEMORY_MAP result={};
1719
1720 qint32 nIndex=0;
1721
1722 result.mode=getMode();
1723
1724 if(result.mode==MODE_64)
1725 {
1726 result.fileType=FT_PE64;
1727 }
1728 else
1729 {
1730 result.fileType=FT_PE32;
1731 }
1732
1733 result.sArch=getArch();
1734 result.bIsBigEndian=isBigEndian();
1735 result.sType=getTypeAsString();
1736
1737 result.nModuleAddress=getModuleAddress();
1738 result.nRawSize=getSize();
1739 result.nImageSize=S_ALIGN_UP(getOptionalHeader_SizeOfImage(),0x1000);
1740
1741 quint32 nNumberOfSections=qMin((int)getFileHeader_NumberOfSections(),100); // TODO const
1742 quint32 nFileAlignment=getOptionalHeader_FileAlignment(); // TODO Check mb qint64
1743 quint32 nSectionAlignment=getOptionalHeader_SectionAlignment(); // TODO Check mb qint64
1744 //qint64 nBaseAddress=getOptionalHeader_ImageBase();
1745 quint32 nHeadersSize=getOptionalHeader_SizeOfHeaders(); // mb TODO calc for UPX
1746
1747 if(nFileAlignment>0x10000) // Invalid file
1748 {
1749 nFileAlignment=0x200;
1750 }
1751
1752 if(nSectionAlignment>0x10000) // Invalid file
1753 {
1754 nSectionAlignment=0x1000;
1755 }
1756
1757 if(nHeadersSize>(quint64)getSize())
1758 {
1759 nHeadersSize=(quint32)getSize();
1760 }
1761
1762 if(nFileAlignment==nSectionAlignment)
1763 {
1764 nFileAlignment=1;
1765 }
1766
1767 quint32 nVirtualSizeofHeaders=S_ALIGN_UP(nHeadersSize,nSectionAlignment);
1768 qint64 nMaxOffset=0;
1769
1770 // Check Format
1771 bool bValid=false;
1772
1773 if(nHeadersSize!=0)
1774 {
1775 bValid=true;
1776 }
1777
1778 if(bValid)
1779 {
1780 _MEMORY_RECORD recordHeaderRaw={};
1781
1782 QString sHeaderName=QString("PE %1").arg(tr("Header"));
1783
1784 if(!isImage())
1785 {
1786 recordHeaderRaw.type=MMT_HEADER;
1787 recordHeaderRaw.nAddress=result.nModuleAddress;
1788 recordHeaderRaw.segment=ADDRESS_SEGMENT_FLAT;
1789 recordHeaderRaw.nOffset=0;
1790 recordHeaderRaw.nSize=nHeadersSize;
1791 recordHeaderRaw.sName=sHeaderName;
1792 recordHeaderRaw.nIndex=nIndex++;
1793
1794 result.listRecords.append(recordHeaderRaw);
1795
1796 if(nVirtualSizeofHeaders-nHeadersSize)
1797 {
1798 _MEMORY_RECORD record={};
1799 record.type=MMT_HEADER;
1800 record.bIsVirtual=true;
1801
1802 record.nAddress=result.nModuleAddress+nHeadersSize;
1803 recordHeaderRaw.segment=ADDRESS_SEGMENT_FLAT;
1804 record.nOffset=-1;
1805 record.nSize=nVirtualSizeofHeaders-nHeadersSize;
1806 record.sName=sHeaderName;
1807 record.nIndex=nIndex++;
1808
1809 result.listRecords.append(record);
1810 }
1811 }
1812 else
1813 {
1814 recordHeaderRaw.type=MMT_HEADER;
1815 recordHeaderRaw.nAddress=result.nModuleAddress;
1816 recordHeaderRaw.segment=ADDRESS_SEGMENT_FLAT;
1817 recordHeaderRaw.nOffset=0;
1818 recordHeaderRaw.nSize=nVirtualSizeofHeaders;
1819 recordHeaderRaw.sName=sHeaderName;
1820 recordHeaderRaw.nIndex=nIndex++;
1821
1822 result.listRecords.append(recordHeaderRaw);
1823 }
1824
1825 nMaxOffset=recordHeaderRaw.nSize;
1826
1827 for(quint32 i=0; i<nNumberOfSections; i++)
1828 {
1829 XPE_DEF::IMAGE_SECTION_HEADER section=getSectionHeader(i);
1830
1831 // TODO for corrupted files
1832 if(section.SizeOfRawData>result.nRawSize)
1833 {
1834 break; // TODO
1835 }
1836
1837 qint64 nFileOffset=section.PointerToRawData;
1838 //
1839 nFileOffset=S_ALIGN_DOWN(nFileOffset,nFileAlignment);
1840 // qint64 nFileSize=__ALIGN_UP(section.SizeOfRawData,nFileAlignment);
1841 qint64 nFileSize=section.SizeOfRawData+(section.PointerToRawData-nFileOffset);
1842 qint64 nVirtualAddress=result.nModuleAddress+section.VirtualAddress;
1843 qint64 nVirtualSize=S_ALIGN_UP(section.Misc.VirtualSize,nSectionAlignment);
1844
1845 if(!isImage())
1846 {
1847 if(nFileSize)
1848 {
1849 nMaxOffset=qMax(nMaxOffset,(qint64)(nFileOffset+nFileSize));
1850 }
1851 }
1852 else
1853 {
1854 if(nVirtualSize)
1855 {
1856 nMaxOffset=qMax(nMaxOffset,(qint64)(nVirtualAddress+nVirtualSize));
1857 }
1858 }
1859
1860 QString _sSectionName=QString((char *)section.Name);
1861
1862 if(_sSectionName.size()>8)
1863 {
1864 _sSectionName.resize(8);
1865 }
1866
1867 QString sSectionName=QString("%1(%2)['%3']").arg(tr("Section"),QString::number(i),_sSectionName);
1868
1869 if(!isImage())
1870 {
1871 if(nFileSize)
1872 {
1873 _MEMORY_RECORD record={};
1874
1875 record.type=MMT_LOADSEGMENT;
1876 record.nLoadSection=i;
1877 record.segment=ADDRESS_SEGMENT_FLAT;
1878 record.nAddress=nVirtualAddress;
1879 record.nOffset=nFileOffset;
1880 record.nSize=nFileSize;
1881 record.sName=sSectionName;
1882 record.nIndex=nIndex++;
1883
1884 result.listRecords.append(record);
1885 }
1886
1887 if(nVirtualSize-nFileSize)
1888 {
1889 _MEMORY_RECORD record={};
1890 record.bIsVirtual=true;
1891
1892 record.type=MMT_LOADSEGMENT;
1893 record.nLoadSection=i;
1894 record.segment=ADDRESS_SEGMENT_FLAT;
1895 record.nAddress=nVirtualAddress+nFileSize;
1896 record.nOffset=-1;
1897 record.nSize=nVirtualSize-nFileSize;
1898 record.sName=sSectionName;
1899 record.nIndex=nIndex++;
1900
1901 result.listRecords.append(record);
1902 }
1903 }
1904 else
1905 {
1906 _MEMORY_RECORD record={};
1907
1908 record.type=MMT_LOADSEGMENT;
1909 record.nLoadSection=i;
1910 record.segment=ADDRESS_SEGMENT_FLAT;
1911 record.nAddress=nVirtualAddress;
1912 record.nOffset=nVirtualAddress-result.nModuleAddress;
1913 record.nSize=nVirtualSize;
1914 record.sName=sSectionName;
1915 record.nIndex=nIndex++;
1916
1917 result.listRecords.append(record);
1918 }
1919 }
1920
1921 if(!isImage())
1922 {
1923 // Overlay;
1924 _MEMORY_RECORD record={};
1925
1926 record.type=MMT_OVERLAY;
1927
1928 record.nAddress=-1;
1929 record.segment=ADDRESS_SEGMENT_UNKNOWN;
1930 record.nOffset=nMaxOffset;
1931
1932 record.nSize=qMax(getSize()-nMaxOffset,(qint64)0);
1933 record.sName=tr("Overlay");
1934 record.nIndex=nIndex++;
1935
1936 if(record.nSize)
1937 {
1938 result.listRecords.append(record);
1939 }
1940 }
1941 }
1942
1943 return result;
1944 }
1945
getBaseAddress()1946 qint64 XPE::getBaseAddress()
1947 {
1948 return (qint64)getOptionalHeader_ImageBase();
1949 }
1950
setBaseAddress(qint64 nBaseAddress)1951 void XPE::setBaseAddress(qint64 nBaseAddress)
1952 {
1953 setOptionalHeader_ImageBase(nBaseAddress);
1954 }
1955
getEntryPointOffset(_MEMORY_MAP * pMemoryMap)1956 qint64 XPE::getEntryPointOffset(_MEMORY_MAP *pMemoryMap)
1957 {
1958 return addressToOffset(pMemoryMap,pMemoryMap->nModuleAddress+getOptionalHeader_AddressOfEntryPoint());
1959 }
1960
setEntryPointOffset(qint64 nEntryPointOffset)1961 void XPE::setEntryPointOffset(qint64 nEntryPointOffset)
1962 {
1963 setOptionalHeader_AddressOfEntryPoint(offsetToAddress(nEntryPointOffset)-getModuleAddress());
1964 }
1965
getImportRecords()1966 QList<XPE::IMPORT_RECORD> XPE::getImportRecords()
1967 {
1968 _MEMORY_MAP memoryMap=getMemoryMap();
1969
1970 return getImportRecords(&memoryMap);
1971 }
1972
getImportRecords(_MEMORY_MAP * pMemoryMap)1973 QList<XPE::IMPORT_RECORD> XPE::getImportRecords(_MEMORY_MAP *pMemoryMap)
1974 {
1975 QList<IMPORT_RECORD> listResult;
1976
1977 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
1978
1979 if(nImportOffset!=-1)
1980 {
1981 bool bIs64=is64(pMemoryMap);
1982
1983 while(true)
1984 {
1985 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
1986
1987 QString sLibrary;
1988
1989 if((iid.Characteristics==0)&&(iid.Name==0))
1990 {
1991 break;
1992 }
1993
1994 qint64 nOffset=addressToOffset(pMemoryMap,iid.Name+pMemoryMap->nModuleAddress);
1995
1996 if(nOffset!=-1)
1997 {
1998 sLibrary=read_ansiString(nOffset);
1999
2000 if(sLibrary=="")
2001 {
2002 break;
2003 }
2004 }
2005 else
2006 {
2007 break; // corrupted
2008 }
2009
2010 qint64 nThunksOffset=-1;
2011 qint64 nRVA=0;
2012
2013 if(iid.OriginalFirstThunk)
2014 {
2015 nThunksOffset=addressToOffset(pMemoryMap,iid.OriginalFirstThunk+pMemoryMap->nModuleAddress);
2016 // nRVA=iid.OriginalFirstThunk;
2017 }
2018 else if((iid.FirstThunk))
2019 {
2020 nThunksOffset=addressToOffset(pMemoryMap,iid.FirstThunk+pMemoryMap->nModuleAddress);
2021 // nRVA=iid.FirstThunk;
2022 }
2023
2024 nRVA=iid.FirstThunk;
2025
2026 if(nThunksOffset==-1)
2027 {
2028 break;
2029 }
2030
2031 while(true)
2032 {
2033 QString sFunction;
2034
2035 if(bIs64)
2036 {
2037 qint64 nThunk64=read_uint64(nThunksOffset);
2038
2039 if(nThunk64==0)
2040 {
2041 break;
2042 }
2043
2044 if(!(nThunk64&0x8000000000000000))
2045 {
2046 qint64 nOffset=addressToOffset(pMemoryMap,nThunk64+pMemoryMap->nModuleAddress);
2047
2048 if(nOffset!=-1)
2049 {
2050 sFunction=read_ansiString(nOffset+2);
2051
2052 if(sFunction=="")
2053 {
2054 break;
2055 }
2056 }
2057 else
2058 {
2059 break;
2060 }
2061 }
2062 else
2063 {
2064 sFunction=QString("%1").arg(nThunk64&0x7FFFFFFFFFFFFFFF);
2065 }
2066 }
2067 else
2068 {
2069 qint64 nThunk32=read_uint32(nThunksOffset);
2070
2071 if(nThunk32==0)
2072 {
2073 break;
2074 }
2075
2076 if(!(nThunk32&0x80000000))
2077 {
2078 qint64 nOffset=addressToOffset(pMemoryMap,nThunk32+pMemoryMap->nModuleAddress);
2079
2080 if(nOffset!=-1)
2081 {
2082 sFunction=read_ansiString(nOffset+2);
2083
2084 if(sFunction=="")
2085 {
2086 break;
2087 }
2088 }
2089 else
2090 {
2091 break;
2092 }
2093 }
2094 else
2095 {
2096 sFunction=QString("%1").arg(nThunk32&0x7FFFFFFF);
2097 }
2098 }
2099
2100 IMPORT_RECORD record;
2101
2102 record.nOffset=nThunksOffset;
2103 record.nRVA=nRVA;
2104 record.sLibrary=sLibrary;
2105 record.sFunction=sFunction;
2106
2107 listResult.append(record);
2108
2109 if(bIs64)
2110 {
2111 nThunksOffset+=8;
2112 nRVA+=8; // quint64
2113 }
2114 else
2115 {
2116 nThunksOffset+=4;
2117 nRVA+=4; // quint32
2118 }
2119 }
2120
2121 nImportOffset+=sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2122 }
2123 }
2124
2125 return listResult;
2126 }
2127
getImportHash64(_MEMORY_MAP * pMemoryMap)2128 quint64 XPE::getImportHash64(_MEMORY_MAP *pMemoryMap)
2129 {
2130 quint64 nResult=0;
2131
2132 QList<IMPORT_RECORD> listImportRecords=getImportRecords(pMemoryMap);
2133
2134 int nNumberOfImports=listImportRecords.count();
2135
2136 for(int i=0;i<nNumberOfImports; i++)
2137 {
2138 QString sRecord=listImportRecords.at(i).sLibrary+" "+listImportRecords.at(i).sFunction;
2139
2140 nResult+=getStringCustomCRC32(sRecord);
2141 }
2142
2143 return nResult;
2144 }
2145
getImportHash32(_MEMORY_MAP * pMemoryMap)2146 quint32 XPE::getImportHash32(_MEMORY_MAP *pMemoryMap)
2147 {
2148 quint64 nResult=0;
2149
2150 QList<IMPORT_RECORD> listImportRecords=getImportRecords(pMemoryMap);
2151
2152 int nNumberOfImports=listImportRecords.count();
2153
2154 QString sRecord;
2155
2156 for(int i=0;i<nNumberOfImports; i++)
2157 {
2158 sRecord+=listImportRecords.at(i).sLibrary+listImportRecords.at(i).sFunction;
2159 }
2160
2161 nResult=getStringCustomCRC32(sRecord);
2162
2163 return nResult;
2164 }
2165
getImportDescriptorOffset(quint32 nNumber)2166 qint64 XPE::getImportDescriptorOffset(quint32 nNumber)
2167 {
2168 qint64 nResult=-1;
2169
2170 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2171
2172 if(nImportOffset!=-1)
2173 {
2174 nResult=nImportOffset+nNumber*sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2175 }
2176
2177 return nResult;
2178 }
2179
getImportDescriptorSize()2180 qint64 XPE::getImportDescriptorSize()
2181 {
2182 return sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2183 }
2184
getImportDescriptors()2185 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> XPE::getImportDescriptors()
2186 {
2187 _MEMORY_MAP memoryMap=getMemoryMap();
2188
2189 return getImportDescriptors(&memoryMap);
2190 }
2191
getImportDescriptors(XBinary::_MEMORY_MAP * pMemoryMap)2192 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> XPE::getImportDescriptors(XBinary::_MEMORY_MAP *pMemoryMap)
2193 {
2194 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> listResult;
2195
2196 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2197
2198 if(nImportOffset!=-1)
2199 {
2200 while(true)
2201 {
2202 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
2203
2204 if((iid.Characteristics==0)&&(iid.Name==0))
2205 {
2206 break;
2207 }
2208
2209 qint64 nOffset=addressToOffset(pMemoryMap,iid.Name+pMemoryMap->nModuleAddress);
2210
2211 if(nOffset!=-1)
2212 {
2213 QString sName=read_ansiString(nOffset);
2214
2215 if(sName=="")
2216 {
2217 break;
2218 }
2219 }
2220 else
2221 {
2222 break; // corrupted
2223 }
2224
2225 listResult.append(iid);
2226
2227 nImportOffset+=sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2228 }
2229 }
2230
2231 return listResult;
2232 }
2233
getImportDescriptorsEx()2234 QList<XPE::IMAGE_IMPORT_DESCRIPTOR_EX> XPE::getImportDescriptorsEx()
2235 {
2236 _MEMORY_MAP memoryMap=getMemoryMap();
2237
2238 return getImportDescriptorsEx(&memoryMap);
2239 }
2240
getImportDescriptorsEx(XBinary::_MEMORY_MAP * pMemoryMap)2241 QList<XPE::IMAGE_IMPORT_DESCRIPTOR_EX> XPE::getImportDescriptorsEx(XBinary::_MEMORY_MAP *pMemoryMap)
2242 {
2243 QList<IMAGE_IMPORT_DESCRIPTOR_EX> listResult;
2244
2245 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2246
2247 if(nImportOffset!=-1)
2248 {
2249 while(true)
2250 {
2251 IMAGE_IMPORT_DESCRIPTOR_EX record={};
2252 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
2253
2254 if((iid.Characteristics==0)&&(iid.Name==0))
2255 {
2256 break;
2257 }
2258
2259 qint64 nOffset=addressToOffset(pMemoryMap,iid.Name+pMemoryMap->nModuleAddress);
2260
2261 if(nOffset!=-1)
2262 {
2263 record.sLibrary=read_ansiString(nOffset);
2264
2265 if(record.sLibrary=="")
2266 {
2267 break;
2268 }
2269 }
2270 else
2271 {
2272 break; // corrupted
2273 }
2274
2275 record.Characteristics=iid.Characteristics;
2276 record.FirstThunk=iid.FirstThunk;
2277 record.ForwarderChain=iid.ForwarderChain;
2278 record.Name=iid.Name;
2279 record.OriginalFirstThunk=iid.OriginalFirstThunk;
2280 record.TimeDateStamp=iid.TimeDateStamp;
2281
2282 listResult.append(record);
2283
2284 nImportOffset+=sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2285 }
2286 }
2287
2288 return listResult;
2289 }
2290
getImportDescriptor(quint32 nNumber)2291 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR XPE::getImportDescriptor(quint32 nNumber)
2292 {
2293 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR result={};
2294
2295 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2296
2297 if(nImportOffset!=-1)
2298 {
2299 nImportOffset+=nNumber*sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2300
2301 result=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
2302 }
2303
2304 return result;
2305 }
2306
setImportDescriptor(quint32 nNumber,XPE_DEF::IMAGE_IMPORT_DESCRIPTOR * pImportDescriptor)2307 void XPE::setImportDescriptor(quint32 nNumber, XPE_DEF::IMAGE_IMPORT_DESCRIPTOR *pImportDescriptor)
2308 {
2309 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2310
2311 if(nImportOffset!=-1)
2312 {
2313 nImportOffset+=nNumber*sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2314
2315 write_IMAGE_IMPORT_DESCRIPTOR(nImportOffset,*pImportDescriptor);
2316 }
2317 }
2318
setImportDescriptor_OriginalFirstThunk(quint32 nNumber,quint32 nValue)2319 void XPE::setImportDescriptor_OriginalFirstThunk(quint32 nNumber, quint32 nValue)
2320 {
2321 qint64 nOffset=getImportDescriptorOffset(nNumber);
2322
2323 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,OriginalFirstThunk),nValue);
2324 }
2325
setImportDescriptor_TimeDateStamp(quint32 nNumber,quint32 nValue)2326 void XPE::setImportDescriptor_TimeDateStamp(quint32 nNumber, quint32 nValue)
2327 {
2328 qint64 nOffset=getImportDescriptorOffset(nNumber);
2329
2330 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,TimeDateStamp),nValue);
2331 }
2332
setImportDescriptor_ForwarderChain(quint32 nNumber,quint32 nValue)2333 void XPE::setImportDescriptor_ForwarderChain(quint32 nNumber, quint32 nValue)
2334 {
2335 qint64 nOffset=getImportDescriptorOffset(nNumber);
2336
2337 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,ForwarderChain),nValue);
2338 }
2339
setImportDescriptor_Name(quint32 nNumber,quint32 nValue)2340 void XPE::setImportDescriptor_Name(quint32 nNumber, quint32 nValue)
2341 {
2342 qint64 nOffset=getImportDescriptorOffset(nNumber);
2343
2344 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,Name),nValue);
2345 }
2346
setImportDescriptor_FirstThunk(quint32 nNumber,quint32 nValue)2347 void XPE::setImportDescriptor_FirstThunk(quint32 nNumber, quint32 nValue)
2348 {
2349 qint64 nOffset=getImportDescriptorOffset(nNumber);
2350
2351 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,FirstThunk),nValue);
2352 }
2353
getImports()2354 QList<XPE::IMPORT_HEADER> XPE::getImports()
2355 {
2356 _MEMORY_MAP memoryMap=getMemoryMap();
2357
2358 return getImports(&memoryMap);
2359 }
2360
getImports(XBinary::_MEMORY_MAP * pMemoryMap)2361 QList<XPE::IMPORT_HEADER> XPE::getImports(XBinary::_MEMORY_MAP *pMemoryMap)
2362 {
2363 QList<IMPORT_HEADER> listResult;
2364
2365 XPE_DEF::IMAGE_DATA_DIRECTORY dataResources=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2366
2367 qint64 nModuleAddress=getModuleAddress();
2368 qint64 nImportOffset=-1;
2369 qint64 nImportOffsetTest=-1;
2370
2371 if(dataResources.VirtualAddress)
2372 {
2373 nImportOffset=addressToOffset(pMemoryMap,dataResources.VirtualAddress+nModuleAddress);
2374 nImportOffsetTest=addressToOffset(pMemoryMap,dataResources.VirtualAddress+nModuleAddress+sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR)-2); // Test for some (Win)Upack stubs
2375 }
2376
2377 if(nImportOffset!=-1)
2378 {
2379 while(true)
2380 {
2381 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
2382
2383 IMPORT_HEADER importHeader={};
2384
2385 if(nImportOffsetTest==-1)
2386 {
2387 iid.FirstThunk&=0x0000FFFF;
2388 }
2389
2390 if((iid.Characteristics==0)&&(iid.Name==0))
2391 {
2392 break;
2393 }
2394
2395 qint64 nOffset=addressToOffset(pMemoryMap,iid.Name+nModuleAddress);
2396
2397 if(nOffset!=-1)
2398 {
2399 importHeader.sName=read_ansiString(nOffset);
2400
2401 if(importHeader.sName=="")
2402 {
2403 break;
2404 }
2405 }
2406 else
2407 {
2408 break; // corrupted
2409 }
2410
2411 qint64 nThunksOffset=-1;
2412 qint64 nThunksRVA=0;
2413 qint64 nThunksOriginalRVA=0;
2414 // qint64 nThunksOriginalOffset=0;
2415
2416 if(iid.OriginalFirstThunk)
2417 {
2418 nThunksRVA=iid.OriginalFirstThunk;
2419 // nRVA=iid.OriginalFirstThunk;
2420 }
2421 else if((iid.FirstThunk))
2422 {
2423 nThunksRVA=iid.FirstThunk;
2424 // nRVA=iid.FirstThunk;
2425 }
2426
2427 nThunksOriginalRVA=iid.FirstThunk;
2428
2429 nThunksOffset=addressToOffset(pMemoryMap,nThunksRVA+nModuleAddress);
2430 // nThunksOriginalOffset=addressToOffset(pMemoryMap,nThunksOriginalRVA+nBaseAddress);
2431
2432 if(nThunksOffset!=-1)
2433 {
2434 importHeader.listPositions=_getImportPositions(pMemoryMap,nThunksRVA,nThunksOriginalRVA);
2435 }
2436
2437 listResult.append(importHeader);
2438
2439 nImportOffset+=sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2440 }
2441 }
2442
2443 return listResult;
2444 }
2445
_getImportPositions(XBinary::_MEMORY_MAP * pMemoryMap,qint64 nThunksRVA,qint64 nRVA)2446 QList<XPE::IMPORT_POSITION> XPE::_getImportPositions(XBinary::_MEMORY_MAP *pMemoryMap, qint64 nThunksRVA,qint64 nRVA)
2447 {
2448 QList<IMPORT_POSITION> listResult;
2449
2450 qint64 nThunksOffset=XBinary::relAddressToOffset(pMemoryMap,nThunksRVA);
2451
2452 bool bIs64=is64(pMemoryMap);
2453
2454 while(true)
2455 {
2456 IMPORT_POSITION importPosition={};
2457 importPosition.nThunkOffset=nThunksOffset;
2458 importPosition.nThunkRVA=nThunksRVA;
2459
2460 if(bIs64)
2461 {
2462 importPosition.nThunkValue=read_uint64(nThunksOffset);
2463
2464 if(importPosition.nThunkValue==0)
2465 {
2466 break;
2467 }
2468
2469 if(!(importPosition.nThunkValue&0x8000000000000000))
2470 {
2471 qint64 nOffset=addressToOffset(pMemoryMap,importPosition.nThunkValue+pMemoryMap->nModuleAddress);
2472
2473 if(nOffset!=-1)
2474 {
2475 importPosition.nHint=read_uint16(nOffset);
2476 importPosition.sName=read_ansiString(nOffset+2);
2477
2478 if(importPosition.sName=="")
2479 {
2480 break;
2481 }
2482 }
2483 else
2484 {
2485 break;
2486 }
2487 }
2488 else
2489 {
2490 importPosition.nOrdinal=importPosition.nThunkValue&0x7FFFFFFFFFFFFFFF;
2491 }
2492 }
2493 else
2494 {
2495 importPosition.nThunkValue=read_uint32(nThunksOffset);
2496
2497 if(importPosition.nThunkValue==0)
2498 {
2499 break;
2500 }
2501
2502 if(!(importPosition.nThunkValue&0x80000000))
2503 {
2504 qint64 nOffset=addressToOffset(pMemoryMap,importPosition.nThunkValue+pMemoryMap->nModuleAddress);
2505
2506 if(nOffset!=-1)
2507 {
2508 importPosition.nHint=read_uint16(nOffset);
2509 importPosition.sName=read_ansiString(nOffset+2);
2510
2511 if(importPosition.sName=="")
2512 {
2513 break;
2514 }
2515 }
2516 else
2517 {
2518 break;
2519 }
2520 }
2521 else
2522 {
2523 importPosition.nOrdinal=importPosition.nThunkValue&0x7FFFFFFF;
2524 }
2525 }
2526
2527 if(importPosition.nOrdinal==0)
2528 {
2529 importPosition.sFunction=importPosition.sName;
2530 }
2531 else
2532 {
2533 importPosition.sFunction=QString("%1").arg(importPosition.nOrdinal);
2534 }
2535
2536 if(bIs64)
2537 {
2538 nThunksRVA+=8;
2539 nThunksOffset+=8;
2540 nRVA+=8;
2541 }
2542 else
2543 {
2544 nThunksRVA+=4;
2545 nThunksOffset+=4;
2546 nRVA+=4;
2547 }
2548
2549 listResult.append(importPosition);
2550 }
2551
2552 return listResult;
2553 }
2554
getImportPositions(int nIndex)2555 QList<XPE::IMPORT_POSITION> XPE::getImportPositions(int nIndex)
2556 {
2557 QList<IMPORT_POSITION> listResult;
2558
2559 qint64 nImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT);
2560
2561 if(nImportOffset!=-1)
2562 {
2563 _MEMORY_MAP memoryMap=getMemoryMap();
2564
2565 int _nIndex=0;
2566
2567 while(true)
2568 {
2569 IMPORT_HEADER importHeader={};
2570 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=read_IMAGE_IMPORT_DESCRIPTOR(nImportOffset);
2571
2572 if((iid.Characteristics==0)&&(iid.Name==0))
2573 {
2574 break;
2575 }
2576
2577 qint64 nOffset=addressToOffset(&memoryMap,iid.Name+memoryMap.nModuleAddress);
2578
2579 if(nOffset!=-1)
2580 {
2581 importHeader.sName=read_ansiString(nOffset);
2582
2583 if(importHeader.sName=="")
2584 {
2585 break;
2586 }
2587 }
2588 else
2589 {
2590 break; // corrupted
2591 }
2592
2593 qint64 nThunksOffset=-1;
2594 qint64 nRVA=0;
2595 qint64 nThunksRVA=-1;
2596
2597 if(iid.OriginalFirstThunk)
2598 {
2599 nThunksRVA=iid.OriginalFirstThunk;
2600 }
2601 else if((iid.FirstThunk))
2602 {
2603 nThunksRVA=iid.FirstThunk;
2604 }
2605
2606 nRVA=iid.FirstThunk;
2607 nThunksOffset=relAddressToOffset(&memoryMap,nThunksRVA);
2608
2609 if(nThunksOffset==-1)
2610 {
2611 break;
2612 }
2613
2614 if(_nIndex==nIndex)
2615 {
2616 listResult=_getImportPositions(&memoryMap,nThunksRVA,nRVA);
2617
2618 break;
2619 }
2620
2621 nImportOffset+=sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2622 _nIndex++;
2623 }
2624 }
2625
2626 return listResult;
2627 }
2628
getImportPositionHashes(QList<IMPORT_HEADER> * pListImport)2629 QList<quint32> XPE::getImportPositionHashes(QList<IMPORT_HEADER> *pListImport)
2630 {
2631 QList<quint32> listResult;
2632
2633 int nNumberOfImports=pListImport->count();
2634
2635 for(int i=0;i<nNumberOfImports;i++)
2636 {
2637 IMPORT_HEADER record=pListImport->at(i);
2638
2639 int nNumberOfPositions=record.listPositions.count();
2640
2641 QString sString;
2642
2643 for(int j=0;j<nNumberOfPositions;j++)
2644 {
2645 sString+=record.sName;
2646 sString+=record.listPositions.at(j).sFunction;
2647 }
2648
2649 listResult.append(getStringCustomCRC32(sString));
2650 }
2651
2652 return listResult;
2653 }
2654
isImportLibraryPresentI(QString sLibrary)2655 bool XPE::isImportLibraryPresentI(QString sLibrary)
2656 {
2657 QList<IMPORT_HEADER> listImportHeaders=getImports();
2658
2659 return isImportLibraryPresentI(sLibrary,&listImportHeaders);
2660 }
2661
isImportLibraryPresentI(QString sLibrary,QList<XPE::IMPORT_HEADER> * pListImportHeaders)2662 bool XPE::isImportLibraryPresentI(QString sLibrary, QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2663 {
2664 bool bResult=false;
2665
2666 int nNumberOfImports=pListImportHeaders->count();
2667
2668 for(int i=0; i<nNumberOfImports; i++)
2669 {
2670 if(pListImportHeaders->at(i).sName.toUpper()==sLibrary.toUpper())
2671 {
2672 bResult=true;
2673 break;
2674 }
2675 }
2676
2677 return bResult;
2678 }
2679
isImportFunctionPresentI(QString sLibrary,QString sFunction)2680 bool XPE::isImportFunctionPresentI(QString sLibrary, QString sFunction)
2681 {
2682 QList<IMPORT_HEADER> listImportHeaders=getImports();
2683
2684 return isImportFunctionPresentI(sLibrary,sFunction,&listImportHeaders);
2685 }
2686
isImportFunctionPresentI(QString sLibrary,QString sFunction,QList<XPE::IMPORT_HEADER> * pListImportHeaders)2687 bool XPE::isImportFunctionPresentI(QString sLibrary, QString sFunction, QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2688 {
2689 bool bResult=false;
2690
2691 // TODO Optimize!
2692
2693 int nNumberOfImports=pListImportHeaders->count();
2694
2695 for(int i=0; i<nNumberOfImports; i++)
2696 {
2697 if(pListImportHeaders->at(i).sName.toUpper()==sLibrary.toUpper())
2698 {
2699 int nNumberOfPositions=pListImportHeaders->at(i).listPositions.count();
2700
2701 for(int j=0;j<nNumberOfPositions;j++)
2702 {
2703 if(pListImportHeaders->at(i).listPositions.at(j).sFunction==sFunction)
2704 {
2705 bResult=true;
2706 break;
2707 }
2708 }
2709 }
2710 }
2711
2712 return bResult;
2713 }
2714
setImports(QList<XPE::IMPORT_HEADER> * pListImportHeaders)2715 bool XPE::setImports(QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2716 {
2717 return setImports(getDevice(),isImage(),pListImportHeaders);
2718 }
2719
setImports(QIODevice * pDevice,bool bIsImage,QList<XPE::IMPORT_HEADER> * pListImportHeaders)2720 bool XPE::setImports(QIODevice *pDevice, bool bIsImage, QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2721 {
2722 bool bResult=false;
2723
2724 if(isResizeEnable(pDevice))
2725 {
2726 XPE pe(pDevice,bIsImage);
2727
2728 if(pe.isValid())
2729 {
2730 int nAddressSize=4;
2731
2732 if(pe.is64())
2733 {
2734 nAddressSize=8;
2735 }
2736 else
2737 {
2738 nAddressSize=4;
2739 }
2740
2741 QByteArray baImport;
2742 QList<qint64> listPatches; // Addresses for patch
2743 // QMap<qint64,qint64> mapMove;
2744
2745 // Calculate
2746 quint32 nIATSize=0;
2747 quint32 nImportTableSize=(pListImportHeaders->count()+1)*sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR);
2748 quint32 nAnsiDataSize=0;
2749
2750 int nNumberOfHeaders=pListImportHeaders->count();
2751
2752 for(int i=0; i<nNumberOfHeaders; i++)
2753 {
2754 // TODO 64
2755 int nNumberOfPositions=pListImportHeaders->at(i).listPositions.count();
2756
2757 nIATSize+=(nNumberOfPositions+1)*nAddressSize;
2758 nAnsiDataSize+=pListImportHeaders->at(i).sName.length()+3;
2759
2760 for(int j=0; j<nNumberOfPositions; j++)
2761 {
2762 if(pListImportHeaders->at(i).listPositions.at(j).sName!="")
2763 {
2764 nAnsiDataSize+=2+pListImportHeaders->at(i).listPositions.at(j).sName.length()+1;
2765 }
2766 }
2767 }
2768
2769 nImportTableSize=S_ALIGN_UP(nImportTableSize,16);
2770 nIATSize=S_ALIGN_UP(nIATSize,16);
2771 nAnsiDataSize=S_ALIGN_UP(nAnsiDataSize,16);
2772
2773 baImport.resize(nIATSize+nImportTableSize+nIATSize+nAnsiDataSize);
2774 baImport.fill(0);
2775
2776 char *pDataOffset=baImport.data();
2777 char *pIAT=pDataOffset;
2778 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR *pIID=(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR *)(pDataOffset+nIATSize);
2779 char *pOIAT=pDataOffset+nIATSize+nImportTableSize;
2780 char *pAnsiData=pDataOffset+nIATSize+nImportTableSize+nIATSize;
2781
2782 nNumberOfHeaders=pListImportHeaders->count();
2783
2784 for(int i=0; i<nNumberOfHeaders; i++)
2785 {
2786 pIID->FirstThunk=pIAT-pDataOffset;
2787 listPatches.append((char *)pIID-pDataOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,FirstThunk));
2788
2789 pIID->Name=pAnsiData-pDataOffset;
2790 listPatches.append((char *)pIID-pDataOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,Name));
2791
2792 pIID->OriginalFirstThunk=pOIAT-pDataOffset;
2793 listPatches.append((char *)pIID-pDataOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,OriginalFirstThunk));
2794
2795 strcpy(pAnsiData,pListImportHeaders->at(i).sName.toLatin1().data()); // TODO replace to strcpy_s
2796 pAnsiData+=pListImportHeaders->at(i).sName.length()+3;
2797
2798 int nNumberOfPositions=pListImportHeaders->at(i).listPositions.count();
2799
2800 for(int j=0; j<nNumberOfPositions; j++)
2801 {
2802 if(pListImportHeaders->at(i).listPositions.at(j).sName!="")
2803 {
2804 *((quint32 *)pOIAT)=pAnsiData-pDataOffset;
2805 *((quint32 *)pIAT)=*((quint32 *)pOIAT);
2806
2807 listPatches.append(pOIAT-pDataOffset);
2808 listPatches.append(pIAT-pDataOffset);
2809
2810 *((quint16 *)pAnsiData)=pListImportHeaders->at(i).listPositions.at(j).nHint;
2811 pAnsiData+=2;
2812
2813 strcpy(pAnsiData,pListImportHeaders->at(i).listPositions.at(j).sName.toLatin1().data()); // TODO replace to strcpy_s
2814
2815 pAnsiData+=pListImportHeaders->at(i).listPositions.at(j).sName.length()+1;
2816 }
2817 else
2818 {
2819 // TODO 64
2820 if(nAddressSize==4)
2821 {
2822 *((quint32 *)pOIAT)=pListImportHeaders->at(i).listPositions.at(j).nOrdinal+0x80000000;
2823 *((quint32 *)pIAT)=*((quint32 *)pOIAT);
2824 }
2825 else
2826 {
2827 *((quint64 *)pOIAT)=pListImportHeaders->at(i).listPositions.at(j).nOrdinal+0x8000000000000000;
2828 *((quint64 *)pIAT)=*((quint64 *)pOIAT);
2829 }
2830 }
2831
2832 // if(pListHeaders->at(i).nFirstThunk)
2833 // {
2834 // mapMove.insert(pListHeaders->at(i).listPositions.at(j).nThunkRVA,pIAT-pDataOffset);
2835 // }
2836
2837 pIAT+=nAddressSize;
2838 pOIAT+=nAddressSize;
2839 }
2840
2841 pIAT+=nAddressSize;
2842 pOIAT+=nAddressSize;
2843 pIID++;
2844 }
2845
2846 XPE_DEF::IMAGE_SECTION_HEADER ish={};
2847
2848 ish.Characteristics=0xc0000040;
2849
2850 // TODO section name!!!
2851 if(addSection(pDevice,bIsImage,&ish,baImport.data(),baImport.size()))
2852 {
2853 _MEMORY_MAP memoryMap=pe.getMemoryMap();
2854
2855 XPE_DEF::IMAGE_DATA_DIRECTORY iddIAT={};
2856 iddIAT.VirtualAddress=ish.VirtualAddress;
2857 iddIAT.Size=nIATSize;
2858 XPE_DEF::IMAGE_DATA_DIRECTORY iddImportTable={};
2859 iddImportTable.VirtualAddress=nIATSize+ish.VirtualAddress;
2860 iddImportTable.Size=nImportTableSize;
2861
2862 pe.setOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IAT,&iddIAT);
2863 pe.setOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT,&iddImportTable);
2864
2865 int nNumberOfPatches=listPatches.count();
2866
2867 for(int i=0; i<nNumberOfPatches; i++)
2868 {
2869 // TODO 64
2870 qint64 nCurrentOffset=ish.PointerToRawData+listPatches.at(i);
2871 quint32 nValue=pe.read_uint32(nCurrentOffset);
2872 pe.write_uint32(nCurrentOffset,nValue+ish.VirtualAddress);
2873 }
2874
2875 int _nNumberOfHeaders=pListImportHeaders->count();
2876
2877 for(int i=0; i<_nNumberOfHeaders; i++)
2878 {
2879 if(pListImportHeaders->at(i).nFirstThunk)
2880 {
2881 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR iid=pe.getImportDescriptor(i);
2882
2883 // qDebug("pListHeaders->at(i).nFirstThunk(%d): %x",i,(quint32)pListHeaders->at(i).nFirstThunk);
2884 // qDebug("FirstThunk(%d): %x",i,(quint32)iid.FirstThunk);
2885 // qDebug("Import offset(%d): %x",i,(quint32)pe.getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT));
2886
2887 qint64 nSrcOffset=pe.addressToOffset(&memoryMap,iid.FirstThunk+memoryMap.nModuleAddress);
2888 qint64 nDstOffset=pe.addressToOffset(&memoryMap,pListImportHeaders->at(i).nFirstThunk+memoryMap.nModuleAddress);
2889
2890 // qDebug("src: %x",(quint32)nSrcOffset);
2891 // qDebug("dst: %x",(quint32)nDstOffset);
2892
2893 if((nSrcOffset!=-1)&&(nDstOffset!=-1))
2894 {
2895 // TODO 64 ????
2896 while(true)
2897 {
2898 quint32 nValue=pe.read_uint32(nSrcOffset);
2899
2900 pe.write_uint32(nDstOffset,nValue);
2901
2902 if(nValue==0)
2903 {
2904 break;
2905 }
2906
2907 nSrcOffset+=nAddressSize;
2908 nDstOffset+=nAddressSize;
2909 }
2910
2911 // iid.OriginalFirstThunk=0;
2912 iid.FirstThunk=pListImportHeaders->at(i).nFirstThunk;
2913
2914 pe.setImportDescriptor(i,&iid);
2915 }
2916 }
2917 }
2918
2919 bResult=true;
2920 }
2921 }
2922 }
2923
2924 return bResult;
2925 }
2926
setImports(QString sFileName,bool bIsImage,QList<XPE::IMPORT_HEADER> * pListImportHeaders)2927 bool XPE::setImports(QString sFileName, bool bIsImage, QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2928 {
2929 bool bResult=false;
2930
2931 QFile file(sFileName);
2932
2933 if(file.open(QIODevice::ReadWrite))
2934 {
2935 bResult=setImports(&file,bIsImage,pListImportHeaders);
2936
2937 file.close();
2938 }
2939
2940 return bResult;
2941 }
2942
getImportFunctionName(quint32 nImport,quint32 nFunctionNumber,QList<XPE::IMPORT_HEADER> * pListImportHeaders)2943 QString XPE::getImportFunctionName(quint32 nImport, quint32 nFunctionNumber, QList<XPE::IMPORT_HEADER> *pListImportHeaders)
2944 {
2945 QString sResult;
2946
2947 if(nImport<(quint32)pListImportHeaders->count())
2948 {
2949 if(nFunctionNumber<(quint32)pListImportHeaders->at(nImport).listPositions.count())
2950 {
2951 sResult=pListImportHeaders->at(nImport).listPositions.at(nFunctionNumber).sFunction;
2952 }
2953 }
2954
2955 return sResult;
2956 }
2957
getResourceHeader()2958 XPE::RESOURCE_HEADER XPE::getResourceHeader()
2959 {
2960 _MEMORY_MAP memoryMap=getMemoryMap();
2961
2962 return getResourceHeader(&memoryMap);
2963 }
2964
getResourceHeader(_MEMORY_MAP * pMemoryMap)2965 XPE::RESOURCE_HEADER XPE::getResourceHeader(_MEMORY_MAP *pMemoryMap)
2966 {
2967 RESOURCE_HEADER result={};
2968
2969 qint64 nResourceOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE);
2970
2971 if(nResourceOffset!=-1)
2972 {
2973 qint64 nOffset=nResourceOffset;
2974
2975 result.nOffset=nOffset;
2976 result.directory=read_IMAGE_RESOURCE_DIRECTORY(nOffset);
2977
2978 if((result.directory.NumberOfIdEntries+result.directory.NumberOfNamedEntries<=100)&&(result.directory.Characteristics==0)) // check corrupted
2979 {
2980 nOffset+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY);
2981
2982 for(int i=0; i<result.directory.NumberOfIdEntries+result.directory.NumberOfNamedEntries; i++)
2983 {
2984 RESOURCE_POSITION rp=_getResourcePosition(pMemoryMap,pMemoryMap->nModuleAddress,nResourceOffset,nOffset,0);
2985
2986 if(!rp.bIsValid)
2987 {
2988 break;
2989 }
2990
2991 result.listPositions.append(rp);
2992 nOffset+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY);
2993 }
2994 }
2995 }
2996
2997 return result;
2998 }
2999
getResources()3000 QList<XPE::RESOURCE_RECORD> XPE::getResources()
3001 {
3002 _MEMORY_MAP memoryMap=getMemoryMap();
3003
3004 return getResources(&memoryMap);
3005 }
3006
getResources(XBinary::_MEMORY_MAP * pMemoryMap)3007 QList<XPE::RESOURCE_RECORD> XPE::getResources(XBinary::_MEMORY_MAP *pMemoryMap)
3008 {
3009 // TODO BE LE
3010 QList<RESOURCE_RECORD> listResources;
3011
3012 qint64 nResourceOffset=getDataDirectoryOffset(pMemoryMap,XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE);
3013
3014 if(nResourceOffset!=-1)
3015 {
3016 qint64 nModuleAddress=getModuleAddress();
3017 RESOURCE_RECORD record={};
3018
3019 qint64 nOffsetLevel[3]={};
3020 XPE_DEF::IMAGE_RESOURCE_DIRECTORY rd[3]={};
3021 XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY rde[3]={};
3022
3023 #if (QT_VERSION_MAJOR>=5)&&(QT_VERSION_MINOR>=10)
3024 RESOURCES_ID_NAME irin[3]={};
3025 #else
3026 RESOURCES_ID_NAME irin[3]={0}; // MinGW 4.9 bug?
3027 #endif
3028
3029 nOffsetLevel[0]=nResourceOffset;
3030 rd[0]=read_IMAGE_RESOURCE_DIRECTORY(nOffsetLevel[0]);
3031
3032 if((rd[0].NumberOfIdEntries+rd[0].NumberOfNamedEntries<=100)&&(rd[0].Characteristics==0)) // check corrupted TODO const
3033 {
3034 nOffsetLevel[0]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY);
3035
3036 for(int i=0; i<rd[0].NumberOfIdEntries+rd[0].NumberOfNamedEntries; i++)
3037 {
3038 rde[0]=read_IMAGE_RESOURCE_DIRECTORY_ENTRY(nOffsetLevel[0]);
3039
3040 irin[0]=getResourcesIDName(nResourceOffset,rde[0].Name);
3041 record.irin[0]=irin[0];
3042
3043 nOffsetLevel[1]=nResourceOffset+rde[0].OffsetToDirectory;
3044
3045 rd[1]=read_IMAGE_RESOURCE_DIRECTORY(nOffsetLevel[1]);
3046
3047 if(rd[1].Characteristics!=0)
3048 {
3049 break;
3050 }
3051
3052 nOffsetLevel[1]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY);
3053
3054 if(rd[1].NumberOfIdEntries+rd[1].NumberOfNamedEntries<=100)
3055 {
3056 for(int j=0; j<rd[1].NumberOfIdEntries+rd[1].NumberOfNamedEntries; j++)
3057 {
3058 rde[1]=read_IMAGE_RESOURCE_DIRECTORY_ENTRY(nOffsetLevel[1]);
3059
3060 irin[1]=getResourcesIDName(nResourceOffset,rde[1].Name);
3061 record.irin[1]=irin[1];
3062
3063 nOffsetLevel[2]=nResourceOffset+rde[1].OffsetToDirectory;
3064
3065 rd[2]=read_IMAGE_RESOURCE_DIRECTORY(nOffsetLevel[2]);
3066
3067 if(rd[2].Characteristics!=0)
3068 {
3069 break;
3070 }
3071
3072 nOffsetLevel[2]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY);
3073
3074 if(rd[2].NumberOfIdEntries+rd[2].NumberOfNamedEntries<=100)
3075 {
3076 for(int k=0; k<rd[2].NumberOfIdEntries+rd[2].NumberOfNamedEntries; k++)
3077 {
3078 rde[2]=read_IMAGE_RESOURCE_DIRECTORY_ENTRY(nOffsetLevel[2]);
3079
3080 irin[2]=getResourcesIDName(nResourceOffset,rde[2].Name);
3081 record.irin[2]=irin[2];
3082
3083 record.nIRDEOffset=rde[2].OffsetToData;
3084 XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY irde=read_IMAGE_RESOURCE_DATA_ENTRY(nResourceOffset+record.nIRDEOffset);
3085 record.nRVA=irde.OffsetToData;
3086 record.nAddress=irde.OffsetToData+nModuleAddress;
3087 record.nOffset=addressToOffset(pMemoryMap,record.nAddress);
3088 record.nSize=irde.Size;
3089
3090 listResources.append(record);
3091
3092 nOffsetLevel[2]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY);
3093 }
3094 }
3095
3096 nOffsetLevel[1]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY);
3097 }
3098 }
3099
3100 nOffsetLevel[0]+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY);
3101 }
3102 }
3103 }
3104
3105 return listResources;
3106 }
3107
getResourceRecord(quint32 nID1,quint32 nID2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3108 XPE::RESOURCE_RECORD XPE::getResourceRecord(quint32 nID1, quint32 nID2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3109 {
3110 RESOURCE_RECORD result={};
3111
3112 result.nOffset=-1;
3113
3114 int nNumberOfResources=pListResourceRecords->count();
3115
3116 for(int i=0; i<nNumberOfResources; i++)
3117 {
3118 if(pListResourceRecords->at(i).irin[0].nID==nID1)
3119 {
3120 if((pListResourceRecords->at(i).irin[1].nID==nID2)||(nID2==(quint32)-1))
3121 {
3122 result=pListResourceRecords->at(i);
3123
3124 break;
3125 }
3126 }
3127 }
3128
3129 return result;
3130 }
3131
getResourceRecord(quint32 nID1,QString sName2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3132 XPE::RESOURCE_RECORD XPE::getResourceRecord(quint32 nID1, QString sName2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3133 {
3134 RESOURCE_RECORD result={};
3135
3136 result.nOffset=-1;
3137
3138 int nNumberOfResources=pListResourceRecords->count();
3139
3140 for(int i=0; i<nNumberOfResources; i++)
3141 {
3142 if((pListResourceRecords->at(i).irin[0].nID==nID1)&&(pListResourceRecords->at(i).irin[1].sName==sName2))
3143 {
3144 result=pListResourceRecords->at(i);
3145
3146 break;
3147 }
3148 }
3149
3150 return result;
3151 }
3152
getResourceRecord(QString sName1,quint32 nID2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3153 XPE::RESOURCE_RECORD XPE::getResourceRecord(QString sName1, quint32 nID2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3154 {
3155 RESOURCE_RECORD result={};
3156
3157 result.nOffset=-1;
3158
3159 int nNumberOfResources=pListResourceRecords->count();
3160
3161 for(int i=0; i<nNumberOfResources; i++)
3162 {
3163 if(pListResourceRecords->at(i).irin[0].sName==sName1)
3164 {
3165 if((pListResourceRecords->at(i).irin[0].nID==nID2)||(nID2==(quint32)-1))
3166 {
3167 result=pListResourceRecords->at(i);
3168
3169 break;
3170 }
3171 }
3172 }
3173
3174 return result;
3175 }
3176
getResourceRecord(QString sName1,QString sName2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3177 XPE::RESOURCE_RECORD XPE::getResourceRecord(QString sName1, QString sName2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3178 {
3179 RESOURCE_RECORD result={};
3180
3181 result.nOffset=-1;
3182
3183 int nNumberOfResources=pListResourceRecords->count();
3184
3185 for(int i=0; i<nNumberOfResources; i++)
3186 {
3187 if((pListResourceRecords->at(i).irin[0].sName==sName1)&&(pListResourceRecords->at(i).irin[1].sName==sName2))
3188 {
3189 result=pListResourceRecords->at(i);
3190
3191 break;
3192 }
3193 }
3194
3195 return result;
3196 }
3197
isResourcePresent(quint32 nID1,quint32 nID2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3198 bool XPE::isResourcePresent(quint32 nID1, quint32 nID2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3199 {
3200 return (getResourceRecord(nID1,nID2,pListResourceRecords).nSize);
3201 }
3202
isResourcePresent(quint32 nID1,QString sName2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3203 bool XPE::isResourcePresent(quint32 nID1, QString sName2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3204 {
3205 return (getResourceRecord(nID1,sName2,pListResourceRecords).nSize);
3206 }
3207
isResourcePresent(QString sName1,quint32 nID2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3208 bool XPE::isResourcePresent(QString sName1, quint32 nID2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3209 {
3210 return (getResourceRecord(sName1,nID2,pListResourceRecords).nSize);
3211 }
3212
isResourcePresent(QString sName1,QString sName2,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3213 bool XPE::isResourcePresent(QString sName1, QString sName2, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3214 {
3215 return (getResourceRecord(sName1,sName2,pListResourceRecords).nSize);
3216 }
3217
isResourceManifestPresent()3218 bool XPE::isResourceManifestPresent()
3219 {
3220 QList<RESOURCE_RECORD> listResources=getResources();
3221
3222 return isResourceManifestPresent(&listResources);
3223 }
3224
isResourceManifestPresent(QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3225 bool XPE::isResourceManifestPresent(QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3226 {
3227 return isResourcePresent(XPE_DEF::S_RT_MANIFEST,-1,pListResourceRecords);
3228 }
3229
getResourceManifest()3230 QString XPE::getResourceManifest()
3231 {
3232 QList<RESOURCE_RECORD> listResources=getResources();
3233
3234 return getResourceManifest(&listResources);
3235 }
3236
getResourceManifest(QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3237 QString XPE::getResourceManifest(QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3238 {
3239 QString sResult;
3240
3241 RESOURCE_RECORD rh=getResourceRecord(XPE_DEF::S_RT_MANIFEST,-1,pListResourceRecords);
3242
3243 if(rh.nOffset!=-1)
3244 {
3245 rh.nSize=qMin(rh.nSize,qint64(4000));
3246 sResult=read_ansiString(rh.nOffset,rh.nSize);
3247 }
3248
3249 return sResult;
3250 }
3251
isResourceVersionPresent()3252 bool XPE::isResourceVersionPresent()
3253 {
3254 QList<RESOURCE_RECORD> listResources=getResources();
3255
3256 return isResourceVersionPresent(&listResources);
3257 }
3258
isResourceVersionPresent(QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3259 bool XPE::isResourceVersionPresent(QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3260 {
3261 return isResourcePresent(XPE_DEF::S_RT_VERSION,-1,pListResourceRecords);
3262 }
3263
readVS_VERSION_INFO(qint64 nOffset)3264 XPE_DEF::S_VS_VERSION_INFO XPE::readVS_VERSION_INFO(qint64 nOffset)
3265 {
3266 XPE_DEF::S_VS_VERSION_INFO result={};
3267
3268 result.wLength=read_uint16(nOffset+offsetof(XPE_DEF::S_VS_VERSION_INFO,wLength));
3269 result.wValueLength=read_uint16(nOffset+offsetof(XPE_DEF::S_VS_VERSION_INFO,wValueLength));
3270 result.wType=read_uint16(nOffset+offsetof(XPE_DEF::S_VS_VERSION_INFO,wType));
3271
3272 read_array(nOffset,(char *)&result,sizeof(XPE_DEF::S_VS_VERSION_INFO));
3273
3274 return result;
3275 }
3276
__getResourceVersion(XPE::RESOURCE_VERSION * pResourceVersionResult,qint64 nOffset,qint64 nSize,QString sPrefix,int nLevel)3277 quint32 XPE::__getResourceVersion(XPE::RESOURCE_VERSION *pResourceVersionResult, qint64 nOffset, qint64 nSize, QString sPrefix, int nLevel)
3278 {
3279 quint32 nResult=0;
3280
3281 if((quint32)nSize>=sizeof(XPE_DEF::S_VS_VERSION_INFO))
3282 {
3283 XPE_DEF::S_VS_VERSION_INFO vi=readVS_VERSION_INFO(nOffset);
3284
3285 if(vi.wLength<=nSize)
3286 {
3287 if(vi.wValueLength<vi.wLength)
3288 {
3289 QString sTitle=read_unicodeString(nOffset+sizeof(XPE_DEF::S_VS_VERSION_INFO));
3290
3291 qint32 nDelta=sizeof(XPE_DEF::S_VS_VERSION_INFO);
3292 nDelta+=(sTitle.length()+1)*sizeof(quint16);
3293 nDelta=S_ALIGN_UP(nDelta,4);
3294
3295 if(sPrefix!="")
3296 {
3297 sPrefix+=".";
3298 }
3299
3300 sPrefix+=sTitle;
3301
3302 if(sPrefix=="VS_VERSION_INFO")
3303 {
3304 if(vi.wValueLength>=sizeof(XPE_DEF::tagVS_FIXEDFILEINFO))
3305 {
3306 pResourceVersionResult->nFixedFileInfoOffset=nOffset+nDelta;
3307 // TODO Check Signature?
3308 pResourceVersionResult->fileInfo.dwSignature=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwSignature));
3309 pResourceVersionResult->fileInfo.dwStrucVersion=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwStrucVersion));
3310 pResourceVersionResult->fileInfo.dwFileVersionMS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileVersionMS));
3311 pResourceVersionResult->fileInfo.dwFileVersionLS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileVersionLS));
3312 pResourceVersionResult->fileInfo.dwProductVersionMS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwProductVersionMS));
3313 pResourceVersionResult->fileInfo.dwProductVersionLS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwProductVersionLS));
3314 pResourceVersionResult->fileInfo.dwFileFlagsMask=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileFlagsMask));
3315 pResourceVersionResult->fileInfo.dwFileFlags=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileFlags));
3316 pResourceVersionResult->fileInfo.dwFileOS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileOS));
3317 pResourceVersionResult->fileInfo.dwFileType=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileType));
3318 pResourceVersionResult->fileInfo.dwFileSubtype=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileSubtype));
3319 pResourceVersionResult->fileInfo.dwFileDateMS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileDateMS));
3320 pResourceVersionResult->fileInfo.dwFileDateLS=read_uint32(nOffset+nDelta+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileDateLS));
3321 }
3322 }
3323
3324 if(nLevel==3)
3325 {
3326 QString sValue=read_unicodeString(nOffset+nDelta);
3327 sPrefix+=QString(":%1").arg(sValue);
3328
3329 pResourceVersionResult->listRecords.append(sPrefix);
3330 }
3331
3332 if(sPrefix=="VS_VERSION_INFO.VarFileInfo.Translation")
3333 {
3334 if(vi.wValueLength==4)
3335 {
3336 quint32 nValue=read_uint32(nOffset+nDelta);
3337 QString sValue=XBinary::valueToHex(nValue);
3338 sPrefix+=QString(":%1").arg(sValue);
3339
3340 pResourceVersionResult->listRecords.append(sPrefix);
3341 }
3342 }
3343
3344 nDelta+=vi.wValueLength;
3345
3346 qint32 _nSize=vi.wLength-nDelta;
3347
3348 if(nLevel<3)
3349 {
3350 while(_nSize>0)
3351 {
3352 qint32 _nDelta=__getResourceVersion(pResourceVersionResult,nOffset+nDelta,vi.wLength-nDelta,sPrefix,nLevel+1);
3353
3354 if(_nDelta==0)
3355 {
3356 break;
3357 }
3358
3359 _nDelta=S_ALIGN_UP(_nDelta,4);
3360
3361 nDelta+=_nDelta;
3362 _nSize-=_nDelta;
3363 }
3364 }
3365
3366 nResult=vi.wLength;
3367 }
3368 }
3369 }
3370
3371 return nResult;
3372 }
3373
getResourceVersion()3374 XPE::RESOURCE_VERSION XPE::getResourceVersion()
3375 {
3376 QList<RESOURCE_RECORD> listResourceRecords=getResources();
3377
3378 return getResourceVersion(&listResourceRecords);
3379 }
3380
getResourceVersion(QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3381 XPE::RESOURCE_VERSION XPE::getResourceVersion(QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3382 {
3383 RESOURCE_VERSION result={};
3384 result.nFixedFileInfoOffset=-1;
3385
3386 RESOURCE_RECORD resourceRecord=getResourceRecord(XPE_DEF::S_RT_VERSION,-1,pListResourceRecords);
3387
3388 if(resourceRecord.nOffset!=-1)
3389 {
3390 __getResourceVersion(&result,resourceRecord.nOffset,resourceRecord.nSize,"",0);
3391 }
3392
3393 return result;
3394 }
3395
getFileVersion()3396 QString XPE::getFileVersion()
3397 {
3398 RESOURCE_VERSION resourveVersion=getResourceVersion();
3399
3400 return getFileVersion(&resourveVersion);
3401 }
3402
getFileVersion(RESOURCE_VERSION * pResourceVersion)3403 QString XPE::getFileVersion(RESOURCE_VERSION *pResourceVersion)
3404 {
3405 // return QString("%1.%2").arg(get_uint32_version(pResourceVersion->fileInfo.dwFileVersionMS)).arg(get_uint32_version(pResourceVersion->fileInfo.dwFileVersionLS));
3406 return getResourceVersionValue("FileVersion",pResourceVersion);
3407 }
3408
setFixedFileInfo_dwSignature(quint32 nValue)3409 void XPE::setFixedFileInfo_dwSignature(quint32 nValue)
3410 {
3411 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3412
3413 if(nOffset!=-1)
3414 {
3415 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwSignature),nValue);
3416 }
3417 }
3418
setFixedFileInfo_dwStrucVersion(quint32 nValue)3419 void XPE::setFixedFileInfo_dwStrucVersion(quint32 nValue)
3420 {
3421 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3422
3423 if(nOffset!=-1)
3424 {
3425 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwStrucVersion),nValue);
3426 }
3427 }
3428
setFixedFileInfo_dwFileVersionMS(quint32 nValue)3429 void XPE::setFixedFileInfo_dwFileVersionMS(quint32 nValue)
3430 {
3431 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3432
3433 if(nOffset!=-1)
3434 {
3435 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileVersionMS),nValue);
3436 }
3437 }
3438
setFixedFileInfo_dwFileVersionLS(quint32 nValue)3439 void XPE::setFixedFileInfo_dwFileVersionLS(quint32 nValue)
3440 {
3441 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3442
3443 if(nOffset!=-1)
3444 {
3445 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileVersionLS),nValue);
3446 }
3447 }
3448
setFixedFileInfo_dwProductVersionMS(quint32 nValue)3449 void XPE::setFixedFileInfo_dwProductVersionMS(quint32 nValue)
3450 {
3451 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3452
3453 if(nOffset!=-1)
3454 {
3455 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwProductVersionMS),nValue);
3456 }
3457 }
3458
setFixedFileInfo_dwProductVersionLS(quint32 nValue)3459 void XPE::setFixedFileInfo_dwProductVersionLS(quint32 nValue)
3460 {
3461 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3462
3463 if(nOffset!=-1)
3464 {
3465 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwProductVersionLS),nValue);
3466 }
3467 }
3468
setFixedFileInfo_dwFileFlagsMask(quint32 nValue)3469 void XPE::setFixedFileInfo_dwFileFlagsMask(quint32 nValue)
3470 {
3471 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3472
3473 if(nOffset!=-1)
3474 {
3475 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileFlagsMask),nValue);
3476 }
3477 }
3478
setFixedFileInfo_dwFileFlags(quint32 nValue)3479 void XPE::setFixedFileInfo_dwFileFlags(quint32 nValue)
3480 {
3481 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3482
3483 if(nOffset!=-1)
3484 {
3485 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileFlags),nValue);
3486 }
3487 }
3488
setFixedFileInfo_dwFileOS(quint32 nValue)3489 void XPE::setFixedFileInfo_dwFileOS(quint32 nValue)
3490 {
3491 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3492
3493 if(nOffset!=-1)
3494 {
3495 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileOS),nValue);
3496 }
3497 }
3498
setFixedFileInfo_dwFileType(quint32 nValue)3499 void XPE::setFixedFileInfo_dwFileType(quint32 nValue)
3500 {
3501 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3502
3503 if(nOffset!=-1)
3504 {
3505 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileType),nValue);
3506 }
3507 }
3508
setFixedFileInfo_dwFileSubtype(quint32 nValue)3509 void XPE::setFixedFileInfo_dwFileSubtype(quint32 nValue)
3510 {
3511 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3512
3513 if(nOffset!=-1)
3514 {
3515 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileSubtype),nValue);
3516 }
3517 }
3518
setFixedFileInfo_dwFileDateMS(quint32 nValue)3519 void XPE::setFixedFileInfo_dwFileDateMS(quint32 nValue)
3520 {
3521 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3522
3523 if(nOffset!=-1)
3524 {
3525 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileDateMS),nValue);
3526 }
3527 }
3528
setFixedFileInfo_dwFileDateLS(quint32 nValue)3529 void XPE::setFixedFileInfo_dwFileDateLS(quint32 nValue)
3530 {
3531 qint64 nOffset=getResourceVersion().nFixedFileInfoOffset;
3532
3533 if(nOffset!=-1)
3534 {
3535 write_uint32(nOffset+offsetof(XPE_DEF::tagVS_FIXEDFILEINFO,dwFileDateLS),nValue);
3536 }
3537 }
3538
getResourceVersionValue(QString sKey)3539 QString XPE::getResourceVersionValue(QString sKey)
3540 {
3541 QList<RESOURCE_RECORD> listResourceRecords=getResources();
3542 RESOURCE_VERSION resVersion=getResourceVersion(&listResourceRecords);
3543
3544 return getResourceVersionValue(sKey,&resVersion);
3545 }
3546
getResourceVersionValue(QString sKey,XPE::RESOURCE_VERSION * pResourceVersion)3547 QString XPE::getResourceVersionValue(QString sKey, XPE::RESOURCE_VERSION *pResourceVersion)
3548 {
3549 QString sResult;
3550
3551 int nNumberOfRecords=pResourceVersion->listRecords.count();
3552
3553 for(int i=0; i<nNumberOfRecords; i++)
3554 {
3555 QString sRecord=pResourceVersion->listRecords.at(i).section(".",3,-1);
3556 QString _sKey=sRecord.section(":",0,0);
3557
3558 if(_sKey==sKey)
3559 {
3560 sResult=sRecord.section(":",1,-1);
3561
3562 break;
3563 }
3564 }
3565
3566 return sResult;
3567 }
3568
getResourceIdByNumber(quint32 nNumber)3569 quint32 XPE::getResourceIdByNumber(quint32 nNumber)
3570 {
3571 QList<RESOURCE_RECORD> listResources=getResources();
3572
3573 return getResourceIdByNumber(nNumber,&listResources);
3574 }
3575
getResourceIdByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3576 quint32 XPE::getResourceIdByNumber(quint32 nNumber, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3577 {
3578 quint32 nResult=0;
3579
3580 if((qint32)nNumber<pListResourceRecords->count())
3581 {
3582 nResult=pListResourceRecords->at(nNumber).irin[1].nID;
3583 }
3584
3585 return nResult;
3586 }
3587
getResourceNameByNumber(quint32 nNumber)3588 QString XPE::getResourceNameByNumber(quint32 nNumber)
3589 {
3590 QList<RESOURCE_RECORD> listResources=getResources();
3591
3592 return getResourceNameByNumber(nNumber,&listResources);
3593 }
3594
getResourceNameByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3595 QString XPE::getResourceNameByNumber(quint32 nNumber, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3596 {
3597 QString sResult;
3598
3599 if((qint32)nNumber<pListResourceRecords->count())
3600 {
3601 sResult=pListResourceRecords->at(nNumber).irin[1].sName;
3602 }
3603
3604 return sResult;
3605 }
3606
getResourceOffsetByNumber(quint32 nNumber)3607 qint64 XPE::getResourceOffsetByNumber(quint32 nNumber)
3608 {
3609 QList<RESOURCE_RECORD> listResources=getResources();
3610
3611 return getResourceOffsetByNumber(nNumber,&listResources);
3612 }
3613
getResourceOffsetByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3614 qint64 XPE::getResourceOffsetByNumber(quint32 nNumber, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3615 {
3616 qint64 nResult=-1;
3617
3618 if((qint32)nNumber<pListResourceRecords->count())
3619 {
3620 nResult=pListResourceRecords->at(nNumber).nOffset;
3621 }
3622
3623 return nResult;
3624 }
3625
getResourceSizeByNumber(quint32 nNumber)3626 qint64 XPE::getResourceSizeByNumber(quint32 nNumber)
3627 {
3628 QList<RESOURCE_RECORD> listResources=getResources();
3629
3630 return getResourceSizeByNumber(nNumber,&listResources);
3631 }
3632
getResourceSizeByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3633 qint64 XPE::getResourceSizeByNumber(quint32 nNumber, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3634 {
3635 qint64 nResult=0;
3636
3637 if((qint32)nNumber<pListResourceRecords->count())
3638 {
3639 nResult=pListResourceRecords->at(nNumber).nSize;
3640 }
3641
3642 return nResult;
3643 }
3644
getResourceTypeByNumber(quint32 nNumber)3645 quint32 XPE::getResourceTypeByNumber(quint32 nNumber)
3646 {
3647 QList<RESOURCE_RECORD> listResources=getResources();
3648
3649 return getResourceTypeByNumber(nNumber,&listResources);
3650 }
3651
getResourceTypeByNumber(quint32 nNumber,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3652 quint32 XPE::getResourceTypeByNumber(quint32 nNumber, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3653 {
3654 qint64 nResult=0;
3655
3656 if((qint32)nNumber<pListResourceRecords->count())
3657 {
3658 nResult=pListResourceRecords->at(nNumber).irin[0].nID;
3659 }
3660
3661 return nResult;
3662 }
3663
getResourceNameOffset(QString sName)3664 qint64 XPE::getResourceNameOffset(QString sName)
3665 {
3666 QList<RESOURCE_RECORD> listResources=getResources();
3667
3668 return getResourceNameOffset(sName,&listResources);
3669 }
3670
getResourceNameOffset(QString sName,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3671 qint64 XPE::getResourceNameOffset(QString sName, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3672 {
3673 qint64 nResult=-1;
3674
3675 int nNumberOfResources=pListResourceRecords->count();
3676
3677 for(int i=0;i<nNumberOfResources;i++)
3678 {
3679 if(pListResourceRecords->at(i).irin[1].sName==sName)
3680 {
3681 nResult=pListResourceRecords->at(i).nOffset;
3682 break;
3683 }
3684 }
3685
3686 return nResult;
3687 }
3688
getResourceGroupNameOffset(QString sName)3689 qint64 XPE::getResourceGroupNameOffset(QString sName)
3690 {
3691 QList<RESOURCE_RECORD> listResources=getResources();
3692
3693 return getResourceGroupNameOffset(sName,&listResources);
3694 }
3695
getResourceGroupNameOffset(QString sName,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3696 qint64 XPE::getResourceGroupNameOffset(QString sName, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3697 {
3698 qint64 nResult=-1;
3699
3700 int nNumberOfResources=pListResourceRecords->count();
3701
3702 for(int i=0;i<nNumberOfResources;i++)
3703 {
3704 if(pListResourceRecords->at(i).irin[0].sName==sName)
3705 {
3706 nResult=pListResourceRecords->at(i).nOffset;
3707 break;
3708 }
3709 }
3710
3711 return nResult;
3712 }
3713
getResourceGroupIdOffset(quint32 nID)3714 qint64 XPE::getResourceGroupIdOffset(quint32 nID)
3715 {
3716 QList<RESOURCE_RECORD> listResources=getResources();
3717
3718 return getResourceGroupIdOffset(nID,&listResources);
3719 }
3720
getResourceGroupIdOffset(quint32 nID,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3721 qint64 XPE::getResourceGroupIdOffset(quint32 nID, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3722 {
3723 qint64 nResult=-1;
3724
3725 int nNumberOfResources=pListResourceRecords->count();
3726
3727 for(int i=0;i<nNumberOfResources;i++)
3728 {
3729 if(pListResourceRecords->at(i).irin[0].nID==nID)
3730 {
3731 nResult=pListResourceRecords->at(i).nOffset;
3732 break;
3733 }
3734 }
3735
3736 return nResult;
3737 }
3738
isResourceNamePresent(QString sName)3739 bool XPE::isResourceNamePresent(QString sName)
3740 {
3741 QList<RESOURCE_RECORD> listResources=getResources();
3742
3743 return isResourceNamePresent(sName,&listResources);
3744 }
3745
isResourceNamePresent(QString sName,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3746 bool XPE::isResourceNamePresent(QString sName, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3747 {
3748 return (getResourceNameOffset(sName,pListResourceRecords)!=-1);
3749 }
3750
isResourceGroupNamePresent(QString sName)3751 bool XPE::isResourceGroupNamePresent(QString sName)
3752 {
3753 QList<RESOURCE_RECORD> listResources=getResources();
3754
3755 return isResourceGroupNamePresent(sName,&listResources);
3756 }
3757
isResourceGroupNamePresent(QString sName,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3758 bool XPE::isResourceGroupNamePresent(QString sName, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3759 {
3760 return (getResourceGroupNameOffset(sName,pListResourceRecords)!=-1);
3761 }
3762
isResourceGroupIdPresent(quint32 nID)3763 bool XPE::isResourceGroupIdPresent(quint32 nID)
3764 {
3765 QList<RESOURCE_RECORD> listResources=getResources();
3766
3767 return isResourceGroupIdPresent(nID,&listResources);
3768 }
3769
isResourceGroupIdPresent(quint32 nID,QList<XPE::RESOURCE_RECORD> * pListResourceRecords)3770 bool XPE::isResourceGroupIdPresent(quint32 nID, QList<XPE::RESOURCE_RECORD> *pListResourceRecords)
3771 {
3772 return (getResourceGroupIdOffset(nID,pListResourceRecords)!=-1);
3773 }
3774
read_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset)3775 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR XPE::read_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset)
3776 {
3777 XPE_DEF::IMAGE_IMPORT_DESCRIPTOR result={};
3778
3779 result.OriginalFirstThunk=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,OriginalFirstThunk));
3780 result.TimeDateStamp=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,TimeDateStamp));
3781 result.ForwarderChain=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,ForwarderChain));
3782 result.Name=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,Name));
3783 result.FirstThunk=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR,FirstThunk));
3784
3785 return result;
3786 }
3787
write_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset,XPE_DEF::IMAGE_IMPORT_DESCRIPTOR idd)3788 void XPE::write_IMAGE_IMPORT_DESCRIPTOR(qint64 nOffset, XPE_DEF::IMAGE_IMPORT_DESCRIPTOR idd)
3789 {
3790 // TODO !!
3791 write_array(nOffset,(char *)&idd,sizeof(XPE_DEF::IMAGE_IMPORT_DESCRIPTOR));
3792 }
3793
_read_IMAGE_DELAYLOAD_DESCRIPTOR(qint64 nOffset)3794 XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR XPE::_read_IMAGE_DELAYLOAD_DESCRIPTOR(qint64 nOffset)
3795 {
3796 XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR result={};
3797
3798 result.AllAttributes=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,AllAttributes));
3799 result.DllNameRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,DllNameRVA));
3800 result.ModuleHandleRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ModuleHandleRVA));
3801 result.ImportAddressTableRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ImportAddressTableRVA));
3802 result.ImportNameTableRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ImportNameTableRVA));
3803 result.BoundImportAddressTableRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,BoundImportAddressTableRVA));
3804 result.UnloadInformationTableRVA=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,UnloadInformationTableRVA));
3805 result.TimeDateStamp=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,TimeDateStamp));
3806
3807 return result;
3808 }
3809
isExportPresent()3810 bool XPE::isExportPresent()
3811 {
3812 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3813 }
3814
getExport(bool bValidOnly)3815 XPE::EXPORT_HEADER XPE::getExport(bool bValidOnly)
3816 {
3817 _MEMORY_MAP memoryMap=getMemoryMap();
3818
3819 return getExport(&memoryMap,bValidOnly);
3820 }
3821
getExport(_MEMORY_MAP * pMemoryMap,bool bValidOnly)3822 XPE::EXPORT_HEADER XPE::getExport(_MEMORY_MAP *pMemoryMap,bool bValidOnly)
3823 {
3824 EXPORT_HEADER result={};
3825
3826 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3827
3828 if(nExportOffset!=-1)
3829 {
3830 read_array(nExportOffset,(char *)&result.directory,sizeof(XPE_DEF::IMAGE_EXPORT_DIRECTORY));
3831
3832 qint64 nNameOffset=addressToOffset(pMemoryMap,result.directory.Name+pMemoryMap->nModuleAddress);
3833
3834 if(nNameOffset!=-1)
3835 {
3836 result.sName=read_ansiString(nNameOffset);
3837 }
3838
3839 qint64 nAddressOfFunctionsOffset=addressToOffset(pMemoryMap,result.directory.AddressOfFunctions+pMemoryMap->nModuleAddress);
3840 qint64 nAddressOfNamesOffset=addressToOffset(pMemoryMap,result.directory.AddressOfNames+pMemoryMap->nModuleAddress);
3841 qint64 nAddressOfNameOrdinalsOffset=addressToOffset(pMemoryMap,result.directory.AddressOfNameOrdinals+pMemoryMap->nModuleAddress);
3842
3843 if((result.directory.NumberOfFunctions<0xFFFF)&&(result.directory.NumberOfNames<0xFFFF))
3844 {
3845 if((nAddressOfFunctionsOffset!=-1)&&(nAddressOfNamesOffset!=-1)&&(nAddressOfNameOrdinalsOffset!=-1))
3846 {
3847 QMap<quint16,EXPORT_POSITION> mapNames;
3848
3849 for(int i=0; i<(int)result.directory.NumberOfNames; i++)
3850 {
3851 EXPORT_POSITION position={};
3852
3853 int nIndex=read_uint16(nAddressOfNameOrdinalsOffset+2*i);
3854 position.nOrdinal=nIndex+result.directory.Base;
3855 position.nRVA=read_uint32(nAddressOfFunctionsOffset+4*nIndex);
3856 position.nAddress=position.nRVA+pMemoryMap->nModuleAddress;
3857 position.nNameRVA=read_uint32(nAddressOfNamesOffset+4*i);
3858
3859 qint64 nFunctionNameOffset=addressToOffset(pMemoryMap,position.nNameRVA+pMemoryMap->nModuleAddress);
3860
3861 if(nFunctionNameOffset!=-1)
3862 {
3863 position.sFunctionName=read_ansiString(nFunctionNameOffset,2048);
3864 }
3865
3866 mapNames.insert(position.nOrdinal,position);
3867 }
3868
3869 for(int i=0; i<(int)result.directory.NumberOfFunctions; i++)
3870 {
3871 EXPORT_POSITION position={};
3872
3873 int nIndex=i;
3874 position.nOrdinal=nIndex+result.directory.Base;
3875
3876 if(mapNames.contains(position.nOrdinal))
3877 {
3878 position=mapNames.value(position.nOrdinal);
3879 }
3880 else
3881 {
3882 position.nRVA=read_uint32(nAddressOfFunctionsOffset+4*nIndex);
3883 position.nAddress=position.nRVA+pMemoryMap->nModuleAddress;
3884 }
3885
3886 bool bInsert=true;
3887
3888 if(bValidOnly)
3889 {
3890 if((position.nRVA==0)||(!isAddressValid(pMemoryMap,position.nAddress)))
3891 {
3892 bInsert=false;
3893 }
3894 }
3895
3896 if(bInsert)
3897 {
3898 result.listPositions.append(position);
3899 }
3900 }
3901 }
3902 }
3903 }
3904
3905 return result;
3906 }
3907
getExportFunctionsList()3908 QList<QString> XPE::getExportFunctionsList()
3909 {
3910 EXPORT_HEADER exportHeader=getExport(false);
3911
3912 return getExportFunctionsList(&exportHeader);
3913 }
3914
getExportFunctionsList(EXPORT_HEADER * pExportHeader)3915 QList<QString> XPE::getExportFunctionsList(EXPORT_HEADER *pExportHeader)
3916 {
3917 QList<QString> listResult;
3918
3919 int nNumberOfPositions=pExportHeader->listPositions.count();
3920
3921 for(int i=0;i<nNumberOfPositions;i++)
3922 {
3923 listResult.append(pExportHeader->listPositions.at(i).sFunctionName);
3924 }
3925
3926 return listResult;
3927 }
3928
getExportDirectory()3929 XPE_DEF::IMAGE_EXPORT_DIRECTORY XPE::getExportDirectory()
3930 {
3931 XPE_DEF::IMAGE_EXPORT_DIRECTORY result={};
3932
3933 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3934
3935 if(nExportOffset!=-1)
3936 {
3937 read_array(nExportOffset,(char *)&result,sizeof(XPE_DEF::IMAGE_EXPORT_DIRECTORY));
3938 }
3939
3940 return result;
3941 }
3942
setExportDirectory(XPE_DEF::IMAGE_EXPORT_DIRECTORY * pExportDirectory)3943 void XPE::setExportDirectory(XPE_DEF::IMAGE_EXPORT_DIRECTORY *pExportDirectory)
3944 {
3945 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3946
3947 if(nExportOffset!=-1)
3948 {
3949 write_array(nExportOffset,(char *)pExportDirectory,sizeof(XPE_DEF::IMAGE_EXPORT_DIRECTORY));
3950 }
3951 }
3952
setExportDirectory_Characteristics(quint32 nValue)3953 void XPE::setExportDirectory_Characteristics(quint32 nValue)
3954 {
3955 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3956
3957 if(nExportOffset!=-1)
3958 {
3959 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,Characteristics),nValue);
3960 }
3961 }
3962
setExportDirectory_TimeDateStamp(quint32 nValue)3963 void XPE::setExportDirectory_TimeDateStamp(quint32 nValue)
3964 {
3965 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3966
3967 if(nExportOffset!=-1)
3968 {
3969 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,TimeDateStamp),nValue);
3970 }
3971 }
3972
setExportDirectory_MajorVersion(quint16 nValue)3973 void XPE::setExportDirectory_MajorVersion(quint16 nValue)
3974 {
3975 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3976
3977 if(nExportOffset!=-1)
3978 {
3979 write_uint16(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,MajorVersion),nValue);
3980 }
3981 }
3982
setExportDirectory_MinorVersion(quint16 nValue)3983 void XPE::setExportDirectory_MinorVersion(quint16 nValue)
3984 {
3985 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3986
3987 if(nExportOffset!=-1)
3988 {
3989 write_uint16(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,MinorVersion),nValue);
3990 }
3991 }
3992
setExportDirectory_Name(quint32 nValue)3993 void XPE::setExportDirectory_Name(quint32 nValue)
3994 {
3995 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
3996
3997 if(nExportOffset!=-1)
3998 {
3999 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,Name),nValue);
4000 }
4001 }
4002
setExportDirectory_Base(quint32 nValue)4003 void XPE::setExportDirectory_Base(quint32 nValue)
4004 {
4005 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4006
4007 if(nExportOffset!=-1)
4008 {
4009 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,Base),nValue);
4010 }
4011 }
4012
setExportDirectory_NumberOfFunctions(quint32 nValue)4013 void XPE::setExportDirectory_NumberOfFunctions(quint32 nValue)
4014 {
4015 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4016
4017 if(nExportOffset!=-1)
4018 {
4019 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,NumberOfFunctions),nValue);
4020 }
4021 }
4022
setExportDirectory_NumberOfNames(quint32 nValue)4023 void XPE::setExportDirectory_NumberOfNames(quint32 nValue)
4024 {
4025 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4026
4027 if(nExportOffset!=-1)
4028 {
4029 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,NumberOfNames),nValue);
4030 }
4031 }
4032
setExportDirectory_AddressOfFunctions(quint32 nValue)4033 void XPE::setExportDirectory_AddressOfFunctions(quint32 nValue)
4034 {
4035 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4036
4037 if(nExportOffset!=-1)
4038 {
4039 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,AddressOfFunctions),nValue);
4040 }
4041 }
4042
setExportDirectory_AddressOfNames(quint32 nValue)4043 void XPE::setExportDirectory_AddressOfNames(quint32 nValue)
4044 {
4045 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4046
4047 if(nExportOffset!=-1)
4048 {
4049 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,AddressOfNames),nValue);
4050 }
4051 }
4052
setExportDirectory_AddressOfNameOrdinals(quint32 nValue)4053 void XPE::setExportDirectory_AddressOfNameOrdinals(quint32 nValue)
4054 {
4055 qint64 nExportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT);
4056
4057 if(nExportOffset!=-1)
4058 {
4059 write_uint32(nExportOffset+offsetof(XPE_DEF::IMAGE_EXPORT_DIRECTORY,AddressOfNameOrdinals),nValue);
4060 }
4061 }
4062
getHeaders()4063 QByteArray XPE::getHeaders()
4064 {
4065 // TODO Check
4066 QByteArray baResult;
4067
4068 int nSizeOfHeaders=getOptionalHeader_SizeOfHeaders();
4069
4070 if(isImage())
4071 {
4072 quint32 nSectionAlignment=getOptionalHeader_SectionAlignment();
4073 nSizeOfHeaders=S_ALIGN_UP(nSizeOfHeaders,nSectionAlignment);
4074 }
4075
4076 baResult=read_array(0,nSizeOfHeaders);
4077
4078 if(baResult.size()!=nSizeOfHeaders)
4079 {
4080 baResult.resize(0);
4081 }
4082
4083 return baResult;
4084 }
4085
__getSectionOffsetAndSize(quint32 nSection)4086 XBinary::OFFSETSIZE XPE::__getSectionOffsetAndSize(quint32 nSection)
4087 {
4088 OFFSETSIZE result={};
4089
4090 XPE_DEF::IMAGE_SECTION_HEADER sectionHeader=getSectionHeader(nSection);
4091 quint32 nSectionAlignment=getOptionalHeader_SectionAlignment();
4092 quint32 nFileAlignment=getOptionalHeader_FileAlignment();
4093
4094 if(nFileAlignment==nSectionAlignment)
4095 {
4096 nFileAlignment=1;
4097 }
4098
4099 bool bIsSectionValid=false;
4100
4101 if(!isImage())
4102 {
4103 bIsSectionValid=(bool)(sectionHeader.SizeOfRawData!=0);
4104 }
4105 else
4106 {
4107 bIsSectionValid=(bool)(sectionHeader.Misc.VirtualSize!=0);
4108 }
4109
4110 if(bIsSectionValid)
4111 {
4112 qint64 nSectionOffset=0;
4113 qint64 nSectionSize=0;
4114
4115 if(!isImage())
4116 {
4117 nSectionOffset=sectionHeader.PointerToRawData;
4118 nSectionOffset=S_ALIGN_DOWN(nSectionOffset,nFileAlignment);
4119 nSectionSize=sectionHeader.SizeOfRawData+(sectionHeader.PointerToRawData-nSectionOffset);
4120 }
4121 else
4122 {
4123 nSectionOffset=sectionHeader.VirtualAddress;
4124 nSectionSize=sectionHeader.Misc.VirtualSize;
4125 }
4126
4127 result=convertOffsetAndSize(nSectionOffset,nSectionSize);
4128 }
4129 else
4130 {
4131 result.nOffset=-1;
4132 }
4133
4134 return result;
4135 }
4136
getSection(quint32 nSection)4137 QByteArray XPE::getSection(quint32 nSection)
4138 {
4139 QByteArray baResult;
4140
4141 OFFSETSIZE offsetSize=__getSectionOffsetAndSize(nSection);
4142
4143 if(offsetSize.nOffset!=-1)
4144 {
4145 baResult=read_array(offsetSize.nOffset,offsetSize.nSize);
4146
4147 if(baResult.size()!=offsetSize.nSize) // TODO check???
4148 {
4149 baResult.resize(0);
4150 }
4151 }
4152
4153 return baResult;
4154 }
4155
getSectionHash(HASH hash,quint32 nSection)4156 QString XPE::getSectionHash(HASH hash,quint32 nSection)
4157 {
4158 QString sResult;
4159
4160 OFFSETSIZE offsetSize=__getSectionOffsetAndSize(nSection);
4161
4162 if(offsetSize.nOffset!=-1)
4163 {
4164 sResult=getHash(hash,offsetSize.nOffset,offsetSize.nSize);
4165 }
4166
4167 return sResult;
4168 }
4169
getSectionEntropy(quint32 nSection)4170 double XPE::getSectionEntropy(quint32 nSection)
4171 {
4172 double dResult=0;
4173
4174 OFFSETSIZE offsetSize=__getSectionOffsetAndSize(nSection);
4175
4176 if(offsetSize.nOffset!=-1)
4177 {
4178 dResult=getEntropy(offsetSize.nOffset,offsetSize.nSize);
4179 }
4180
4181 return dResult;
4182 }
4183
addImportSection(QMap<qint64,QString> * pMapIAT)4184 bool XPE::addImportSection(QMap<qint64, QString> *pMapIAT)
4185 {
4186 return addImportSection(getDevice(),isImage(),pMapIAT);
4187 }
4188
addImportSection(QIODevice * pDevice,bool bIsImage,QMap<qint64,QString> * pMapIAT)4189 bool XPE::addImportSection(QIODevice *pDevice, bool bIsImage, QMap<qint64, QString> *pMapIAT)
4190 {
4191 #ifdef QT_DEBUG
4192 QElapsedTimer timer;
4193 timer.start();
4194 qDebug("addImportSection");
4195 #endif
4196
4197 bool bResult=false;
4198
4199 if(isResizeEnable(pDevice))
4200 {
4201 XPE pe(pDevice,bIsImage);
4202
4203 if(pe.isValid())
4204 {
4205 QList<IMPORT_HEADER> listImportHeaders=mapIATToList(pMapIAT,pe.is64());
4206 #ifdef QT_DEBUG
4207 qDebug("addImportSection:mapIATToList: %lld msec",timer.elapsed());
4208 #endif
4209 bResult=setImports(pDevice,bIsImage,&listImportHeaders);
4210 #ifdef QT_DEBUG
4211 qDebug("addImportSection:setImports: %lld msec",timer.elapsed());
4212 #endif
4213 }
4214 }
4215
4216 #ifdef QT_DEBUG
4217 qDebug("addImportSection: %lld msec",timer.elapsed());
4218 #endif
4219
4220 return bResult;
4221 }
4222
addImportSection(QString sFileName,bool bIsImage,QMap<qint64,QString> * pMapIAT)4223 bool XPE::addImportSection(QString sFileName,bool bIsImage, QMap<qint64, QString> *pMapIAT)
4224 {
4225 bool bResult=false;
4226
4227 QFile file(sFileName);
4228
4229 if(file.open(QIODevice::ReadWrite))
4230 {
4231 bResult=addImportSection(&file,bIsImage,pMapIAT);
4232
4233 file.close();
4234 }
4235
4236 return bResult;
4237 }
4238
mapIATToList(QMap<qint64,QString> * pMapIAT,bool bIs64)4239 QList<XPE::IMPORT_HEADER> XPE::mapIATToList(QMap<qint64, QString> *pMapIAT,bool bIs64)
4240 {
4241 QList<IMPORT_HEADER> listResult;
4242
4243 IMPORT_HEADER record={};
4244
4245 quint64 nCurrentRVA=0;
4246
4247 quint32 nStep=0;
4248
4249 if(bIs64)
4250 {
4251 nStep=8;
4252 }
4253 else
4254 {
4255 nStep=4;
4256 }
4257
4258 QMapIterator<qint64, QString> i(*pMapIAT);
4259
4260 while(i.hasNext())
4261 {
4262 i.next();
4263
4264 QString sLibrary=i.value().section("#",0,0);
4265 QString sFunction=i.value().section("#",1,1);
4266
4267 if(((qint64)(nCurrentRVA+nStep)!=i.key())||((record.sName!="")&&(record.sName!=sLibrary)))
4268 {
4269 if(record.sName!="")
4270 {
4271 listResult.append(record);
4272 }
4273
4274 record.sName=sLibrary;
4275 record.nFirstThunk=i.key();
4276 record.listPositions.clear();
4277 }
4278
4279 nCurrentRVA=i.key();
4280
4281 IMPORT_POSITION position={};
4282
4283 position.nHint=0;
4284
4285 if(sFunction.toInt())
4286 {
4287 position.nOrdinal=sFunction.toInt();
4288 }
4289 else
4290 {
4291 position.sName=sFunction;
4292 }
4293
4294 position.nThunkRVA=i.key();
4295
4296 record.listPositions.append(position);
4297
4298 if(!i.hasNext())
4299 {
4300 if(record.sName!="")
4301 {
4302 listResult.append(record);
4303 }
4304 }
4305 }
4306
4307 return listResult;
4308 }
4309
calculateCheckSum()4310 quint32 XPE::calculateCheckSum()
4311 {
4312 quint32 nCalcSum=_checkSum(0,getSize());
4313 quint32 nHdrSum=getOptionalHeader_CheckSum();
4314
4315 if(S_LOWORD(nCalcSum)>=S_LOWORD(nHdrSum))
4316 {
4317 nCalcSum-=S_LOWORD(nHdrSum);
4318 }
4319 else
4320 {
4321 nCalcSum=((S_LOWORD(nCalcSum)-S_LOWORD(nHdrSum))&0xFFFF)-1;
4322 }
4323
4324 if(S_LOWORD(nCalcSum)>=S_HIWORD(nHdrSum)) //!!!!!
4325 {
4326 nCalcSum-=S_HIWORD(nHdrSum);
4327 }
4328 else
4329 {
4330 nCalcSum=((S_LOWORD(nCalcSum)-S_HIWORD(nHdrSum))&0xFFFF)-1;
4331 }
4332
4333 nCalcSum+=getSize();
4334
4335 return nCalcSum;
4336 }
4337
addSection(QString sFileName,bool bIsImage,XPE_DEF::IMAGE_SECTION_HEADER * pSectionHeader,char * pData,qint64 nDataSize)4338 bool XPE::addSection(QString sFileName,bool bIsImage, XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader, char *pData, qint64 nDataSize)
4339 {
4340 bool bResult=false;
4341
4342 QFile file(sFileName);
4343
4344 if(file.open(QIODevice::ReadWrite))
4345 {
4346 bResult=addSection(&file,bIsImage,pSectionHeader,pData,nDataSize);
4347
4348 file.close();
4349 }
4350 else
4351 {
4352 emit errorMessage(QString("%1: %2").arg(tr("Cannot open file"),sFileName));
4353 }
4354
4355 return bResult;
4356 }
4357
addSection(QIODevice * pDevice,bool bIsImage,XPE_DEF::IMAGE_SECTION_HEADER * pSectionHeader,char * pData,qint64 nDataSize)4358 bool XPE::addSection(QIODevice *pDevice, bool bIsImage, XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader, char *pData, qint64 nDataSize)
4359 {
4360 bool bResult=false;
4361
4362 if(isResizeEnable(pDevice))
4363 {
4364 XPE pe(pDevice,bIsImage);
4365
4366 if(pe.isValid())
4367 {
4368 qint64 nHeadersSize=pe._fixHeadersSize();
4369 qint64 nNewHeadersSize=pe._calculateHeadersSize(pe.getSectionsTableOffset(),pe.getFileHeader_NumberOfSections()+1);
4370 quint32 nFileAlignment=pe.getOptionalHeader_FileAlignment();
4371 quint32 nSectionAlignment=pe.getOptionalHeader_SectionAlignment();
4372
4373 if(pSectionHeader->PointerToRawData==0)
4374 {
4375 pSectionHeader->PointerToRawData=pe._calculateRawSize();
4376 }
4377
4378 if(pSectionHeader->SizeOfRawData==0)
4379 {
4380 pSectionHeader->SizeOfRawData=S_ALIGN_UP(nDataSize,nFileAlignment);
4381 }
4382
4383 if(pSectionHeader->VirtualAddress==0)
4384 {
4385 pSectionHeader->VirtualAddress=S_ALIGN_UP(pe.getOptionalHeader_SizeOfImage(),nSectionAlignment);
4386 }
4387
4388 if(pSectionHeader->Misc.VirtualSize==0)
4389 {
4390 pSectionHeader->Misc.VirtualSize=S_ALIGN_UP(nDataSize,nSectionAlignment);
4391 }
4392
4393 qint64 nDelta=nNewHeadersSize-nHeadersSize;
4394 qint64 nFileSize=pDevice->size();
4395
4396 if(nDelta>0)
4397 {
4398 resize(pDevice,nFileSize+nDelta);
4399 pe.moveMemory(nHeadersSize,nNewHeadersSize,nFileSize-nHeadersSize);
4400 }
4401 else if(nDelta<0)
4402 {
4403 pe.moveMemory(nHeadersSize,nNewHeadersSize,nFileSize-nHeadersSize);
4404 resize(pDevice,nFileSize+nDelta);
4405 }
4406
4407 pe._fixFileOffsets(nDelta);
4408
4409 pSectionHeader->PointerToRawData+=nDelta;
4410 nFileSize+=nDelta;
4411
4412 if(nFileSize<nHeadersSize)
4413 {
4414 nFileSize=nHeadersSize;
4415 }
4416
4417 // TODO!!!
4418 resize(pDevice,nFileSize+pSectionHeader->SizeOfRawData);
4419
4420 quint32 nNumberOfSections=pe.getFileHeader_NumberOfSections();
4421 pe.setFileHeader_NumberOfSections(nNumberOfSections+1);
4422 pe.setSectionHeader(nNumberOfSections,pSectionHeader);
4423
4424 // Overlay
4425 if(pe.isOverlayPresent())
4426 {
4427 qint64 nOverlayOffset=pe.getOverlayOffset();
4428 qint64 nOverlaySize=pe.getOverlaySize();
4429 pe.moveMemory(nOverlayOffset-pSectionHeader->SizeOfRawData,nOverlayOffset,nOverlaySize);
4430 }
4431
4432 pe.write_array(pSectionHeader->PointerToRawData,pData,nDataSize);
4433
4434 pe.zeroFill(pSectionHeader->PointerToRawData+nDataSize,(pSectionHeader->SizeOfRawData)-nDataSize);
4435
4436 qint64 nNewImageSize=S_ALIGN_UP(pSectionHeader->VirtualAddress+pSectionHeader->Misc.VirtualSize,nSectionAlignment);
4437 pe.setOptionalHeader_SizeOfImage(nNewImageSize);
4438
4439 // TODO flag
4440 pe.fixCheckSum();
4441
4442 bResult=true;
4443 }
4444 }
4445
4446 return bResult;
4447 }
4448
removeLastSection()4449 bool XPE::removeLastSection()
4450 {
4451 return removeLastSection(getDevice(),isImage());
4452 }
4453
removeLastSection(QIODevice * pDevice,bool bIsImage)4454 bool XPE::removeLastSection(QIODevice *pDevice,bool bIsImage)
4455 {
4456 // TODO Check
4457 bool bResult=false;
4458
4459 if(isResizeEnable(pDevice))
4460 {
4461 XPE pe(pDevice,bIsImage);
4462
4463 if(pe.isValid())
4464 {
4465 int nNumberOfSections=pe.getFileHeader_NumberOfSections();
4466
4467 if(nNumberOfSections)
4468 {
4469 qint64 nHeadersSize=pe._fixHeadersSize();
4470 qint64 nNewHeadersSize=pe._calculateHeadersSize(pe.getSectionsTableOffset(),nNumberOfSections-1);
4471 quint32 nFileAlignment=pe.getOptionalHeader_FileAlignment();
4472 quint32 nSectionAlignment=pe.getOptionalHeader_SectionAlignment();
4473 bool bIsOverlayPresent=pe.isOverlayPresent();
4474 qint64 nOverlayOffset=pe.getOverlayOffset();
4475 qint64 nOverlaySize=pe.getOverlaySize();
4476
4477 XPE_DEF::IMAGE_SECTION_HEADER ish=pe.getSectionHeader(nNumberOfSections-1);
4478 XPE_DEF::IMAGE_SECTION_HEADER ish0={};
4479 pe.setSectionHeader(nNumberOfSections-1,&ish0);
4480 pe.setFileHeader_NumberOfSections(nNumberOfSections-1);
4481
4482 ish.SizeOfRawData=S_ALIGN_UP(ish.SizeOfRawData,nFileAlignment);
4483 ish.Misc.VirtualSize=S_ALIGN_UP(ish.Misc.VirtualSize,nSectionAlignment);
4484
4485 qint64 nDelta=nNewHeadersSize-nHeadersSize;
4486 qint64 nFileSize=pDevice->size();
4487
4488 if(nDelta>0)
4489 {
4490 resize(pDevice,nFileSize+nDelta);
4491 pe.moveMemory(nHeadersSize,nNewHeadersSize,nFileSize-nHeadersSize);
4492 }
4493 else if(nDelta<0)
4494 {
4495 pe.moveMemory(nHeadersSize,nNewHeadersSize,nFileSize-nHeadersSize);
4496 resize(pDevice,nFileSize+nDelta);
4497 }
4498
4499 pe._fixFileOffsets(nDelta);
4500
4501 nFileSize+=nDelta;
4502 nOverlayOffset+=nDelta;
4503
4504 if(bIsOverlayPresent)
4505 {
4506 pe.moveMemory(nOverlayOffset,nOverlayOffset-ish.SizeOfRawData,nOverlaySize);
4507 }
4508
4509 resize(pDevice,nFileSize-ish.SizeOfRawData);
4510
4511 qint64 nNewImageSize=S_ALIGN_UP(ish.VirtualAddress,nSectionAlignment);
4512 pe.setOptionalHeader_SizeOfImage(nNewImageSize);
4513
4514 pe.fixCheckSum();
4515
4516 bResult=true;
4517 }
4518 }
4519 }
4520
4521 return bResult;
4522 }
4523
removeLastSection(QString sFileName,bool bIsImage)4524 bool XPE::removeLastSection(QString sFileName, bool bIsImage)
4525 {
4526 bool bResult=false;
4527
4528 QFile file(sFileName);
4529
4530 if(file.open(QIODevice::ReadWrite))
4531 {
4532 bResult=removeLastSection(&file,bIsImage);
4533
4534 file.close();
4535 }
4536
4537 return bResult;
4538 }
4539
addSection(XPE_DEF::IMAGE_SECTION_HEADER * pSectionHeader,char * pData,qint64 nDataSize)4540 bool XPE::addSection(XPE_DEF::IMAGE_SECTION_HEADER *pSectionHeader, char *pData, qint64 nDataSize)
4541 {
4542 return addSection(getDevice(),isImage(),pSectionHeader,pData,nDataSize);
4543 }
4544
_getResourcePosition(XBinary::_MEMORY_MAP * pMemoryMap,qint64 nBaseAddress,qint64 nResourceOffset,qint64 nOffset,quint32 nLevel)4545 XPE::RESOURCE_POSITION XPE::_getResourcePosition(XBinary::_MEMORY_MAP *pMemoryMap,qint64 nBaseAddress, qint64 nResourceOffset, qint64 nOffset, quint32 nLevel)
4546 {
4547 RESOURCE_POSITION result={};
4548
4549 result.nOffset=nOffset;
4550 result.nLevel=nLevel;
4551 result.dirEntry=read_IMAGE_RESOURCE_DIRECTORY_ENTRY(nOffset);
4552 result.rin=getResourcesIDName(nResourceOffset,result.dirEntry.Name);
4553 result.bIsDataDirectory=result.dirEntry.DataIsDirectory;
4554
4555 if(result.bIsDataDirectory)
4556 {
4557 qint64 nDirectoryOffset=nResourceOffset+result.dirEntry.OffsetToDirectory;
4558 result.directory=read_IMAGE_RESOURCE_DIRECTORY(nDirectoryOffset);
4559 nDirectoryOffset+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY);
4560
4561 if((result.directory.NumberOfIdEntries+result.directory.NumberOfNamedEntries<=1000)&&(result.directory.Characteristics==0)) // check corrupted
4562 {
4563 result.bIsValid=true;
4564
4565 for(int i=0; i<result.directory.NumberOfIdEntries+result.directory.NumberOfNamedEntries; i++)
4566 {
4567 RESOURCE_POSITION rp=_getResourcePosition(pMemoryMap,nBaseAddress,nResourceOffset,nDirectoryOffset,nLevel+1);
4568
4569 if(!rp.bIsValid)
4570 {
4571 break;
4572 }
4573
4574 result.listPositions.append(rp);
4575 nDirectoryOffset+=sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY);
4576 }
4577 }
4578 }
4579 else
4580 {
4581 result.bIsValid=true;
4582 result.dataEntry=read_IMAGE_RESOURCE_DATA_ENTRY(nResourceOffset+result.dirEntry.OffsetToData);
4583 result.nDataAddress=nBaseAddress+result.dataEntry.OffsetToData;
4584 result.nDataOffset=addressToOffset(pMemoryMap,result.nDataAddress);
4585 }
4586
4587 return result;
4588 }
4589
fixCheckSum()4590 void XPE::fixCheckSum()
4591 {
4592 setOptionalHeader_CheckSum(calculateCheckSum());
4593 }
4594
splitSection(QByteArray * pbaData,XPE_DEF::IMAGE_SECTION_HEADER sectionHeaderOriginal,quint32 nBlockSize)4595 QList<XPE_DEF::IMAGE_SECTION_HEADER> XPE::splitSection(QByteArray *pbaData, XPE_DEF::IMAGE_SECTION_HEADER sectionHeaderOriginal, quint32 nBlockSize)
4596 {
4597 QList<XPE_DEF::IMAGE_SECTION_HEADER> listResult;
4598 // int nBlockSize=0x1000;
4599 int nSize=pbaData->size();
4600 char *pOffset=pbaData->data();
4601 char *pOffsetStart=pOffset;
4602 int nCount=nSize/nBlockSize;
4603 // quint64 nVirtualAddress=shOriginal.VirtualAddress;
4604 qint64 nRelVirtualStart=0;
4605 qint64 nRelVirtualEnd=S_ALIGN_UP(sectionHeaderOriginal.Misc.VirtualSize,nBlockSize);
4606 qint64 nRelCurrent=nRelVirtualStart;
4607
4608 if(nCount>1)
4609 {
4610 // Check the first block
4611 while(isEmptyData(pOffset,nBlockSize))
4612 {
4613 pOffset+=nBlockSize;
4614 nRelCurrent+=nBlockSize;
4615 nCount--;
4616
4617 if(pOffset>=pOffsetStart+nSize)
4618 {
4619 break;
4620 }
4621 }
4622
4623 if(pOffset!=pOffsetStart)
4624 {
4625 XPE_DEF::IMAGE_SECTION_HEADER sectionHeader=sectionHeaderOriginal;
4626 // sh.VirtualAddress=nVirtualAddress;
4627 // sh.Misc.VirtualSize=pOffset-pOffsetStart;
4628 sectionHeader.Misc.VirtualSize=nRelCurrent-nRelVirtualStart;
4629 sectionHeader.SizeOfRawData=(quint32)XBinary::getPhysSize(pOffsetStart,sectionHeader.Misc.VirtualSize);
4630 listResult.append(sectionHeader);
4631
4632 // nVirtualAddress+=sh.Misc.VirtualSize;
4633 }
4634
4635 bool bNew=false;
4636 pOffsetStart=pOffset;
4637 nRelVirtualStart=nRelCurrent;
4638
4639 while(nCount>0)
4640 {
4641 if(isEmptyData(pOffset,nBlockSize))
4642 {
4643 bNew=true;
4644 }
4645 else
4646 {
4647 if(bNew)
4648 {
4649 XPE_DEF::IMAGE_SECTION_HEADER sectionHeader=sectionHeaderOriginal;
4650 // sh.VirtualAddress=nVirtualAddress;
4651 // sh.Misc.VirtualSize=pOffset-pOffsetStart;
4652 sectionHeader.Misc.VirtualSize=nRelCurrent-nRelVirtualStart;
4653 sectionHeader.SizeOfRawData=(quint32)XBinary::getPhysSize(pOffsetStart,sectionHeader.Misc.VirtualSize);
4654 listResult.append(sectionHeader);
4655
4656 // nVirtualAddress+=sh.Misc.VirtualSize;
4657
4658 pOffsetStart=pOffset;
4659 nRelVirtualStart=nRelCurrent;
4660 bNew=false;
4661 }
4662 }
4663
4664 pOffset+=nBlockSize;
4665 nRelCurrent+=nBlockSize;
4666 nCount--;
4667 }
4668
4669 if(pOffset!=pOffsetStart)
4670 {
4671 XPE_DEF::IMAGE_SECTION_HEADER sectionHeader=sectionHeaderOriginal;
4672 // sh.VirtualAddress=nVirtualAddress;
4673 // sh.Misc.VirtualSize=pOffset-pOffsetStart;
4674 sectionHeader.Misc.VirtualSize=nRelVirtualEnd-nRelVirtualStart;
4675 sectionHeader.SizeOfRawData=(quint32)XBinary::getPhysSize(pOffsetStart,nSize-(pOffsetStart-pbaData->data()));
4676
4677 if(sectionHeader.Misc.VirtualSize)
4678 {
4679 listResult.append(sectionHeader);
4680 }
4681
4682 // nVirtualAddress+=sh.Misc.VirtualSize;
4683 }
4684 }
4685 else
4686 {
4687 listResult.append(sectionHeaderOriginal);
4688 }
4689
4690 return listResult;
4691 }
4692
createHeaderStub(HEADER_OPTIONS * pHeaderOptions)4693 QByteArray XPE::createHeaderStub(HEADER_OPTIONS *pHeaderOptions) // TODO options
4694 {
4695 QByteArray baResult;
4696
4697 baResult.resize(0x200); // TODO const
4698 baResult.fill(0);
4699
4700 QBuffer buffer(&baResult);
4701
4702 if(buffer.open(QIODevice::ReadWrite))
4703 {
4704 XPE pe(&buffer);
4705
4706 pe.set_e_magic(XMSDOS_DEF::S_IMAGE_DOS_SIGNATURE_MZ);
4707 pe.set_e_lfanew(0x40);
4708 pe.setNtHeaders_Signature(XPE_DEF::S_IMAGE_NT_SIGNATURE);
4709 pe.setFileHeader_SizeOfOptionalHeader(0xE0); // TODO
4710 pe.setFileHeader_Machine(pHeaderOptions->nMachine);
4711 pe.setFileHeader_Characteristics(pHeaderOptions->nCharacteristics);
4712 pe.setOptionalHeader_Magic(pHeaderOptions->nMagic);
4713 pe.setOptionalHeader_ImageBase(pHeaderOptions->nImagebase);
4714 pe.setOptionalHeader_DllCharacteristics(pHeaderOptions->nDllcharacteristics);
4715 pe.setOptionalHeader_Subsystem(pHeaderOptions->nSubsystem);
4716 pe.setOptionalHeader_MajorOperatingSystemVersion(pHeaderOptions->nMajorOperationSystemVersion);
4717 pe.setOptionalHeader_MinorOperatingSystemVersion(pHeaderOptions->nMinorOperationSystemVersion);
4718 pe.setOptionalHeader_FileAlignment(pHeaderOptions->nFileAlignment);
4719 pe.setOptionalHeader_SectionAlignment(pHeaderOptions->nSectionAlignment);
4720 pe.setOptionalHeader_AddressOfEntryPoint(pHeaderOptions->nAddressOfEntryPoint);
4721 pe.setOptionalHeader_NumberOfRvaAndSizes(0x10);
4722
4723 pe.setOptionalHeader_DataDirectory_VirtualAddress(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE,pHeaderOptions->nResourceRVA);
4724 pe.setOptionalHeader_DataDirectory_Size(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE,pHeaderOptions->nResourceSize);
4725
4726 buffer.close();
4727 }
4728
4729 return baResult;
4730 }
4731
getLoadConfigDirectory32()4732 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32 XPE::getLoadConfigDirectory32()
4733 {
4734 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32 result={};
4735
4736 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4737
4738 if(nLoadConfigOffset!=-1)
4739 {
4740 result.Size=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Size));
4741 result.TimeDateStamp=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,TimeDateStamp));
4742 result.MajorVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MajorVersion));
4743 result.MinorVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MinorVersion));
4744 result.GlobalFlagsClear=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsClear));
4745 result.GlobalFlagsSet=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsSet));
4746 result.CriticalSectionDefaultTimeout=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CriticalSectionDefaultTimeout));
4747 result.DeCommitFreeBlockThreshold=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitFreeBlockThreshold));
4748 result.DeCommitTotalFreeThreshold=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitTotalFreeThreshold));
4749 result.LockPrefixTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,LockPrefixTable));
4750 result.MaximumAllocationSize=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MaximumAllocationSize));
4751 result.VirtualMemoryThreshold=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VirtualMemoryThreshold));
4752 result.ProcessAffinityMask=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,ProcessAffinityMask));
4753 result.CSDVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CSDVersion));
4754 result.DependentLoadFlags=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DependentLoadFlags));
4755 result.EditList=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EditList));
4756 result.SecurityCookie=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SecurityCookie));
4757 result.SEHandlerTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerTable));
4758 result.SEHandlerCount=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerCount));
4759 // Extra
4760 result.GuardCFCheckFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFCheckFunctionPointer));
4761 result.GuardCFDispatchFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFDispatchFunctionPointer));
4762 result.GuardCFFunctionTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionTable));
4763 result.GuardCFFunctionCount=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionCount));
4764 result.GuardFlags=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardFlags));
4765 result.CodeIntegrity.Flags=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Flags));
4766 result.CodeIntegrity.Catalog=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Catalog));
4767 result.CodeIntegrity.CatalogOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.CatalogOffset));
4768 result.CodeIntegrity.Reserved=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Reserved));
4769 result.GuardAddressTakenIatEntryTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryTable));
4770 result.GuardAddressTakenIatEntryCount=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryCount));
4771 result.GuardLongJumpTargetTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetTable));
4772 result.GuardLongJumpTargetCount=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetCount));
4773 result.DynamicValueRelocTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTable));
4774 result.CHPEMetadataPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CHPEMetadataPointer));
4775 result.GuardRFFailureRoutine=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutine));
4776 result.GuardRFFailureRoutineFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutineFunctionPointer));
4777 result.DynamicValueRelocTableOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableOffset));
4778 result.DynamicValueRelocTableSection=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableSection));
4779 result.Reserved2=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved2));
4780 result.GuardRFVerifyStackPointerFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFVerifyStackPointerFunctionPointer));
4781 result.HotPatchTableOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,HotPatchTableOffset));
4782 result.Reserved3=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved3));
4783 result.EnclaveConfigurationPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EnclaveConfigurationPointer));
4784 result.VolatileMetadataPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VolatileMetadataPointer));
4785 result.GuardEHContinuationTable=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationTable));
4786 result.GuardEHContinuationCount=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationCount));
4787 result.GuardXFGCheckFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGCheckFunctionPointer));
4788 result.GuardXFGDispatchFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGDispatchFunctionPointer));
4789 result.GuardXFGTableDispatchFunctionPointer=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGTableDispatchFunctionPointer));
4790 result.CastGuardOsDeterminedFailureMode=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CastGuardOsDeterminedFailureMode));
4791 }
4792
4793 return result;
4794 }
4795
getLoadConfigDirectory64()4796 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64 XPE::getLoadConfigDirectory64()
4797 {
4798 XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64 result={};
4799
4800 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4801
4802 if(nLoadConfigOffset!=-1)
4803 {
4804 result.Size=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Size));
4805 result.TimeDateStamp=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,TimeDateStamp));
4806 result.MajorVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MajorVersion));
4807 result.MinorVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MinorVersion));
4808 result.GlobalFlagsClear=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsClear));
4809 result.GlobalFlagsSet=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsSet));
4810 result.CriticalSectionDefaultTimeout=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CriticalSectionDefaultTimeout));
4811 result.DeCommitFreeBlockThreshold=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitFreeBlockThreshold));
4812 result.DeCommitTotalFreeThreshold=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitTotalFreeThreshold));
4813 result.LockPrefixTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,LockPrefixTable));
4814 result.MaximumAllocationSize=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MaximumAllocationSize));
4815 result.VirtualMemoryThreshold=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VirtualMemoryThreshold));
4816 result.ProcessAffinityMask=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,ProcessAffinityMask));
4817 result.CSDVersion=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CSDVersion));
4818 result.DependentLoadFlags=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DependentLoadFlags));
4819 result.EditList=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EditList));
4820 result.SecurityCookie=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SecurityCookie));
4821 result.SEHandlerTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerTable));
4822 result.SEHandlerCount=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerCount));
4823 // Extra
4824 result.GuardCFCheckFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFCheckFunctionPointer));
4825 result.GuardCFDispatchFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFDispatchFunctionPointer));
4826 result.GuardCFFunctionTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionTable));
4827 result.GuardCFFunctionCount=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionCount));
4828 result.GuardFlags=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardFlags));
4829 result.CodeIntegrity.Flags=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Flags));
4830 result.CodeIntegrity.Catalog=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Catalog));
4831 result.CodeIntegrity.CatalogOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.CatalogOffset));
4832 result.CodeIntegrity.Reserved=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Reserved));
4833 result.GuardAddressTakenIatEntryTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryTable));
4834 result.GuardAddressTakenIatEntryCount=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryCount));
4835 result.GuardLongJumpTargetTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetTable));
4836 result.GuardLongJumpTargetCount=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetCount));
4837 result.DynamicValueRelocTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTable));
4838 result.CHPEMetadataPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CHPEMetadataPointer));
4839 result.GuardRFFailureRoutine=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutine));
4840 result.GuardRFFailureRoutineFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutineFunctionPointer));
4841 result.DynamicValueRelocTableOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableOffset));
4842 result.DynamicValueRelocTableSection=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableSection));
4843 result.Reserved2=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved2));
4844 result.GuardRFVerifyStackPointerFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFVerifyStackPointerFunctionPointer));
4845 result.HotPatchTableOffset=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,HotPatchTableOffset));
4846 result.Reserved3=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved3));
4847 result.EnclaveConfigurationPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EnclaveConfigurationPointer));
4848 result.VolatileMetadataPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VolatileMetadataPointer));
4849 result.GuardEHContinuationTable=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationTable));
4850 result.GuardEHContinuationCount=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationCount));
4851 result.GuardXFGCheckFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGCheckFunctionPointer));
4852 result.GuardXFGDispatchFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGDispatchFunctionPointer));
4853 result.GuardXFGTableDispatchFunctionPointer=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGTableDispatchFunctionPointer));
4854 result.CastGuardOsDeterminedFailureMode=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CastGuardOsDeterminedFailureMode));
4855 }
4856
4857 return result;
4858 }
4859
getLoadConfigDirectoryOffset()4860 qint64 XPE::getLoadConfigDirectoryOffset()
4861 {
4862 return getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4863 }
4864
getLoadConfigDirectorySize()4865 qint64 XPE::getLoadConfigDirectorySize()
4866 {
4867 return getLoadConfig_Size();
4868 }
4869
getLoadConfig_Size()4870 quint32 XPE::getLoadConfig_Size()
4871 {
4872 quint32 nResult=0;
4873
4874 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4875
4876 if(nLoadConfigOffset!=-1)
4877 {
4878 if(is64())
4879 {
4880 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Size));
4881 }
4882 else
4883 {
4884 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Size));
4885 }
4886 }
4887
4888 return nResult;
4889 }
4890
getLoadConfig_TimeDateStamp()4891 quint32 XPE::getLoadConfig_TimeDateStamp()
4892 {
4893 quint32 nResult=0;
4894
4895 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4896
4897 if(nLoadConfigOffset!=-1)
4898 {
4899 if(is64())
4900 {
4901 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,TimeDateStamp));
4902 }
4903 else
4904 {
4905 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,TimeDateStamp));
4906 }
4907 }
4908
4909 return nResult;
4910 }
4911
getLoadConfig_MajorVersion()4912 quint16 XPE::getLoadConfig_MajorVersion()
4913 {
4914 quint16 nResult=0;
4915
4916 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4917
4918 if(nLoadConfigOffset!=-1)
4919 {
4920 if(is64())
4921 {
4922 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MajorVersion));
4923 }
4924 else
4925 {
4926 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MajorVersion));
4927 }
4928 }
4929
4930 return nResult;
4931 }
4932
getLoadConfig_MinorVersion()4933 quint16 XPE::getLoadConfig_MinorVersion()
4934 {
4935 quint16 nResult=0;
4936
4937 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4938
4939 if(nLoadConfigOffset!=-1)
4940 {
4941 if(is64())
4942 {
4943 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MinorVersion));
4944 }
4945 else
4946 {
4947 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MinorVersion));
4948 }
4949 }
4950
4951 return nResult;
4952 }
4953
getLoadConfig_GlobalFlagsClear()4954 quint32 XPE::getLoadConfig_GlobalFlagsClear()
4955 {
4956 quint32 nResult=0;
4957
4958 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4959
4960 if(nLoadConfigOffset!=-1)
4961 {
4962 if(is64())
4963 {
4964 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsClear));
4965 }
4966 else
4967 {
4968 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsClear));
4969 }
4970 }
4971
4972 return nResult;
4973 }
4974
getLoadConfig_GlobalFlagsSet()4975 quint32 XPE::getLoadConfig_GlobalFlagsSet()
4976 {
4977 quint32 nResult=0;
4978
4979 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
4980
4981 if(nLoadConfigOffset!=-1)
4982 {
4983 if(is64())
4984 {
4985 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsSet));
4986 }
4987 else
4988 {
4989 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsSet));
4990 }
4991 }
4992
4993 return nResult;
4994 }
4995
getLoadConfig_CriticalSectionDefaultTimeout()4996 quint32 XPE::getLoadConfig_CriticalSectionDefaultTimeout()
4997 {
4998 quint32 nResult=0;
4999
5000 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5001
5002 if(nLoadConfigOffset!=-1)
5003 {
5004 if(is64())
5005 {
5006 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CriticalSectionDefaultTimeout));
5007 }
5008 else
5009 {
5010 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CriticalSectionDefaultTimeout));
5011 }
5012 }
5013
5014 return nResult;
5015 }
5016
getLoadConfig_DeCommitFreeBlockThreshold()5017 quint64 XPE::getLoadConfig_DeCommitFreeBlockThreshold()
5018 {
5019 quint64 nResult=0;
5020
5021 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5022
5023 if(nLoadConfigOffset!=-1)
5024 {
5025 if(is64())
5026 {
5027 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitFreeBlockThreshold));
5028 }
5029 else
5030 {
5031 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitFreeBlockThreshold));
5032 }
5033 }
5034
5035 return nResult;
5036 }
5037
getLoadConfig_DeCommitTotalFreeThreshold()5038 quint64 XPE::getLoadConfig_DeCommitTotalFreeThreshold()
5039 {
5040 quint64 nResult=0;
5041
5042 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5043
5044 if(nLoadConfigOffset!=-1)
5045 {
5046 if(is64())
5047 {
5048 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitTotalFreeThreshold));
5049 }
5050 else
5051 {
5052 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitTotalFreeThreshold));
5053 }
5054 }
5055
5056 return nResult;
5057 }
5058
getLoadConfig_LockPrefixTable()5059 quint64 XPE::getLoadConfig_LockPrefixTable()
5060 {
5061 quint64 nResult=0;
5062
5063 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5064
5065 if(nLoadConfigOffset!=-1)
5066 {
5067 if(is64())
5068 {
5069 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,LockPrefixTable));
5070 }
5071 else
5072 {
5073 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,LockPrefixTable));
5074 }
5075 }
5076
5077 return nResult;
5078 }
5079
getLoadConfig_MaximumAllocationSize()5080 quint64 XPE::getLoadConfig_MaximumAllocationSize()
5081 {
5082 quint64 nResult=0;
5083
5084 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5085
5086 if(nLoadConfigOffset!=-1)
5087 {
5088 if(is64())
5089 {
5090 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MaximumAllocationSize));
5091 }
5092 else
5093 {
5094 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MaximumAllocationSize));
5095 }
5096 }
5097
5098 return nResult;
5099 }
5100
getLoadConfig_VirtualMemoryThreshold()5101 quint64 XPE::getLoadConfig_VirtualMemoryThreshold()
5102 {
5103 quint64 nResult=0;
5104
5105 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5106
5107 if(nLoadConfigOffset!=-1)
5108 {
5109 if(is64())
5110 {
5111 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VirtualMemoryThreshold));
5112 }
5113 else
5114 {
5115 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VirtualMemoryThreshold));
5116 }
5117 }
5118
5119 return nResult;
5120 }
5121
getLoadConfig_ProcessAffinityMask()5122 quint64 XPE::getLoadConfig_ProcessAffinityMask()
5123 {
5124 quint64 nResult=0;
5125
5126 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5127
5128 if(nLoadConfigOffset!=-1)
5129 {
5130 if(is64())
5131 {
5132 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,ProcessAffinityMask));
5133 }
5134 else
5135 {
5136 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,ProcessAffinityMask));
5137 }
5138 }
5139
5140 return nResult;
5141 }
5142
getLoadConfig_CSDVersion()5143 quint16 XPE::getLoadConfig_CSDVersion()
5144 {
5145 quint16 nResult=0;
5146
5147 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5148
5149 if(nLoadConfigOffset!=-1)
5150 {
5151 if(is64())
5152 {
5153 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CSDVersion));
5154 }
5155 else
5156 {
5157 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CSDVersion));
5158 }
5159 }
5160
5161 return nResult;
5162 }
5163
getLoadConfig_DependentLoadFlags()5164 quint16 XPE::getLoadConfig_DependentLoadFlags()
5165 {
5166 quint16 nResult=0;
5167
5168 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5169
5170 if(nLoadConfigOffset!=-1)
5171 {
5172 if(is64())
5173 {
5174 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DependentLoadFlags));
5175 }
5176 else
5177 {
5178 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DependentLoadFlags));
5179 }
5180 }
5181
5182 return nResult;
5183 }
5184
getLoadConfig_EditList()5185 quint64 XPE::getLoadConfig_EditList()
5186 {
5187 quint64 nResult=0;
5188
5189 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5190
5191 if(nLoadConfigOffset!=-1)
5192 {
5193 if(is64())
5194 {
5195 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EditList));
5196 }
5197 else
5198 {
5199 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EditList));
5200 }
5201 }
5202
5203 return nResult;
5204 }
5205
getLoadConfig_SecurityCookie()5206 quint64 XPE::getLoadConfig_SecurityCookie()
5207 {
5208 quint64 nResult=0;
5209
5210 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5211
5212 if(nLoadConfigOffset!=-1)
5213 {
5214 if(is64())
5215 {
5216 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SecurityCookie));
5217 }
5218 else
5219 {
5220 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SecurityCookie));
5221 }
5222 }
5223
5224 return nResult;
5225 }
5226
getLoadConfig_SEHandlerTable()5227 quint64 XPE::getLoadConfig_SEHandlerTable()
5228 {
5229 quint64 nResult=0;
5230
5231 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5232
5233 if(nLoadConfigOffset!=-1)
5234 {
5235 if(is64())
5236 {
5237 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerTable));
5238 }
5239 else
5240 {
5241 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerTable));
5242 }
5243 }
5244
5245 return nResult;
5246 }
5247
getLoadConfig_SEHandlerCount()5248 quint64 XPE::getLoadConfig_SEHandlerCount()
5249 {
5250 quint64 nResult=0;
5251
5252 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5253
5254 if(nLoadConfigOffset!=-1)
5255 {
5256 if(is64())
5257 {
5258 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerCount));
5259 }
5260 else
5261 {
5262 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerCount));
5263 }
5264 }
5265
5266 return nResult;
5267 }
5268
getLoadConfig_GuardCFCheckFunctionPointer()5269 quint64 XPE::getLoadConfig_GuardCFCheckFunctionPointer()
5270 {
5271 quint64 nResult=0;
5272
5273 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5274
5275 if(nLoadConfigOffset!=-1)
5276 {
5277 if(is64())
5278 {
5279 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFCheckFunctionPointer));
5280 }
5281 else
5282 {
5283 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFCheckFunctionPointer));
5284 }
5285 }
5286
5287 return nResult;
5288 }
5289
getLoadConfig_GuardCFDispatchFunctionPointer()5290 quint64 XPE::getLoadConfig_GuardCFDispatchFunctionPointer()
5291 {
5292 quint64 nResult=0;
5293
5294 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5295
5296 if(nLoadConfigOffset!=-1)
5297 {
5298 if(is64())
5299 {
5300 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFDispatchFunctionPointer));
5301 }
5302 else
5303 {
5304 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFDispatchFunctionPointer));
5305 }
5306 }
5307
5308 return nResult;
5309 }
5310
getLoadConfig_GuardCFFunctionTable()5311 quint64 XPE::getLoadConfig_GuardCFFunctionTable()
5312 {
5313 quint64 nResult=0;
5314
5315 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5316
5317 if(nLoadConfigOffset!=-1)
5318 {
5319 if(is64())
5320 {
5321 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionTable));
5322 }
5323 else
5324 {
5325 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionTable));
5326 }
5327 }
5328
5329 return nResult;
5330 }
5331
getLoadConfig_GuardCFFunctionCount()5332 quint64 XPE::getLoadConfig_GuardCFFunctionCount()
5333 {
5334 quint64 nResult=0;
5335
5336 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5337
5338 if(nLoadConfigOffset!=-1)
5339 {
5340 if(is64())
5341 {
5342 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionCount));
5343 }
5344 else
5345 {
5346 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionCount));
5347 }
5348 }
5349
5350 return nResult;
5351 }
5352
getLoadConfig_GuardFlags()5353 quint32 XPE::getLoadConfig_GuardFlags()
5354 {
5355 quint32 nResult=0;
5356
5357 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5358
5359 if(nLoadConfigOffset!=-1)
5360 {
5361 if(is64())
5362 {
5363 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardFlags));
5364 }
5365 else
5366 {
5367 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardFlags));
5368 }
5369 }
5370
5371 return nResult;
5372 }
5373
getLoadConfig_CodeIntegrity_Flags()5374 quint16 XPE::getLoadConfig_CodeIntegrity_Flags()
5375 {
5376 quint16 nResult=0;
5377
5378 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5379
5380 if(nLoadConfigOffset!=-1)
5381 {
5382 if(is64())
5383 {
5384 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Flags));
5385 }
5386 else
5387 {
5388 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Flags));
5389 }
5390 }
5391
5392 return nResult;
5393 }
5394
getLoadConfig_CodeIntegrity_Catalog()5395 quint16 XPE::getLoadConfig_CodeIntegrity_Catalog()
5396 {
5397 quint16 nResult=0;
5398
5399 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5400
5401 if(nLoadConfigOffset!=-1)
5402 {
5403 if(is64())
5404 {
5405 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Catalog));
5406 }
5407 else
5408 {
5409 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Catalog));
5410 }
5411 }
5412
5413 return nResult;
5414 }
5415
getLoadConfig_CodeIntegrity_CatalogOffset()5416 quint32 XPE::getLoadConfig_CodeIntegrity_CatalogOffset()
5417 {
5418 quint32 nResult=0;
5419
5420 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5421
5422 if(nLoadConfigOffset!=-1)
5423 {
5424 if(is64())
5425 {
5426 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.CatalogOffset));
5427 }
5428 else
5429 {
5430 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.CatalogOffset));
5431 }
5432 }
5433
5434 return nResult;
5435 }
5436
getLoadConfig_CodeIntegrity_Reserved()5437 quint32 XPE::getLoadConfig_CodeIntegrity_Reserved()
5438 {
5439 quint32 nResult=0;
5440
5441 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5442
5443 if(nLoadConfigOffset!=-1)
5444 {
5445 if(is64())
5446 {
5447 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Reserved));
5448 }
5449 else
5450 {
5451 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Reserved));
5452 }
5453 }
5454
5455 return nResult;
5456 }
5457
getLoadConfig_GuardAddressTakenIatEntryTable()5458 quint64 XPE::getLoadConfig_GuardAddressTakenIatEntryTable()
5459 {
5460 quint64 nResult=0;
5461
5462 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5463
5464 if(nLoadConfigOffset!=-1)
5465 {
5466 if(is64())
5467 {
5468 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryTable));
5469 }
5470 else
5471 {
5472 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryTable));
5473 }
5474 }
5475
5476 return nResult;
5477 }
5478
getLoadConfig_GuardAddressTakenIatEntryCount()5479 quint64 XPE::getLoadConfig_GuardAddressTakenIatEntryCount()
5480 {
5481 quint64 nResult=0;
5482
5483 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5484
5485 if(nLoadConfigOffset!=-1)
5486 {
5487 if(is64())
5488 {
5489 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryCount));
5490 }
5491 else
5492 {
5493 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryCount));
5494 }
5495 }
5496
5497 return nResult;
5498 }
5499
getLoadConfig_GuardLongJumpTargetTable()5500 quint64 XPE::getLoadConfig_GuardLongJumpTargetTable()
5501 {
5502 quint64 nResult=0;
5503
5504 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5505
5506 if(nLoadConfigOffset!=-1)
5507 {
5508 if(is64())
5509 {
5510 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetTable));
5511 }
5512 else
5513 {
5514 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetTable));
5515 }
5516 }
5517
5518 return nResult;
5519 }
5520
getLoadConfig_GuardLongJumpTargetCount()5521 quint64 XPE::getLoadConfig_GuardLongJumpTargetCount()
5522 {
5523 quint64 nResult=0;
5524
5525 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5526
5527 if(nLoadConfigOffset!=-1)
5528 {
5529 if(is64())
5530 {
5531 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetCount));
5532 }
5533 else
5534 {
5535 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetCount));
5536 }
5537 }
5538
5539 return nResult;
5540 }
5541
getLoadConfig_DynamicValueRelocTable()5542 quint64 XPE::getLoadConfig_DynamicValueRelocTable()
5543 {
5544 quint64 nResult=0;
5545
5546 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5547
5548 if(nLoadConfigOffset!=-1)
5549 {
5550 if(is64())
5551 {
5552 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTable));
5553 }
5554 else
5555 {
5556 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTable));
5557 }
5558 }
5559
5560 return nResult;
5561 }
5562
getLoadConfig_CHPEMetadataPointer()5563 quint64 XPE::getLoadConfig_CHPEMetadataPointer()
5564 {
5565 quint64 nResult=0;
5566
5567 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5568
5569 if(nLoadConfigOffset!=-1)
5570 {
5571 if(is64())
5572 {
5573 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CHPEMetadataPointer));
5574 }
5575 else
5576 {
5577 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CHPEMetadataPointer));
5578 }
5579 }
5580
5581 return nResult;
5582 }
5583
getLoadConfig_GuardRFFailureRoutine()5584 quint64 XPE::getLoadConfig_GuardRFFailureRoutine()
5585 {
5586 quint64 nResult=0;
5587
5588 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5589
5590 if(nLoadConfigOffset!=-1)
5591 {
5592 if(is64())
5593 {
5594 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutine));
5595 }
5596 else
5597 {
5598 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutine));
5599 }
5600 }
5601
5602 return nResult;
5603 }
5604
getLoadConfig_GuardRFFailureRoutineFunctionPointer()5605 quint64 XPE::getLoadConfig_GuardRFFailureRoutineFunctionPointer()
5606 {
5607 quint64 nResult=0;
5608
5609 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5610
5611 if(nLoadConfigOffset!=-1)
5612 {
5613 if(is64())
5614 {
5615 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutineFunctionPointer));
5616 }
5617 else
5618 {
5619 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutineFunctionPointer));
5620 }
5621 }
5622
5623 return nResult;
5624 }
5625
getLoadConfig_DynamicValueRelocTableOffset()5626 quint32 XPE::getLoadConfig_DynamicValueRelocTableOffset()
5627 {
5628 quint32 nResult=0;
5629
5630 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5631
5632 if(nLoadConfigOffset!=-1)
5633 {
5634 if(is64())
5635 {
5636 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableOffset));
5637 }
5638 else
5639 {
5640 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableOffset));
5641 }
5642 }
5643
5644 return nResult;
5645 }
5646
getLoadConfig_DynamicValueRelocTableSection()5647 quint16 XPE::getLoadConfig_DynamicValueRelocTableSection()
5648 {
5649 quint16 nResult=0;
5650
5651 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5652
5653 if(nLoadConfigOffset!=-1)
5654 {
5655 if(is64())
5656 {
5657 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableSection));
5658 }
5659 else
5660 {
5661 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableSection));
5662 }
5663 }
5664
5665 return nResult;
5666 }
5667
getLoadConfig_Reserved2()5668 quint16 XPE::getLoadConfig_Reserved2()
5669 {
5670 quint16 nResult=0;
5671
5672 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5673
5674 if(nLoadConfigOffset!=-1)
5675 {
5676 if(is64())
5677 {
5678 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved2));
5679 }
5680 else
5681 {
5682 nResult=read_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved2));
5683 }
5684 }
5685
5686 return nResult;
5687 }
5688
getLoadConfig_GuardRFVerifyStackPointerFunctionPointer()5689 quint64 XPE::getLoadConfig_GuardRFVerifyStackPointerFunctionPointer()
5690 {
5691 quint64 nResult=0;
5692
5693 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5694
5695 if(nLoadConfigOffset!=-1)
5696 {
5697 if(is64())
5698 {
5699 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFVerifyStackPointerFunctionPointer));
5700 }
5701 else
5702 {
5703 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFVerifyStackPointerFunctionPointer));
5704 }
5705 }
5706
5707 return nResult;
5708 }
5709
getLoadConfig_HotPatchTableOffset()5710 quint32 XPE::getLoadConfig_HotPatchTableOffset()
5711 {
5712 quint32 nResult=0;
5713
5714 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5715
5716 if(nLoadConfigOffset!=-1)
5717 {
5718 if(is64())
5719 {
5720 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,HotPatchTableOffset));
5721 }
5722 else
5723 {
5724 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,HotPatchTableOffset));
5725 }
5726 }
5727
5728 return nResult;
5729 }
5730
getLoadConfig_Reserved3()5731 quint32 XPE::getLoadConfig_Reserved3()
5732 {
5733 quint32 nResult=0;
5734
5735 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5736
5737 if(nLoadConfigOffset!=-1)
5738 {
5739 if(is64())
5740 {
5741 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved3));
5742 }
5743 else
5744 {
5745 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved3));
5746 }
5747 }
5748
5749 return nResult;
5750 }
5751
getLoadConfig_EnclaveConfigurationPointer()5752 quint64 XPE::getLoadConfig_EnclaveConfigurationPointer()
5753 {
5754 quint64 nResult=0;
5755
5756 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5757
5758 if(nLoadConfigOffset!=-1)
5759 {
5760 if(is64())
5761 {
5762 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EnclaveConfigurationPointer));
5763 }
5764 else
5765 {
5766 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EnclaveConfigurationPointer));
5767 }
5768 }
5769
5770 return nResult;
5771 }
5772
getLoadConfig_VolatileMetadataPointer()5773 quint64 XPE::getLoadConfig_VolatileMetadataPointer()
5774 {
5775 quint64 nResult=0;
5776
5777 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5778
5779 if(nLoadConfigOffset!=-1)
5780 {
5781 if(is64())
5782 {
5783 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VolatileMetadataPointer));
5784 }
5785 else
5786 {
5787 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VolatileMetadataPointer));
5788 }
5789 }
5790
5791 return nResult;
5792 }
5793
getLoadConfig_GuardEHContinuationTable()5794 quint64 XPE::getLoadConfig_GuardEHContinuationTable()
5795 {
5796 quint64 nResult=0;
5797
5798 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5799
5800 if(nLoadConfigOffset!=-1)
5801 {
5802 if(is64())
5803 {
5804 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationTable));
5805 }
5806 else
5807 {
5808 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationTable));
5809 }
5810 }
5811
5812 return nResult;
5813 }
5814
getLoadConfig_GuardEHContinuationCount()5815 quint64 XPE::getLoadConfig_GuardEHContinuationCount()
5816 {
5817 quint64 nResult=0;
5818
5819 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5820
5821 if(nLoadConfigOffset!=-1)
5822 {
5823 if(is64())
5824 {
5825 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationCount));
5826 }
5827 else
5828 {
5829 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationCount));
5830 }
5831 }
5832
5833 return nResult;
5834 }
5835
getLoadConfig_GuardXFGCheckFunctionPointer()5836 quint64 XPE::getLoadConfig_GuardXFGCheckFunctionPointer()
5837 {
5838 quint64 nResult=0;
5839
5840 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5841
5842 if(nLoadConfigOffset!=-1)
5843 {
5844 if(is64())
5845 {
5846 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGCheckFunctionPointer));
5847 }
5848 else
5849 {
5850 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGCheckFunctionPointer));
5851 }
5852 }
5853
5854 return nResult;
5855 }
5856
getLoadConfig_GuardXFGDispatchFunctionPointer()5857 quint64 XPE::getLoadConfig_GuardXFGDispatchFunctionPointer()
5858 {
5859 quint64 nResult=0;
5860
5861 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5862
5863 if(nLoadConfigOffset!=-1)
5864 {
5865 if(is64())
5866 {
5867 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGDispatchFunctionPointer));
5868 }
5869 else
5870 {
5871 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGDispatchFunctionPointer));
5872 }
5873 }
5874
5875 return nResult;
5876 }
5877
getLoadConfig_GuardXFGTableDispatchFunctionPointer()5878 quint64 XPE::getLoadConfig_GuardXFGTableDispatchFunctionPointer()
5879 {
5880 quint64 nResult=0;
5881
5882 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5883
5884 if(nLoadConfigOffset!=-1)
5885 {
5886 if(is64())
5887 {
5888 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGTableDispatchFunctionPointer));
5889 }
5890 else
5891 {
5892 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGTableDispatchFunctionPointer));
5893 }
5894 }
5895
5896 return nResult;
5897 }
5898
getLoadConfig_CastGuardOsDeterminedFailureMode()5899 quint64 XPE::getLoadConfig_CastGuardOsDeterminedFailureMode()
5900 {
5901 quint64 nResult=0;
5902
5903 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5904
5905 if(nLoadConfigOffset!=-1)
5906 {
5907 if(is64())
5908 {
5909 nResult=read_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CastGuardOsDeterminedFailureMode));
5910 }
5911 else
5912 {
5913 nResult=read_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CastGuardOsDeterminedFailureMode));
5914 }
5915 }
5916
5917 return nResult;
5918 }
5919
setLoadConfig_Size(quint32 nValue)5920 void XPE::setLoadConfig_Size(quint32 nValue)
5921 {
5922 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5923
5924 if(nLoadConfigOffset!=-1)
5925 {
5926 if(is64())
5927 {
5928 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Size),nValue);
5929 }
5930 else
5931 {
5932 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Size),nValue);
5933 }
5934 }
5935 }
5936
setLoadConfig_TimeDateStamp(quint32 nValue)5937 void XPE::setLoadConfig_TimeDateStamp(quint32 nValue)
5938 {
5939 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5940
5941 if(nLoadConfigOffset!=-1)
5942 {
5943 if(is64())
5944 {
5945 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,TimeDateStamp),nValue);
5946 }
5947 else
5948 {
5949 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,TimeDateStamp),nValue);
5950 }
5951 }
5952 }
5953
setLoadConfig_MajorVersion(quint16 nValue)5954 void XPE::setLoadConfig_MajorVersion(quint16 nValue)
5955 {
5956 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5957
5958 if(nLoadConfigOffset!=-1)
5959 {
5960 if(is64())
5961 {
5962 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MajorVersion),nValue);
5963 }
5964 else
5965 {
5966 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MajorVersion),nValue);
5967 }
5968 }
5969 }
5970
setLoadConfig_MinorVersion(quint16 nValue)5971 void XPE::setLoadConfig_MinorVersion(quint16 nValue)
5972 {
5973 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5974
5975 if(nLoadConfigOffset!=-1)
5976 {
5977 if(is64())
5978 {
5979 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MinorVersion),nValue);
5980 }
5981 else
5982 {
5983 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MinorVersion),nValue);
5984 }
5985 }
5986 }
5987
setLoadConfig_GlobalFlagsClear(quint32 nValue)5988 void XPE::setLoadConfig_GlobalFlagsClear(quint32 nValue)
5989 {
5990 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
5991
5992 if(nLoadConfigOffset!=-1)
5993 {
5994 if(is64())
5995 {
5996 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsClear),nValue);
5997 }
5998 else
5999 {
6000 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsClear),nValue);
6001 }
6002 }
6003 }
6004
setLoadConfig_GlobalFlagsSet(quint32 nValue)6005 void XPE::setLoadConfig_GlobalFlagsSet(quint32 nValue)
6006 {
6007 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6008
6009 if(nLoadConfigOffset!=-1)
6010 {
6011 if(is64())
6012 {
6013 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GlobalFlagsSet),nValue);
6014 }
6015 else
6016 {
6017 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GlobalFlagsSet),nValue);
6018 }
6019 }
6020 }
6021
setLoadConfig_CriticalSectionDefaultTimeout(quint32 nValue)6022 void XPE::setLoadConfig_CriticalSectionDefaultTimeout(quint32 nValue)
6023 {
6024 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6025
6026 if(nLoadConfigOffset!=-1)
6027 {
6028 if(is64())
6029 {
6030 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CriticalSectionDefaultTimeout),nValue);
6031 }
6032 else
6033 {
6034 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CriticalSectionDefaultTimeout),nValue);
6035 }
6036 }
6037 }
6038
setLoadConfig_DeCommitFreeBlockThreshold(quint64 nValue)6039 void XPE::setLoadConfig_DeCommitFreeBlockThreshold(quint64 nValue)
6040 {
6041 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6042
6043 if(nLoadConfigOffset!=-1)
6044 {
6045 if(is64())
6046 {
6047 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitFreeBlockThreshold),nValue);
6048 }
6049 else
6050 {
6051 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitFreeBlockThreshold),nValue);
6052 }
6053 }
6054 }
6055
setLoadConfig_DeCommitTotalFreeThreshold(quint64 nValue)6056 void XPE::setLoadConfig_DeCommitTotalFreeThreshold(quint64 nValue)
6057 {
6058 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6059
6060 if(nLoadConfigOffset!=-1)
6061 {
6062 if(is64())
6063 {
6064 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DeCommitTotalFreeThreshold),nValue);
6065 }
6066 else
6067 {
6068 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DeCommitTotalFreeThreshold),nValue);
6069 }
6070 }
6071 }
6072
setLoadConfig_LockPrefixTable(quint64 nValue)6073 void XPE::setLoadConfig_LockPrefixTable(quint64 nValue)
6074 {
6075 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6076
6077 if(nLoadConfigOffset!=-1)
6078 {
6079 if(is64())
6080 {
6081 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,LockPrefixTable),nValue);
6082 }
6083 else
6084 {
6085 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,LockPrefixTable),nValue);
6086 }
6087 }
6088 }
6089
setLoadConfig_MaximumAllocationSize(quint64 nValue)6090 void XPE::setLoadConfig_MaximumAllocationSize(quint64 nValue)
6091 {
6092 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6093
6094 if(nLoadConfigOffset!=-1)
6095 {
6096 if(is64())
6097 {
6098 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,MaximumAllocationSize),nValue);
6099 }
6100 else
6101 {
6102 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,MaximumAllocationSize),nValue);
6103 }
6104 }
6105 }
6106
setLoadConfig_VirtualMemoryThreshold(quint64 nValue)6107 void XPE::setLoadConfig_VirtualMemoryThreshold(quint64 nValue)
6108 {
6109 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6110
6111 if(nLoadConfigOffset!=-1)
6112 {
6113 if(is64())
6114 {
6115 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VirtualMemoryThreshold),nValue);
6116 }
6117 else
6118 {
6119 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VirtualMemoryThreshold),nValue);
6120 }
6121 }
6122 }
6123
setLoadConfig_ProcessAffinityMask(quint64 nValue)6124 void XPE::setLoadConfig_ProcessAffinityMask(quint64 nValue)
6125 {
6126 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6127
6128 if(nLoadConfigOffset!=-1)
6129 {
6130 if(is64())
6131 {
6132 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,ProcessAffinityMask),nValue);
6133 }
6134 else
6135 {
6136 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,ProcessAffinityMask),nValue);
6137 }
6138 }
6139 }
6140
setLoadConfig_CSDVersion(quint16 nValue)6141 void XPE::setLoadConfig_CSDVersion(quint16 nValue)
6142 {
6143 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6144
6145 if(nLoadConfigOffset!=-1)
6146 {
6147 if(is64())
6148 {
6149 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CSDVersion),nValue);
6150 }
6151 else
6152 {
6153 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CSDVersion),nValue);
6154 }
6155 }
6156 }
6157
setLoadConfig_DependentLoadFlags(quint16 nValue)6158 void XPE::setLoadConfig_DependentLoadFlags(quint16 nValue)
6159 {
6160 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6161
6162 if(nLoadConfigOffset!=-1)
6163 {
6164 if(is64())
6165 {
6166 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DependentLoadFlags),nValue);
6167 }
6168 else
6169 {
6170 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DependentLoadFlags),nValue);
6171 }
6172 }
6173 }
6174
setLoadConfig_EditList(quint64 nValue)6175 void XPE::setLoadConfig_EditList(quint64 nValue)
6176 {
6177 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6178
6179 if(nLoadConfigOffset!=-1)
6180 {
6181 if(is64())
6182 {
6183 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EditList),nValue);
6184 }
6185 else
6186 {
6187 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EditList),nValue);
6188 }
6189 }
6190 }
6191
setLoadConfig_SecurityCookie(quint64 nValue)6192 void XPE::setLoadConfig_SecurityCookie(quint64 nValue)
6193 {
6194 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6195
6196 if(nLoadConfigOffset!=-1)
6197 {
6198 if(is64())
6199 {
6200 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SecurityCookie),nValue);
6201 }
6202 else
6203 {
6204 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SecurityCookie),nValue);
6205 }
6206 }
6207 }
6208
setLoadConfig_SEHandlerTable(quint64 nValue)6209 void XPE::setLoadConfig_SEHandlerTable(quint64 nValue)
6210 {
6211 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6212
6213 if(nLoadConfigOffset!=-1)
6214 {
6215 if(is64())
6216 {
6217 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerTable),nValue);
6218 }
6219 else
6220 {
6221 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerTable),nValue);
6222 }
6223 }
6224 }
6225
setLoadConfig_SEHandlerCount(quint64 nValue)6226 void XPE::setLoadConfig_SEHandlerCount(quint64 nValue)
6227 {
6228 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6229
6230 if(nLoadConfigOffset!=-1)
6231 {
6232 if(is64())
6233 {
6234 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,SEHandlerCount),nValue);
6235 }
6236 else
6237 {
6238 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,SEHandlerCount),nValue);
6239 }
6240 }
6241 }
6242
setLoadConfig_GuardCFCheckFunctionPointer(quint64 nValue)6243 void XPE::setLoadConfig_GuardCFCheckFunctionPointer(quint64 nValue)
6244 {
6245 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6246
6247 if(nLoadConfigOffset!=-1)
6248 {
6249 if(is64())
6250 {
6251 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFCheckFunctionPointer),nValue);
6252 }
6253 else
6254 {
6255 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFCheckFunctionPointer),nValue);
6256 }
6257 }
6258 }
6259
setLoadConfig_GuardCFDispatchFunctionPointer(quint64 nValue)6260 void XPE::setLoadConfig_GuardCFDispatchFunctionPointer(quint64 nValue)
6261 {
6262 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6263
6264 if(nLoadConfigOffset!=-1)
6265 {
6266 if(is64())
6267 {
6268 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFDispatchFunctionPointer),nValue);
6269 }
6270 else
6271 {
6272 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFDispatchFunctionPointer),nValue);
6273 }
6274 }
6275 }
6276
setLoadConfig_GuardCFFunctionTable(quint64 nValue)6277 void XPE::setLoadConfig_GuardCFFunctionTable(quint64 nValue)
6278 {
6279 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6280
6281 if(nLoadConfigOffset!=-1)
6282 {
6283 if(is64())
6284 {
6285 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionTable),nValue);
6286 }
6287 else
6288 {
6289 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionTable),nValue);
6290 }
6291 }
6292 }
6293
setLoadConfig_GuardCFFunctionCount(quint64 nValue)6294 void XPE::setLoadConfig_GuardCFFunctionCount(quint64 nValue)
6295 {
6296 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6297
6298 if(nLoadConfigOffset!=-1)
6299 {
6300 if(is64())
6301 {
6302 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardCFFunctionCount),nValue);
6303 }
6304 else
6305 {
6306 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardCFFunctionCount),nValue);
6307 }
6308 }
6309 }
6310
setLoadConfig_GuardFlags(quint32 nValue)6311 void XPE::setLoadConfig_GuardFlags(quint32 nValue)
6312 {
6313 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6314
6315 if(nLoadConfigOffset!=-1)
6316 {
6317 if(is64())
6318 {
6319 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardFlags),nValue);
6320 }
6321 else
6322 {
6323 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardFlags),nValue);
6324 }
6325 }
6326 }
6327
setLoadConfig_CodeIntegrity_Flags(quint16 nValue)6328 void XPE::setLoadConfig_CodeIntegrity_Flags(quint16 nValue)
6329 {
6330 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6331
6332 if(nLoadConfigOffset!=-1)
6333 {
6334 if(is64())
6335 {
6336 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Flags),nValue);
6337 }
6338 else
6339 {
6340 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Flags),nValue);
6341 }
6342 }
6343 }
6344
setLoadConfig_CodeIntegrity_Catalog(quint16 nValue)6345 void XPE::setLoadConfig_CodeIntegrity_Catalog(quint16 nValue)
6346 {
6347 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6348
6349 if(nLoadConfigOffset!=-1)
6350 {
6351 if(is64())
6352 {
6353 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Catalog),nValue);
6354 }
6355 else
6356 {
6357 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Catalog),nValue);
6358 }
6359 }
6360 }
6361
setLoadConfig_CodeIntegrity_CatalogOffset(quint32 nValue)6362 void XPE::setLoadConfig_CodeIntegrity_CatalogOffset(quint32 nValue)
6363 {
6364 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6365
6366 if(nLoadConfigOffset!=-1)
6367 {
6368 if(is64())
6369 {
6370 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.CatalogOffset),nValue);
6371 }
6372 else
6373 {
6374 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.CatalogOffset),nValue);
6375 }
6376 }
6377 }
6378
setLoadConfig_CodeIntegrity_Reserved(quint32 nValue)6379 void XPE::setLoadConfig_CodeIntegrity_Reserved(quint32 nValue)
6380 {
6381 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6382
6383 if(nLoadConfigOffset!=-1)
6384 {
6385 if(is64())
6386 {
6387 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CodeIntegrity.Reserved),nValue);
6388 }
6389 else
6390 {
6391 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CodeIntegrity.Reserved),nValue);
6392 }
6393 }
6394 }
6395
setLoadConfig_GuardAddressTakenIatEntryTable(quint64 nValue)6396 void XPE::setLoadConfig_GuardAddressTakenIatEntryTable(quint64 nValue)
6397 {
6398 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6399
6400 if(nLoadConfigOffset!=-1)
6401 {
6402 if(is64())
6403 {
6404 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryTable),nValue);
6405 }
6406 else
6407 {
6408 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryTable),nValue);
6409 }
6410 }
6411 }
6412
setLoadConfig_GuardAddressTakenIatEntryCount(quint64 nValue)6413 void XPE::setLoadConfig_GuardAddressTakenIatEntryCount(quint64 nValue)
6414 {
6415 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6416
6417 if(nLoadConfigOffset!=-1)
6418 {
6419 if(is64())
6420 {
6421 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardAddressTakenIatEntryCount),nValue);
6422 }
6423 else
6424 {
6425 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardAddressTakenIatEntryCount),nValue);
6426 }
6427 }
6428 }
6429
setLoadConfig_GuardLongJumpTargetTable(quint64 nValue)6430 void XPE::setLoadConfig_GuardLongJumpTargetTable(quint64 nValue)
6431 {
6432 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6433
6434 if(nLoadConfigOffset!=-1)
6435 {
6436 if(is64())
6437 {
6438 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetTable),nValue);
6439 }
6440 else
6441 {
6442 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetTable),nValue);
6443 }
6444 }
6445 }
6446
setLoadConfig_GuardLongJumpTargetCount(quint64 nValue)6447 void XPE::setLoadConfig_GuardLongJumpTargetCount(quint64 nValue)
6448 {
6449 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6450
6451 if(nLoadConfigOffset!=-1)
6452 {
6453 if(is64())
6454 {
6455 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardLongJumpTargetTable),nValue);
6456 }
6457 else
6458 {
6459 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardLongJumpTargetTable),nValue);
6460 }
6461 }
6462 }
6463
setLoadConfig_DynamicValueRelocTable(quint64 nValue)6464 void XPE::setLoadConfig_DynamicValueRelocTable(quint64 nValue)
6465 {
6466 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6467
6468 if(nLoadConfigOffset!=-1)
6469 {
6470 if(is64())
6471 {
6472 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTable),nValue);
6473 }
6474 else
6475 {
6476 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTable),nValue);
6477 }
6478 }
6479 }
6480
setLoadConfig_CHPEMetadataPointer(quint64 nValue)6481 void XPE::setLoadConfig_CHPEMetadataPointer(quint64 nValue)
6482 {
6483 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6484
6485 if(nLoadConfigOffset!=-1)
6486 {
6487 if(is64())
6488 {
6489 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CHPEMetadataPointer),nValue);
6490 }
6491 else
6492 {
6493 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CHPEMetadataPointer),nValue);
6494 }
6495 }
6496 }
6497
setLoadConfig_GuardRFFailureRoutine(quint64 nValue)6498 void XPE::setLoadConfig_GuardRFFailureRoutine(quint64 nValue)
6499 {
6500 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6501
6502 if(nLoadConfigOffset!=-1)
6503 {
6504 if(is64())
6505 {
6506 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutine),nValue);
6507 }
6508 else
6509 {
6510 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutine),nValue);
6511 }
6512 }
6513 }
6514
setLoadConfig_GuardRFFailureRoutineFunctionPointer(quint64 nValue)6515 void XPE::setLoadConfig_GuardRFFailureRoutineFunctionPointer(quint64 nValue)
6516 {
6517 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6518
6519 if(nLoadConfigOffset!=-1)
6520 {
6521 if(is64())
6522 {
6523 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFFailureRoutineFunctionPointer),nValue);
6524 }
6525 else
6526 {
6527 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFFailureRoutineFunctionPointer),nValue);
6528 }
6529 }
6530 }
6531
setLoadConfig_DynamicValueRelocTableOffset(quint32 nValue)6532 void XPE::setLoadConfig_DynamicValueRelocTableOffset(quint32 nValue)
6533 {
6534 qint32 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6535
6536 if(nLoadConfigOffset!=-1)
6537 {
6538 if(is64())
6539 {
6540 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableOffset),nValue);
6541 }
6542 else
6543 {
6544 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableOffset),nValue);
6545 }
6546 }
6547 }
6548
setLoadConfig_DynamicValueRelocTableSection(quint16 nValue)6549 void XPE::setLoadConfig_DynamicValueRelocTableSection(quint16 nValue)
6550 {
6551 qint32 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6552
6553 if(nLoadConfigOffset!=-1)
6554 {
6555 if(is64())
6556 {
6557 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,DynamicValueRelocTableSection),nValue);
6558 }
6559 else
6560 {
6561 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,DynamicValueRelocTableSection),nValue);
6562 }
6563 }
6564 }
6565
setLoadConfig_Reserved2(quint16 nValue)6566 void XPE::setLoadConfig_Reserved2(quint16 nValue)
6567 {
6568 qint32 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6569
6570 if(nLoadConfigOffset!=-1)
6571 {
6572 if(is64())
6573 {
6574 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved2),nValue);
6575 }
6576 else
6577 {
6578 write_uint16(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved2),nValue);
6579 }
6580 }
6581 }
6582
setLoadConfig_GuardRFVerifyStackPointerFunctionPointer(quint64 nValue)6583 void XPE::setLoadConfig_GuardRFVerifyStackPointerFunctionPointer(quint64 nValue)
6584 {
6585 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6586
6587 if(nLoadConfigOffset!=-1)
6588 {
6589 if(is64())
6590 {
6591 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardRFVerifyStackPointerFunctionPointer),nValue);
6592 }
6593 else
6594 {
6595 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardRFVerifyStackPointerFunctionPointer),nValue);
6596 }
6597 }
6598 }
6599
setLoadConfig_HotPatchTableOffset(quint32 nValue)6600 void XPE::setLoadConfig_HotPatchTableOffset(quint32 nValue)
6601 {
6602 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6603
6604 if(nLoadConfigOffset!=-1)
6605 {
6606 if(is64())
6607 {
6608 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,HotPatchTableOffset),nValue);
6609 }
6610 else
6611 {
6612 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,HotPatchTableOffset),nValue);
6613 }
6614 }
6615 }
6616
setLoadConfig_Reserved3(quint32 nValue)6617 void XPE::setLoadConfig_Reserved3(quint32 nValue)
6618 {
6619 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6620
6621 if(nLoadConfigOffset!=-1)
6622 {
6623 if(is64())
6624 {
6625 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,Reserved3),nValue);
6626 }
6627 else
6628 {
6629 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,Reserved3),nValue);
6630 }
6631 }
6632 }
6633
setLoadConfig_EnclaveConfigurationPointer(quint64 nValue)6634 void XPE::setLoadConfig_EnclaveConfigurationPointer(quint64 nValue)
6635 {
6636 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6637
6638 if(nLoadConfigOffset!=-1)
6639 {
6640 if(is64())
6641 {
6642 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,EnclaveConfigurationPointer),nValue);
6643 }
6644 else
6645 {
6646 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,EnclaveConfigurationPointer),nValue);
6647 }
6648 }
6649 }
6650
setLoadConfig_VolatileMetadataPointer(quint64 nValue)6651 void XPE::setLoadConfig_VolatileMetadataPointer(quint64 nValue)
6652 {
6653 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6654
6655 if(nLoadConfigOffset!=-1)
6656 {
6657 if(is64())
6658 {
6659 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,VolatileMetadataPointer),nValue);
6660 }
6661 else
6662 {
6663 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,VolatileMetadataPointer),nValue);
6664 }
6665 }
6666 }
6667
setLoadConfig_GuardEHContinuationTable(quint64 nValue)6668 void XPE::setLoadConfig_GuardEHContinuationTable(quint64 nValue)
6669 {
6670 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6671
6672 if(nLoadConfigOffset!=-1)
6673 {
6674 if(is64())
6675 {
6676 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationTable),nValue);
6677 }
6678 else
6679 {
6680 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationTable),nValue);
6681 }
6682 }
6683 }
6684
setLoadConfig_GuardEHContinuationCount(quint64 nValue)6685 void XPE::setLoadConfig_GuardEHContinuationCount(quint64 nValue)
6686 {
6687 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6688
6689 if(nLoadConfigOffset!=-1)
6690 {
6691 if(is64())
6692 {
6693 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardEHContinuationCount),nValue);
6694 }
6695 else
6696 {
6697 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardEHContinuationCount),nValue);
6698 }
6699 }
6700 }
6701
setLoadConfig_GuardXFGCheckFunctionPointer(quint64 nValue)6702 void XPE::setLoadConfig_GuardXFGCheckFunctionPointer(quint64 nValue)
6703 {
6704 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6705
6706 if(nLoadConfigOffset!=-1)
6707 {
6708 if(is64())
6709 {
6710 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGCheckFunctionPointer),nValue);
6711 }
6712 else
6713 {
6714 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGCheckFunctionPointer),nValue);
6715 }
6716 }
6717 }
6718
setLoadConfig_GuardXFGDispatchFunctionPointer(quint64 nValue)6719 void XPE::setLoadConfig_GuardXFGDispatchFunctionPointer(quint64 nValue)
6720 {
6721 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6722
6723 if(nLoadConfigOffset!=-1)
6724 {
6725 if(is64())
6726 {
6727 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGDispatchFunctionPointer),nValue);
6728 }
6729 else
6730 {
6731 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGDispatchFunctionPointer),nValue);
6732 }
6733 }
6734 }
6735
setLoadConfig_GuardXFGTableDispatchFunctionPointer(quint64 nValue)6736 void XPE::setLoadConfig_GuardXFGTableDispatchFunctionPointer(quint64 nValue)
6737 {
6738 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6739
6740 if(nLoadConfigOffset!=-1)
6741 {
6742 if(is64())
6743 {
6744 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,GuardXFGTableDispatchFunctionPointer),nValue);
6745 }
6746 else
6747 {
6748 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,GuardXFGTableDispatchFunctionPointer),nValue);
6749 }
6750 }
6751 }
6752
setLoadConfig_CastGuardOsDeterminedFailureMode(quint64 nValue)6753 void XPE::setLoadConfig_CastGuardOsDeterminedFailureMode(quint64 nValue)
6754 {
6755 qint64 nLoadConfigOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
6756
6757 if(nLoadConfigOffset!=-1)
6758 {
6759 if(is64())
6760 {
6761 write_uint64(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY64,CastGuardOsDeterminedFailureMode),nValue);
6762 }
6763 else
6764 {
6765 write_uint32(nLoadConfigOffset+offsetof(XPE_DEF::S_IMAGE_LOAD_CONFIG_DIRECTORY32,CastGuardOsDeterminedFailureMode),nValue);
6766 }
6767 }
6768 }
6769
_read_IMAGE_RUNTIME_FUNCTION_ENTRY(qint64 nOffset)6770 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY XPE::_read_IMAGE_RUNTIME_FUNCTION_ENTRY(qint64 nOffset)
6771 {
6772 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY result={};
6773
6774 result.BeginAddress=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,BeginAddress));
6775 result.EndAddress=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,EndAddress));
6776 result.UnwindInfoAddress=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,UnwindInfoAddress));
6777
6778 return result;
6779 }
6780
_getException(qint32 nNumber)6781 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY XPE::_getException(qint32 nNumber)
6782 {
6783 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY result={};
6784
6785 qint64 nExceptionOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION);
6786
6787 if(nExceptionOffset!=-1)
6788 {
6789 result=_read_IMAGE_RUNTIME_FUNCTION_ENTRY(nExceptionOffset+nNumber*sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY));
6790 }
6791
6792 return result;
6793 }
6794
setException_BeginAddress(qint32 nNumber,quint32 nValue)6795 void XPE::setException_BeginAddress(qint32 nNumber, quint32 nValue)
6796 {
6797 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION+nNumber*sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY));
6798
6799 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,BeginAddress),nValue);
6800 }
6801
setException_EndAddress(qint32 nNumber,quint32 nValue)6802 void XPE::setException_EndAddress(qint32 nNumber, quint32 nValue)
6803 {
6804 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION+nNumber*sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY));
6805
6806 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,EndAddress),nValue);
6807 }
6808
setException_UnwindInfoAddress(qint32 nNumber,quint32 nValue)6809 void XPE::setException_UnwindInfoAddress(qint32 nNumber, quint32 nValue)
6810 {
6811 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION+nNumber*sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY));
6812
6813 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY,UnwindInfoAddress),nValue);
6814 }
6815
getExceptionRecordOffset(qint32 nNumber)6816 qint64 XPE::getExceptionRecordOffset(qint32 nNumber)
6817 {
6818 qint64 nResult=-1;
6819
6820 qint64 nExceptionOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION);
6821
6822 if(nExceptionOffset!=-1)
6823 {
6824 nResult=nExceptionOffset+nNumber*sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY);
6825 }
6826
6827 return nResult;
6828 }
6829
getExceptionRecordSize()6830 qint64 XPE::getExceptionRecordSize()
6831 {
6832 return sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY);
6833 }
6834
getExceptionsList()6835 QList<XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY> XPE::getExceptionsList()
6836 {
6837 _MEMORY_MAP memoryMap=getMemoryMap();
6838
6839 return getExceptionsList(&memoryMap);
6840 }
6841
getExceptionsList(XBinary::_MEMORY_MAP * pMemoryMap)6842 QList<XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY> XPE::getExceptionsList(XBinary::_MEMORY_MAP *pMemoryMap)
6843 {
6844 QList<XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY> listResult;
6845
6846 qint64 nExceptionOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION);
6847
6848 if(nExceptionOffset!=-1)
6849 {
6850 while(true)
6851 {
6852 XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY record=_read_IMAGE_RUNTIME_FUNCTION_ENTRY(nExceptionOffset);
6853
6854 if( record.BeginAddress&&
6855 record.EndAddress&&
6856 isAddressValid(pMemoryMap,pMemoryMap->nModuleAddress+record.BeginAddress)&&
6857 isAddressValid(pMemoryMap,pMemoryMap->nModuleAddress+record.EndAddress))
6858 {
6859 listResult.append(record);
6860 }
6861 else
6862 {
6863 break;
6864 }
6865
6866 nExceptionOffset+=sizeof(XPE_DEF::S_IMAGE_RUNTIME_FUNCTION_ENTRY);
6867 }
6868 }
6869
6870 return listResult;
6871 }
6872
_read_IMAGE_DEBUG_DIRECTORY(qint64 nOffset)6873 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY XPE::_read_IMAGE_DEBUG_DIRECTORY(qint64 nOffset)
6874 {
6875 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY result={};
6876
6877 result.Characteristics=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,Characteristics));
6878 result.TimeDateStamp=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,TimeDateStamp));
6879 result.MajorVersion=read_uint16(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,MajorVersion));
6880 result.MinorVersion=read_uint16(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,MinorVersion));
6881 result.Type=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,Type));
6882 result.SizeOfData=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,SizeOfData));
6883 result.AddressOfRawData=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,AddressOfRawData));
6884 result.PointerToRawData=read_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,PointerToRawData));
6885
6886 return result;
6887 }
6888
getDebugList()6889 QList<XPE_DEF::S_IMAGE_DEBUG_DIRECTORY> XPE::getDebugList()
6890 {
6891 _MEMORY_MAP memoryMap=getMemoryMap();
6892
6893 return getDebugList(&memoryMap);
6894 }
6895
getDebugList(XBinary::_MEMORY_MAP * pMemoryMap)6896 QList<XPE_DEF::S_IMAGE_DEBUG_DIRECTORY> XPE::getDebugList(XBinary::_MEMORY_MAP *pMemoryMap)
6897 {
6898 QList<XPE_DEF::S_IMAGE_DEBUG_DIRECTORY> listResult;
6899
6900 qint64 nDebugOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DEBUG);
6901
6902 if(nDebugOffset!=-1)
6903 {
6904 while(true)
6905 {
6906 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY record=_read_IMAGE_DEBUG_DIRECTORY(nDebugOffset);
6907
6908 if( record.AddressOfRawData&&
6909 record.PointerToRawData&&
6910 isAddressValid(pMemoryMap,pMemoryMap->nModuleAddress+record.AddressOfRawData)&&
6911 isOffsetValid(pMemoryMap,record.PointerToRawData))
6912 {
6913 listResult.append(record);
6914 }
6915 else
6916 {
6917 break;
6918 }
6919
6920 nDebugOffset+=sizeof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY);
6921 }
6922 }
6923
6924 return listResult;
6925 }
6926
getDebugHeaderOffset(quint32 nNumber)6927 qint64 XPE::getDebugHeaderOffset(quint32 nNumber)
6928 {
6929 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DEBUG);
6930
6931 nOffset+=sizeof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY)*nNumber;
6932
6933 return nOffset;
6934 }
6935
getDebugHeaderSize()6936 qint64 XPE::getDebugHeaderSize()
6937 {
6938 return sizeof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY);
6939 }
6940
getDebugHeader(quint32 nNumber)6941 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY XPE::getDebugHeader(quint32 nNumber)
6942 {
6943 XPE_DEF::S_IMAGE_DEBUG_DIRECTORY result={};
6944
6945 // TODO Check number of headers
6946
6947 qint64 nDebugOffset=getDebugHeaderOffset(nNumber);
6948
6949 result=_read_IMAGE_DEBUG_DIRECTORY(nDebugOffset);
6950
6951 return result;
6952 }
6953
setDebugHeader_Characteristics(quint32 nNumber,quint32 nValue)6954 void XPE::setDebugHeader_Characteristics(quint32 nNumber, quint32 nValue)
6955 {
6956 qint64 nOffset=getDebugHeaderOffset(nNumber);
6957
6958 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,Characteristics),nValue);
6959 }
6960
setDebugHeader_TimeDateStamp(quint32 nNumber,quint32 nValue)6961 void XPE::setDebugHeader_TimeDateStamp(quint32 nNumber, quint32 nValue)
6962 {
6963 qint64 nOffset=getDebugHeaderOffset(nNumber);
6964
6965 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,TimeDateStamp),nValue);
6966 }
6967
setDebugHeader_MajorVersion(quint32 nNumber,quint16 nValue)6968 void XPE::setDebugHeader_MajorVersion(quint32 nNumber, quint16 nValue)
6969 {
6970 qint64 nOffset=getDebugHeaderOffset(nNumber);
6971
6972 write_uint16(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,MajorVersion),nValue);
6973 }
6974
setDebugHeader_MinorVersion(quint32 nNumber,quint16 nValue)6975 void XPE::setDebugHeader_MinorVersion(quint32 nNumber, quint16 nValue)
6976 {
6977 qint64 nOffset=getDebugHeaderOffset(nNumber);
6978
6979 write_uint16(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,MinorVersion),nValue);
6980 }
6981
setDebugHeader_Type(quint32 nNumber,quint32 nValue)6982 void XPE::setDebugHeader_Type(quint32 nNumber, quint32 nValue)
6983 {
6984 qint64 nOffset=getDebugHeaderOffset(nNumber);
6985
6986 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,Type),nValue);
6987 }
6988
setDebugHeader_SizeOfData(quint32 nNumber,quint32 nValue)6989 void XPE::setDebugHeader_SizeOfData(quint32 nNumber, quint32 nValue)
6990 {
6991 qint64 nOffset=getDebugHeaderOffset(nNumber);
6992
6993 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,SizeOfData),nValue);
6994 }
6995
setDebugHeader_AddressOfRawData(quint32 nNumber,quint32 nValue)6996 void XPE::setDebugHeader_AddressOfRawData(quint32 nNumber, quint32 nValue)
6997 {
6998 qint64 nOffset=getDebugHeaderOffset(nNumber);
6999
7000 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,AddressOfRawData),nValue);
7001 }
7002
setDebugHeader_PointerToRawData(quint32 nNumber,quint32 nValue)7003 void XPE::setDebugHeader_PointerToRawData(quint32 nNumber, quint32 nValue)
7004 {
7005 qint64 nOffset=getDebugHeaderOffset(nNumber);
7006
7007 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DEBUG_DIRECTORY,PointerToRawData),nValue);
7008 }
7009
getDelayImportRecordOffset(qint32 nNumber)7010 qint64 XPE::getDelayImportRecordOffset(qint32 nNumber)
7011 {
7012 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT);
7013
7014 nOffset+=sizeof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR)*nNumber;
7015
7016 return nOffset;
7017 }
7018
getDelayImportRecordSize()7019 qint64 XPE::getDelayImportRecordSize()
7020 {
7021 return sizeof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR);
7022 }
7023
getDelayImportsList()7024 QList<XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR> XPE::getDelayImportsList()
7025 {
7026 _MEMORY_MAP memoryMap=getMemoryMap();
7027
7028 return getDelayImportsList(&memoryMap);
7029 }
7030
getDelayImportsList(XBinary::_MEMORY_MAP * pMemoryMap)7031 QList<XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR> XPE::getDelayImportsList(XBinary::_MEMORY_MAP *pMemoryMap)
7032 {
7033 QList<XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR> listResult;
7034
7035 qint64 nDelayImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT);
7036
7037 if(nDelayImportOffset!=-1)
7038 {
7039 while(true)
7040 {
7041 XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR record=_read_IMAGE_DELAYLOAD_DESCRIPTOR(nDelayImportOffset);
7042
7043 if( record.DllNameRVA&&
7044 isAddressValid(pMemoryMap,pMemoryMap->nModuleAddress+record.DllNameRVA))
7045 {
7046 listResult.append(record);
7047 }
7048 else
7049 {
7050 break;
7051 }
7052
7053 nDelayImportOffset+=sizeof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR);
7054 }
7055 }
7056
7057 return listResult;
7058 }
7059
setDelayImport_AllAttributes(quint32 nNumber,quint32 nValue)7060 void XPE::setDelayImport_AllAttributes(quint32 nNumber, quint32 nValue)
7061 {
7062 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7063
7064 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,AllAttributes),nValue);
7065 }
7066
setDelayImport_DllNameRVA(quint32 nNumber,quint32 nValue)7067 void XPE::setDelayImport_DllNameRVA(quint32 nNumber, quint32 nValue)
7068 {
7069 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7070
7071 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,DllNameRVA),nValue);
7072 }
7073
setDelayImport_ModuleHandleRVA(quint32 nNumber,quint32 nValue)7074 void XPE::setDelayImport_ModuleHandleRVA(quint32 nNumber, quint32 nValue)
7075 {
7076 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7077
7078 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ModuleHandleRVA),nValue);
7079 }
7080
setDelayImport_ImportAddressTableRVA(quint32 nNumber,quint32 nValue)7081 void XPE::setDelayImport_ImportAddressTableRVA(quint32 nNumber, quint32 nValue)
7082 {
7083 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7084
7085 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ImportAddressTableRVA),nValue);
7086 }
7087
setDelayImport_ImportNameTableRVA(quint32 nNumber,quint32 nValue)7088 void XPE::setDelayImport_ImportNameTableRVA(quint32 nNumber, quint32 nValue)
7089 {
7090 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7091
7092 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,ImportNameTableRVA),nValue);
7093 }
7094
setDelayImport_BoundImportAddressTableRVA(quint32 nNumber,quint32 nValue)7095 void XPE::setDelayImport_BoundImportAddressTableRVA(quint32 nNumber, quint32 nValue)
7096 {
7097 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7098
7099 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,BoundImportAddressTableRVA),nValue);
7100 }
7101
setDelayImport_UnloadInformationTableRVA(quint32 nNumber,quint32 nValue)7102 void XPE::setDelayImport_UnloadInformationTableRVA(quint32 nNumber, quint32 nValue)
7103 {
7104 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7105
7106 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,UnloadInformationTableRVA),nValue);
7107 }
7108
setDelayImport_TimeDateStamp(quint32 nNumber,quint32 nValue)7109 void XPE::setDelayImport_TimeDateStamp(quint32 nNumber, quint32 nValue)
7110 {
7111 qint64 nOffset=getDelayImportRecordOffset(nNumber);
7112
7113 write_uint32(nOffset+offsetof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR,TimeDateStamp),nValue);
7114 }
7115
getDelayImportPositions(int nIndex)7116 QList<XPE::DELAYIMPORT_POSITION> XPE::getDelayImportPositions(int nIndex)
7117 {
7118 _MEMORY_MAP memoryMap=getMemoryMap();
7119
7120 return getDelayImportPositions(&memoryMap,nIndex);
7121 }
7122
getDelayImportPositions(XBinary::_MEMORY_MAP * pMemoryMap,int nIndex)7123 QList<XPE::DELAYIMPORT_POSITION> XPE::getDelayImportPositions(XBinary::_MEMORY_MAP *pMemoryMap, int nIndex)
7124 {
7125 QList<DELAYIMPORT_POSITION> listResult;
7126
7127 qint64 nDelayImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT);
7128
7129 if(nDelayImportOffset!=-1)
7130 {
7131 nDelayImportOffset+=sizeof(XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR)*nIndex;
7132
7133 XPE_DEF::S_IMAGE_DELAYLOAD_DESCRIPTOR idd=_read_IMAGE_DELAYLOAD_DESCRIPTOR(nDelayImportOffset);
7134
7135 qint64 nNameThunksRVA=idd.ImportNameTableRVA;
7136 qint64 nAddressThunksRVA=idd.ImportAddressTableRVA;
7137 qint64 nBoundThunksRVA=idd.BoundImportAddressTableRVA;
7138
7139 qint64 nNameThunksOffset=XBinary::relAddressToOffset(pMemoryMap,nNameThunksRVA);
7140 qint64 nAddressThunksOffset=XBinary::relAddressToOffset(pMemoryMap,nAddressThunksRVA);
7141 qint64 nBoundThunksOffset=XBinary::relAddressToOffset(pMemoryMap,nBoundThunksRVA);
7142
7143 bool bIs64=is64(pMemoryMap);
7144
7145 while(true)
7146 {
7147 DELAYIMPORT_POSITION importPosition={};
7148 importPosition.nNameThunkOffset=nNameThunksOffset;
7149 importPosition.nNameThunkRVA=nNameThunksRVA;
7150 importPosition.nAddressThunkOffset=nNameThunksOffset;
7151 importPosition.nAddressThunkRVA=nAddressThunksOffset;
7152 importPosition.nBoundThunkOffset=nBoundThunksOffset;
7153 importPosition.nBoundThunkRVA=nBoundThunksRVA;
7154
7155 if(bIs64)
7156 {
7157 importPosition.nNameThunkValue=read_uint64(nNameThunksOffset);
7158 importPosition.nAddressThunkValue=read_uint64(nAddressThunksOffset);
7159 importPosition.nBoundThunkValue=read_uint64(nBoundThunksOffset);
7160
7161 if(importPosition.nNameThunkValue==0)
7162 {
7163 break;
7164 }
7165
7166 // mb TODO check importPosition.nAddressThunkValue
7167
7168 if(!(importPosition.nNameThunkValue&0x8000000000000000))
7169 {
7170 qint64 nOffset=addressToOffset(pMemoryMap,importPosition.nNameThunkValue+pMemoryMap->nModuleAddress);
7171
7172 if(nOffset!=-1)
7173 {
7174 importPosition.nHint=read_uint16(nOffset);
7175 importPosition.sName=read_ansiString(nOffset+2);
7176
7177 if(importPosition.sName=="")
7178 {
7179 break;
7180 }
7181 }
7182 else
7183 {
7184 break;
7185 }
7186 }
7187 else
7188 {
7189 importPosition.nOrdinal=importPosition.nNameThunkValue&0x7FFFFFFFFFFFFFFF;
7190 }
7191 }
7192 else
7193 {
7194 importPosition.nNameThunkValue=read_uint32(nNameThunksOffset);
7195 importPosition.nAddressThunkValue=read_uint32(nAddressThunksOffset);
7196 importPosition.nBoundThunkValue=read_uint32(nBoundThunksOffset);
7197
7198 if(importPosition.nNameThunkValue==0)
7199 {
7200 break;
7201 }
7202
7203 if(!(importPosition.nNameThunkValue&0x80000000))
7204 {
7205 qint64 nOffset=addressToOffset(pMemoryMap,importPosition.nNameThunkValue+pMemoryMap->nModuleAddress);
7206
7207 if(nOffset!=-1)
7208 {
7209 importPosition.nHint=read_uint16(nOffset);
7210 importPosition.sName=read_ansiString(nOffset+2);
7211
7212 if(importPosition.sName=="")
7213 {
7214 break;
7215 }
7216 }
7217 else
7218 {
7219 break;
7220 }
7221 }
7222 else
7223 {
7224 importPosition.nOrdinal=importPosition.nNameThunkValue&0x7FFFFFFF;
7225 }
7226 }
7227
7228 if(importPosition.nOrdinal==0)
7229 {
7230 importPosition.sFunction=importPosition.sName;
7231 }
7232 else
7233 {
7234 importPosition.sFunction=QString("%1").arg(importPosition.nOrdinal);
7235 }
7236
7237 if(bIs64)
7238 {
7239 nNameThunksRVA+=8;
7240 nNameThunksOffset+=8;
7241 nAddressThunksRVA+=8;
7242 nAddressThunksOffset+=8;
7243 nBoundThunksRVA+=8;
7244 nBoundThunksOffset+=8;
7245 }
7246 else
7247 {
7248 nNameThunksRVA+=4;
7249 nNameThunksOffset+=4;
7250 nAddressThunksRVA+=4;
7251 nAddressThunksOffset+=4;
7252 nBoundThunksRVA+=4;
7253 nBoundThunksOffset+=4;
7254 }
7255
7256 listResult.append(importPosition);
7257 }
7258 }
7259
7260 return listResult;
7261 }
7262
getBoundImportPositions()7263 QList<XPE::BOUND_IMPORT_POSITION> XPE::getBoundImportPositions()
7264 {
7265 _MEMORY_MAP memoryMap=getMemoryMap();
7266
7267 return getBoundImportPositions(&memoryMap);
7268 }
7269
getBoundImportPositions(XBinary::_MEMORY_MAP * pMemoryMap)7270 QList<XPE::BOUND_IMPORT_POSITION> XPE::getBoundImportPositions(XBinary::_MEMORY_MAP *pMemoryMap)
7271 {
7272 Q_UNUSED(pMemoryMap)
7273
7274 QList<BOUND_IMPORT_POSITION> listResult;
7275
7276 qint64 nBoundImportOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT);
7277
7278 if(nBoundImportOffset!=-1)
7279 {
7280 qint64 nOffset=nBoundImportOffset;
7281
7282 while(true)
7283 {
7284 BOUND_IMPORT_POSITION record={};
7285
7286 record.descriptor=_read_IMAGE_BOUND_IMPORT_DESCRIPTOR(nOffset);
7287
7288 if((record.descriptor.TimeDateStamp)&&(record.descriptor.OffsetModuleName))
7289 {
7290 record.sName=read_ansiString(nBoundImportOffset+record.descriptor.OffsetModuleName);
7291
7292 listResult.append(record);
7293 }
7294 else
7295 {
7296 break;
7297 }
7298
7299 nOffset+=sizeof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR);
7300 }
7301 }
7302
7303 return listResult;
7304 }
7305
_read_IMAGE_BOUND_IMPORT_DESCRIPTOR(qint64 nOffset)7306 XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR XPE::_read_IMAGE_BOUND_IMPORT_DESCRIPTOR(qint64 nOffset)
7307 {
7308 XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR result={};
7309
7310 result.TimeDateStamp=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,TimeDateStamp));
7311 result.OffsetModuleName=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,OffsetModuleName));
7312 result.NumberOfModuleForwarderRefs=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,NumberOfModuleForwarderRefs));
7313
7314 return result;
7315 }
7316
getBoundImportRecordOffset(qint32 nNumber)7317 qint64 XPE::getBoundImportRecordOffset(qint32 nNumber)
7318 {
7319 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT);
7320
7321 nOffset+=sizeof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR)*nNumber;
7322
7323 return nOffset;
7324 }
7325
getBoundImportRecordSize()7326 qint64 XPE::getBoundImportRecordSize()
7327 {
7328 return sizeof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR);
7329 }
7330
setBoundImport_TimeDateStamp(quint32 nNumber,quint32 nValue)7331 void XPE::setBoundImport_TimeDateStamp(quint32 nNumber, quint32 nValue)
7332 {
7333 qint64 nOffset=getBoundImportRecordOffset(nNumber);
7334
7335 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,TimeDateStamp),nValue);
7336 }
7337
setBoundImport_OffsetModuleName(quint32 nNumber,quint16 nValue)7338 void XPE::setBoundImport_OffsetModuleName(quint32 nNumber, quint16 nValue)
7339 {
7340 qint64 nOffset=getBoundImportRecordOffset(nNumber);
7341
7342 write_uint16(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,OffsetModuleName),nValue);
7343 }
7344
setBoundImport_NumberOfModuleForwarderRefs(quint32 nNumber,quint16 nValue)7345 void XPE::setBoundImport_NumberOfModuleForwarderRefs(quint32 nNumber, quint16 nValue)
7346 {
7347 qint64 nOffset=getBoundImportRecordOffset(nNumber);
7348
7349 write_uint16(nOffset+offsetof(XPE_DEF::IMAGE_BOUND_IMPORT_DESCRIPTOR,NumberOfModuleForwarderRefs),nValue);
7350 }
7351
getNumberOfImports()7352 qint32 XPE::getNumberOfImports()
7353 {
7354 QList<XPE_DEF::IMAGE_IMPORT_DESCRIPTOR> listImports=getImportDescriptors();
7355
7356 return listImports.count();
7357 }
7358
getImportLibraryName(quint32 nNumber)7359 QString XPE::getImportLibraryName(quint32 nNumber)
7360 {
7361 QString sResult;
7362
7363 QList<IMAGE_IMPORT_DESCRIPTOR_EX> listImports=getImportDescriptorsEx(); // TODO Check
7364
7365 if(nNumber<(quint32)listImports.count())
7366 {
7367 sResult=listImports.at(nNumber).sLibrary;
7368 }
7369
7370 return sResult;
7371 }
7372
getImportLibraryName(quint32 nNumber,QList<XPE::IMPORT_HEADER> * pListImport)7373 QString XPE::getImportLibraryName(quint32 nNumber, QList<XPE::IMPORT_HEADER> *pListImport)
7374 {
7375 QString sResult;
7376
7377 if((qint32)nNumber<pListImport->count())
7378 {
7379 sResult=pListImport->at(nNumber).sName;
7380 }
7381
7382 return sResult;
7383 }
7384
getNumberOfImportThunks(quint32 nNumber)7385 qint32 XPE::getNumberOfImportThunks(quint32 nNumber)
7386 {
7387 QList<IMPORT_HEADER> listImportHeaders=getImports();
7388
7389 return getNumberOfImportThunks(nNumber,&listImportHeaders);
7390 }
7391
getNumberOfImportThunks(quint32 nNumber,QList<XPE::IMPORT_HEADER> * pListImport)7392 qint32 XPE::getNumberOfImportThunks(quint32 nNumber, QList<XPE::IMPORT_HEADER> *pListImport)
7393 {
7394 qint32 nResult=0;
7395
7396 if(nNumber<(quint32)pListImport->count())
7397 {
7398 nResult=pListImport->at(nNumber).listPositions.count();
7399 }
7400
7401 return nResult;
7402 }
7403
getNetHeaderOffset()7404 qint64 XPE::getNetHeaderOffset()
7405 {
7406 return getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7407 }
7408
getNetHeaderSize()7409 qint64 XPE::getNetHeaderSize()
7410 {
7411 qint64 nResult=0;
7412
7413 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7414
7415 if(nOffset!=-1)
7416 {
7417 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,cb));
7418 }
7419
7420 return nResult;
7421 }
7422
_read_IMAGE_COR20_HEADER(qint64 nOffset)7423 XPE_DEF::IMAGE_COR20_HEADER XPE::_read_IMAGE_COR20_HEADER(qint64 nOffset)
7424 {
7425 XPE_DEF::IMAGE_COR20_HEADER result={};
7426
7427 result.cb=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,cb));
7428 result.MajorRuntimeVersion=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MajorRuntimeVersion));
7429 result.MinorRuntimeVersion=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MinorRuntimeVersion));
7430 result.MetaData=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MetaData));
7431 result.Flags=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Flags));
7432 result.EntryPointRVA=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,EntryPointRVA));
7433 result.Resources=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Resources));
7434 result.StrongNameSignature=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,StrongNameSignature));
7435 result.CodeManagerTable=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,CodeManagerTable));
7436 result.VTableFixups=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,VTableFixups));
7437 result.ExportAddressTableJumps=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ExportAddressTableJumps));
7438 result.ManagedNativeHeader=read_IMAGE_DATA_DIRECTORY(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ManagedNativeHeader));
7439
7440 return result;
7441 }
7442
getNetHeader()7443 XPE_DEF::IMAGE_COR20_HEADER XPE::getNetHeader()
7444 {
7445 XPE_DEF::IMAGE_COR20_HEADER result={};
7446
7447 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7448
7449 if(nOffset!=-1)
7450 {
7451 result=_read_IMAGE_COR20_HEADER(nOffset);
7452 }
7453
7454 return result;
7455 }
7456
getNetHeader_cb()7457 quint32 XPE::getNetHeader_cb()
7458 {
7459 quint32 nResult=0;
7460
7461 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7462
7463 if(nOffset!=-1)
7464 {
7465 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,cb));
7466 }
7467
7468 return nResult;
7469 }
7470
getNetHeader_MajorRuntimeVersion()7471 quint16 XPE::getNetHeader_MajorRuntimeVersion()
7472 {
7473 quint16 nResult=0;
7474
7475 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7476
7477 if(nOffset!=-1)
7478 {
7479 nResult=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MajorRuntimeVersion));
7480 }
7481
7482 return nResult;
7483 }
7484
getNetHeader_MinorRuntimeVersion()7485 quint16 XPE::getNetHeader_MinorRuntimeVersion()
7486 {
7487 quint16 nResult=0;
7488
7489 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7490
7491 if(nOffset!=-1)
7492 {
7493 nResult=read_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MinorRuntimeVersion));
7494 }
7495
7496 return nResult;
7497 }
7498
getNetHeader_MetaData_Address()7499 quint32 XPE::getNetHeader_MetaData_Address()
7500 {
7501 quint32 nResult=0;
7502
7503 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7504
7505 if(nOffset!=-1)
7506 {
7507 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MetaData.VirtualAddress));
7508 }
7509
7510 return nResult;
7511 }
7512
getNetHeader_MetaData_Size()7513 quint32 XPE::getNetHeader_MetaData_Size()
7514 {
7515 quint32 nResult=0;
7516
7517 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7518
7519 if(nOffset!=-1)
7520 {
7521 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MetaData.Size));
7522 }
7523
7524 return nResult;
7525 }
7526
getNetHeader_Flags()7527 quint32 XPE::getNetHeader_Flags()
7528 {
7529 quint32 nResult=0;
7530
7531 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7532
7533 if(nOffset!=-1)
7534 {
7535 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Flags));
7536 }
7537
7538 return nResult;
7539 }
7540
getNetHeader_EntryPoint()7541 quint32 XPE::getNetHeader_EntryPoint()
7542 {
7543 quint32 nResult=0;
7544
7545 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7546
7547 if(nOffset!=-1)
7548 {
7549 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,EntryPointRVA));
7550 }
7551
7552 return nResult;
7553 }
7554
getNetHeader_Resources_Address()7555 quint32 XPE::getNetHeader_Resources_Address()
7556 {
7557 quint32 nResult=0;
7558
7559 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7560
7561 if(nOffset!=-1)
7562 {
7563 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Resources.VirtualAddress));
7564 }
7565
7566 return nResult;
7567 }
7568
getNetHeader_Resources_Size()7569 quint32 XPE::getNetHeader_Resources_Size()
7570 {
7571 quint32 nResult=0;
7572
7573 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7574
7575 if(nOffset!=-1)
7576 {
7577 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Resources.Size));
7578 }
7579
7580 return nResult;
7581 }
7582
getNetHeader_StrongNameSignature_Address()7583 quint32 XPE::getNetHeader_StrongNameSignature_Address()
7584 {
7585 quint32 nResult=0;
7586
7587 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7588
7589 if(nOffset!=-1)
7590 {
7591 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,StrongNameSignature.VirtualAddress));
7592 }
7593
7594 return nResult;
7595 }
7596
getNetHeader_StrongNameSignature_Size()7597 quint32 XPE::getNetHeader_StrongNameSignature_Size()
7598 {
7599 quint32 nResult=0;
7600
7601 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7602
7603 if(nOffset!=-1)
7604 {
7605 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,StrongNameSignature.Size));
7606 }
7607
7608 return nResult;
7609 }
7610
getNetHeader_CodeManagerTable_Address()7611 quint32 XPE::getNetHeader_CodeManagerTable_Address()
7612 {
7613 quint32 nResult=0;
7614
7615 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7616
7617 if(nOffset!=-1)
7618 {
7619 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,CodeManagerTable.VirtualAddress));
7620 }
7621
7622 return nResult;
7623 }
7624
getNetHeader_CodeManagerTable_Size()7625 quint32 XPE::getNetHeader_CodeManagerTable_Size()
7626 {
7627 quint32 nResult=0;
7628
7629 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7630
7631 if(nOffset!=-1)
7632 {
7633 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,CodeManagerTable.Size));
7634 }
7635
7636 return nResult;
7637 }
7638
getNetHeader_VTableFixups_Address()7639 quint32 XPE::getNetHeader_VTableFixups_Address()
7640 {
7641 quint32 nResult=0;
7642
7643 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7644
7645 if(nOffset!=-1)
7646 {
7647 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,VTableFixups.VirtualAddress));
7648 }
7649
7650 return nResult;
7651 }
7652
getNetHeader_VTableFixups_Size()7653 quint32 XPE::getNetHeader_VTableFixups_Size()
7654 {
7655 quint32 nResult=0;
7656
7657 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7658
7659 if(nOffset!=-1)
7660 {
7661 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,VTableFixups.Size));
7662 }
7663
7664 return nResult;
7665 }
7666
getNetHeader_ExportAddressTableJumps_Address()7667 quint32 XPE::getNetHeader_ExportAddressTableJumps_Address()
7668 {
7669 quint32 nResult=0;
7670
7671 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7672
7673 if(nOffset!=-1)
7674 {
7675 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ExportAddressTableJumps.VirtualAddress));
7676 }
7677
7678 return nResult;
7679 }
7680
getNetHeader_ExportAddressTableJumps_Size()7681 quint32 XPE::getNetHeader_ExportAddressTableJumps_Size()
7682 {
7683 quint32 nResult=0;
7684
7685 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7686
7687 if(nOffset!=-1)
7688 {
7689 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ExportAddressTableJumps.Size));
7690 }
7691
7692 return nResult;
7693 }
7694
getNetHeader_ManagedNativeHeader_Address()7695 quint32 XPE::getNetHeader_ManagedNativeHeader_Address()
7696 {
7697 quint32 nResult=0;
7698
7699 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7700
7701 if(nOffset!=-1)
7702 {
7703 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ManagedNativeHeader.VirtualAddress));
7704 }
7705
7706 return nResult;
7707 }
7708
getNetHeader_ManagedNativeHeader_Size()7709 quint32 XPE::getNetHeader_ManagedNativeHeader_Size()
7710 {
7711 quint32 nResult=0;
7712
7713 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7714
7715 if(nOffset!=-1)
7716 {
7717 nResult=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ManagedNativeHeader.Size));
7718 }
7719
7720 return nResult;
7721 }
7722
setNetHeader_cb(quint32 nValue)7723 void XPE::setNetHeader_cb(quint32 nValue)
7724 {
7725 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7726
7727 if(nOffset!=-1)
7728 {
7729 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,cb),nValue);
7730 }
7731 }
7732
setNetHeader_MajorRuntimeVersion(quint16 nValue)7733 void XPE::setNetHeader_MajorRuntimeVersion(quint16 nValue)
7734 {
7735 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7736
7737 if(nOffset!=-1)
7738 {
7739 write_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MajorRuntimeVersion),nValue);
7740 }
7741 }
7742
setNetHeader_MinorRuntimeVersion(quint16 nValue)7743 void XPE::setNetHeader_MinorRuntimeVersion(quint16 nValue)
7744 {
7745 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7746
7747 if(nOffset!=-1)
7748 {
7749 write_uint16(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MinorRuntimeVersion),nValue);
7750 }
7751 }
7752
setNetHeader_MetaData_Address(quint32 nValue)7753 void XPE::setNetHeader_MetaData_Address(quint32 nValue)
7754 {
7755 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7756
7757 if(nOffset!=-1)
7758 {
7759 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MetaData.VirtualAddress),nValue);
7760 }
7761 }
7762
setNetHeader_MetaData_Size(quint32 nValue)7763 void XPE::setNetHeader_MetaData_Size(quint32 nValue)
7764 {
7765 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7766
7767 if(nOffset!=-1)
7768 {
7769 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,MetaData.Size),nValue);
7770 }
7771 }
7772
setNetHeader_Flags(quint32 nValue)7773 void XPE::setNetHeader_Flags(quint32 nValue)
7774 {
7775 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7776
7777 if(nOffset!=-1)
7778 {
7779 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Flags),nValue);
7780 }
7781 }
7782
setNetHeader_EntryPoint(quint32 nValue)7783 void XPE::setNetHeader_EntryPoint(quint32 nValue)
7784 {
7785 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7786
7787 if(nOffset!=-1)
7788 {
7789 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,EntryPointRVA),nValue);
7790 }
7791 }
7792
setNetHeader_Resources_Address(quint32 nValue)7793 void XPE::setNetHeader_Resources_Address(quint32 nValue)
7794 {
7795 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7796
7797 if(nOffset!=-1)
7798 {
7799 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Resources.VirtualAddress),nValue);
7800 }
7801 }
7802
setNetHeader_Resources_Size(quint32 nValue)7803 void XPE::setNetHeader_Resources_Size(quint32 nValue)
7804 {
7805 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7806
7807 if(nOffset!=-1)
7808 {
7809 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,Resources.Size),nValue);
7810 }
7811 }
7812
setNetHeader_StrongNameSignature_Address(quint32 nValue)7813 void XPE::setNetHeader_StrongNameSignature_Address(quint32 nValue)
7814 {
7815 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7816
7817 if(nOffset!=-1)
7818 {
7819 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,StrongNameSignature.VirtualAddress),nValue);
7820 }
7821 }
7822
setNetHeader_StrongNameSignature_Size(quint32 nValue)7823 void XPE::setNetHeader_StrongNameSignature_Size(quint32 nValue)
7824 {
7825 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7826
7827 if(nOffset!=-1)
7828 {
7829 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,StrongNameSignature.Size),nValue);
7830 }
7831 }
7832
setNetHeader_CodeManagerTable_Address(quint32 nValue)7833 void XPE::setNetHeader_CodeManagerTable_Address(quint32 nValue)
7834 {
7835 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7836
7837 if(nOffset!=-1)
7838 {
7839 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,CodeManagerTable.VirtualAddress),nValue);
7840 }
7841 }
7842
setNetHeader_CodeManagerTable_Size(quint32 nValue)7843 void XPE::setNetHeader_CodeManagerTable_Size(quint32 nValue)
7844 {
7845 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7846
7847 if(nOffset!=-1)
7848 {
7849 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,CodeManagerTable.Size),nValue);
7850 }
7851 }
7852
setNetHeader_VTableFixups_Address(quint32 nValue)7853 void XPE::setNetHeader_VTableFixups_Address(quint32 nValue)
7854 {
7855 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7856
7857 if(nOffset!=-1)
7858 {
7859 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,VTableFixups.VirtualAddress),nValue);
7860 }
7861 }
7862
setNetHeader_VTableFixups_Size(quint32 nValue)7863 void XPE::setNetHeader_VTableFixups_Size(quint32 nValue)
7864 {
7865 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7866
7867 if(nOffset!=-1)
7868 {
7869 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,VTableFixups.Size),nValue);
7870 }
7871 }
7872
setNetHeader_ExportAddressTableJumps_Address(quint32 nValue)7873 void XPE::setNetHeader_ExportAddressTableJumps_Address(quint32 nValue)
7874 {
7875 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7876
7877 if(nOffset!=-1)
7878 {
7879 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ExportAddressTableJumps.VirtualAddress),nValue);
7880 }
7881 }
7882
setNetHeader_ExportAddressTableJumps_Size(quint32 nValue)7883 void XPE::setNetHeader_ExportAddressTableJumps_Size(quint32 nValue)
7884 {
7885 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7886
7887 if(nOffset!=-1)
7888 {
7889 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ExportAddressTableJumps.Size),nValue);
7890 }
7891 }
7892
setNetHeader_ManagedNativeHeader_Address(quint32 nValue)7893 void XPE::setNetHeader_ManagedNativeHeader_Address(quint32 nValue)
7894 {
7895 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7896
7897 if(nOffset!=-1)
7898 {
7899 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ManagedNativeHeader.VirtualAddress),nValue);
7900 }
7901 }
7902
setNetHeader_ManagedNativeHeader_Size(quint32 nValue)7903 void XPE::setNetHeader_ManagedNativeHeader_Size(quint32 nValue)
7904 {
7905 qint64 nOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
7906
7907 if(nOffset!=-1)
7908 {
7909 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_COR20_HEADER,ManagedNativeHeader.Size),nValue);
7910 }
7911 }
7912
getSymbolRecords(XBinary::_MEMORY_MAP * pMemoryMap,SYMBOL_TYPE symbolType)7913 QList<XBinary::SYMBOL_RECORD> XPE::getSymbolRecords(XBinary::_MEMORY_MAP *pMemoryMap,SYMBOL_TYPE symbolType)
7914 {
7915 // TODO Import
7916 QList<SYMBOL_RECORD> listResult;
7917
7918 qint64 nModuleAddress=getModuleAddress();
7919
7920 if(symbolType&SYMBOL_TYPE_EXPORT)
7921 {
7922 EXPORT_HEADER exportHeader=getExport(pMemoryMap,false);
7923
7924 int nNumberOfPositions=exportHeader.listPositions.count();
7925
7926 for(int i=0;i<nNumberOfPositions;i++)
7927 {
7928 SYMBOL_RECORD record={};
7929
7930 record.symbolType=SYMBOL_TYPE_EXPORT;
7931 record.nAddress=exportHeader.listPositions.at(i).nAddress;
7932 record.nSize=0; // Check
7933 record.nModuleAddress=nModuleAddress;
7934 record.nOrdinal=exportHeader.listPositions.at(i).nOrdinal;
7935 record.sName=exportHeader.listPositions.at(i).sFunctionName;
7936 record.sFunction=record.sName;
7937
7938 listResult.append(record);
7939 }
7940 }
7941
7942 if(symbolType&SYMBOL_TYPE_IMPORT)
7943 {
7944 QList<XPE::IMPORT_HEADER> importHeaders=getImports(pMemoryMap);
7945
7946 int nNumberOfRecords=importHeaders.count();
7947
7948 for(int i=0;i<nNumberOfRecords;i++)
7949 {
7950 QString sName=importHeaders.at(i).sName.toUpper();
7951
7952 int nNumberOfPositions=importHeaders.at(i).listPositions.count();
7953
7954 for(int j=0;i<nNumberOfPositions;j++)
7955 {
7956 SYMBOL_RECORD record={};
7957
7958 record.symbolType=SYMBOL_TYPE_IMPORT;
7959 record.nAddress=importHeaders.at(i).listPositions.at(j).nThunkValue;
7960 record.nSize=0; // TODO 4/8
7961 record.nModuleAddress=nModuleAddress;
7962 record.nOrdinal=importHeaders.at(i).listPositions.at(j).nOrdinal;
7963 record.sName=importHeaders.at(i).listPositions.at(j).sName;
7964 record.sFunction=QString("%1#%2").arg(sName,importHeaders.at(i).listPositions.at(j).sFunction);
7965
7966 listResult.append(record);
7967 }
7968 }
7969 }
7970
7971 return listResult;
7972 }
7973
read_WIN_CERT_RECORD(qint64 nOffset)7974 XPE_DEF::WIN_CERT_RECORD XPE::read_WIN_CERT_RECORD(qint64 nOffset)
7975 {
7976 XPE_DEF::WIN_CERT_RECORD result={};
7977
7978 result.dwLength=read_uint32(nOffset+offsetof(XPE_DEF::WIN_CERT_RECORD,dwLength));
7979 result.wRevision=read_uint16(nOffset+offsetof(XPE_DEF::WIN_CERT_RECORD,wRevision));
7980 result.wCertificateType=read_uint16(nOffset+offsetof(XPE_DEF::WIN_CERT_RECORD,wCertificateType));
7981
7982 return result;
7983 }
7984
getCertList()7985 QList<XPE::CERT> XPE::getCertList()
7986 {
7987 XPE_DEF::IMAGE_DATA_DIRECTORY dd=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_SECURITY);
7988
7989 return getCertList(dd.VirtualAddress,dd.Size);
7990 }
7991
getCertList(qint64 nOffset,qint64 nSize)7992 QList<XPE::CERT> XPE::getCertList(qint64 nOffset, qint64 nSize)
7993 {
7994 QList<CERT> listResult;
7995
7996 while(nSize>0)
7997 {
7998 CERT record={};
7999 record.nOffset=nOffset;
8000 record.record=read_WIN_CERT_RECORD(nOffset);
8001
8002 if(record.record.dwLength>nSize)
8003 {
8004 break;
8005 }
8006
8007 if(record.record.wRevision!=0x0200)
8008 {
8009 break;
8010 }
8011
8012 qint64 _nOffset=nOffset+sizeof(XPE_DEF::WIN_CERT_RECORD);
8013 qint64 _nSize=nSize-sizeof(XPE_DEF::WIN_CERT_RECORD);
8014
8015 record.bIsValid=true;
8016
8017 getCertRecord(&record,_nOffset,_nSize,&(record.certRecord));
8018
8019 // TODO Check function
8020
8021 // while(_nSize>0)
8022 // {
8023 // CERT_TAG certTag=read_CertTag(_nOffset,0);
8024
8025 // if((!certTag.bValid)||(certTag.nSize>_nSize))
8026 // {
8027 // break;
8028 // }
8029
8030 // _nOffset+=certTag.nHeaderSize;
8031 // _nSize-=certTag.nHeaderSize;
8032
8033 // #ifdef QT_DEBUG
8034 // qDebug("TAG: %x",certTag.nTag);
8035 // qDebug("Size: %d",certTag.nSize);
8036 // qDebug("_Size: %d",_nSize);
8037 // #endif
8038
8039 // if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_OID)
8040 // {
8041 // QString sOID=read_ASN_OIDString(certTag.nOffset+certTag.nHeaderSize,certTag.nSize);
8042 // #ifdef QT_DEBUG
8043 // qDebug("OID %s",sOID.toLatin1().data());
8044 // #endif
8045 // _nOffset+=certTag.nSize;
8046 // _nSize-=certTag.nSize;
8047 // }
8048 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_INTEGER)
8049 // {
8050 // qint64 nVersion=read_ASN_Integer(certTag.nOffset+certTag.nHeaderSize,certTag.nSize);
8051 // #ifdef QT_DEBUG
8052 // qDebug("INTEGER %d",nVersion);
8053 // #endif
8054 // _nOffset+=certTag.nSize;
8055 // _nSize-=certTag.nSize;
8056 // }
8057 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_BIT_STRING)
8058 // {
8059 // #ifdef QT_DEBUG
8060 // qDebug("BIT_STRING TODO");
8061 // #endif
8062 // _nOffset+=certTag.nSize;
8063 // _nSize-=certTag.nSize;
8064 // }
8065 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_OCTET_STRING)
8066 // {
8067 // #ifdef QT_DEBUG
8068 // qDebug("OCTET_STRING TODO");
8069 // #endif
8070 // _nOffset+=certTag.nSize;
8071 // _nSize-=certTag.nSize;
8072 // }
8073 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_CONTEXT_SPECIFIC)
8074 // {
8075 // #ifdef QT_DEBUG
8076 // qDebug("CONTEXT_SPECIFIC TODO");
8077 // #endif
8078 // _nOffset+=certTag.nSize;
8079 // _nSize-=certTag.nSize;
8080 // }
8081 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_BOOLEAN)
8082 // {
8083 // #ifdef QT_DEBUG
8084 // qDebug("BOOLEAN TODO");
8085 // #endif
8086 // _nOffset+=certTag.nSize;
8087 // _nSize-=certTag.nSize;
8088 // }
8089 // else if(certTag.nTag==(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED+XPE_DEF::S_MBEDTLS_ASN1_PRINTABLE_STRING))
8090 // {
8091 // #ifdef QT_DEBUG
8092 // qDebug("PRINTABLE_STRING TODO");
8093 // #endif
8094 // _nOffset+=certTag.nSize;
8095 // _nSize-=certTag.nSize;
8096 // }
8097 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_PRINTABLE_STRING)
8098 // {
8099 // #ifdef QT_DEBUG
8100 // qDebug("PRINTABLE_STRING TODO");
8101 // #endif
8102 // _nOffset+=certTag.nSize;
8103 // _nSize-=certTag.nSize;
8104 // }
8105 // else if(certTag.nTag==XPE_DEF::S_MBEDTLS_ASN1_UTC_TIME)
8106 // {
8107 // #ifdef QT_DEBUG
8108 // qDebug("UTC_TIME TODO");
8109 // #endif
8110 // _nOffset+=certTag.nSize;
8111 // _nSize-=certTag.nSize;
8112 // }
8113 // else if(certTag.nTag==(XPE_DEF::S_MBEDTLS_ASN1_CONTEXT_SPECIFIC+XPE_DEF::S_MBEDTLS_ASN1_BOOLEAN))
8114 // {
8115 // #ifdef QT_DEBUG
8116 // qDebug("BOOLEAN TODO");
8117 // #endif
8118 // _nOffset+=certTag.nSize;
8119 // _nSize-=certTag.nSize;
8120 // }
8121 // }
8122
8123 // {
8124 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8125
8126 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8127
8128 // _nOffset+=certTag.nHeaderSize;
8129 // _nSize-=certTag.nHeaderSize;
8130 // }
8131 // {
8132 // CERT_TAG certTag=read_CertTag(_nOffset,XPE_DEF::S_MBEDTLS_ASN1_OID);
8133
8134 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8135
8136 // _nOffset+=certTag.nHeaderSize;
8137 // _nSize-=certTag.nHeaderSize;
8138
8139 // QString sOID=read_ASN_OIDString(certTag.nOffset+certTag.nHeaderSize,certTag.nSize);
8140
8141 // if(sOID!="1.2.840.113549.1.7.2") // "PKCS #7 Signed Data"
8142 // {
8143 // break;
8144 // }
8145
8146 // _nOffset+=certTag.nSize;
8147 // _nSize-=certTag.nSize;
8148 // }
8149 // {
8150 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_CONTEXT_SPECIFIC));
8151
8152 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8153
8154 // _nOffset+=certTag.nHeaderSize;
8155 // _nSize-=certTag.nHeaderSize;
8156 // }
8157 // {
8158 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8159
8160 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8161
8162 // _nOffset+=certTag.nHeaderSize;
8163 // _nSize-=certTag.nHeaderSize;
8164 // }
8165 // {
8166 // CERT_TAG certTag=read_CertTag(_nOffset,XPE_DEF::S_MBEDTLS_ASN1_INTEGER);
8167
8168 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8169
8170 // _nOffset+=certTag.nHeaderSize;
8171 // _nSize-=certTag.nHeaderSize;
8172
8173 // qint64 nVersion=read_ASN_Integer(certTag.nOffset+certTag.nHeaderSize,certTag.nSize);
8174
8175 // if(nVersion!=1) // Version=1
8176 // {
8177 // break;
8178 // }
8179
8180 // _nOffset+=certTag.nSize;
8181 // _nSize-=certTag.nSize;
8182 // }
8183
8184 // {
8185 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SET));
8186
8187 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8188
8189 // _nOffset+=certTag.nHeaderSize;
8190 // _nSize-=certTag.nHeaderSize;
8191 // }
8192 // {
8193 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8194
8195 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8196
8197 // _nOffset+=certTag.nHeaderSize;
8198 // _nSize-=certTag.nHeaderSize;
8199 // }
8200 // {
8201 // CERT_TAG certTag=read_CertTag(_nOffset,XPE_DEF::S_MBEDTLS_ASN1_OID);
8202
8203 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8204
8205 // _nOffset+=certTag.nHeaderSize;
8206 // _nSize-=certTag.nHeaderSize;
8207
8208 // QString sOID=read_ASN_OIDString(certTag.nOffset+certTag.nHeaderSize,certTag.nSize);
8209
8210 // // TODO SHA1
8211
8212 // _nOffset+=certTag.nSize;
8213 // _nSize-=certTag.nSize;
8214 // }
8215 // {
8216 // CERT_TAG certTag=read_CertTag(_nOffset,XPE_DEF::S_MBEDTLS_ASN1_NULL);
8217
8218 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8219
8220 // _nOffset+=certTag.nHeaderSize;
8221 // _nSize-=certTag.nHeaderSize;
8222 // }
8223 // {
8224 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8225
8226 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8227
8228 // _nOffset+=certTag.nHeaderSize;
8229 // _nSize-=certTag.nHeaderSize;
8230 // }
8231
8232 // while(_nSize>0)
8233 // {
8234 // CERT_TAG certTag=read_CertTag(_nOffset,0);
8235
8236 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8237
8238 // _nOffset+=certTag.nHeaderSize;
8239 // _nSize-=certTag.nHeaderSize;
8240
8241 // _nOffset+=certTag.nSize;
8242 // _nSize-=certTag.nSize;
8243 // }
8244
8245 // {
8246 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_CONTEXT_SPECIFIC));
8247
8248 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8249
8250 // _nOffset+=certTag.nHeaderSize;
8251 // _nSize-=certTag.nHeaderSize;
8252 // }
8253 // {
8254 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8255
8256 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8257
8258 // _nOffset+=certTag.nHeaderSize;
8259 // _nSize-=certTag.nHeaderSize;
8260 // }
8261 // {
8262 // CERT_TAG certTag=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8263
8264 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8265
8266 // _nOffset+=certTag.nHeaderSize;
8267 // _nSize-=certTag.nHeaderSize;
8268 // }
8269
8270 // while(_nSize>0)
8271 // {
8272 // CERT_TAG certTag=read_CertTag(_nOffset,0);
8273
8274 // if((!certTag.bValid)||(certTag.nSize>_nSize)) break;
8275
8276 // _nOffset+=certTag.nHeaderSize;
8277 // _nSize-=certTag.nHeaderSize;
8278
8279 // _nOffset+=certTag.nSize;
8280 // _nSize-=certTag.nSize;
8281 // }
8282
8283 // CERT_TAG certTagConstruct=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_CONSTRUCTED)|(XPE_DEF::S_MBEDTLS_ASN1_SEQUENCE));
8284
8285 // if(!certTagConstruct.bValid)
8286 // {
8287 // break;
8288 // }
8289
8290 // _nOffset+=certTagConstruct.nHeaderSize;
8291
8292 // CERT_TAG certTagOID=read_CertTag(_nOffset,(XPE_DEF::S_MBEDTLS_ASN1_OID));
8293
8294 // if(!certTagOID.bValid)
8295 // {
8296 // break;
8297 // }
8298
8299 listResult.append(record);
8300
8301
8302 nOffset+=(record.record.dwLength+sizeof(XPE_DEF::WIN_CERT_RECORD));
8303 nSize-=(record.record.dwLength+sizeof(XPE_DEF::WIN_CERT_RECORD));
8304 }
8305
8306 return listResult;
8307 }
8308
getCertList(QIODevice * pDevice,qint64 nOffset,qint64 nSize)8309 QList<XPE::CERT> XPE::getCertList(QIODevice *pDevice, qint64 nOffset, qint64 nSize)
8310 {
8311 XPE pe(pDevice);
8312
8313 return pe.getCertList(nOffset,nSize);
8314 }
8315
certListToString(QList<CERT> * pCertList)8316 QString XPE::certListToString(QList<CERT> *pCertList)
8317 {
8318 QString sResult;
8319
8320 int nNumberOfCerts=pCertList->count();
8321
8322 for(int i=0;i<nNumberOfCerts;i++)
8323 {
8324 sResult+=QString("Valid: %1\n").arg(XBinary::boolToString(pCertList->at(i).bIsValid));
8325 sResult+=QString("Offset: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,pCertList->at(i).nOffset));
8326 sResult+=QString("dwLength: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,pCertList->at(i).record.dwLength));
8327 sResult+=QString("wRevision: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,pCertList->at(i).record.wRevision));
8328 sResult+=QString("wCertificateType: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,pCertList->at(i).record.wCertificateType));
8329
8330 int nNumberOfRecords=pCertList->at(i).certRecord.listRecords.count();
8331
8332 for(int j=0;j<nNumberOfRecords;j++)
8333 {
8334 sResult+=certRecordToString(pCertList->at(i).certRecord.listRecords.at(j),0);
8335 }
8336 }
8337
8338 return sResult;
8339 }
8340
certRecordToString(CERT_RECORD certRecord,qint32 nLevel)8341 QString XPE::certRecordToString(CERT_RECORD certRecord, qint32 nLevel)
8342 {
8343 QString sResult;
8344
8345 sResult+=getSpaces(2*nLevel)+QString("Valid: %1\n").arg(XBinary::boolToString(certRecord.certTag.bIsValid));
8346 sResult+=getSpaces(2*nLevel)+QString("Tag: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,certRecord.certTag.nTag));
8347 sResult+=getSpaces(2*nLevel)+QString("Offset: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,certRecord.certTag.nOffset));
8348 sResult+=getSpaces(2*nLevel)+QString("Size: %1\n").arg(XBinary::valueToHex(MODE_UNKNOWN,certRecord.certTag.nSize));
8349
8350 if(certRecord.varValue.toString().size())
8351 {
8352 sResult+=getSpaces(2*nLevel)+QString("Value: %1\n").arg(certRecord.varValue.toString());
8353 }
8354
8355 int nNumberOfRecords=certRecord.listRecords.count();
8356
8357 for(int i=0;i<nNumberOfRecords;i++)
8358 {
8359 sResult+=certRecordToString(certRecord.listRecords.at(i),nLevel+1);
8360 }
8361
8362 return sResult;
8363 }
8364
read_CertTag(qint64 nOffset,qint32 nTag)8365 XPE::CERT_TAG XPE::read_CertTag(qint64 nOffset, qint32 nTag)
8366 {
8367 CERT_TAG result={};
8368
8369 result.nOffset=nOffset;
8370 result.nTag=read_uint8(nOffset);
8371
8372 if(nTag)
8373 {
8374 result.bIsValid=(result.nTag==nTag);
8375 }
8376 else
8377 {
8378 result.bIsValid=true;
8379 }
8380
8381 if(result.bIsValid)
8382 {
8383 PACKED_INT packedInt=read_acn1_integer(nOffset+1,4);
8384 result.bIsValid=packedInt.bIsValid;
8385 result.nSize=packedInt.nValue;
8386 result.nHeaderSize=packedInt.nByteSize+1;
8387 }
8388
8389 return result;
8390 }
8391
read_ASN_OIDString(qint64 nOffset,qint64 nSize)8392 QString XPE::read_ASN_OIDString(qint64 nOffset, qint64 nSize)
8393 {
8394 QString sResult;
8395
8396 if(nSize>0)
8397 {
8398 quint8 nStart=read_uint8(nOffset);
8399
8400 sResult+=QString("%1.%2").arg(QString::number(nStart/40),QString::number(nStart%40));
8401
8402 nOffset++;
8403 nSize--;
8404
8405 quint64 nValue=0;
8406
8407 while(nSize>0)
8408 {
8409 quint8 nByte=read_uint8(nOffset);
8410
8411 nValue<<=7;
8412 nValue+=(nByte&0x7F);
8413
8414 if(!(nByte&0x80))
8415 {
8416 sResult+=QString(".%1").arg(nValue);
8417 nValue=0;
8418 }
8419
8420 nOffset++;
8421 nSize--;
8422 }
8423 }
8424
8425 return sResult;
8426 }
8427
read_ASN_Integer(qint64 nOffset,qint64 nSize)8428 qint64 XPE::read_ASN_Integer(qint64 nOffset, qint64 nSize)
8429 {
8430 qint64 nResult=0;
8431
8432 PACKED_INT packedInt=read_acn1_integer(nOffset,nSize);
8433
8434 if(packedInt.bIsValid)
8435 {
8436 nResult=packedInt.nValue;
8437 }
8438
8439 return nResult;
8440 }
8441
read_ASN_Bool(qint64 nOffset,qint64 nSize)8442 bool XPE::read_ASN_Bool(qint64 nOffset, qint64 nSize)
8443 {
8444 bool bResult=false;
8445
8446 // TODO
8447
8448 return bResult;
8449 }
8450
read_ASN_DateTime(qint64 nOffset,qint64 nSize)8451 QDateTime XPE::read_ASN_DateTime(qint64 nOffset, qint64 nSize)
8452 {
8453 QDateTime dtResult;
8454
8455 // TODO
8456
8457 return dtResult;
8458 }
8459
getCertRecord(CERT * pCert,qint64 nOffset,qint64 nSize,CERT_RECORD * pCertRecord)8460 void XPE::getCertRecord(CERT *pCert, qint64 nOffset, qint64 nSize, CERT_RECORD *pCertRecord)
8461 {
8462 while((nSize>0)&&(pCert->bIsValid))
8463 {
8464 CERT_RECORD certRecord={};
8465
8466 certRecord.certTag=read_CertTag(nOffset,0);
8467
8468 if((!certRecord.certTag.bIsValid)||(certRecord.certTag.nSize>nSize))
8469 {
8470 pCert->bIsValid=false;
8471 break;
8472 }
8473
8474 nOffset+=certRecord.certTag.nHeaderSize;
8475 nSize-=certRecord.certTag.nHeaderSize;
8476
8477 if((certRecord.certTag.nTag)&(XPE_DEF::S_ASN1_CONSTRUCTED))
8478 {
8479 getCertRecord(pCert,nOffset,certRecord.certTag.nSize,&certRecord);
8480 }
8481 else
8482 {
8483 if(certRecord.certTag.nTag==XPE_DEF::S_ASN1_OBJECT_ID)
8484 {
8485 certRecord.varValue=read_ASN_OIDString(nOffset,certRecord.certTag.nSize);
8486 }
8487 else if(certRecord.certTag.nTag==XPE_DEF::S_ASN1_INTEGER)
8488 {
8489 certRecord.varValue=read_ASN_Integer(nOffset,certRecord.certTag.nSize);
8490 }
8491 }
8492
8493 nOffset+=certRecord.certTag.nSize;
8494 nSize-=certRecord.certTag.nSize;
8495
8496 pCertRecord->listRecords.append(certRecord);
8497 }
8498 }
8499
certTagToString(quint32 nTag)8500 QString XPE::certTagToString(quint32 nTag)
8501 {
8502 QString sResult;
8503
8504 QString sSeparate=" | ";
8505
8506 if(nTag&(XPE_DEF::S_ASN1_CONSTRUCTED)) sResult=appendText(sResult,"CONSTRUCTED",sSeparate);
8507 if(nTag&(XPE_DEF::S_ASN1_CONTEXT_SPECIFIC)) sResult=appendText(sResult,"CONTEXT_SPECIFIC",sSeparate);
8508
8509 nTag&=0x1F;
8510
8511 if(nTag==(XPE_DEF::S_ASN1_BOOLEAN)) sResult=appendText(sResult,"BOOLEAN",sSeparate);
8512 if(nTag==(XPE_DEF::S_ASN1_INTEGER)) sResult=appendText(sResult,"INTEGER",sSeparate);
8513 if(nTag==(XPE_DEF::S_ASN1_BIT_STRING)) sResult=appendText(sResult,"BIT_STRING",sSeparate);
8514 if(nTag==(XPE_DEF::S_ASN1_OCTET_STRING)) sResult=appendText(sResult,"OCTET_STRING",sSeparate);
8515 if(nTag==(XPE_DEF::S_ASN1_NULL)) sResult=appendText(sResult,"NULL",sSeparate);
8516 if(nTag==(XPE_DEF::S_ASN1_OBJECT_ID)) sResult=appendText(sResult,"OBJECT_ID",sSeparate);
8517 if(nTag==(XPE_DEF::S_ASN1_OBJECT_DESCRIPTOR)) sResult=appendText(sResult,"OBJECT_DESCRIPTOR",sSeparate);
8518 if(nTag==(XPE_DEF::S_ASN1_REAL)) sResult=appendText(sResult,"REAL",sSeparate);
8519 if(nTag==(XPE_DEF::S_ASN1_ENUMERATED)) sResult=appendText(sResult,"ENUMERATED",sSeparate);
8520 if(nTag==(XPE_DEF::S_ASN1_EMBEDDED_PDV)) sResult=appendText(sResult,"EMBEDDED_PDV",sSeparate);
8521 if(nTag==(XPE_DEF::S_ASN1_UTF8_STRING)) sResult=appendText(sResult,"UTF8_STRING",sSeparate);
8522 if(nTag==(XPE_DEF::S_ASN1_SEQUENCE)) sResult=appendText(sResult,"SEQUENCE",sSeparate);
8523 if(nTag==(XPE_DEF::S_ASN1_SET)) sResult=appendText(sResult,"SET",sSeparate);
8524 if(nTag==(XPE_DEF::S_ASN1_NUMERIC_STRING)) sResult=appendText(sResult,"NUMERIC_STRING",sSeparate);
8525 if(nTag==(XPE_DEF::S_ASN1_PRINTABLE_STRING)) sResult=appendText(sResult,"PRINTABLE_STRING",sSeparate);
8526 if(nTag==(XPE_DEF::S_ASN1_T61_STRING)) sResult=appendText(sResult,"T61_STRING",sSeparate);
8527 if(nTag==(XPE_DEF::S_ASN1_VIDEOTEX_STRING)) sResult=appendText(sResult,"VIDEOTEX_STRING",sSeparate);
8528 if(nTag==(XPE_DEF::S_ASN1_IA5_STRING)) sResult=appendText(sResult,"IA5_STRING",sSeparate);
8529 if(nTag==(XPE_DEF::S_ASN1_UTC_TIME)) sResult=appendText(sResult,"UTC_TIME",sSeparate);
8530 if(nTag==(XPE_DEF::S_ASN1_GENERALIZED_TIME)) sResult=appendText(sResult,"GENERALIZED_TIME",sSeparate);
8531 if(nTag==(XPE_DEF::S_ASN1_ASN1_GRAPHIC_STRING)) sResult=appendText(sResult,"ASN1_GRAPHIC_STRING",sSeparate);
8532 if(nTag==(XPE_DEF::S_ASN1_VISIBLE_STRING)) sResult=appendText(sResult,"VISIBLE_STRING",sSeparate);
8533 if(nTag==(XPE_DEF::S_ASN1_GENERAL_STRING)) sResult=appendText(sResult,"GENERAL_STRING",sSeparate);
8534 if(nTag==(XPE_DEF::S_ASN1_UNIVERSAL_STRING)) sResult=appendText(sResult,"UNIVERSAL_STRING",sSeparate);
8535 if(nTag==(XPE_DEF::S_ASN1_BMP_STRING)) sResult=appendText(sResult,"BMP_STRING",sSeparate);
8536 if(nTag==(XPE_DEF::S_ASN1_PRIMITIVE)) sResult=appendText(sResult,"PRIMITIVE",sSeparate);
8537
8538 return sResult;
8539 }
8540
objectIdToString(QString sObjectID)8541 QString XPE::objectIdToString(QString sObjectID)
8542 {
8543 QString sResult;
8544
8545 if (sObjectID=="1.2.840.113549.1.1.1") sResult="RSA";
8546 else if (sObjectID=="1.2.840.113549.1.1.5") sResult="SHA1-RSA";
8547 else if (sObjectID=="1.2.840.113549.1.1.11") sResult="SHA256-RSA";
8548 else if (sObjectID=="1.2.840.113549.1.1.12") sResult="SHA384-RSA";
8549 else if (sObjectID=="1.2.840.113549.1.7.2") sResult="RSA over SignedData";
8550 else if (sObjectID=="1.2.840.113549.1.7.1") sResult="id-data";
8551 else if (sObjectID=="1.2.840.113549.1.9.3") sResult="id-contentType";
8552 else if (sObjectID=="1.2.840.113549.1.9.4") sResult="id-messageDigest";
8553 else if (sObjectID=="1.2.840.113549.1.9.5") sResult="id-signingTime";
8554 else if (sObjectID=="1.2.840.113549.1.9.6") sResult="id-countersignature";
8555 else if (sObjectID=="1.2.840.113549.1.9.16.1.4") sResult="id-ct-TSTInfo";
8556 else if (sObjectID=="1.2.840.113549.1.9.16.2.12") sResult="S/MIME signing certificate";
8557 else if (sObjectID=="1.2.840.113549.1.9.16.2.47") sResult="Signing certificate V2";
8558 else if (sObjectID=="1.3.6.1.4.1.311.20.2") sResult="szOID_ENROLL_CERTTYPE_EXTENSION";
8559 else if (sObjectID=="1.3.6.1.4.1.311.21.1") sResult="Certificate services Certification Authority (CA) version";
8560 else if (sObjectID=="1.3.6.1.4.1.311.2.1.4") sResult="SPC_INDIRECT_DATA_OBJID";
8561 else if (sObjectID=="1.3.6.1.4.1.311.2.1.11") sResult="SPC_STATEMENT_TYPE_OBJID";
8562 else if (sObjectID=="1.3.6.1.4.1.311.2.1.12") sResult="SPC_SP_OPUS_INFO_OBJID";
8563 else if (sObjectID=="1.3.6.1.4.1.311.2.1.15") sResult="SPC_PE_IMAGE_DATA_OBJID";
8564 else if (sObjectID=="1.3.6.1.4.1.311.2.1.21") sResult="SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID";
8565 else if (sObjectID=="1.3.6.1.4.1.311.2.4.1") sResult="Ms-SpcNestedSignature";
8566 else if (sObjectID=="1.3.6.1.4.1.311.3.3.1") sResult="Timestamping signature (Ms-CounterSign)";
8567 else if (sObjectID=="1.3.6.1.5.5.7.1.1") sResult="Certificate authority information access";
8568 // else if (sObjectID=="1.3.6.1.4.1.311.10.3.28") sResult="";
8569 else if (sObjectID=="1.3.6.1.4.1.601.10.3.2") sResult="SPC_STATEMENT_TYPE_OBJID";
8570 else if (sObjectID=="1.3.14.3.2.26") sResult="SHA-1";
8571 else if (sObjectID=="2.5.4.3") sResult="Common name";
8572 else if (sObjectID=="2.5.4.6") sResult="Country name";
8573 else if (sObjectID=="2.5.4.7") sResult="Locality Name";
8574 else if (sObjectID=="2.5.4.8") sResult="State or Province name";
8575 else if (sObjectID=="2.5.4.9") sResult="Street address";
8576 else if (sObjectID=="2.5.4.10") sResult="Organization name";
8577 else if (sObjectID=="2.5.4.11") sResult="Organization unit name";
8578 else if (sObjectID=="2.5.29.14") sResult="Subject key identifier";
8579 else if (sObjectID=="2.5.29.15") sResult="Key usage";
8580 else if (sObjectID=="2.5.29.17") sResult="subjectAltName";
8581 else if (sObjectID=="2.5.29.19") sResult="Basic constraints";
8582 else if (sObjectID=="2.5.29.31") sResult="Certificate Revocation List distribution points";
8583 else if (sObjectID=="2.5.29.32") sResult="Certificate policies";
8584 else if (sObjectID=="2.5.29.35") sResult="Authority key identifier";
8585 else if (sObjectID=="2.5.29.37") sResult="Certificate extension: \"extKeyUsage\" (Extended key usage)";
8586 else if (sObjectID=="2.16.840.1.113730.1.1") sResult="Netscape certificate type";
8587 else if (sObjectID=="2.16.840.1.101.3.4.2.1") sResult="SHA256";
8588 else
8589 {
8590 #ifdef QT_DEBUG
8591 qDebug("Object ID: %s",sObjectID.toLatin1().data());
8592 #endif
8593 }
8594
8595 return sResult;
8596 }
8597
getCertHash(XBinary::HASH hash)8598 QString XPE::getCertHash(XBinary::HASH hash)
8599 {
8600 QString sResult;
8601
8602 // TODO
8603
8604 return sResult;
8605 }
8606
calculateHeadersSize()8607 qint64 XPE::calculateHeadersSize()
8608 {
8609 return _calculateHeadersSize(getSectionsTableOffset(),getFileHeader_NumberOfSections());
8610 }
8611
_calculateHeadersSize(qint64 nSectionsTableOffset,quint32 nNumberOfSections)8612 qint64 XPE::_calculateHeadersSize(qint64 nSectionsTableOffset, quint32 nNumberOfSections)
8613 {
8614 qint64 nHeadersSize=nSectionsTableOffset+sizeof(XPE_DEF::IMAGE_SECTION_HEADER)*nNumberOfSections;
8615 quint32 nFileAlignment=getOptionalHeader_FileAlignment();
8616 nHeadersSize=S_ALIGN_UP(nHeadersSize,nFileAlignment);
8617
8618 return nHeadersSize;
8619 }
8620
isDll()8621 bool XPE::isDll()
8622 {
8623 return (getType()==TYPE_DLL);
8624 }
8625
isDll(QString sFileName)8626 bool XPE::isDll(QString sFileName)
8627 {
8628 bool bResult=false;
8629
8630 QFile file;
8631 file.setFileName(sFileName);
8632
8633 if(file.open(QIODevice::ReadOnly))
8634 {
8635 XPE pe(&file);
8636
8637 if(pe.isValid())
8638 {
8639 bResult=pe.isDll();
8640 }
8641
8642 file.close();
8643 }
8644
8645 return bResult;
8646 }
8647
isConsole()8648 bool XPE::isConsole()
8649 {
8650 return (getType()==TYPE_CONSOLE);
8651 }
8652
isDriver()8653 bool XPE::isDriver()
8654 {
8655 return (getType()==TYPE_DRIVER);
8656 }
8657
isNETPresent()8658 bool XPE::isNETPresent()
8659 {
8660 // TODO more checks
8661 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
8662 }
8663
getCliInfo(bool bFindHidden)8664 XPE::CLI_INFO XPE::getCliInfo(bool bFindHidden)
8665 {
8666 _MEMORY_MAP memoryMap=getMemoryMap();
8667
8668 return getCliInfo(bFindHidden,&memoryMap);
8669 }
8670
getCliInfo(bool bFindHidden,XBinary::_MEMORY_MAP * pMemoryMap)8671 XPE::CLI_INFO XPE::getCliInfo(bool bFindHidden, XBinary::_MEMORY_MAP *pMemoryMap)
8672 {
8673 CLI_INFO result={};
8674
8675 if(isNETPresent()||bFindHidden)
8676 {
8677 qint64 nBaseAddress=pMemoryMap->nModuleAddress;
8678
8679 qint64 nCLIHeaderOffset=-1;
8680
8681 if(isNETPresent())
8682 {
8683 XPE_DEF::IMAGE_DATA_DIRECTORY _idd=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
8684
8685 nCLIHeaderOffset=addressToOffset(pMemoryMap,nBaseAddress+_idd.VirtualAddress);
8686 }
8687 else
8688 {
8689 // mb TODO
8690 // TODO Check!
8691 nCLIHeaderOffset=addressToOffset(pMemoryMap,nBaseAddress+0x2008);
8692 result.bHidden=true;
8693 }
8694
8695 if(nCLIHeaderOffset!=-1)
8696 {
8697 result.nHeaderOffset=nCLIHeaderOffset;
8698
8699 result.header=_read_IMAGE_COR20_HEADER(result.nHeaderOffset);
8700
8701 if((result.header.cb==0x48)&&result.header.MetaData.VirtualAddress&&result.header.MetaData.Size)
8702 {
8703 result.bValid=true;
8704
8705 result.metaData.nEntryPointSize=0;
8706 result.metaData.nEntryPoint=result.header.EntryPointRVA;
8707
8708 result.nMetaDataOffset=addressToOffset(pMemoryMap,nBaseAddress+result.header.MetaData.VirtualAddress);
8709
8710 if(result.nMetaDataOffset!=-1)
8711 {
8712 result.metaData.header=_read_MetadataHeader(result.nMetaDataOffset);
8713
8714 if(result.metaData.header.nSignature==0x424a5342)
8715 {
8716 // result.bInit=true;
8717 qint64 nOffset=result.nMetaDataOffset+20+result.metaData.header.nVersionStringLength;
8718
8719 for(int i=0; i<result.metaData.header.nStreams; i++)
8720 {
8721 CLI_METADATA_STREAM stream={};
8722
8723 stream.nOffset=read_uint32(nOffset+0)+result.nMetaDataOffset;
8724 stream.nSize=read_uint32(nOffset+4);
8725 stream.sName=read_ansiString(nOffset+8);
8726
8727 result.metaData.listStreams.append(stream);
8728
8729 if(result.metaData.listStreams.at(i).sName=="#~")
8730 {
8731 result.metaData.nTablesHeaderOffset=result.metaData.listStreams.at(i).nOffset;
8732 result.metaData.nTablesSize=result.metaData.listStreams.at(i).nSize;
8733 }
8734 else if(result.metaData.listStreams.at(i).sName=="#Strings")
8735 {
8736 result.metaData.nStringsOffset=result.metaData.listStreams.at(i).nOffset;
8737 result.metaData.nStringsSize=result.metaData.listStreams.at(i).nSize;
8738
8739 QByteArray baStrings=read_array(result.metaData.nStringsOffset,result.metaData.nStringsSize);
8740
8741 char *_pOffset=baStrings.data();
8742 int _nSize=baStrings.size();
8743
8744 for(int i=1; i<_nSize; i++)
8745 {
8746 _pOffset++;
8747 QString sTemp=_pOffset;
8748 result.metaData.listAnsiStrings.append(sTemp);
8749
8750 _pOffset+=sTemp.size();
8751 i+=sTemp.size();
8752 }
8753 }
8754 else if(result.metaData.listStreams.at(i).sName=="#US")
8755 {
8756 result.metaData.nUSOffset=result.metaData.listStreams.at(i).nOffset;
8757 result.metaData.nUSSize=result.metaData.listStreams.at(i).nSize;
8758
8759 QByteArray baStrings=read_array(result.metaData.nUSOffset,result.metaData.nUSSize);
8760
8761 char *pStringOffset=baStrings.data();
8762 char *pStringCurrentOffsetOffset=pStringOffset;
8763 int _nSize=baStrings.size();
8764
8765 pStringCurrentOffsetOffset++;
8766
8767 for(int i=1; i<_nSize; i++)
8768 {
8769 int nStringSize=(*((unsigned char *)pStringCurrentOffsetOffset));
8770
8771 if(nStringSize==0x80)
8772 {
8773 nStringSize=0;
8774 }
8775
8776 if(nStringSize>_nSize-i)
8777 {
8778 break;
8779 }
8780
8781 pStringCurrentOffsetOffset++;
8782
8783 if(pStringCurrentOffsetOffset>pStringOffset+_nSize)
8784 {
8785 break;
8786 }
8787
8788 QString sTemp=QString::fromUtf16((ushort *)pStringCurrentOffsetOffset,nStringSize/2);
8789
8790 result.metaData.listUnicodeStrings.append(sTemp);
8791
8792 pStringCurrentOffsetOffset+=nStringSize;
8793 i+=nStringSize;
8794 }
8795 }
8796 else if(result.metaData.listStreams.at(i).sName=="#Blob")
8797 {
8798 result.metaData.nBlobOffset=result.metaData.listStreams.at(i).nOffset;
8799 result.metaData.nBlobSize=result.metaData.listStreams.at(i).nSize;
8800 }
8801 else if(result.metaData.listStreams.at(i).sName=="#GUID")
8802 {
8803 result.metaData.nGUIDOffset=result.metaData.listStreams.at(i).nOffset;
8804 result.metaData.nGUIDSize=result.metaData.listStreams.at(i).nSize;
8805 }
8806
8807 nOffset+=8;
8808 nOffset+=S_ALIGN_UP((result.metaData.listStreams.at(i).sName.length()+1),4);
8809 }
8810
8811 if(result.metaData.nTablesHeaderOffset)
8812 {
8813 result.metaData.nTables_Reserved1=read_uint32(result.metaData.nTablesHeaderOffset);
8814 result.metaData.cTables_MajorVersion=read_uint8(result.metaData.nTablesHeaderOffset+4);
8815 result.metaData.cTables_MinorVersion=read_uint8(result.metaData.nTablesHeaderOffset+5);
8816 result.metaData.cTables_HeapOffsetSizes=read_uint8(result.metaData.nTablesHeaderOffset+6);
8817 result.metaData.cTables_Reserved2=read_uint8(result.metaData.nTablesHeaderOffset+7);
8818 result.metaData.nTables_Valid=read_uint64(result.metaData.nTablesHeaderOffset+8);
8819 result.metaData.nTables_Sorted=read_uint64(result.metaData.nTablesHeaderOffset+16);
8820
8821 quint64 nValid=result.metaData.nTables_Valid;
8822
8823 quint32 nTemp=0;
8824
8825 for(nTemp=0; nValid; nTemp++)
8826 {
8827 nValid&=(nValid-1);
8828 }
8829
8830 result.metaData.nTables_Valid_NumberOfRows=nTemp;
8831
8832 nOffset=result.metaData.nTablesHeaderOffset+24;
8833
8834 for(int i=0; i<64; i++)
8835 {
8836 if(result.metaData.nTables_Valid&((unsigned long long)1<<i))
8837 {
8838 result.metaData.Tables_TablesNumberOfIndexes[i]=read_uint32(nOffset);
8839 nOffset+=4;
8840 }
8841 }
8842
8843 quint32 nSize=0;
8844 int nStringIndexSize=2;
8845 int nGUIDIndexSize=2;
8846 int nBLOBIndexSize=2;
8847 int nResolutionScope=2;
8848 int nTypeDefOrRef=2;
8849 int nField=2;
8850 int nMethodDef=2;
8851 int nParamList=2;
8852
8853 quint8 cHeapOffsetSizes=result.metaData.cTables_HeapOffsetSizes;
8854
8855 if(cHeapOffsetSizes&0x01)
8856 {
8857 nStringIndexSize=4;
8858 }
8859
8860 if(cHeapOffsetSizes&0x02)
8861 {
8862 nGUIDIndexSize=4;
8863 }
8864
8865 if(cHeapOffsetSizes&0x04)
8866 {
8867 nBLOBIndexSize=4;
8868 }
8869
8870 // TODO !!!
8871 if(result.metaData.Tables_TablesNumberOfIndexes[0]>0x3FFF)
8872 {
8873 nResolutionScope=4;
8874 }
8875
8876 if(result.metaData.Tables_TablesNumberOfIndexes[26]>0x3FFF)
8877 {
8878 nResolutionScope=4;
8879 }
8880
8881 if(result.metaData.Tables_TablesNumberOfIndexes[35]>0x3FFF)
8882 {
8883 nResolutionScope=4;
8884 }
8885
8886 if(result.metaData.Tables_TablesNumberOfIndexes[1]>0x3FFF)
8887 {
8888 nResolutionScope=4;
8889 }
8890
8891 if(result.metaData.Tables_TablesNumberOfIndexes[1]>0x3FFF)
8892 {
8893 nTypeDefOrRef=4;
8894 }
8895
8896 if(result.metaData.Tables_TablesNumberOfIndexes[2]>0x3FFF)
8897 {
8898 nTypeDefOrRef=4;
8899 }
8900
8901 if(result.metaData.Tables_TablesNumberOfIndexes[27]>0x3FFF)
8902 {
8903 nTypeDefOrRef=4;
8904 }
8905
8906 if(result.metaData.Tables_TablesNumberOfIndexes[4]>0xFFFF)
8907 {
8908 nField=4;
8909 }
8910
8911 if(result.metaData.Tables_TablesNumberOfIndexes[6]>0xFFFF)
8912 {
8913 nMethodDef=4;
8914 }
8915
8916 if(result.metaData.Tables_TablesNumberOfIndexes[8]>0xFFFF)
8917 {
8918 nParamList=4;
8919 }
8920
8921 nSize=0;
8922 nSize+=2;
8923 nSize+=nStringIndexSize;
8924 nSize+=nGUIDIndexSize;
8925 nSize+=nGUIDIndexSize;
8926 nSize+=nGUIDIndexSize;
8927 result.metaData.Tables_TablesSizes[0]=nSize;
8928 nSize=0;
8929 nSize+=nResolutionScope;
8930 nSize+=nStringIndexSize;
8931 nSize+=nStringIndexSize;
8932 result.metaData.Tables_TablesSizes[1]=nSize;
8933 nSize=0;
8934 nSize+=4;
8935 nSize+=nStringIndexSize;
8936 nSize+=nStringIndexSize;
8937 nSize+=nTypeDefOrRef;
8938 nSize+=nField;
8939 nSize+=nMethodDef;
8940 result.metaData.Tables_TablesSizes[2]=nSize;
8941 nSize=0;
8942 result.metaData.Tables_TablesSizes[3]=nSize;
8943 nSize=0;
8944 nSize+=2;
8945 nSize+=nStringIndexSize;
8946 nSize+=nBLOBIndexSize;
8947 result.metaData.Tables_TablesSizes[4]=nSize;
8948 nSize=0;
8949 result.metaData.Tables_TablesSizes[5]=nSize;
8950 nSize=0;
8951 nSize+=4;
8952 nSize+=2;
8953 nSize+=2;
8954 nSize+=nStringIndexSize;
8955 nSize+=nBLOBIndexSize;
8956 nSize+=nParamList;
8957 result.metaData.Tables_TablesSizes[6]=nSize;
8958
8959 for(int i=0; i<64; i++)
8960 {
8961 if(result.metaData.Tables_TablesNumberOfIndexes[i])
8962 {
8963 result.metaData.Tables_TablesOffsets[i]=nOffset;
8964 nOffset+=result.metaData.Tables_TablesSizes[i]*result.metaData.Tables_TablesNumberOfIndexes[i];
8965 }
8966 }
8967
8968 if(!(result.header.Flags&XPE_DEF::COMIMAGE_FLAGS_NATIVE_ENTRYPOINT))
8969 {
8970 if(((result.metaData.nEntryPoint&0xFF000000)>>24)==6)
8971 {
8972 unsigned int nIndex=result.metaData.nEntryPoint&0xFFFFFF;
8973
8974 if(nIndex<=result.metaData.Tables_TablesNumberOfIndexes[6])
8975 {
8976 nOffset=result.metaData.Tables_TablesOffsets[6];
8977 nOffset+=result.metaData.Tables_TablesSizes[6]*(nIndex-1);
8978
8979 result.metaData.nEntryPoint=read_uint32(nOffset);
8980 }
8981 else
8982 {
8983 result.metaData.nEntryPoint=0;
8984 }
8985 }
8986 else
8987 {
8988 result.metaData.nEntryPoint=0;
8989 }
8990 }
8991 }
8992 }
8993 }
8994 }
8995 }
8996 }
8997
8998 // emit appendError(".NET is not present");
8999 return result;
9000 }
9001
getNet_MetadataOffsetSize()9002 XBinary::OFFSETSIZE XPE::getNet_MetadataOffsetSize()
9003 {
9004 OFFSETSIZE result={};
9005 result.nOffset=-1;
9006
9007 _MEMORY_MAP memoryMap=getMemoryMap();
9008
9009 qint64 nCLIHeaderOffset=-1;
9010
9011 if(isNETPresent())
9012 {
9013 XPE_DEF::IMAGE_DATA_DIRECTORY _idd=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR);
9014
9015 nCLIHeaderOffset=relAddressToOffset(&memoryMap,_idd.VirtualAddress);
9016 }
9017 else
9018 {
9019 // mb TODO
9020 // TODO Check!
9021 nCLIHeaderOffset=addressToOffset(&memoryMap,memoryMap.nModuleAddress+0x2008);
9022 }
9023
9024 if(nCLIHeaderOffset!=-1)
9025 {
9026 XPE_DEF::IMAGE_COR20_HEADER header=_read_IMAGE_COR20_HEADER(nCLIHeaderOffset);
9027
9028 if((header.cb==0x48)&&header.MetaData.VirtualAddress&&header.MetaData.Size)
9029 {
9030 result.nOffset=relAddressToOffset(&memoryMap,header.MetaData.VirtualAddress);
9031 result.nSize=header.MetaData.VirtualAddress;
9032 }
9033 }
9034
9035 return result;
9036 }
9037
_read_MetadataHeader(qint64 nOffset)9038 XPE::CLI_METADATA_HEADER XPE::_read_MetadataHeader(qint64 nOffset)
9039 {
9040 CLI_METADATA_HEADER result={};
9041
9042 result.nSignature=read_uint32(nOffset);
9043 result.nMajorVersion=read_uint16(nOffset+4);
9044 result.nMinorVersion=read_uint16(nOffset+6);
9045 result.nReserved=read_uint32(nOffset+8);
9046 result.nVersionStringLength=read_uint32(nOffset+12);
9047 result.sVersion=read_ansiString(nOffset+16,result.nVersionStringLength);
9048 result.nFlags=read_uint16(nOffset+16+result.nVersionStringLength);
9049 result.nStreams=read_uint16(nOffset+16+result.nVersionStringLength+2);
9050
9051 return result;
9052 }
9053
setMetadataHeader_Signature(quint32 nValue)9054 void XPE::setMetadataHeader_Signature(quint32 nValue)
9055 {
9056 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9057
9058 if(nOffset!=-1)
9059 {
9060 write_uint32(nOffset+0,nValue);
9061 }
9062 }
9063
setMetadataHeader_MajorVersion(quint16 nValue)9064 void XPE::setMetadataHeader_MajorVersion(quint16 nValue)
9065 {
9066 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9067
9068 if(nOffset!=-1)
9069 {
9070 write_uint16(nOffset+4,nValue);
9071 }
9072 }
9073
setMetadataHeader_MinorVersion(quint16 nValue)9074 void XPE::setMetadataHeader_MinorVersion(quint16 nValue)
9075 {
9076 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9077
9078 if(nOffset!=-1)
9079 {
9080 write_uint16(nOffset+6,nValue);
9081 }
9082 }
9083
setMetadataHeader_Reserved(quint32 nValue)9084 void XPE::setMetadataHeader_Reserved(quint32 nValue)
9085 {
9086 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9087
9088 if(nOffset!=-1)
9089 {
9090 write_uint32(nOffset+8,nValue);
9091 }
9092 }
9093
setMetadataHeader_VersionStringLength(quint32 nValue)9094 void XPE::setMetadataHeader_VersionStringLength(quint32 nValue)
9095 {
9096 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9097
9098 if(nOffset!=-1)
9099 {
9100 write_uint32(nOffset+12,nValue);
9101 }
9102 }
9103
setMetadataHeader_Version(QString sValue)9104 void XPE::setMetadataHeader_Version(QString sValue)
9105 {
9106 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9107
9108 if(nOffset!=-1)
9109 {
9110 quint32 nVersionStringLength=read_uint32(nOffset+12);
9111
9112 if(sValue.size()>(qint32)nVersionStringLength)
9113 {
9114 sValue.resize(nVersionStringLength);
9115 }
9116
9117 write_ansiString(nOffset+16,sValue);
9118 }
9119 }
9120
setMetadataHeader_Flags(quint16 nValue)9121 void XPE::setMetadataHeader_Flags(quint16 nValue)
9122 {
9123 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9124
9125 if(nOffset!=-1)
9126 {
9127 quint32 nVersionStringLength=read_uint32(nOffset+12);
9128
9129 write_uint16(nOffset+16+nVersionStringLength,nValue);
9130 }
9131 }
9132
setMetadataHeader_Streams(quint16 nValue)9133 void XPE::setMetadataHeader_Streams(quint16 nValue)
9134 {
9135 qint64 nOffset=getNet_MetadataOffsetSize().nOffset;
9136
9137 if(nOffset!=-1)
9138 {
9139 quint32 nVersionStringLength=read_uint32(nOffset+12);
9140
9141 write_uint16(nOffset+16+nVersionStringLength+2,nValue);
9142 }
9143 }
9144
isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY * pDataDirectory)9145 bool XPE::isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory)
9146 {
9147 _MEMORY_MAP memoryMap=getMemoryMap();
9148
9149 return isDataDirectoryValid(pDataDirectory,&memoryMap);
9150 }
9151
isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY * pDataDirectory,XBinary::_MEMORY_MAP * pMemoryMap)9152 bool XPE::isDataDirectoryValid(XPE_DEF::IMAGE_DATA_DIRECTORY *pDataDirectory, XBinary::_MEMORY_MAP *pMemoryMap)
9153 {
9154 bool bResult=false;
9155
9156 bResult=isRelAddressValid(pMemoryMap,pDataDirectory->VirtualAddress);
9157
9158 // TODO more checks
9159
9160 return bResult;
9161 }
9162
isNetMetadataPresent()9163 bool XPE::isNetMetadataPresent()
9164 {
9165 _MEMORY_MAP memoryMap=getMemoryMap();
9166 CLI_INFO cliInfo=getCliInfo(true,&memoryMap);
9167
9168 return isNetMetadataPresent(&cliInfo,&memoryMap);
9169 }
9170
isNetMetadataPresent(XPE::CLI_INFO * pCliInfo,XBinary::_MEMORY_MAP * pMemoryMap)9171 bool XPE::isNetMetadataPresent(XPE::CLI_INFO *pCliInfo, XBinary::_MEMORY_MAP *pMemoryMap)
9172 {
9173 return isDataDirectoryValid(&(pCliInfo->header.MetaData),pMemoryMap);
9174 }
9175
isNETAnsiStringPresent(QString sString)9176 bool XPE::isNETAnsiStringPresent(QString sString)
9177 {
9178 CLI_INFO cliInfo=getCliInfo(true);
9179
9180 return isNETAnsiStringPresent(sString,&cliInfo);
9181 }
9182
isNETAnsiStringPresent(QString sString,XPE::CLI_INFO * pCliInfo)9183 bool XPE::isNETAnsiStringPresent(QString sString, XPE::CLI_INFO *pCliInfo)
9184 {
9185 return pCliInfo->metaData.listAnsiStrings.contains(sString);
9186 }
9187
isNETUnicodeStringPresent(QString sString)9188 bool XPE::isNETUnicodeStringPresent(QString sString)
9189 {
9190 CLI_INFO cliInfo=getCliInfo(true);
9191
9192 return isNETUnicodeStringPresent(sString,&cliInfo);
9193 }
9194
isNETUnicodeStringPresent(QString sString,XPE::CLI_INFO * pCliInfo)9195 bool XPE::isNETUnicodeStringPresent(QString sString, XPE::CLI_INFO *pCliInfo)
9196 {
9197 return pCliInfo->metaData.listUnicodeStrings.contains(sString);
9198 }
9199
getEntryPointSection()9200 int XPE::getEntryPointSection()
9201 {
9202 _MEMORY_MAP memoryMap=getMemoryMap();
9203
9204 return getEntryPointSection(&memoryMap);
9205 }
9206
getEntryPointSection(_MEMORY_MAP * pMemoryMap)9207 int XPE::getEntryPointSection(_MEMORY_MAP *pMemoryMap)
9208 {
9209 int nResult=-1;
9210
9211 qint64 nAddressOfEntryPoint=getOptionalHeader_AddressOfEntryPoint();
9212
9213 if(nAddressOfEntryPoint)
9214 {
9215 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfEntryPoint);
9216 }
9217
9218 return nResult;
9219 }
9220
getImportSection()9221 int XPE::getImportSection()
9222 {
9223 _MEMORY_MAP memoryMap=getMemoryMap();
9224
9225 return getImportSection(&memoryMap);
9226 }
9227
getImportSection(_MEMORY_MAP * pMemoryMap)9228 int XPE::getImportSection(_MEMORY_MAP *pMemoryMap)
9229 {
9230 int nResult=-1;
9231
9232 qint64 nAddressOfImport=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_IMPORT).VirtualAddress;
9233
9234 if(nAddressOfImport)
9235 {
9236 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfImport);
9237 }
9238
9239 return nResult;
9240 }
9241
getExportSection()9242 int XPE::getExportSection()
9243 {
9244 _MEMORY_MAP memoryMap=getMemoryMap();
9245
9246 return getExportSection(&memoryMap);
9247 }
9248
getExportSection(_MEMORY_MAP * pMemoryMap)9249 int XPE::getExportSection(_MEMORY_MAP *pMemoryMap)
9250 {
9251 int nResult=-1;
9252
9253 qint64 nAddressOfExport=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXPORT).VirtualAddress;
9254
9255 if(nAddressOfExport)
9256 {
9257 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfExport);
9258 }
9259
9260 return nResult;
9261 }
9262
getTLSSection()9263 int XPE::getTLSSection()
9264 {
9265 _MEMORY_MAP memoryMap=getMemoryMap();
9266
9267 return getTLSSection(&memoryMap);
9268 }
9269
getTLSSection(_MEMORY_MAP * pMemoryMap)9270 int XPE::getTLSSection(_MEMORY_MAP *pMemoryMap)
9271 {
9272 int nResult=-1;
9273
9274 qint64 nAddressOfTLS=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS).VirtualAddress;
9275
9276 if(nAddressOfTLS)
9277 {
9278 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfTLS);
9279 }
9280
9281 return nResult;
9282 }
9283
getResourcesSection()9284 int XPE::getResourcesSection()
9285 {
9286 _MEMORY_MAP memoryMap=getMemoryMap();
9287
9288 return getResourcesSection(&memoryMap);
9289 }
9290
getResourcesSection(_MEMORY_MAP * pMemoryMap)9291 int XPE::getResourcesSection(_MEMORY_MAP *pMemoryMap)
9292 {
9293 int nResult=-1;
9294
9295 qint64 nAddressOfResources=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE).VirtualAddress;
9296
9297 if(nAddressOfResources)
9298 {
9299 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfResources);
9300 }
9301
9302 return nResult;
9303 }
9304
getRelocsSection()9305 int XPE::getRelocsSection()
9306 {
9307 _MEMORY_MAP memoryMap=getMemoryMap();
9308
9309 return getRelocsSection(&memoryMap);
9310 }
9311
getRelocsSection(_MEMORY_MAP * pMemoryMap)9312 int XPE::getRelocsSection(_MEMORY_MAP *pMemoryMap)
9313 {
9314 int nResult=-1;
9315
9316 qint64 nAddressOfRelocs=getOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BASERELOC).VirtualAddress;
9317
9318 if(nAddressOfRelocs)
9319 {
9320 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+nAddressOfRelocs);
9321 }
9322
9323 return nResult;
9324 }
9325
getNormalCodeSection()9326 int XPE::getNormalCodeSection()
9327 {
9328 _MEMORY_MAP memoryMap=getMemoryMap();
9329
9330 return getNormalCodeSection(&memoryMap);
9331 }
9332
getNormalCodeSection(_MEMORY_MAP * pMemoryMap)9333 int XPE::getNormalCodeSection(_MEMORY_MAP *pMemoryMap)
9334 {
9335 int nResult=-1;
9336 // TODO opimize
9337
9338 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSections=getSectionHeaders();
9339 int nNumberOfSections=listSections.count();
9340 nNumberOfSections=qMin(nNumberOfSections,2);
9341
9342 for(int i=0; i<nNumberOfSections; i++)
9343 {
9344 QString sSectionName=QString((char *)listSections.at(i).Name);
9345 sSectionName.resize(qMin(sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
9346 quint32 nSectionCharacteristics=listSections.at(i).Characteristics;
9347 nSectionCharacteristics&=0xFF0000FF;
9348
9349 // .textbss
9350 // 0x60500060 mingw
9351 if((((sSectionName=="CODE")||sSectionName==".text"))&&
9352 (nSectionCharacteristics==0x60000020)&&
9353 (listSections.at(i).SizeOfRawData))
9354 {
9355 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+listSections.at(i).VirtualAddress);
9356 break;
9357 }
9358 }
9359
9360 if(nResult==-1)
9361 {
9362 if(nNumberOfSections>0)
9363 {
9364 if(listSections.at(0).SizeOfRawData)
9365 {
9366 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+listSections.at(0).VirtualAddress);
9367 }
9368 }
9369 }
9370
9371 return nResult;
9372 }
9373
getNormalDataSection()9374 int XPE::getNormalDataSection()
9375 {
9376 _MEMORY_MAP memoryMap=getMemoryMap();
9377
9378 return getNormalDataSection(&memoryMap);
9379 }
9380
getNormalDataSection(_MEMORY_MAP * pMemoryMap)9381 int XPE::getNormalDataSection(_MEMORY_MAP *pMemoryMap)
9382 {
9383 int nResult=-1;
9384 // TODO opimize
9385
9386 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSections=getSectionHeaders();
9387 int nNumberOfSections=listSections.count();
9388
9389 int nImportSection=getImportSection(pMemoryMap);
9390
9391 for(int i=1; i<nNumberOfSections; i++)
9392 {
9393 // 0xc0700040 MinGW
9394 // 0xc0600040 MinGW
9395 // 0xc0300040 MinGW
9396 QString sSectionName=QString((char *)listSections.at(i).Name);
9397 sSectionName.resize(qMin(sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
9398 quint32 nSectionCharacteristics=listSections.at(i).Characteristics;
9399 nSectionCharacteristics&=0xFF0000FF;
9400
9401 if( (((sSectionName=="DATA")||sSectionName==".data"))&&
9402 (nSectionCharacteristics==0xC0000040)&&
9403 (listSections.at(i).SizeOfRawData)&&
9404 (nImportSection!=i))
9405 {
9406 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+listSections.at(i).VirtualAddress);
9407 break;
9408 }
9409 }
9410
9411 if(nResult==-1)
9412 {
9413 for(int i=1; i<nNumberOfSections; i++)
9414 {
9415 if( listSections.at(i).SizeOfRawData&&(nImportSection!=i)&&
9416 (listSections.at(i).Characteristics!=0x60000020)&&
9417 (listSections.at(i).Characteristics!=0x40000040))
9418 {
9419 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+listSections.at(i).VirtualAddress);
9420 break;
9421 }
9422 }
9423 }
9424
9425 return nResult;
9426 }
9427
getConstDataSection()9428 int XPE::getConstDataSection()
9429 {
9430 _MEMORY_MAP memoryMap=getMemoryMap();
9431
9432 return getConstDataSection(&memoryMap);
9433 }
9434
getConstDataSection(_MEMORY_MAP * pMemoryMap)9435 int XPE::getConstDataSection(_MEMORY_MAP *pMemoryMap)
9436 {
9437 int nResult=-1;
9438 // TODO opimize
9439
9440 QList<XPE_DEF::IMAGE_SECTION_HEADER> listSections=getSectionHeaders();
9441 int nNumberOfSections=listSections.count();
9442
9443 for(int i=1; i<nNumberOfSections; i++)
9444 {
9445 // 0x40700040 MinGW
9446 // 0x40600040 MinGW
9447 // 0x40300040 MinGW
9448 QString sSectionName=QString((char *)listSections.at(i).Name);
9449 sSectionName.resize(qMin(sSectionName.length(),XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME));
9450 quint32 nSectionCharacteristics=listSections.at(i).Characteristics;
9451 nSectionCharacteristics&=0xFF0000FF;
9452
9453 if((sSectionName==".rdata")&&
9454 (nSectionCharacteristics==0x40000040)&&
9455 (listSections.at(i).SizeOfRawData))
9456 {
9457 nResult=addressToLoadSection(pMemoryMap,getModuleAddress()+listSections.at(i).VirtualAddress);
9458 break;
9459 }
9460 }
9461
9462 return nResult;
9463 }
9464
rebuildDump(QString sResultFile,REBUILD_OPTIONS * pRebuildOptions)9465 bool XPE::rebuildDump(QString sResultFile,REBUILD_OPTIONS *pRebuildOptions)
9466 {
9467 // TODO rework!
9468 #ifdef QT_DEBUG
9469 QElapsedTimer timer;
9470 timer.start();
9471 qDebug("XPE::rebuildDump");
9472 #endif
9473 bool bResult=false;
9474
9475 if(sResultFile!="")
9476 {
9477 quint32 nTotalSize=0;
9478 quint32 nHeaderSize=0;
9479 QList<quint32> listSectionsSize;
9480 QList<quint32> listSectionsOffsets;
9481
9482 quint32 nFileAlignment=getOptionalHeader_FileAlignment();
9483
9484 quint32 nSectionAlignment=getOptionalHeader_SectionAlignment();
9485
9486 if(pRebuildOptions->bOptimize)
9487 {
9488 QByteArray baHeader=getHeaders();
9489 int nNumberOfSections=getFileHeader_NumberOfSections();
9490
9491 // if(pRebuildOptions->bClearHeader)
9492 // {
9493 // nHeaderSize=(qint32)getSectionsTableOffset()+nNumberOfSections*sizeof(XPE_DEF::IMAGE_SECTION_HEADER);
9494 // }
9495 // else
9496 // {
9497 // nHeaderSize=(quint32)XBinary::getPhysSize(baHeader.data(),baHeader.size());
9498 // }
9499
9500 nHeaderSize=(quint32)XBinary::getPhysSize(baHeader.data(),baHeader.size());
9501
9502 for(int i=0; i<nNumberOfSections; i++)
9503 {
9504 QByteArray baSection=read_array(getSection_VirtualAddress(i),getSection_VirtualSize(i));
9505 quint32 nSectionSize=(quint32)XBinary::getPhysSize(baSection.data(),baSection.size());
9506 listSectionsSize.append(nSectionSize);
9507 }
9508
9509 nTotalSize+=S_ALIGN_UP(nHeaderSize,nFileAlignment);
9510
9511 for(int i=0; i<listSectionsSize.size(); i++)
9512 {
9513 listSectionsOffsets.append(nTotalSize);
9514
9515 if(listSectionsSize.at(i))
9516 {
9517 nTotalSize+=S_ALIGN_UP(listSectionsSize.at(i),nFileAlignment);
9518 }
9519 }
9520 }
9521 else
9522 {
9523 nTotalSize=getSize();
9524 }
9525 #ifdef QT_DEBUG
9526 qDebug("XPE::rebuildDump:totalsize: %lld msec",timer.elapsed());
9527 #endif
9528 QByteArray baBuffer;
9529 baBuffer.resize(nTotalSize);
9530 baBuffer.fill(0);
9531 QBuffer buffer;
9532 buffer.setBuffer(&baBuffer);
9533
9534 if(buffer.open(QIODevice::ReadWrite))
9535 {
9536 XPE bufPE(&buffer,false);
9537
9538 if(pRebuildOptions->bOptimize)
9539 {
9540 XBinary::copyDeviceMemory(getDevice(),0,&buffer,0,nHeaderSize);
9541 bufPE.setOptionalHeader_SizeOfHeaders(S_ALIGN_UP(nHeaderSize,nFileAlignment));
9542 }
9543 else
9544 {
9545 XBinary::copyDeviceMemory(getDevice(),0,&buffer,0,nTotalSize);
9546 }
9547 #ifdef QT_DEBUG
9548 qDebug("XPE::rebuildDump:copy: %lld msec",timer.elapsed());
9549 #endif
9550 int nNumberOfSections=getFileHeader_NumberOfSections();
9551
9552 for(int i=0; i<nNumberOfSections; i++)
9553 {
9554 if(pRebuildOptions->bOptimize)
9555 {
9556 XBinary::copyDeviceMemory(getDevice(),getSection_VirtualAddress(i),&buffer,listSectionsOffsets.at(i),listSectionsSize.at(i));
9557 bufPE.setSection_PointerToRawData(i,listSectionsOffsets.at(i));
9558 bufPE.setSection_SizeOfRawData(i,S_ALIGN_UP(listSectionsSize.at(i),nFileAlignment));
9559 }
9560 else
9561 {
9562 quint32 nSectionAddress=getSection_VirtualAddress(i);
9563 quint32 nSectionSize=getSection_VirtualSize(i);
9564 bufPE.setSection_SizeOfRawData(i,S_ALIGN_UP(nSectionSize,nSectionAlignment));
9565 bufPE.setSection_PointerToRawData(i,nSectionAddress);
9566 }
9567
9568 bufPE.setSection_Characteristics(i,0xe0000020); // !!!
9569 }
9570 #ifdef QT_DEBUG
9571 qDebug("XPE::rebuildDump:copysections: %lld msec",timer.elapsed());
9572 #endif
9573 bResult=true;
9574
9575 buffer.close();
9576 }
9577
9578 QFile file;
9579 file.setFileName(sResultFile);
9580
9581 if(file.open(QIODevice::ReadWrite))
9582 {
9583 #ifdef QT_DEBUG
9584 qDebug("XPE::rebuildDump:write:start: %lld msec",timer.elapsed());
9585 #endif
9586 file.resize(baBuffer.size());
9587 file.write(baBuffer.data(),baBuffer.size());
9588 file.close();
9589 #ifdef QT_DEBUG
9590 qDebug("XPE::rebuildDump:write: %lld msec",timer.elapsed());
9591 #endif
9592 bResult=true;
9593 }
9594 }
9595
9596 if(bResult)
9597 {
9598 bResult=false;
9599
9600 QFile file;
9601 file.setFileName(sResultFile);
9602
9603 if(file.open(QIODevice::ReadWrite))
9604 {
9605 XPE _pe(&file,false);
9606
9607 if(_pe.isValid())
9608 {
9609 // if(pRebuildOptions->bRemoveLastSection)
9610 // {
9611 // _pe.removeLastSection();
9612 // }
9613 // #ifdef QT_DEBUG
9614 // qDebug("XPE::rebuildDump:removelastsection: %lld msec",timer.elapsed());
9615 // #endif
9616 if(!pRebuildOptions->mapPatches.empty())
9617 {
9618 _MEMORY_MAP memoryMap=getMemoryMap();
9619
9620 QMapIterator<qint64, quint64> i(pRebuildOptions->mapPatches);
9621
9622 while(i.hasNext())
9623 {
9624 i.next();
9625
9626 qint64 nAddress=i.key();
9627 quint64 nValue=i.value();
9628
9629 quint64 nOffset=_pe.addressToOffset(&memoryMap,nAddress);
9630
9631 if(_pe.is64())
9632 {
9633 _pe.write_uint64(nOffset,nValue);
9634 }
9635 else
9636 {
9637 _pe.write_uint32(nOffset,(quint32)nValue);
9638 }
9639 }
9640 }
9641
9642 #ifdef QT_DEBUG
9643 qDebug("XPE::rebuildDump:mapPatches: %lld msec",timer.elapsed());
9644 #endif
9645 if(pRebuildOptions->bSetEntryPoint)
9646 {
9647 _pe.setOptionalHeader_AddressOfEntryPoint(pRebuildOptions->nEntryPoint);
9648 }
9649
9650 #ifdef QT_DEBUG
9651 qDebug("XPE::rebuildDump:setentrypoint: %lld msec",timer.elapsed());
9652 #endif
9653 if(!pRebuildOptions->mapIAT.isEmpty())
9654 {
9655 if(!_pe.addImportSection(&(pRebuildOptions->mapIAT)))
9656 {
9657 // _errorMessage(tr("Cannot add import section"));
9658 }
9659 }
9660
9661 #ifdef QT_DEBUG
9662 qDebug("XPE::rebuildDump:addimportsection: %lld msec",timer.elapsed());
9663 #endif
9664 if(pRebuildOptions->bRenameSections)
9665 {
9666 int nNumberOfSections=_pe.getFileHeader_NumberOfSections();
9667
9668 for(int i=0; i<nNumberOfSections; i++)
9669 {
9670 QString sSection=_pe.getSection_NameAsString(i);
9671
9672 if(sSection!=".rsrc")
9673 {
9674 _pe.setSection_NameAsString(i,pRebuildOptions->sSectionName);
9675 }
9676 }
9677 }
9678
9679 #ifdef QT_DEBUG
9680 qDebug("XPE::rebuildDump:renamesections: %lld msec",timer.elapsed());
9681 #endif
9682 if(pRebuildOptions->listRelocsRVAs.count())
9683 {
9684 _pe.addRelocsSection(&(pRebuildOptions->listRelocsRVAs));
9685 }
9686 #ifdef QT_DEBUG
9687 qDebug("XPE::rebuildDump:addrelocssection: %lld msec",timer.elapsed());
9688 #endif
9689 if(pRebuildOptions->bFixChecksum)
9690 {
9691 _pe.fixCheckSum();
9692 }
9693 #ifdef QT_DEBUG
9694 qDebug("XPE::rebuildDump:fixchecksum: %lld msec",timer.elapsed());
9695 #endif
9696 }
9697
9698 bResult=true;
9699
9700 file.close();
9701 }
9702 }
9703 #ifdef QT_DEBUG
9704 qDebug("XPE::rebuildDump: %lld msec",timer.elapsed());
9705 #endif
9706
9707 return bResult;
9708 }
9709
rebuildDump(QString sInputFile,QString sResultFile,REBUILD_OPTIONS * pRebuildOptions)9710 bool XPE::rebuildDump(QString sInputFile, QString sResultFile,REBUILD_OPTIONS *pRebuildOptions)
9711 {
9712 // TODO rework!
9713 bool bResult=false;
9714
9715 QFile file;
9716 file.setFileName(sInputFile);
9717
9718 if(file.open(QIODevice::ReadOnly))
9719 {
9720 XPE pe(&file,false);
9721
9722 if(pe.isValid())
9723 {
9724 bResult=pe.rebuildDump(sResultFile,pRebuildOptions);
9725 }
9726
9727 file.close();
9728 }
9729
9730 return bResult;
9731 }
9732
fixCheckSum(QString sFileName,bool bIsImage)9733 bool XPE::fixCheckSum(QString sFileName, bool bIsImage)
9734 {
9735 bool bResult=false;
9736
9737 QFile file;
9738 file.setFileName(sFileName);
9739
9740 if(file.open(QIODevice::ReadWrite))
9741 {
9742 XPE pe(&file,bIsImage);
9743
9744 if(pe.isValid())
9745 {
9746 pe.fixCheckSum();
9747 bResult=true;
9748 }
9749
9750 file.close();
9751 }
9752
9753 return bResult;
9754 }
9755
_fixHeadersSize()9756 qint64 XPE::_fixHeadersSize()
9757 {
9758 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
9759 qint64 nSectionsTableOffset=getSectionsTableOffset();
9760 qint64 nHeadersSize=_calculateHeadersSize(nSectionsTableOffset,nNumberOfSections);
9761
9762 // MB TODO
9763 setOptionalHeader_SizeOfHeaders(nHeadersSize);
9764
9765 return nHeadersSize;
9766 }
9767
_getMinSectionOffset()9768 qint64 XPE::_getMinSectionOffset()
9769 {
9770 qint64 nResult=-1;
9771
9772 _MEMORY_MAP memoryMap=getMemoryMap();
9773
9774 int nNumberOfRecords=memoryMap.listRecords.count();
9775
9776 for(int i=0; i<nNumberOfRecords; i++)
9777 {
9778 if(memoryMap.listRecords.at(i).type==MMT_LOADSEGMENT)
9779 {
9780 if(nResult==-1)
9781 {
9782 nResult=memoryMap.listRecords.at(i).nOffset;
9783 }
9784 else
9785 {
9786 nResult=qMin(nResult,memoryMap.listRecords.at(i).nOffset);
9787 }
9788 }
9789 }
9790
9791 return nResult;
9792 }
9793
_fixFileOffsets(qint64 nDelta)9794 void XPE::_fixFileOffsets(qint64 nDelta)
9795 {
9796 if(nDelta)
9797 {
9798 setOptionalHeader_SizeOfHeaders(getOptionalHeader_SizeOfHeaders()+nDelta);
9799 quint32 nNumberOfSections=getFileHeader_NumberOfSections();
9800
9801 for(quint32 i=0; i<nNumberOfSections; i++)
9802 {
9803 quint32 nFileOffset=getSection_PointerToRawData(i);
9804 setSection_PointerToRawData(i,nFileOffset+nDelta);
9805 }
9806 }
9807 }
9808
_checkSum(qint64 nStartValue,qint64 nDataSize)9809 quint16 XPE::_checkSum(qint64 nStartValue,qint64 nDataSize)
9810 {
9811 // TODO Check
9812 // TODO Optimize
9813 const int BUFFER_SIZE=0x1000;
9814 int nSum=(int)nStartValue;
9815 unsigned int nTemp=0;
9816 char *pBuffer=new char[BUFFER_SIZE];
9817 char *pOffset;
9818
9819 while(nDataSize>0)
9820 {
9821 nTemp=qMin((qint64)BUFFER_SIZE,nDataSize);
9822
9823 if(!read_array(nStartValue,pBuffer,nTemp))
9824 {
9825 delete[] pBuffer;
9826
9827 return 0;
9828 }
9829
9830 pOffset=pBuffer;
9831
9832 for(unsigned int i=0; i<(nTemp+1)/2; i++)
9833 {
9834 nSum+=*((unsigned short *)pOffset);
9835
9836 if(S_HIWORD(nSum)!=0)
9837 {
9838 nSum=S_LOWORD(nSum)+S_HIWORD(nSum);
9839 }
9840
9841 pOffset+=2;
9842 }
9843
9844 nDataSize-=nTemp;
9845 nStartValue+=nTemp;
9846 }
9847
9848 delete [] pBuffer;
9849
9850 return (unsigned short)(S_LOWORD(nSum)+S_HIWORD(nSum));
9851 }
9852
read_IMAGE_RESOURCE_DIRECTORY_ENTRY(qint64 nOffset)9853 XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY XPE::read_IMAGE_RESOURCE_DIRECTORY_ENTRY(qint64 nOffset)
9854 {
9855 XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY result={};
9856
9857 read_array(nOffset,(char *)&result,sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY_ENTRY));
9858
9859 return result;
9860 }
9861
read_IMAGE_RESOURCE_DIRECTORY(qint64 nOffset)9862 XPE_DEF::IMAGE_RESOURCE_DIRECTORY XPE::read_IMAGE_RESOURCE_DIRECTORY(qint64 nOffset)
9863 {
9864 XPE_DEF::IMAGE_RESOURCE_DIRECTORY result={};
9865
9866 read_array(nOffset,(char *)&result,sizeof(XPE_DEF::IMAGE_RESOURCE_DIRECTORY));
9867
9868 return result;
9869 }
9870
read_IMAGE_RESOURCE_DATA_ENTRY(qint64 nOffset)9871 XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY XPE::read_IMAGE_RESOURCE_DATA_ENTRY(qint64 nOffset)
9872 {
9873 XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY result={};
9874
9875 read_array(nOffset,(char *)&result,sizeof(XPE_DEF::IMAGE_RESOURCE_DATA_ENTRY));
9876
9877 return result;
9878 }
9879
getResourcesIDName(qint64 nResourceOffset,quint32 nValue)9880 XPE::RESOURCES_ID_NAME XPE::getResourcesIDName(qint64 nResourceOffset, quint32 nValue)
9881 {
9882 RESOURCES_ID_NAME result={};
9883
9884 if(nValue&0x80000000)
9885 {
9886 result.bIsName=true;
9887 nValue&=0x7FFFFFFF;
9888 result.nNameOffset=nValue;
9889 result.nID=0;
9890 quint16 nStringLength=read_uint16(nResourceOffset+nValue);
9891
9892 nStringLength=qMin((quint16)1024,nStringLength);
9893
9894 QByteArray baName=read_array(nResourceOffset+nValue+2,nStringLength*2);
9895 result.sName=QString::fromUtf16((quint16 *)(baName.data()),nStringLength);
9896 }
9897 else
9898 {
9899 result.nID=nValue;
9900 result.sName="";
9901 result.nNameOffset=0;
9902 }
9903
9904 return result;
9905 }
9906
getRelocsAsRVAList()9907 QList<qint64> XPE::getRelocsAsRVAList()
9908 {
9909 QSet<qint64> stResult;
9910
9911 // TODO 64
9912 qint64 nRelocsOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BASERELOC);
9913
9914 if(nRelocsOffset!=-1)
9915 {
9916 while(true)
9917 {
9918 XPE_DEF::IMAGE_BASE_RELOCATION ibr=_readIMAGE_BASE_RELOCATION(nRelocsOffset);
9919
9920 if((ibr.VirtualAddress==0)||(ibr.SizeOfBlock==0))
9921 {
9922 break;
9923 }
9924
9925 if(ibr.VirtualAddress&0xFFF)
9926 {
9927 break;
9928 }
9929
9930 nRelocsOffset+=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
9931
9932 int nNumberOfBlocks=(ibr.SizeOfBlock-sizeof(XPE_DEF::IMAGE_BASE_RELOCATION))/sizeof(quint16);
9933
9934 nNumberOfBlocks=qMin(nNumberOfBlocks,(int)0xFFFF);
9935
9936 for(int i=0; i<nNumberOfBlocks; i++)
9937 {
9938 quint16 nRecord=read_uint16(nRelocsOffset);
9939
9940 if(nRecord)
9941 {
9942 nRecord=nRecord&0x0FFF;
9943 stResult.insert(ibr.VirtualAddress+nRecord);
9944 }
9945
9946 nRelocsOffset+=sizeof(quint16);
9947 }
9948 }
9949 }
9950
9951 return stResult.values();
9952 }
9953
getRelocsHeaders()9954 QList<XPE::RELOCS_HEADER> XPE::getRelocsHeaders()
9955 {
9956 QList<RELOCS_HEADER> listResult;
9957
9958 qint64 nRelocsOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BASERELOC);
9959
9960 if(nRelocsOffset!=-1)
9961 {
9962 while(true)
9963 {
9964 RELOCS_HEADER record={0};
9965
9966 record.nOffset=nRelocsOffset;
9967
9968 record.baseRelocation=_readIMAGE_BASE_RELOCATION(nRelocsOffset);
9969
9970 if((record.baseRelocation.VirtualAddress==0)||(record.baseRelocation.SizeOfBlock==0))
9971 {
9972 break;
9973 }
9974
9975 if(record.baseRelocation.VirtualAddress&0xFFF)
9976 {
9977 break;
9978 }
9979
9980 nRelocsOffset+=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
9981
9982 record.nCount=(record.baseRelocation.SizeOfBlock-sizeof(XPE_DEF::IMAGE_BASE_RELOCATION))/sizeof(quint16);
9983
9984 nRelocsOffset+=sizeof(quint16)*record.nCount;
9985
9986 listResult.append(record);
9987 }
9988 }
9989
9990 return listResult;
9991 }
9992
getRelocsPositions(qint64 nOffset)9993 QList<XPE::RELOCS_POSITION> XPE::getRelocsPositions(qint64 nOffset)
9994 {
9995 QList<RELOCS_POSITION> listResult;
9996
9997 XPE_DEF::IMAGE_BASE_RELOCATION ibr=_readIMAGE_BASE_RELOCATION(nOffset);
9998
9999 if((ibr.VirtualAddress)&&(ibr.SizeOfBlock))
10000 {
10001 nOffset+=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
10002
10003 int nCount=(ibr.SizeOfBlock-sizeof(XPE_DEF::IMAGE_BASE_RELOCATION))/sizeof(quint16);
10004
10005 nCount&=0xFFFF;
10006
10007 for(int i=0; i<nCount; i++)
10008 {
10009 RELOCS_POSITION record={0};
10010
10011 quint16 nRecord=read_uint16(nOffset);
10012
10013 record.nTypeOffset=nRecord;
10014 record.nAddress=ibr.VirtualAddress+(nRecord&0x0FFF);
10015 record.nType=nRecord>>12;
10016
10017 listResult.append(record);
10018
10019 nOffset+=sizeof(quint16);
10020 }
10021 }
10022
10023 return listResult;
10024 }
10025
_readIMAGE_BASE_RELOCATION(qint64 nOffset)10026 XPE_DEF::IMAGE_BASE_RELOCATION XPE::_readIMAGE_BASE_RELOCATION(qint64 nOffset)
10027 {
10028 XPE_DEF::IMAGE_BASE_RELOCATION result={};
10029
10030 result.VirtualAddress=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,VirtualAddress));
10031 result.SizeOfBlock=read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,SizeOfBlock));
10032
10033 return result;
10034 }
10035
getRelocsVirtualAddress(qint64 nOffset)10036 quint32 XPE::getRelocsVirtualAddress(qint64 nOffset)
10037 {
10038 return read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,VirtualAddress));
10039 }
10040
getRelocsSizeOfBlock(qint64 nOffset)10041 quint32 XPE::getRelocsSizeOfBlock(qint64 nOffset)
10042 {
10043 return read_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,SizeOfBlock));
10044 }
10045
setRelocsVirtualAddress(qint64 nOffset,quint32 nValue)10046 void XPE::setRelocsVirtualAddress(qint64 nOffset, quint32 nValue)
10047 {
10048 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,VirtualAddress),nValue);
10049 }
10050
setRelocsSizeOfBlock(qint64 nOffset,quint32 nValue)10051 void XPE::setRelocsSizeOfBlock(qint64 nOffset, quint32 nValue)
10052 {
10053 write_uint32(nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,SizeOfBlock),nValue);
10054 }
10055
addRelocsSection(QList<qint64> * pList)10056 bool XPE::addRelocsSection(QList<qint64> *pList)
10057 {
10058 return addRelocsSection(getDevice(),isImage(),pList);
10059 }
10060
addRelocsSection(QIODevice * pDevice,bool bIsImage,QList<qint64> * pListRelocs)10061 bool XPE::addRelocsSection(QIODevice *pDevice, bool bIsImage, QList<qint64> *pListRelocs)
10062 {
10063 bool bResult=false;
10064
10065 if((isResizeEnable(pDevice))&&(pListRelocs->count()))
10066 {
10067 XPE pe(pDevice,bIsImage);
10068
10069 if(pe.isValid())
10070 {
10071 // Check valid
10072 _MEMORY_MAP memoryMap=pe.getMemoryMap();
10073
10074 QList<qint64> listRVAs;
10075
10076 int nNumberOfRelocs=pListRelocs->count();
10077
10078 for(int i=0; i<nNumberOfRelocs; i++)
10079 {
10080 if(pe.isAddressValid(&memoryMap,pListRelocs->at(i)+memoryMap.nModuleAddress))
10081 {
10082 listRVAs.append(pListRelocs->at(i));
10083 }
10084 }
10085
10086 QByteArray baRelocs=relocsAsRVAListToByteArray(&listRVAs,pe.is64());
10087
10088 XPE_DEF::IMAGE_SECTION_HEADER ish={};
10089
10090 ish.Characteristics=0x42000040;
10091 QString sSectionName=".reloc";
10092 XBinary::_copyMemory((char *)&ish.Name,sSectionName.toLatin1().data(),qMin(XPE_DEF::S_IMAGE_SIZEOF_SHORT_NAME,sSectionName.length()));
10093
10094 bResult=addSection(pDevice,bIsImage,&ish,baRelocs.data(),baRelocs.size());
10095
10096 if(bResult)
10097 {
10098 XPE_DEF::IMAGE_DATA_DIRECTORY dd={};
10099
10100 dd.VirtualAddress=ish.VirtualAddress;
10101 dd.Size=ish.Misc.VirtualSize;
10102
10103 pe.setOptionalHeader_DataDirectory(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BASERELOC,&dd);
10104
10105 bResult=true;
10106 }
10107 }
10108 }
10109
10110 return bResult;
10111 }
10112
addRelocsSection(QString sFileName,bool bIsImage,QList<qint64> * pListRelocs)10113 bool XPE::addRelocsSection(QString sFileName, bool bIsImage, QList<qint64> *pListRelocs)
10114 {
10115 bool bResult=false;
10116
10117 QFile file(sFileName);
10118
10119 if(file.open(QIODevice::ReadWrite))
10120 {
10121 bResult=addRelocsSection(&file,bIsImage,pListRelocs);
10122
10123 file.close();
10124 }
10125
10126 return bResult;
10127 }
10128
relocsAsRVAListToByteArray(QList<qint64> * pListRelocs,bool bIs64)10129 QByteArray XPE::relocsAsRVAListToByteArray(QList<qint64> *pListRelocs, bool bIs64)
10130 {
10131 QByteArray baResult;
10132 // GetHeaders
10133 // pList must be sorted!
10134
10135 qint32 nBaseAddress=-1;
10136 quint32 nSize=0;
10137
10138 int nNumberOfRelocs=pListRelocs->count();
10139
10140 for(int i=0; i<nNumberOfRelocs; i++)
10141 {
10142 qint32 _nBaseAddress=S_ALIGN_DOWN(pListRelocs->at(i),0x1000);
10143
10144 if(nBaseAddress!=_nBaseAddress)
10145 {
10146 nBaseAddress=_nBaseAddress;
10147 nSize=S_ALIGN_UP(nSize,4);
10148 nSize+=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
10149 }
10150
10151 nSize+=2;
10152 }
10153
10154 nSize=S_ALIGN_UP(nSize,4);
10155
10156 baResult.resize(nSize);
10157
10158 nBaseAddress=-1;
10159 quint32 nOffset=0;
10160 char *pData=baResult.data();
10161 char *pVirtualAddress=0;
10162 char *pSizeOfBlock=0;
10163 quint32 nCurrentBlockSize=0;
10164
10165 nNumberOfRelocs=pListRelocs->count();
10166
10167 for(int i=0; i<nNumberOfRelocs; i++)
10168 {
10169 qint32 _nBaseAddress=S_ALIGN_DOWN(pListRelocs->at(i),0x1000);
10170
10171 if(nBaseAddress!=_nBaseAddress)
10172 {
10173 nBaseAddress=_nBaseAddress;
10174 quint32 _nOffset=S_ALIGN_UP(nOffset,4);
10175
10176 if(nOffset!=_nOffset)
10177 {
10178 nCurrentBlockSize+=2;
10179 XBinary::_write_uint32(pSizeOfBlock,nCurrentBlockSize);
10180 XBinary::_write_uint16(pData+nOffset,0);
10181 nOffset=_nOffset;
10182 }
10183
10184 pVirtualAddress=pData+nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,VirtualAddress);
10185 pSizeOfBlock=pData+nOffset+offsetof(XPE_DEF::IMAGE_BASE_RELOCATION,SizeOfBlock);
10186 XBinary::_write_uint32(pVirtualAddress,nBaseAddress);
10187 nCurrentBlockSize=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
10188 XBinary::_write_uint32(pSizeOfBlock,nCurrentBlockSize);
10189
10190 nOffset+=sizeof(XPE_DEF::IMAGE_BASE_RELOCATION);
10191 }
10192
10193 nCurrentBlockSize+=2;
10194 XBinary::_write_uint32(pSizeOfBlock,nCurrentBlockSize);
10195
10196 if(!bIs64)
10197 {
10198 XBinary::_write_uint16(pData+nOffset,pListRelocs->at(i)-nBaseAddress+0x3000);
10199 }
10200 else
10201 {
10202 XBinary::_write_uint16(pData+nOffset,pListRelocs->at(i)-nBaseAddress+0xA000);
10203 }
10204
10205 nOffset+=2;
10206 }
10207
10208 quint32 _nOffset=S_ALIGN_UP(nOffset,4);
10209
10210 if(nOffset!=_nOffset)
10211 {
10212 nCurrentBlockSize+=2;
10213 XBinary::_write_uint32(pSizeOfBlock,nCurrentBlockSize);
10214 XBinary::_write_uint16(pData+nOffset,0);
10215 }
10216
10217 return baResult;
10218 }
10219
isResourcesPresent()10220 bool XPE::isResourcesPresent()
10221 {
10222 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_RESOURCE);
10223 }
10224
isRelocsPresent()10225 bool XPE::isRelocsPresent()
10226 {
10227 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BASERELOC);
10228 }
10229
isDebugPresent()10230 bool XPE::isDebugPresent()
10231 {
10232 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DEBUG);
10233 }
10234
isTLSPresent()10235 bool XPE::isTLSPresent()
10236 {
10237 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10238 }
10239
isSignPresent()10240 bool XPE::isSignPresent()
10241 {
10242 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_SECURITY);
10243 }
10244
isExceptionPresent()10245 bool XPE::isExceptionPresent()
10246 {
10247 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_EXCEPTION);
10248 }
10249
isLoadConfigPresent()10250 bool XPE::isLoadConfigPresent()
10251 {
10252 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG);
10253 }
10254
isBoundImportPresent()10255 bool XPE::isBoundImportPresent()
10256 {
10257 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT);
10258 }
10259
isDelayImportPresent()10260 bool XPE::isDelayImportPresent()
10261 {
10262 return isOptionalHeader_DataDirectoryPresent(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT);
10263 }
10264
getTLSHeaderOffset()10265 qint64 XPE::getTLSHeaderOffset()
10266 {
10267 return getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10268 }
10269
getTLSHeaderSize()10270 qint64 XPE::getTLSHeaderSize()
10271 {
10272 qint64 nResult=0;
10273
10274 if(is64())
10275 {
10276 nResult=sizeof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64);
10277 }
10278 else
10279 {
10280 nResult=sizeof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32);
10281 }
10282
10283 return nResult;
10284 }
10285
getTLSDirectory32()10286 XPE_DEF::S_IMAGE_TLS_DIRECTORY32 XPE::getTLSDirectory32()
10287 {
10288 XPE_DEF::S_IMAGE_TLS_DIRECTORY32 result={};
10289
10290 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10291
10292 if(nTLSOffset!=-1)
10293 {
10294 // TODO read function!!!
10295 read_array(nTLSOffset,(char *)&result,sizeof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32));
10296 }
10297
10298 return result;
10299 }
10300
getTLSDirectory64()10301 XPE_DEF::S_IMAGE_TLS_DIRECTORY64 XPE::getTLSDirectory64()
10302 {
10303 XPE_DEF::S_IMAGE_TLS_DIRECTORY64 result={};
10304
10305 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10306
10307 if(nTLSOffset!=-1)
10308 {
10309 // TODO read function!!!
10310 read_array(nTLSOffset,(char *)&result,sizeof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64));
10311 }
10312
10313 return result;
10314 }
10315
getTLS_StartAddressOfRawData()10316 quint64 XPE::getTLS_StartAddressOfRawData()
10317 {
10318 quint64 nResult=0;
10319
10320 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10321
10322 if(nTLSOffset!=-1)
10323 {
10324 if(is64())
10325 {
10326 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,StartAddressOfRawData));
10327 }
10328 else
10329 {
10330 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,StartAddressOfRawData));
10331 }
10332 }
10333
10334 return nResult;
10335 }
10336
getTLS_EndAddressOfRawData()10337 quint64 XPE::getTLS_EndAddressOfRawData()
10338 {
10339 quint64 nResult=0;
10340
10341 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10342
10343 if(nTLSOffset!=-1)
10344 {
10345 if(is64())
10346 {
10347 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,EndAddressOfRawData));
10348 }
10349 else
10350 {
10351 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,EndAddressOfRawData));
10352 }
10353 }
10354
10355 return nResult;
10356 }
10357
getTLS_AddressOfIndex()10358 quint64 XPE::getTLS_AddressOfIndex()
10359 {
10360 quint64 nResult=0;
10361
10362 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10363
10364 if(nTLSOffset!=-1)
10365 {
10366 if(is64())
10367 {
10368 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,AddressOfIndex));
10369 }
10370 else
10371 {
10372 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,AddressOfIndex));
10373 }
10374 }
10375
10376 return nResult;
10377 }
10378
getTLS_AddressOfCallBacks()10379 quint64 XPE::getTLS_AddressOfCallBacks()
10380 {
10381 quint64 nResult=0;
10382
10383 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10384
10385 if(nTLSOffset!=-1)
10386 {
10387 if(is64())
10388 {
10389 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,AddressOfCallBacks));
10390 }
10391 else
10392 {
10393 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,AddressOfCallBacks));
10394 }
10395 }
10396
10397 return nResult;
10398 }
10399
getTLS_SizeOfZeroFill()10400 quint32 XPE::getTLS_SizeOfZeroFill()
10401 {
10402 quint32 nResult=0;
10403
10404 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10405
10406 if(nTLSOffset!=-1)
10407 {
10408 if(is64())
10409 {
10410 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,SizeOfZeroFill));
10411 }
10412 else
10413 {
10414 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,SizeOfZeroFill));
10415 }
10416 }
10417
10418 return nResult;
10419 }
10420
getTLS_Characteristics()10421 quint32 XPE::getTLS_Characteristics()
10422 {
10423 quint32 nResult=0;
10424
10425 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10426
10427 if(nTLSOffset!=-1)
10428 {
10429 if(is64())
10430 {
10431 nResult=read_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,Characteristics));
10432 }
10433 else
10434 {
10435 nResult=read_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,Characteristics));
10436 }
10437 }
10438
10439 return nResult;
10440 }
10441
setTLS_StartAddressOfRawData(quint64 nValue)10442 void XPE::setTLS_StartAddressOfRawData(quint64 nValue)
10443 {
10444 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10445
10446 if(nTLSOffset!=-1)
10447 {
10448 if(is64())
10449 {
10450 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,StartAddressOfRawData),nValue);
10451 }
10452 else
10453 {
10454 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,StartAddressOfRawData),nValue);
10455 }
10456 }
10457 }
10458
setTLS_EndAddressOfRawData(quint64 nValue)10459 void XPE::setTLS_EndAddressOfRawData(quint64 nValue)
10460 {
10461 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10462
10463 if(nTLSOffset!=-1)
10464 {
10465 if(is64())
10466 {
10467 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,EndAddressOfRawData),nValue);
10468 }
10469 else
10470 {
10471 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,EndAddressOfRawData),nValue);
10472 }
10473 }
10474 }
10475
setTLS_AddressOfIndex(quint64 nValue)10476 void XPE::setTLS_AddressOfIndex(quint64 nValue)
10477 {
10478 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10479
10480 if(nTLSOffset!=-1)
10481 {
10482 if(is64())
10483 {
10484 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,AddressOfIndex),nValue);
10485 }
10486 else
10487 {
10488 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,AddressOfIndex),nValue);
10489 }
10490 }
10491 }
10492
setTLS_AddressOfCallBacks(quint64 nValue)10493 void XPE::setTLS_AddressOfCallBacks(quint64 nValue)
10494 {
10495 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10496
10497 if(nTLSOffset!=-1)
10498 {
10499 if(is64())
10500 {
10501 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,AddressOfCallBacks),nValue);
10502 }
10503 else
10504 {
10505 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,AddressOfCallBacks),nValue);
10506 }
10507 }
10508 }
10509
setTLS_SizeOfZeroFill(quint32 nValue)10510 void XPE::setTLS_SizeOfZeroFill(quint32 nValue)
10511 {
10512 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10513
10514 if(nTLSOffset!=-1)
10515 {
10516 if(is64())
10517 {
10518 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,SizeOfZeroFill),nValue);
10519 }
10520 else
10521 {
10522 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,SizeOfZeroFill),nValue);
10523 }
10524 }
10525 }
10526
setTLS_Characteristics(quint32 nValue)10527 void XPE::setTLS_Characteristics(quint32 nValue)
10528 {
10529 qint64 nTLSOffset=getDataDirectoryOffset(XPE_DEF::S_IMAGE_DIRECTORY_ENTRY_TLS);
10530
10531 if(nTLSOffset!=-1)
10532 {
10533 if(is64())
10534 {
10535 write_uint64(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY64,Characteristics),nValue);
10536 }
10537 else
10538 {
10539 write_uint32(nTLSOffset+offsetof(XPE_DEF::S_IMAGE_TLS_DIRECTORY32,Characteristics),nValue);
10540 }
10541 }
10542 }
10543
getTLS_CallbacksList()10544 QList<qint64> XPE::getTLS_CallbacksList()
10545 {
10546 _MEMORY_MAP memoryMap=getMemoryMap();
10547
10548 return getTLS_CallbacksList(&memoryMap);
10549 }
10550
getTLS_CallbacksList(XBinary::_MEMORY_MAP * pMemoryMap)10551 QList<qint64> XPE::getTLS_CallbacksList(XBinary::_MEMORY_MAP *pMemoryMap)
10552 {
10553 QList<qint64> listResult;
10554
10555 qint64 nOffset=addressToOffset(pMemoryMap,(qint64)getTLS_AddressOfCallBacks());
10556
10557 if(nOffset!=-1)
10558 {
10559 for(int i=0;i<100;i++) // TODO const
10560 {
10561 qint64 nAddress=0;
10562
10563 if(is64())
10564 {
10565 nAddress=read_uint64(nOffset);
10566
10567 nOffset+=8;
10568 }
10569 else
10570 {
10571 nAddress=read_uint32(nOffset);
10572
10573 nOffset+=4;
10574 }
10575
10576 if(nAddress&&isAddressValid(pMemoryMap,nAddress))
10577 {
10578 listResult.append(nAddress);
10579 }
10580 else
10581 {
10582 break;
10583 }
10584 }
10585 }
10586
10587 return listResult;
10588 }
10589
getTLSHeader()10590 XPE::TLS_HEADER XPE::getTLSHeader()
10591 {
10592 TLS_HEADER result={};
10593
10594 if(isTLSPresent())
10595 {
10596 if(is64())
10597 {
10598 XPE_DEF::S_IMAGE_TLS_DIRECTORY64 tls64=getTLSDirectory64();
10599
10600 result.AddressOfCallBacks=tls64.AddressOfCallBacks;
10601 result.AddressOfIndex=tls64.AddressOfIndex;
10602 result.Characteristics=tls64.Characteristics;
10603 result.EndAddressOfRawData=tls64.EndAddressOfRawData;
10604 result.SizeOfZeroFill=tls64.SizeOfZeroFill;
10605 result.StartAddressOfRawData=tls64.StartAddressOfRawData;
10606 }
10607 else
10608 {
10609 XPE_DEF::S_IMAGE_TLS_DIRECTORY32 tls32=getTLSDirectory32();
10610
10611 result.AddressOfCallBacks=tls32.AddressOfCallBacks;
10612 result.AddressOfIndex=tls32.AddressOfIndex;
10613 result.Characteristics=tls32.Characteristics;
10614 result.EndAddressOfRawData=tls32.EndAddressOfRawData;
10615 result.SizeOfZeroFill=tls32.SizeOfZeroFill;
10616 result.StartAddressOfRawData=tls32.StartAddressOfRawData;
10617 }
10618 }
10619
10620 return result;
10621 }
10622
getImageNtHeadersSignatures()10623 QMap<quint64, QString> XPE::getImageNtHeadersSignatures()
10624 {
10625 QMap<quint64, QString> mapResult;
10626
10627 mapResult.insert(0x00004550,"IMAGE_NT_SIGNATURE");
10628
10629 return mapResult;
10630 }
10631
getImageNtHeadersSignaturesS()10632 QMap<quint64, QString> XPE::getImageNtHeadersSignaturesS()
10633 {
10634 QMap<quint64, QString> mapResult;
10635
10636 mapResult.insert(0x00004550,"NT_SIGNATURE");
10637
10638 return mapResult;
10639 }
10640
getImageMagics()10641 QMap<quint64, QString> XPE::getImageMagics()
10642 {
10643 QMap<quint64, QString> mapResult;
10644
10645 mapResult.insert(0x5A4D,"IMAGE_DOS_SIGNATURE");
10646
10647 return mapResult;
10648 }
10649
getImageMagicsS()10650 QMap<quint64, QString> XPE::getImageMagicsS()
10651 {
10652 QMap<quint64, QString> mapResult;
10653
10654 mapResult.insert(0x5A4D,"DOS_SIGNATURE");
10655
10656 return mapResult;
10657 }
10658
getImageFileHeaderMachines()10659 QMap<quint64, QString> XPE::getImageFileHeaderMachines()
10660 {
10661 QMap<quint64, QString> mapResult;
10662
10663 mapResult.insert(0,"IMAGE_FILE_MACHINE_UNKNOWN");
10664 mapResult.insert(0x014c,"IMAGE_FILE_MACHINE_I386");
10665 mapResult.insert(0x0162,"IMAGE_FILE_MACHINE_R3000");
10666 mapResult.insert(0x0166,"IMAGE_FILE_MACHINE_R4000");
10667 mapResult.insert(0x0168,"IMAGE_FILE_MACHINE_R10000");
10668 mapResult.insert(0x0169,"IMAGE_FILE_MACHINE_WCEMIPSV2");
10669 mapResult.insert(0x0184,"IMAGE_FILE_MACHINE_ALPHA");
10670 mapResult.insert(0x01a2,"IMAGE_FILE_MACHINE_SH3");
10671 mapResult.insert(0x01a3,"IMAGE_FILE_MACHINE_SH3DSP");
10672 mapResult.insert(0x01a4,"IMAGE_FILE_MACHINE_SH3E");
10673 mapResult.insert(0x01a6,"IMAGE_FILE_MACHINE_SH4");
10674 mapResult.insert(0x01a8,"IMAGE_FILE_MACHINE_SH5");
10675 mapResult.insert(0x01c0,"IMAGE_FILE_MACHINE_ARM");
10676 mapResult.insert(0x01c2,"IMAGE_FILE_MACHINE_THUMB");
10677 mapResult.insert(0x01c4,"IMAGE_FILE_MACHINE_ARMNT");
10678 mapResult.insert(0x01d3,"IMAGE_FILE_MACHINE_AM33");
10679 mapResult.insert(0x01F0,"IMAGE_FILE_MACHINE_POWERPC");
10680 mapResult.insert(0x01f1,"IMAGE_FILE_MACHINE_POWERPCFP");
10681 mapResult.insert(0x0200,"IMAGE_FILE_MACHINE_IA64");
10682 mapResult.insert(0x0266,"IMAGE_FILE_MACHINE_MIPS16");
10683 mapResult.insert(0x0284,"IMAGE_FILE_MACHINE_ALPHA64");
10684 mapResult.insert(0x0366,"IMAGE_FILE_MACHINE_MIPSFPU");
10685 mapResult.insert(0x0466,"IMAGE_FILE_MACHINE_MIPSFPU16");
10686 mapResult.insert(0x0520,"IMAGE_FILE_MACHINE_TRICORE");
10687 mapResult.insert(0x0CEF,"IMAGE_FILE_MACHINE_CEF");
10688 mapResult.insert(0x0EBC,"IMAGE_FILE_MACHINE_EBC");
10689 mapResult.insert(0x8664,"IMAGE_FILE_MACHINE_AMD64");
10690 mapResult.insert(0x9041,"IMAGE_FILE_MACHINE_M32R");
10691 mapResult.insert(0xC0EE,"IMAGE_FILE_MACHINE_CEE");
10692 mapResult.insert(0xAA64,"IMAGE_FILE_MACHINE_ARM64");
10693 mapResult.insert(0x5032,"IMAGE_FILE_MACHINE_RISCV32");
10694 mapResult.insert(0x5064,"IMAGE_FILE_MACHINE_RISCV64");
10695 mapResult.insert(0x5128,"IMAGE_FILE_MACHINE_RISCV128");
10696
10697 return mapResult;
10698 }
10699
getImageFileHeaderMachinesS()10700 QMap<quint64, QString> XPE::getImageFileHeaderMachinesS()
10701 {
10702 QMap<quint64, QString> mapResult;
10703
10704 mapResult.insert(0,"UNKNOWN");
10705 mapResult.insert(0x014c,"I386");
10706 mapResult.insert(0x0162,"R3000");
10707 mapResult.insert(0x0166,"R4000");
10708 mapResult.insert(0x0168,"R10000");
10709 mapResult.insert(0x0169,"WCEMIPSV2");
10710 mapResult.insert(0x0184,"ALPHA");
10711 mapResult.insert(0x01a2,"SH3");
10712 mapResult.insert(0x01a3,"SH3DSP");
10713 mapResult.insert(0x01a4,"SH3E");
10714 mapResult.insert(0x01a6,"SH4");
10715 mapResult.insert(0x01a8,"SH5");
10716 mapResult.insert(0x01c0,"ARM");
10717 mapResult.insert(0x01c2,"THUMB");
10718 mapResult.insert(0x01c4,"ARMNT");
10719 mapResult.insert(0x01d3,"AM33");
10720 mapResult.insert(0x01F0,"POWERPC");
10721 mapResult.insert(0x01f1,"POWERPCFP");
10722 mapResult.insert(0x0200,"IA64");
10723 mapResult.insert(0x0266,"MIPS16");
10724 mapResult.insert(0x0284,"ALPHA64");
10725 mapResult.insert(0x0366,"MIPSFPU");
10726 mapResult.insert(0x0466,"MIPSFPU16");
10727 mapResult.insert(0x0520,"TRICORE");
10728 mapResult.insert(0x0CEF,"CEF");
10729 mapResult.insert(0x0EBC,"EBC");
10730 mapResult.insert(0x8664,"AMD64");
10731 mapResult.insert(0x9041,"M32R");
10732 mapResult.insert(0xC0EE,"CEE");
10733 mapResult.insert(0xAA64,"ARM64");
10734 mapResult.insert(0x5032,"RISCV32");
10735 mapResult.insert(0x5064,"RISCV64");
10736 mapResult.insert(0x5128,"RISCV128");
10737
10738 return mapResult;
10739 }
10740
getImageFileHeaderCharacteristics()10741 QMap<quint64, QString> XPE::getImageFileHeaderCharacteristics()
10742 {
10743 QMap<quint64, QString> mapResult;
10744
10745 mapResult.insert(0x0001,"IMAGE_FILE_RELOCS_STRIPPED");
10746 mapResult.insert(0x0002,"IMAGE_FILE_EXECUTABLE_IMAGE");
10747 mapResult.insert(0x0004,"IMAGE_FILE_LINE_NUMS_STRIPPED");
10748 mapResult.insert(0x0008,"IMAGE_FILE_LOCAL_SYMS_STRIPPED");
10749 mapResult.insert(0x0010,"IMAGE_FILE_AGGRESIVE_WS_TRIM");
10750 mapResult.insert(0x0020,"IMAGE_FILE_LARGE_ADDRESS_AWARE");
10751 mapResult.insert(0x0080,"IMAGE_FILE_BYTES_REVERSED_LO");
10752 mapResult.insert(0x0100,"IMAGE_FILE_32BIT_MACHINE");
10753 mapResult.insert(0x0200,"IMAGE_FILE_DEBUG_STRIPPED");
10754 mapResult.insert(0x0400,"IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP");
10755 mapResult.insert(0x0800,"IMAGE_FILE_NET_RUN_FROM_SWAP");
10756 mapResult.insert(0x1000,"IMAGE_FILE_SYSTEM");
10757 mapResult.insert(0x2000,"IMAGE_FILE_DLL");
10758 mapResult.insert(0x4000,"IMAGE_FILE_UP_SYSTEM_ONLY");
10759 mapResult.insert(0x8000,"IMAGE_FILE_BYTES_REVERSED_HI");
10760
10761 return mapResult;
10762 }
10763
getImageFileHeaderCharacteristicsS()10764 QMap<quint64, QString> XPE::getImageFileHeaderCharacteristicsS()
10765 {
10766 QMap<quint64, QString> mapResult;
10767
10768 mapResult.insert(0x0001,"RELOCS_STRIPPED");
10769 mapResult.insert(0x0002,"EXECUTABLE_IMAGE");
10770 mapResult.insert(0x0004,"LINE_NUMS_STRIPPED");
10771 mapResult.insert(0x0008,"LOCAL_SYMS_STRIPPED");
10772 mapResult.insert(0x0010,"AGGRESIVE_WS_TRIM");
10773 mapResult.insert(0x0020,"LARGE_ADDRESS_AWARE");
10774 mapResult.insert(0x0080,"BYTES_REVERSED_LO");
10775 mapResult.insert(0x0100,"32BIT_MACHINE");
10776 mapResult.insert(0x0200,"DEBUG_STRIPPED");
10777 mapResult.insert(0x0400,"REMOVABLE_RUN_FROM_SWAP");
10778 mapResult.insert(0x0800,"NET_RUN_FROM_SWAP");
10779 mapResult.insert(0x1000,"SYSTEM");
10780 mapResult.insert(0x2000,"DLL");
10781 mapResult.insert(0x4000,"UP_SYSTEM_ONLY");
10782 mapResult.insert(0x8000,"BYTES_REVERSED_HI");
10783
10784 return mapResult;
10785 }
10786
getImageOptionalHeaderMagic()10787 QMap<quint64, QString> XPE::getImageOptionalHeaderMagic()
10788 {
10789 QMap<quint64, QString> mapResult;
10790
10791 mapResult.insert(0x10b,"IMAGE_NT_OPTIONAL_HDR32_MAGIC");
10792 mapResult.insert(0x20b,"IMAGE_NT_OPTIONAL_HDR64_MAGIC");
10793 mapResult.insert(0x107,"IMAGE_ROM_OPTIONAL_HDR_MAGIC");
10794
10795 return mapResult;
10796 }
10797
getImageOptionalHeaderMagicS()10798 QMap<quint64, QString> XPE::getImageOptionalHeaderMagicS()
10799 {
10800 QMap<quint64, QString> mapResult;
10801
10802 mapResult.insert(0x10b,"NT_HDR32_MAGIC");
10803 mapResult.insert(0x20b,"NT_HDR64_MAGIC");
10804 mapResult.insert(0x107,"ROM_HDR_MAGIC");
10805
10806 return mapResult;
10807 }
10808
getImageOptionalHeaderSubsystem()10809 QMap<quint64, QString> XPE::getImageOptionalHeaderSubsystem()
10810 {
10811 QMap<quint64, QString> mapResult;
10812
10813 mapResult.insert(0,"IMAGE_SUBSYSTEM_UNKNOWN");
10814 mapResult.insert(1,"IMAGE_SUBSYSTEM_NATIVE");
10815 mapResult.insert(2,"IMAGE_SUBSYSTEM_WINDOWS_GUI");
10816 mapResult.insert(3,"IMAGE_SUBSYSTEM_WINDOWS_CUI");
10817 mapResult.insert(5,"IMAGE_SUBSYSTEM_OS2_CUI");
10818 mapResult.insert(7,"IMAGE_SUBSYSTEM_POSIX_CUI");
10819 mapResult.insert(8,"IMAGE_SUBSYSTEM_NATIVE_WINDOWS");
10820 mapResult.insert(9,"IMAGE_SUBSYSTEM_WINDOWS_CE_GUI");
10821 mapResult.insert(10,"IMAGE_SUBSYSTEM_EFI_APPLICATION");
10822 mapResult.insert(11,"IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER");
10823 mapResult.insert(12,"IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER");
10824 mapResult.insert(13,"IMAGE_SUBSYSTEM_EFI_ROM");
10825 mapResult.insert(14,"IMAGE_SUBSYSTEM_XBOX");
10826 mapResult.insert(16,"IMAGE_SUBSYSTEM_WINDOWS_BOOT_APPLICATION");
10827
10828 return mapResult;
10829 }
10830
getImageOptionalHeaderSubsystemS()10831 QMap<quint64, QString> XPE::getImageOptionalHeaderSubsystemS()
10832 {
10833 QMap<quint64, QString> mapResult;
10834
10835 mapResult.insert(0,"UNKNOWN");
10836 mapResult.insert(1,"NATIVE");
10837 mapResult.insert(2,"WINDOWS_GUI");
10838 mapResult.insert(3,"WINDOWS_CUI");
10839 mapResult.insert(5,"OS2_CUI");
10840 mapResult.insert(7,"POSIX_CUI");
10841 mapResult.insert(8,"NATIVE_WINDOWS");
10842 mapResult.insert(9,"WINDOWS_CE_GUI");
10843 mapResult.insert(10,"EFI_APPLICATION");
10844 mapResult.insert(11,"EFI_BOOT_SERVICE_DRIVER");
10845 mapResult.insert(12,"EFI_RUNTIME_DRIVER");
10846 mapResult.insert(13,"EFI_ROM");
10847 mapResult.insert(14,"XBOX");
10848 mapResult.insert(16,"WINDOWS_BOOT_APPLICATION");
10849
10850 return mapResult;
10851 }
10852
getImageOptionalHeaderDllCharacteristics()10853 QMap<quint64, QString> XPE::getImageOptionalHeaderDllCharacteristics()
10854 {
10855 QMap<quint64, QString> mapResult;
10856
10857 mapResult.insert(0x0020,"IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA");
10858 mapResult.insert(0x0040,"IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE");
10859 mapResult.insert(0x0080,"IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY");
10860 mapResult.insert(0x0100,"IMAGE_DLLCHARACTERISTICS_NX_COMPAT");
10861 mapResult.insert(0x0200,"IMAGE_DLLCHARACTERISTICS_NO_ISOLATION");
10862 mapResult.insert(0x0400,"IMAGE_DLLCHARACTERISTICS_NO_SEH");
10863 mapResult.insert(0x0800,"IMAGE_DLLCHARACTERISTICS_NO_BIND");
10864 mapResult.insert(0x1000,"IMAGE_DLLCHARACTERISTICS_APPCONTAINER");
10865 mapResult.insert(0x2000,"IMAGE_DLLCHARACTERISTICS_WDM_DRIVER");
10866 mapResult.insert(0x4000,"IMAGE_DLLCHARACTERISTICS_GUARD_CF");
10867 mapResult.insert(0x8000,"IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE");
10868
10869 return mapResult;
10870 }
10871
getImageOptionalHeaderDllCharacteristicsS()10872 QMap<quint64, QString> XPE::getImageOptionalHeaderDllCharacteristicsS()
10873 {
10874 QMap<quint64, QString> mapResult;
10875
10876 mapResult.insert(0x0020,"HIGH_ENTROPY_VA");
10877 mapResult.insert(0x0040,"DYNAMIC_BASE");
10878 mapResult.insert(0x0080,"FORCE_INTEGRITY");
10879 mapResult.insert(0x0100,"NX_COMPAT");
10880 mapResult.insert(0x0200,"NO_ISOLATION");
10881 mapResult.insert(0x0400,"NO_SEH");
10882 mapResult.insert(0x0800,"NO_BIND");
10883 mapResult.insert(0x1000,"APPCONTAINER");
10884 mapResult.insert(0x2000,"WDM_DRIVER");
10885 mapResult.insert(0x4000,"GUARD_CF");
10886 mapResult.insert(0x8000,"TERMINAL_SERVER_AWARE");
10887
10888 return mapResult;
10889 }
10890
getImageOptionalHeaderDataDirectory()10891 QMap<quint64, QString> XPE::getImageOptionalHeaderDataDirectory()
10892 {
10893 QMap<quint64, QString> mapResult;
10894
10895 mapResult.insert(0,"IMAGE_DIRECTORY_ENTRY_EXPORT");
10896 mapResult.insert(1,"IMAGE_DIRECTORY_ENTRY_IMPORT");
10897 mapResult.insert(2,"IMAGE_DIRECTORY_ENTRY_RESOURCE");
10898 mapResult.insert(3,"IMAGE_DIRECTORY_ENTRY_EXCEPTION");
10899 mapResult.insert(4,"IMAGE_DIRECTORY_ENTRY_SECURITY");
10900 mapResult.insert(5,"IMAGE_DIRECTORY_ENTRY_BASERELOC");
10901 mapResult.insert(6,"IMAGE_DIRECTORY_ENTRY_DEBUG");
10902 mapResult.insert(7,"IMAGE_DIRECTORY_ENTRY_ARCHITECTURE");
10903 mapResult.insert(8,"IMAGE_DIRECTORY_ENTRY_GLOBALPTR");
10904 mapResult.insert(9,"IMAGE_DIRECTORY_ENTRY_TLS");
10905 mapResult.insert(10,"IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG");
10906 mapResult.insert(11,"IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT");
10907 mapResult.insert(12,"IMAGE_DIRECTORY_ENTRY_IAT");
10908 mapResult.insert(13,"IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT");
10909 mapResult.insert(14,"IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR");
10910 mapResult.insert(15,"RESERVED");
10911
10912 return mapResult;
10913 }
10914
getImageOptionalHeaderDataDirectoryS()10915 QMap<quint64, QString> XPE::getImageOptionalHeaderDataDirectoryS()
10916 {
10917 QMap<quint64, QString> mapResult;
10918
10919 mapResult.insert(0,"EXPORT");
10920 mapResult.insert(1,"IMPORT");
10921 mapResult.insert(2,"RESOURCE");
10922 mapResult.insert(3,"EXCEPTION");
10923 mapResult.insert(4,"SECURITY");
10924 mapResult.insert(5,"BASERELOC");
10925 mapResult.insert(6,"DEBUG");
10926 mapResult.insert(7,"ARCHITECTURE");
10927 mapResult.insert(8,"GLOBALPTR");
10928 mapResult.insert(9,"TLS");
10929 mapResult.insert(10,"LOAD_CONFIG");
10930 mapResult.insert(11,"BOUND_IMPORT");
10931 mapResult.insert(12,"IAT");
10932 mapResult.insert(13,"DELAY_IMPORT");
10933 mapResult.insert(14,"COM_DESCRIPTOR");
10934 mapResult.insert(15,"RESERVED");
10935
10936 return mapResult;
10937 }
10938
getImageSectionHeaderFlags()10939 QMap<quint64, QString> XPE::getImageSectionHeaderFlags()
10940 {
10941 QMap<quint64, QString> mapResult;
10942
10943 mapResult.insert(0x00000008,"IMAGE_SCN_TYPE_NO_PAD");
10944 mapResult.insert(0x00000020,"IMAGE_SCN_CNT_CODE");
10945 mapResult.insert(0x00000040,"IMAGE_SCN_CNT_INITIALIZED_DATA");
10946 mapResult.insert(0x00000080,"IMAGE_SCN_CNT_UNINITIALIZED_DATA");
10947 mapResult.insert(0x00000100,"IMAGE_SCN_LNK_OTHER");
10948 mapResult.insert(0x00000200,"IMAGE_SCN_LNK_INFO");
10949 mapResult.insert(0x00000800,"IMAGE_SCN_LNK_REMOVE");
10950 mapResult.insert(0x00001000,"IMAGE_SCN_LNK_COMDAT");
10951 mapResult.insert(0x00004000,"IMAGE_SCN_NO_DEFER_SPEC_EXC");
10952 mapResult.insert(0x00008000,"IMAGE_SCN_GPREL");
10953 mapResult.insert(0x00020000,"IMAGE_SCN_MEM_PURGEABLE");
10954 mapResult.insert(0x00020000,"IMAGE_SCN_MEM_16BIT");
10955 mapResult.insert(0x00040000,"IMAGE_SCN_MEM_LOCKED");
10956 mapResult.insert(0x00080000,"IMAGE_SCN_MEM_PRELOAD");
10957 mapResult.insert(0x01000000,"IMAGE_SCN_LNK_NRELOC_OVFL");
10958 mapResult.insert(0x02000000,"IMAGE_SCN_MEM_DISCARDABLE");
10959 mapResult.insert(0x04000000,"IMAGE_SCN_MEM_NOT_CACHED");
10960 mapResult.insert(0x08000000,"IMAGE_SCN_MEM_NOT_PAGED");
10961 mapResult.insert(0x10000000,"IMAGE_SCN_MEM_SHARED");
10962 mapResult.insert(0x20000000,"IMAGE_SCN_MEM_EXECUTE");
10963 mapResult.insert(0x40000000,"IMAGE_SCN_MEM_READ");
10964 mapResult.insert(0x80000000,"IMAGE_SCN_MEM_WRITE");
10965
10966 return mapResult;
10967 }
10968
getImageSectionHeaderFlagsS()10969 QMap<quint64, QString> XPE::getImageSectionHeaderFlagsS()
10970 {
10971 QMap<quint64, QString> mapResult;
10972
10973 mapResult.insert(0x00000008,"TYPE_NO_PAD");
10974 mapResult.insert(0x00000020,"CNT_CODE");
10975 mapResult.insert(0x00000040,"CNT_INITIALIZED_DATA");
10976 mapResult.insert(0x00000080,"CNT_UNINITIALIZED_DATA");
10977 mapResult.insert(0x00000100,"LNK_OTHER");
10978 mapResult.insert(0x00000200,"LNK_INFO");
10979 mapResult.insert(0x00000800,"LNK_REMOVE");
10980 mapResult.insert(0x00001000,"LNK_COMDAT");
10981 mapResult.insert(0x00004000,"NO_DEFER_SPEC_EXC");
10982 mapResult.insert(0x00008000,"GPREL");
10983 mapResult.insert(0x00020000,"MEM_PURGEABLE");
10984 mapResult.insert(0x00020000,"MEM_16BIT");
10985 mapResult.insert(0x00040000,"MEM_LOCKED");
10986 mapResult.insert(0x00080000,"MEM_PRELOAD");
10987 mapResult.insert(0x01000000,"LNK_NRELOC_OVFL");
10988 mapResult.insert(0x02000000,"MEM_DISCARDABLE");
10989 mapResult.insert(0x04000000,"MEM_NOT_CACHED");
10990 mapResult.insert(0x08000000,"MEM_NOT_PAGED");
10991 mapResult.insert(0x10000000,"MEM_SHARED");
10992 mapResult.insert(0x20000000,"MEM_EXECUTE");
10993 mapResult.insert(0x40000000,"MEM_READ");
10994 mapResult.insert(0x80000000,"MEM_WRITE");
10995
10996 return mapResult;
10997 }
10998
getImageSectionHeaderAligns()10999 QMap<quint64, QString> XPE::getImageSectionHeaderAligns()
11000 {
11001 QMap<quint64, QString> mapResult;
11002
11003 mapResult.insert(0x00100000,"IMAGE_SCN_ALIGN_1BYTES");
11004 mapResult.insert(0x00200000,"IMAGE_SCN_ALIGN_2BYTES");
11005 mapResult.insert(0x00300000,"IMAGE_SCN_ALIGN_4BYTES");
11006 mapResult.insert(0x00400000,"IMAGE_SCN_ALIGN_8BYTES");
11007 mapResult.insert(0x00500000,"IMAGE_SCN_ALIGN_16BYTES");
11008 mapResult.insert(0x00600000,"IMAGE_SCN_ALIGN_32BYTES");
11009 mapResult.insert(0x00700000,"IMAGE_SCN_ALIGN_64BYTES");
11010 mapResult.insert(0x00800000,"IMAGE_SCN_ALIGN_128BYTES");
11011 mapResult.insert(0x00900000,"IMAGE_SCN_ALIGN_256BYTES");
11012 mapResult.insert(0x00A00000,"IMAGE_SCN_ALIGN_512BYTES");
11013 mapResult.insert(0x00B00000,"IMAGE_SCN_ALIGN_1024BYTES");
11014 mapResult.insert(0x00C00000,"IMAGE_SCN_ALIGN_2048BYTES");
11015 mapResult.insert(0x00D00000,"IMAGE_SCN_ALIGN_4096BYTES");
11016 mapResult.insert(0x00E00000,"IMAGE_SCN_ALIGN_8192BYTES");
11017
11018 return mapResult;
11019 }
11020
getImageSectionHeaderAlignsS()11021 QMap<quint64, QString> XPE::getImageSectionHeaderAlignsS()
11022 {
11023 QMap<quint64, QString> mapResult;
11024
11025 mapResult.insert(0x00100000,"1BYTES");
11026 mapResult.insert(0x00200000,"2BYTES");
11027 mapResult.insert(0x00300000,"4BYTES");
11028 mapResult.insert(0x00400000,"8BYTES");
11029 mapResult.insert(0x00500000,"16BYTES");
11030 mapResult.insert(0x00600000,"32BYTES");
11031 mapResult.insert(0x00700000,"64BYTES");
11032 mapResult.insert(0x00800000,"128BYTES");
11033 mapResult.insert(0x00900000,"256BYTES");
11034 mapResult.insert(0x00A00000,"512BYTES");
11035 mapResult.insert(0x00B00000,"1024BYTES");
11036 mapResult.insert(0x00C00000,"2048BYTES");
11037 mapResult.insert(0x00D00000,"4096BYTES");
11038 mapResult.insert(0x00E00000,"8192BYTES");
11039
11040 return mapResult;
11041 }
11042
getResourceTypes()11043 QMap<quint64, QString> XPE::getResourceTypes()
11044 {
11045 QMap<quint64, QString> mapResult;
11046
11047 mapResult.insert(1,"RT_CURSOR");
11048 mapResult.insert(2,"RT_BITMAP");
11049 mapResult.insert(3,"RT_ICON");
11050 mapResult.insert(4,"RT_MENU");
11051 mapResult.insert(5,"RT_DIALOG");
11052 mapResult.insert(6,"RT_STRING");
11053 mapResult.insert(7,"RT_FONTDIR");
11054 mapResult.insert(8,"RT_FONT");
11055 mapResult.insert(9,"RT_ACCELERATORS");
11056 mapResult.insert(10,"RT_RCDATA");
11057 mapResult.insert(11,"RT_MESSAGETABLE");
11058 mapResult.insert(12,"RT_GROUP_CURSOR");
11059 mapResult.insert(14,"RT_GROUP_ICON");
11060 mapResult.insert(16,"RT_VERSION");
11061 mapResult.insert(24,"RT_MANIFEST");
11062 mapResult.insert(0x2000+2,"RT_NEWBITMAP");
11063 mapResult.insert(0x2000+4,"RT_NEWMENU");
11064 mapResult.insert(0x2000+5,"RT_NEWDIALOG");
11065
11066 return mapResult;
11067 }
11068
getResourceTypesS()11069 QMap<quint64, QString> XPE::getResourceTypesS()
11070 {
11071 QMap<quint64, QString> mapResult;
11072
11073 mapResult.insert(1,"CURSOR");
11074 mapResult.insert(2,"BITMAP");
11075 mapResult.insert(3,"ICON");
11076 mapResult.insert(4,"MENU");
11077 mapResult.insert(5,"DIALOG");
11078 mapResult.insert(6,"STRING");
11079 mapResult.insert(7,"FONTDIR");
11080 mapResult.insert(8,"FONT");
11081 mapResult.insert(9,"ACCELERATORS");
11082 mapResult.insert(10,"RCDATA");
11083 mapResult.insert(11,"MESSAGETABLE");
11084 mapResult.insert(12,"GROUP_CURSOR");
11085 mapResult.insert(14,"GROUP_ICON");
11086 mapResult.insert(16,"VERSION");
11087 mapResult.insert(24,"MANIFEST");
11088 mapResult.insert(0x2000+2,"NEWBITMAP");
11089 mapResult.insert(0x2000+4,"NEWMENU");
11090 mapResult.insert(0x2000+5,"NEWDIALOG");
11091
11092 return mapResult;
11093 }
11094
getImageRelBased()11095 QMap<quint64, QString> XPE::getImageRelBased()
11096 {
11097 QMap<quint64, QString> mapResult;
11098
11099 mapResult.insert(0,"IMAGE_REL_BASED_ABSOLUTE");
11100 mapResult.insert(1,"IMAGE_REL_BASED_HIGH");
11101 mapResult.insert(2,"IMAGE_REL_BASED_LOW");
11102 mapResult.insert(3,"IMAGE_REL_BASED_HIGHLOW");
11103 mapResult.insert(4,"IMAGE_REL_BASED_HIGHADJ");
11104 mapResult.insert(5,"IMAGE_REL_BASED_MACHINE_SPECIFIC_5");
11105 mapResult.insert(6,"IMAGE_REL_BASED_RESERVED");
11106 mapResult.insert(7,"IMAGE_REL_BASED_MACHINE_SPECIFIC_7");
11107 mapResult.insert(8,"IMAGE_REL_BASED_MACHINE_SPECIFIC_8");
11108 mapResult.insert(9,"IMAGE_REL_BASED_MACHINE_SPECIFIC_9");
11109 mapResult.insert(10,"IMAGE_REL_BASED_DIR64");
11110
11111 return mapResult;
11112 }
11113
getImageRelBasedS()11114 QMap<quint64, QString> XPE::getImageRelBasedS()
11115 {
11116 QMap<quint64, QString> mapResult;
11117
11118 mapResult.insert(0,"ABSOLUTE");
11119 mapResult.insert(1,"HIGH");
11120 mapResult.insert(2,"LOW");
11121 mapResult.insert(3,"HIGHLOW");
11122 mapResult.insert(4,"HIGHADJ");
11123 mapResult.insert(5,"MACHINE_SPECIFIC_5");
11124 mapResult.insert(6,"RESERVED");
11125 mapResult.insert(7,"MACHINE_SPECIFIC_7");
11126 mapResult.insert(8,"MACHINE_SPECIFIC_8");
11127 mapResult.insert(9,"MACHINE_SPECIFIC_9");
11128 mapResult.insert(10,"DIR64");
11129
11130 return mapResult;
11131 }
11132
getComImageFlags()11133 QMap<quint64, QString> XPE::getComImageFlags()
11134 {
11135 QMap<quint64, QString> mapResult;
11136
11137 mapResult.insert(0x00000001,"COMIMAGE_FLAGS_ILONLY");
11138 mapResult.insert(0x00000002,"COMIMAGE_FLAGS_32BITREQUIRED");
11139 mapResult.insert(0x00000004,"COMIMAGE_FLAGS_IL_LIBRARY");
11140 mapResult.insert(0x00000008,"COMIMAGE_FLAGS_STRONGNAMESIGNED");
11141 mapResult.insert(0x00000010,"COMIMAGE_FLAGS_NATIVE_ENTRYPOINT");
11142 mapResult.insert(0x00010000,"COMIMAGE_FLAGS_TRACKDEBUGDATA");
11143
11144 return mapResult;
11145 }
11146
getComImageFlagsS()11147 QMap<quint64, QString> XPE::getComImageFlagsS()
11148 {
11149 QMap<quint64, QString> mapResult;
11150
11151 mapResult.insert(0x00000001,"ILONLY");
11152 mapResult.insert(0x00000002,"32BITREQUIRED");
11153 mapResult.insert(0x00000004,"IL_LIBRARY");
11154 mapResult.insert(0x00000008,"STRONGNAMESIGNED");
11155 mapResult.insert(0x00000010,"NATIVE_ENTRYPOINT");
11156 mapResult.insert(0x00010000,"TRACKDEBUGDATA");
11157
11158 return mapResult;
11159 }
11160
getDebugTypes()11161 QMap<quint64, QString> XPE::getDebugTypes()
11162 {
11163 QMap<quint64, QString> mapResult;
11164
11165 mapResult.insert(0,"IMAGE_DEBUG_TYPE_UNKNOWN");
11166 mapResult.insert(1,"IMAGE_DEBUG_TYPE_COFF");
11167 mapResult.insert(2,"IMAGE_DEBUG_TYPE_CODEVIEW");
11168 mapResult.insert(3,"IMAGE_DEBUG_TYPE_FPO");
11169 mapResult.insert(4,"IMAGE_DEBUG_TYPE_MISC");
11170 mapResult.insert(5,"IMAGE_DEBUG_TYPE_EXCEPTION");
11171 mapResult.insert(6,"IMAGE_DEBUG_TYPE_FIXUP");
11172 mapResult.insert(7,"IMAGE_DEBUG_TYPE_OMAP_TO_SRC");
11173 mapResult.insert(8,"IMAGE_DEBUG_TYPE_OMAP_FROM_SRC");
11174 mapResult.insert(9,"IMAGE_DEBUG_TYPE_BORLAND");
11175 mapResult.insert(10,"IMAGE_DEBUG_TYPE_RESERVED10");
11176 mapResult.insert(11,"IMAGE_DEBUG_TYPE_CLSID");
11177 mapResult.insert(12,"IMAGE_DEBUG_TYPE_VC_FEATURE");
11178 mapResult.insert(13,"IMAGE_DEBUG_TYPE_POGO");
11179 mapResult.insert(14,"IMAGE_DEBUG_TYPE_ILTCG");
11180 mapResult.insert(15,"IMAGE_DEBUG_TYPE_MPX");
11181 mapResult.insert(16,"IMAGE_DEBUG_TYPE_REPRO");
11182 mapResult.insert(20,"IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS");
11183
11184 return mapResult;
11185 }
11186
getDebugTypesS()11187 QMap<quint64, QString> XPE::getDebugTypesS()
11188 {
11189 QMap<quint64, QString> mapResult;
11190
11191 mapResult.insert(0,"UNKNOWN");
11192 mapResult.insert(1,"COFF");
11193 mapResult.insert(2,"CODEVIEW");
11194 mapResult.insert(3,"FPO");
11195 mapResult.insert(4,"MISC");
11196 mapResult.insert(5,"EXCEPTION");
11197 mapResult.insert(6,"FIXUP");
11198 mapResult.insert(7,"OMAP_TO_SRC");
11199 mapResult.insert(8,"OMAP_FROM_SRC");
11200 mapResult.insert(9,"BORLAND");
11201 mapResult.insert(10,"RESERVED10");
11202 mapResult.insert(11,"CLSID");
11203 mapResult.insert(12,"VC_FEATURE");
11204 mapResult.insert(13,"POGO");
11205 mapResult.insert(14,"ILTCG");
11206 mapResult.insert(15,"MPX");
11207 mapResult.insert(16,"REPRO");
11208 mapResult.insert(20,"EX_DLLCHARACTERISTICS");
11209
11210 return mapResult;
11211 }
11212