LIEF: Library to Instrument Executable Formats Version 0.16.0
Loading...
Searching...
No Matches
Abstract/Binary.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2024 R. Thomas
2 * Copyright 2017 - 2024 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_ABSTRACT_BINARY_H
17#define LIEF_ABSTRACT_BINARY_H
18
19#include <vector>
20#include <memory>
21#include <unordered_map>
22
23#include "LIEF/visibility.h"
24#include "LIEF/Object.hpp"
25#include "LIEF/iterators.hpp"
26#include "LIEF/errors.hpp"
27#include "LIEF/span.hpp"
28
29#include "LIEF/Abstract/Header.hpp"
30#include "LIEF/Abstract/Function.hpp"
31
32
33#include "LIEF/asm/Instruction.hpp"
34namespace LIEF {
37class Section;
38class Relocation;
39class Symbol;
40
41class DebugInfo;
42
43namespace assembly {
44class Engine;
45}
46class LIEF_API Binary : public Object {
50 public:
51 enum class VA_TYPES {
54 AUTO = 0,
55 RVA = 1,
56 VA = 2,
57 };
58
59 enum FORMATS {
60 UNKNOWN = 0,
61 ELF,
62 PE,
63 MACHO,
64 OAT,
65 };
66
67 using functions_t = std::vector<Function>;
68 using sections_t = std::vector<Section*>;
71 using it_sections = ref_iterator<sections_t>;
74 using it_const_sections = const_ref_iterator<sections_t>;
77 using symbols_t = std::vector<Symbol*>;
80 using it_symbols = ref_iterator<symbols_t>;
83 using it_const_symbols = const_ref_iterator<symbols_t>;
86 using relocations_t = std::vector<Relocation*>;
89 using it_relocations = ref_iterator<relocations_t>;
92 using it_const_relocations = const_ref_iterator<relocations_t>;
95 using instructions_it = iterator_range<assembly::Instruction::Iterator>;
98
99 public:
100 Binary();
101 Binary(FORMATS fmt);
102
103 ~Binary() override;
104
105 Binary& operator=(const Binary&) = delete;
106 Binary(const Binary&) = delete;
107 FORMATS format() const {
110 return format_;
111 }
112 Header header() const {
115 return get_abstract_header();
116 }
117 it_symbols symbols() {
120 return get_abstract_symbols();
121 }
122 it_const_symbols symbols() const {
125 return const_cast<Binary*>(this)->get_abstract_symbols();
126 }
127 bool has_symbol(const std::string& name) const {
130 return get_symbol(name) != nullptr;
131 }
132 const Symbol* get_symbol(const std::string& name) const;
136
137 Symbol* get_symbol(const std::string& name) {
138 return const_cast<Symbol*>(static_cast<const Binary*>(this)->get_symbol(name));
139 }
140 it_sections sections() {
143 return get_abstract_sections();
144 }
145
146 it_const_sections sections() const {
147 return const_cast<Binary*>(this)->get_abstract_sections();
148 }
149 virtual void remove_section(const std::string& name, bool clear = false) = 0;
152 it_relocations relocations() {
155 return get_abstract_relocations();
156 }
157
158 it_const_relocations relocations() const {
159 return const_cast<Binary*>(this)->get_abstract_relocations();
160 }
161 virtual uint64_t entrypoint() const = 0;
164 uint64_t original_size() const {
167 return original_size_;
168 }
169 functions_t exported_functions() const {
172 return get_abstract_exported_functions();
173 }
174 std::vector<std::string> imported_libraries() const {
177 return get_abstract_imported_libraries();
178 }
179 functions_t imported_functions() const {
182 return get_abstract_imported_functions();
183 }
184 virtual result<uint64_t> get_function_address(const std::string& func_name) const;
187 void accept(Visitor& visitor) const override;
190
191 std::vector<uint64_t> xref(uint64_t address) const;
192 virtual void patch_address(uint64_t address, const std::vector<uint8_t>& patch_value,
200 VA_TYPES addr_type = VA_TYPES::AUTO) = 0;
201 virtual void patch_address(uint64_t address, uint64_t patch_value, size_t size = sizeof(uint64_t),
209 VA_TYPES addr_type = VA_TYPES::AUTO) = 0;
210 virtual span<const uint8_t>
213 get_content_from_virtual_address(uint64_t virtual_address, uint64_t size,
214 VA_TYPES addr_type = VA_TYPES::AUTO) const = 0;
215 template<class T>
218 LIEF::result<T> get_int_from_virtual_address(
219 uint64_t va, VA_TYPES addr_type = VA_TYPES::AUTO) const
220 {
221 T value;
222 static_assert(std::is_integral<T>::value, "Require an integral type");
223 span<const uint8_t> raw = get_content_from_virtual_address(va, sizeof(T), addr_type);
224 if (raw.empty() || raw.size() < sizeof(T)) {
225 return make_error_code(lief_errors::read_error);
226 }
227
228 std::copy(raw.data(), raw.data() + sizeof(T),
229 reinterpret_cast<uint8_t*>(&value));
230 return value;
231 }
232 void original_size(uint64_t size) {
239 original_size_ = size;
240 }
241 virtual bool is_pie() const = 0;
244 virtual bool has_nx() const = 0;
247 virtual uint64_t imagebase() const = 0;
250 virtual functions_t ctor_functions() const = 0;
253 virtual result<uint64_t> offset_to_virtual_address(uint64_t offset, uint64_t slide = 0) const = 0;
259
260 virtual std::ostream& print(std::ostream& os) const {
261 return os;
262 }
263 virtual void write(const std::string& name) = 0;
266 virtual void write(std::ostream& os) = 0;
267
268 LIEF_API friend std::ostream& operator<<(std::ostream& os, const Binary& binary) {
269 binary.print(os);
270 return os;
271 }
272 DebugInfo* debug_info() const;
287 instructions_it disassemble(uint64_t address, size_t size) const;
300 instructions_it disassemble(uint64_t address) const;
312 instructions_it disassemble(const std::string& function) const;
324 instructions_it disassemble(const uint8_t* buffer, size_t size,
330 uint64_t address = 0) const;
331
332 instructions_it disassemble(const std::vector<uint8_t>& buffer,
338 uint64_t address = 0) const {
339 return disassemble(buffer.data(), buffer.size(), address);
340 }
341
342 instructions_it disassemble(LIEF::span<const uint8_t> buffer,
343 uint64_t address = 0) const {
344 return disassemble(buffer.data(), buffer.size(), address);
345 }
346
347 instructions_it disassemble(LIEF::span<uint8_t> buffer, uint64_t address = 0) const {
348 return disassemble(buffer.data(), buffer.size(), address);
349 }
350
351 protected:
352 FORMATS format_ = FORMATS::UNKNOWN;
353 mutable std::unique_ptr<DebugInfo> debug_info_;
354 mutable std::unordered_map<uint32_t, std::unique_ptr<assembly::Engine>> engines_;
355 uint64_t original_size_ = 0;
356
357 assembly::Engine* get_engine(uint64_t address) const;
358
359 template<uint32_t Key, class F>
360 LIEF_LOCAL assembly::Engine* get_cache_engine(uint64_t address, F&& f) const;
361
362 // These functions need to be overloaded by the object that claims to extend this Abstract Binary
363 virtual Header get_abstract_header() const = 0;
364 virtual symbols_t get_abstract_symbols() = 0;
365 virtual sections_t get_abstract_sections() = 0;
366 virtual relocations_t get_abstract_relocations() = 0;
367
368 virtual functions_t get_abstract_exported_functions() const = 0;
369 virtual functions_t get_abstract_imported_functions() const = 0;
370 virtual std::vector<std::string> get_abstract_imported_libraries() const = 0;
371};
372
373LIEF_API const char* to_string(Binary::VA_TYPES e);
374LIEF_API const char* to_string(Binary::FORMATS e);
375
376}
377
378
379#endif
Function.hpp
Header.hpp
Instruction.hpp
Object.hpp
LIEF::Binary
Abstract binary that exposes an uniform API for the different executable file formats.
Definition Abstract/Binary.hpp:49
LIEF::Binary::header
Header header() const
Return the abstract header of the binary.
Definition Abstract/Binary.hpp:114
LIEF::Binary::patch_address
virtual void patch_address(uint64_t address, const std::vector< uint8_t > &patch_value, VA_TYPES addr_type=VA_TYPES::AUTO)=0
Patch the content at virtual address address with patch_value.
LIEF::Binary::imported_functions
functions_t imported_functions() const
Return functions imported by the binary.
Definition Abstract/Binary.hpp:181
LIEF::Binary::entrypoint
virtual uint64_t entrypoint() const =0
Binary's entrypoint (if any)
LIEF::Binary::FORMATS
FORMATS
Definition Abstract/Binary.hpp:59
LIEF::Binary::offset_to_virtual_address
virtual result< uint64_t > offset_to_virtual_address(uint64_t offset, uint64_t slide=0) const =0
Convert the given offset into a virtual address.
LIEF::Binary::has_symbol
bool has_symbol(const std::string &name) const
Check if a Symbol with the given name exists.
Definition Abstract/Binary.hpp:129
LIEF::Binary::get_symbol
const Symbol * get_symbol(const std::string &name) const
Return the Symbol with the given name If the symbol does not exist, return a nullptr.
LIEF::Binary::get_symbol
Symbol * get_symbol(const std::string &name)
Definition Abstract/Binary.hpp:137
LIEF::Binary::get_int_from_virtual_address
LIEF::result< T > get_int_from_virtual_address(uint64_t va, VA_TYPES addr_type=VA_TYPES::AUTO) const
Get the integer value at the given virtual address.
Definition Abstract/Binary.hpp:218
LIEF::Binary::format
FORMATS format() const
Executable format (ELF, PE, Mach-O) of the underlying binary.
Definition Abstract/Binary.hpp:109
LIEF::Binary::operator<<
friend std::ostream & operator<<(std::ostream &os, const Binary &binary)
Definition Abstract/Binary.hpp:268
LIEF::Binary::sections
it_const_sections sections() const
Definition Abstract/Binary.hpp:146
LIEF::Binary::remove_section
virtual void remove_section(const std::string &name, bool clear=false)=0
Remove all the sections in the underlying binary.
LIEF::Binary::relocations
it_relocations relocations()
Return an iterator over the binary relocation (LIEF::Relocation)
Definition Abstract/Binary.hpp:154
LIEF::Binary::write
virtual void write(const std::string &name)=0
Build & transform the Binary object representation into a real executable.
LIEF::Binary::symbols
it_const_symbols symbols() const
Return an iterator over the abstracted symbols in which the elements can't be modified.
Definition Abstract/Binary.hpp:124
LIEF::Binary::~Binary
~Binary() override
LIEF::Binary::disassemble
instructions_it disassemble(uint64_t address, size_t size) const
Disassemble code starting a the given virtual address and with the given size.
LIEF::Binary::original_size
void original_size(uint64_t size)
Change binary's original size.
Definition Abstract/Binary.hpp:238
LIEF::Binary::VA_TYPES
VA_TYPES
Type of a virtual address.
Definition Abstract/Binary.hpp:53
LIEF::Binary::disassemble
instructions_it disassemble(const std::string &function) const
Disassemble code for the given symbol name.
LIEF::Binary::xref
std::vector< uint64_t > xref(uint64_t address) const
LIEF::Binary::is_pie
virtual bool is_pie() const =0
Check if the binary is position independent.
LIEF::Binary::exported_functions
functions_t exported_functions() const
Return the functions exported by the binary.
Definition Abstract/Binary.hpp:171
LIEF::Binary::get_content_from_virtual_address
virtual span< const uint8_t > get_content_from_virtual_address(uint64_t virtual_address, uint64_t size, VA_TYPES addr_type=VA_TYPES::AUTO) const =0
Return the content located at the given virtual address.
LIEF::Binary::print
virtual std::ostream & print(std::ostream &os) const
Definition Abstract/Binary.hpp:260
LIEF::Binary::patch_address
virtual void patch_address(uint64_t address, uint64_t patch_value, size_t size=sizeof(uint64_t), VA_TYPES addr_type=VA_TYPES::AUTO)=0
Patch the address with the given value.
LIEF::Binary::symbols
it_symbols symbols()
Return an iterator over the abstracted symbols in which the elements can be modified.
Definition Abstract/Binary.hpp:119
LIEF::Binary::get_function_address
virtual result< uint64_t > get_function_address(const std::string &func_name) const
Return the address of the given function name.
LIEF::Binary::sections
it_sections sections()
Return an iterator over the binary's sections (LIEF::Section)
Definition Abstract/Binary.hpp:142
LIEF::Binary::ctor_functions
virtual functions_t ctor_functions() const =0
Constructor functions that are called prior any other functions.
LIEF::Binary::disassemble
instructions_it disassemble(uint64_t address) const
Disassemble code starting a the given virtual address.
LIEF::Binary::Binary
Binary()
LIEF::Binary::operator=
Binary & operator=(const Binary &)=delete
LIEF::Binary::imagebase
virtual uint64_t imagebase() const =0
Default image base address if the ASLR is not enabled.
LIEF::Binary::imported_libraries
std::vector< std::string > imported_libraries() const
Return libraries which are imported by the binary.
Definition Abstract/Binary.hpp:176
LIEF::Binary::disassemble
instructions_it disassemble(const std::vector< uint8_t > &buffer, uint64_t address=0) const
Disassemble code provided by the given vector of bytes at the specified address parameter.
Definition Abstract/Binary.hpp:337
LIEF::Binary::Binary
Binary(FORMATS fmt)
LIEF::Binary::debug_info
DebugInfo * debug_info() const
Return the debug info if present. It can be either a LIEF::dwarf::DebugInfo or a LIEF::pdb::DebugInfo...
LIEF::Binary::original_size
uint64_t original_size() const
Binary's original size.
Definition Abstract/Binary.hpp:166
LIEF::Binary::accept
void accept(Visitor &visitor) const override
Method so that a visitor can visit us.
LIEF::Binary::relocations
it_const_relocations relocations() const
Definition Abstract/Binary.hpp:158
LIEF::Binary::disassemble
instructions_it disassemble(LIEF::span< uint8_t > buffer, uint64_t address=0) const
Definition Abstract/Binary.hpp:347
LIEF::Binary::Binary
Binary(const Binary &)=delete
LIEF::Binary::disassemble
instructions_it disassemble(LIEF::span< const uint8_t > buffer, uint64_t address=0) const
Definition Abstract/Binary.hpp:342
LIEF::Binary::write
virtual void write(std::ostream &os)=0
LIEF::Binary::disassemble
instructions_it disassemble(const uint8_t *buffer, size_t size, uint64_t address=0) const
Disassemble code provided by the given buffer at the specified address parameter.
LIEF::Binary::has_nx
virtual bool has_nx() const =0
Check if the binary uses NX protection.
LIEF::DebugInfo
Definition Abstract/DebugInfo.hpp:25
LIEF::Object
Definition Object.hpp:25
LIEF::Relocation
Class which represents an abstracted Relocation.
Definition Abstract/Relocation.hpp:27
LIEF::Section
Class which represents an abstracted section.
Definition Abstract/Section.hpp:29
LIEF::Symbol
This class represents a symbol in an executable format.
Definition Abstract/Symbol.hpp:28
LIEF::assembly::Engine
This class interfaces the assembler/disassembler support.
Definition Engine.hpp:33
errors.hpp
lief_errors::read_error
@ read_error
Definition errors.hpp:24
make_error_code
tl::unexpected< lief_errors > make_error_code(lief_errors e)
Create an standard error code from lief_errors.
Definition errors.hpp:52
iterators.hpp
LIEF::assembly
Namespace related to assembly/disassembly support.
Definition Abstract/Binary.hpp:43
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:36
LIEF::span
tcb::span< ElementType, Extent > span
Definition span.hpp:22
LIEF::to_string
const char * to_string(Binary::VA_TYPES e)
LIEF::result
tl::expected< T, lief_errors > result
Wrapper that contains an Object (T) or an error.
Definition errors.hpp:75
span.hpp
visibility.h
LIEF_API
#define LIEF_API
Definition visibility.h:41
LIEF_LOCAL
#define LIEF_LOCAL
Definition visibility.h:42
Generated by doxygen 1.13.0