latest/doxygen/PE_2Parser_8hpp_source.html

/* Copyright 2017 - 2026 R. Thomas

 * Copyright 2017 - 2026 Quarkslab

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef LIEF_PE_PARSER_H

#define LIEF_PE_PARSER_H


#include <string>

#include <vector>

#include <map>


#include "LIEF/visibility.h"

#include "LIEF/utils.hpp"

#include "LIEF/errors.hpp"


#include "LIEF/Abstract/Parser.hpp"

#include "LIEF/PE/enums.hpp"

#include "LIEF/PE/ParserConfig.hpp"

#include "LIEF/COFF/String.hpp"


namespace LIEF {

class BinaryStream;

class SpanStream;


namespace PE {

class Debug;

class ResourceNode;

class Binary;

class DelayImport;

class Section;

class ExceptionInfo;

class LoadConfiguration;

class RelocationEntry;


namespace details {

struct pe_debug;

}


class LIEF_API Parser : public LIEF::Parser {

  public:

  static constexpr size_t MAX_DATA_SIZE = 3_GB;


  static constexpr size_t MAX_TLS_CALLBACKS = 3000;


  // Bounds the import thunk loop to prevent hangs on malformed IATs

  static constexpr size_t MAX_IMPORT_ENTRIES = 0x10000;


  // Bounds peek_string_at to prevent multi-megabyte reads on invalid RVAs

  // According to https://stackoverflow.com/a/23340781

  static constexpr size_t MAX_IMPORT_NAME_SIZE = 0x1000;


  // According to https://stackoverflow.com/a/265782/87207

  static constexpr size_t MAX_DLL_NAME_SIZE = 255;


  static constexpr size_t MAX_PADDING_SIZE = 1_GB;


  public:

  static bool is_valid_import_name(const std::string& name);


  static bool is_valid_dll_name(const std::string& name);


  public:

  static std::unique_ptr<Binary>

      parse(const std::string& filename,

            const ParserConfig& conf = ParserConfig::default_conf());


  static std::unique_ptr<Binary>

      parse(std::vector<uint8_t> data,

            const ParserConfig& conf = ParserConfig::default_conf());


  static std::unique_ptr<Binary>

      parse(const uint8_t* buffer, size_t size,

            const ParserConfig& conf = ParserConfig::default_conf());


  static std::unique_ptr<Binary>

      parse(std::unique_ptr<BinaryStream> stream,

            const ParserConfig& conf = ParserConfig::default_conf());


  Parser& operator=(const Parser& copy) = delete;

  Parser(const Parser& copy) = delete;


  COFF::String* find_coff_string(uint32_t offset) const;


  ExceptionInfo* find_exception_info(uint32_t rva) const {

    auto it = memoize_exception_info_.find(rva);

    return it == memoize_exception_info_.end() ? nullptr : it->second;

  }


  const Binary& bin() const {

    return *binary_;

  }


  Binary& bin() {

    return *binary_;

  }


  BinaryStream& stream() {

    return *stream_;

  }


  const ParserConfig& config() const {

    return config_;

  }


  void memoize(ExceptionInfo& info);

  void memoize(COFF::String str);


  void add_non_resolved(ExceptionInfo& info, uint32_t target) {

    unresolved_chains_.emplace_back(&info, target);

  }


  std::unique_ptr<SpanStream> stream_from_rva(uint32_t rva, size_t size = 0);


  void record_relocation(uint32_t rva, span<const uint8_t> data);

  ok_error_t record_delta_relocation(uint32_t rva, int64_t delta, size_t size);


  private:

  struct relocation_t {

    uint64_t size = 0;

    uint64_t value = 0;

  };

  Parser(const std::string& file);

  Parser(std::vector<uint8_t> data);

  Parser(std::unique_ptr<BinaryStream> stream);


  ~Parser() override;

  Parser();


  ok_error_t init(const ParserConfig& config);


  template<typename PE_T>

  ok_error_t parse();


  ok_error_t parse_exports();

  ok_error_t parse_sections();


  template<typename PE_T>

  ok_error_t parse_headers();


  ok_error_t parse_configuration();


  template<typename PE_T>

  ok_error_t parse_data_directories();


  template<typename PE_T>

  ok_error_t parse_import_table();


  template<typename PE_T>

  ok_error_t parse_delay_imports();


  template<typename PE_T>

  ok_error_t parse_delay_names_table(DelayImport& import, uint32_t names_offset,

                                     uint32_t iat_offset);


  ok_error_t parse_export_table();

  ok_error_t parse_debug();


  ok_error_t parse_exceptions();


  std::unique_ptr<Debug> parse_code_view(const details::pe_debug& debug_info,

                                         Section* sec, span<uint8_t> payload);

  std::unique_ptr<Debug> parse_pogo(const details::pe_debug& debug_info,

                                    Section* sec, span<uint8_t> payload);

  std::unique_ptr<Debug> parse_repro(const details::pe_debug& debug_info,

                                     Section* sec, span<uint8_t> payload);


  template<typename PE_T>

  ok_error_t parse_tls();


  template<typename PE_T>

  ok_error_t parse_load_config();


  template<typename PE_T>

  ok_error_t process_load_config(LoadConfiguration& config);


  template<typename PE_T>

  ok_error_t parse_nested_relocated();


  ok_error_t parse_relocations();

  ok_error_t parse_resources();

  ok_error_t parse_string_table();

  ok_error_t parse_symbols();

  ok_error_t parse_signature();

  ok_error_t parse_overlay();

  ok_error_t parse_dos_stub();

  ok_error_t parse_rich_header();

  ok_error_t parse_chpe_exceptions();


  PE_TYPE type_ = PE_TYPE::PE32_PLUS;

  std::unique_ptr<Binary> binary_;

  std::unique_ptr<BinaryStream> stream_;

  std::map<uint32_t, size_t> memoize_coff_str_;

  std::map<uint32_t, ExceptionInfo*> memoize_exception_info_;

  std::map<uint32_t, relocation_t> dyn_hdr_relocs_;

  std::vector<std::pair<ExceptionInfo*, uint32_t>> unresolved_chains_;

  ParserConfig config_;

};


}

}

#endif

Parser.hpp

ParserConfig.hpp

enums.hpp

String.hpp

LIEF::BinaryStream
Class that is used to a read stream of data from different sources.
Definition BinaryStream.hpp:33

LIEF::COFF::String
This class represents a string located in the COFF string table.
Definition String.hpp:34

LIEF::PE::Binary
Class which represents a PE binary This is the main interface to manage and modify a PE executable.
Definition PE/Binary.hpp:56

LIEF::PE::Debug
This class represents a generic entry in the debug data directory. For known types,...
Definition debug/Debug.hpp:40

LIEF::PE::DelayImport
Class that represents a PE delayed import.
Definition DelayImport.hpp:37

LIEF::PE::ExceptionInfo
This class is the base class for any exception or runtime function entry.
Definition ExceptionInfo.hpp:33

LIEF::PE::LoadConfiguration
This class represents the load configuration data associated with the IMAGE_LOAD_CONFIG_DIRECTORY.
Definition LoadConfiguration.hpp:47

LIEF::PE::Parser
Main interface to parse PE binaries. In particular, the static Parser::parse functions should be used...
Definition PE/Parser.hpp:52

LIEF::PE::Parser::MAX_IMPORT_ENTRIES
static constexpr size_t MAX_IMPORT_ENTRIES
Definition PE/Parser.hpp:60

LIEF::PE::Parser::MAX_DLL_NAME_SIZE
static constexpr size_t MAX_DLL_NAME_SIZE
Definition PE/Parser.hpp:67

LIEF::PE::Parser::is_valid_import_name
static bool is_valid_import_name(const std::string &name)
Check if the given name is a valid import.

LIEF::PE::Parser::MAX_IMPORT_NAME_SIZE
static constexpr size_t MAX_IMPORT_NAME_SIZE
Definition PE/Parser.hpp:64

LIEF::PE::Parser::is_valid_dll_name
static bool is_valid_dll_name(const std::string &name)
Check if the given name is a valid DLL name.

LIEF::PE::Parser::memoize
void memoize(ExceptionInfo &info)

LIEF::PE::Parser::parse
static std::unique_ptr< Binary > parse(std::unique_ptr< BinaryStream > stream, const ParserConfig &conf=ParserConfig::default_conf())
Parse a PE binary from the given BinaryStream.

LIEF::PE::Parser::bin
Binary & bin()
Definition PE/Parser.hpp:122

LIEF::PE::Parser::bin
const Binary & bin() const
Definition PE/Parser.hpp:118

LIEF::PE::Parser::parse
static std::unique_ptr< Binary > parse(const uint8_t *buffer, size_t size, const ParserConfig &conf=ParserConfig::default_conf())

LIEF::PE::Parser::find_coff_string
COFF::String * find_coff_string(uint32_t offset) const

LIEF::PE::Parser::find_exception_info
ExceptionInfo * find_exception_info(uint32_t rva) const
Definition PE/Parser.hpp:113

LIEF::PE::Parser::parse
static std::unique_ptr< Binary > parse(const std::string &filename, const ParserConfig &conf=ParserConfig::default_conf())
Parse a PE binary from the given filename.

LIEF::PE::Parser::stream_from_rva
std::unique_ptr< SpanStream > stream_from_rva(uint32_t rva, size_t size=0)

LIEF::PE::Parser::Parser
Parser(const Parser &copy)=delete

LIEF::PE::Parser::memoize
void memoize(COFF::String str)

LIEF::PE::Parser::stream
BinaryStream & stream()
Definition PE/Parser.hpp:126

LIEF::PE::Parser::record_relocation
void record_relocation(uint32_t rva, span< const uint8_t > data)

LIEF::PE::Parser::MAX_DATA_SIZE
static constexpr size_t MAX_DATA_SIZE
Maximum size of the data read.
Definition PE/Parser.hpp:55

LIEF::PE::Parser::config
const ParserConfig & config() const
Definition PE/Parser.hpp:130

LIEF::PE::Parser::add_non_resolved
void add_non_resolved(ExceptionInfo &info, uint32_t target)
Definition PE/Parser.hpp:137

LIEF::PE::Parser::MAX_PADDING_SIZE
static constexpr size_t MAX_PADDING_SIZE
Max size of the padding section.
Definition PE/Parser.hpp:70

LIEF::PE::Parser::operator=
Parser & operator=(const Parser &copy)=delete

LIEF::PE::Parser::parse
static std::unique_ptr< Binary > parse(std::vector< uint8_t > data, const ParserConfig &conf=ParserConfig::default_conf())
Parse a PE binary from a data buffer.

LIEF::PE::Parser::record_delta_relocation
ok_error_t record_delta_relocation(uint32_t rva, int64_t delta, size_t size)

LIEF::PE::Parser::MAX_TLS_CALLBACKS
static constexpr size_t MAX_TLS_CALLBACKS
Definition PE/Parser.hpp:57

LIEF::PE::RelocationEntry
Class which represents an entry of the PE relocation table.
Definition RelocationEntry.hpp:37

LIEF::PE::ResourceNode
Class which represents a Node in the resource tree.
Definition ResourceNode.hpp:46

LIEF::PE::Section
Class which represents a PE section.
Definition PE/Section.hpp:46

LIEF::Parser
Main interface to parse an executable regardless of its format.
Definition Abstract/Parser.hpp:30

LIEF::SpanStream
Definition SpanStream.hpp:32

LIEF::ok_error_t
Opaque structure that is used by LIEF to avoid writing result<void> f(...). Instead,...
Definition errors.hpp:114

errors.hpp

LIEF::PE::details
Definition DataDirectory.hpp:37

LIEF::PE
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32

LIEF::PE::PE_TYPE
PE_TYPE
Definition PE/enums.hpp:22

LIEF::PE::PE_TYPE::PE32_PLUS
@ PE32_PLUS
64 bits
Definition PE/enums.hpp:24

LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:40

LIEF::span
tcb::span< ElementType, Extent > span
Definition span.hpp:22

LIEF::PE::ParserConfig
This structure is used to configure the behavior of the PE Parser (PE::Parser).
Definition PE/ParserConfig.hpp:26

LIEF::PE::ParserConfig::default_conf
static const ParserConfig & default_conf()
Returns the default configuration for the PE Parser.
Definition PE/ParserConfig.hpp:28

utils.hpp

visibility.h

LIEF_API
#define LIEF_API
Definition visibility.h:43