RuntimeFunctionX64.hpp

Go to the documentation of this file.

/* Copyright 2017 - 2025 R. Thomas
 * Copyright 2017 - 2025 Quarkslab
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifndef LIEF_PE_RUNTIME_FUNCTION_X64_H
#define LIEF_PE_RUNTIME_FUNCTION_X64_H
 
#include <memory>
 
#include "LIEF/errors.hpp"
#include "LIEF/visibility.h"
#include "LIEF/enums.hpp"
#include "LIEF/optional.hpp"
 
#include "LIEF/PE/ExceptionInfo.hpp"
 
namespace LIEF {
class BinaryStream;
 
namespace PE {
class Parser;
 
namespace unwind_x64 {
class Code;
}

class LIEF_API RuntimeFunctionX64 : public ExceptionInfo {
  public:

  LIEF_LOCAL static std::unique_ptr<RuntimeFunctionX64>
    parse(Parser& ctx, BinaryStream& strm, bool skip_unwind = false);

  LIEF_LOCAL static ok_error_t
    parse_unwind(Parser& ctx, BinaryStream& strm, RuntimeFunctionX64& func);
 
  enum class UNWIND_FLAGS : uint8_t {
    EXCEPTION_HANDLER = 1,
    TERMINATE_HANDLER = 2,

    CHAIN_INFO = 4,
  };
 
  enum class UNWIND_OPCODES : uint32_t {
    PUSH_NONVOL = 0,

    ALLOC_LARGE = 1,

    ALLOC_SMALL = 2,

    SET_FPREG = 3,

    SAVE_NONVOL = 4,

    SAVE_NONVOL_FAR = 5,

    EPILOG = 6,

    SPARE = 7,

    SAVE_XMM128 = 8,

    SAVE_XMM128_FAR = 9,

    PUSH_MACHFRAME = 10,
  };
 
  enum class UNWIND_REG : uint32_t {
    RAX = 0,
    RCX, RDX, RBX, RSP, RBP, RSI, RDI, R8, R9, R10, R11, R12, R13, R14, R15,
  };

  struct LIEF_API unwind_info_t {
    using opcodes_t = std::vector<std::unique_ptr<unwind_x64::Code>>;

    uint8_t version = 0;

    uint8_t flags = 0;

    uint8_t sizeof_prologue = 0;

    uint8_t count_opcodes = 0;

    uint8_t frame_reg = 0;

    uint8_t frame_reg_offset = 0;

    std::vector<uint8_t> raw_opcodes;

    optional<uint32_t> handler;

    RuntimeFunctionX64* chained = nullptr;

    bool has(UNWIND_FLAGS flag) const {
      return (flags & (int)flag) != 0;
    }

    opcodes_t opcodes() const;

    std::string to_string() const;
 
    friend LIEF_API
      std::ostream& operator<<(std::ostream& os, const unwind_info_t& info)
    {
      os << info.to_string();
      return os;
    }
  };
 
  RuntimeFunctionX64(uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva) :
    ExceptionInfo(ARCH::X86_64, rva_start),
    rva_end_(rva_end),
    unwind_rva_(unwind_rva)
  {}
 
  RuntimeFunctionX64(const RuntimeFunctionX64&) = default;
  RuntimeFunctionX64& operator=(const RuntimeFunctionX64&) = default;
 
  RuntimeFunctionX64(RuntimeFunctionX64&&) = default;
  RuntimeFunctionX64& operator=(RuntimeFunctionX64&&) = default;
 
  std::unique_ptr<ExceptionInfo> clone() const override {
    return std::unique_ptr<RuntimeFunctionX64>(new RuntimeFunctionX64(*this));
  }
 
  std::string to_string() const override;

  uint32_t rva_end() const {
    return rva_end_;
  }

  uint32_t unwind_rva() const {
    return unwind_rva_;
  }

  uint32_t size() const {
    return rva_end() - rva_start();
  }

  const unwind_info_t* unwind_info() const {
    return unwind_info_.has_value() ? &*unwind_info_ : nullptr;
  }
 
  unwind_info_t* unwind_info() {
    return unwind_info_.has_value() ? &*unwind_info_ : nullptr;
  }
 
  void unwind_info(unwind_info_t info) {
    unwind_info_ = std::move(info);
  }
 
  static bool classof(const ExceptionInfo* info) {
    return info->arch() == ExceptionInfo::ARCH::X86_64;
  }
 
  ~RuntimeFunctionX64() = default;
 
  private:
  uint32_t rva_end_ = 0;
  uint32_t unwind_rva_ = 0;
  optional<unwind_info_t> unwind_info_;
};
 
LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_OPCODES op);
LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_FLAGS op);
LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_REG op);
 
}
}
 
ENABLE_BITMASK_OPERATORS(LIEF::PE::RuntimeFunctionX64::UNWIND_FLAGS);
 
#endif