forked from AmrThabet/pySRDF
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfiles.cpp
110 lines (94 loc) · 2.26 KB
/
files.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
// files.cpp : For all cFile and inherited classes
//
#include "stdafx.h"
#include "pySRDF.h"
PEFile::PEFile(char* filename)
{
handle = new cPEFile(filename);
AnalyzeFile();
}
PEFile::PEFile(cPEFile* PE)
{
handle = PE;
AnalyzeFile();
}
void PEFile::AnalyzeFile()
{
IsFound = handle->IsFound();
if (IsFound)
{
Magic = handle->Magic;
Subsystem = handle->Subsystem;
Imagebase = handle->Imagebase;
SizeOfImage = handle->SizeOfImage;
Entrypoint = handle->Entrypoint;
FileAlignment = handle->FileAlignment;
SectionAlignment = handle->SectionAlignment;
//Set Sections
Sections.init(sizeof(SECTION_STRUCT));
for (int i = 0;i < handle->nSections; i++)
{
Sections.additem(&handle->Section[i]);
}
//Set ImportTable
ImportTable.init(sizeof(IMPORT_DLL));
for (int i = 0;i < handle->ImportTable.nDLLs; i++)
{
IMPORT_DLL DLL = {0};
DLL.DLLName = handle->ImportTable.DLL[i].DLLName;
DLL.APIs.init(sizeof(IMPORTTABLE_API));
for (int l = 0;l < handle->ImportTable.DLL[i].nAPIs; l++)
{
DLL.APIs.additem(&handle->ImportTable.DLL[i].API[l]);
}
ImportTable.additem(&DLL);
}
//Set ExportTable
ExportTable.Base = handle->ExportTable.Base;
ExportTable.nFunctions = handle->ExportTable.nFunctions;
ExportTable.nNames = handle->ExportTable.nNames;
ExportTable.pFunctions = handle->ExportTable.pFunctions;
ExportTable.pNames = handle->ExportTable.pNames;
ExportTable.pNamesOrdinals = handle->ExportTable.pNamesOrdinals;
ExportTable.Functions.init(sizeof(EXPORTFUNCTION));
ExportTable.nNames = 0;
for (int i = 0;i < ExportTable.nNames; i++)
ExportTable.Functions.additem(&handle->ExportTable.Functions[i]);
}
else
{
set_err("filename not found or access denied");
return;
}
}
PEFile::~PEFile()
{
delete handle;
}
DWORD PEFile::RVAToOffset(DWORD RVA)
{
return handle->RVAToOffset(RVA);
}
DWORD PEFile::OffsetToRVA(DWORD RawOffset)
{
return handle->OffsetToRVA(RawOffset);
}
bool PEFile::identify(cFile* File)
{
return cPEFile::identify(File);
}
void PEFile::Read(DWORD Offset, DWORD Size,char** s, int* slen)
{
char* Address = (char*)handle->BaseAddress;
if ((Offset + Size) >= handle->SizeOfImage)
{
*s = "";
*slen = 0;
}
else
{
*s = (char*)malloc(Size);
memcpy(*s,&Address[Offset],Size);
*slen = Size;
}
}