latest/doxygen/RuntimeFunctionX64_8hpp_source.html

/* Copyright 2017 - 2026 R. Thomas

 * Copyright 2017 - 2026 Quarkslab

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef LIEF_PE_RUNTIME_FUNCTION_X64_H

#define LIEF_PE_RUNTIME_FUNCTION_X64_H


#include <memory>


#include "LIEF/errors.hpp"

#include "LIEF/visibility.h"

#include "LIEF/enums.hpp"

#include "LIEF/optional.hpp"


#include "LIEF/PE/ExceptionInfo.hpp"


namespace LIEF {

class BinaryStream;


namespace PE {

class Parser;


namespace unwind_x64 {

class Code;

}


class LIEF_API RuntimeFunctionX64 : public ExceptionInfo {

  public:

  LIEF_LOCAL static std::unique_ptr<RuntimeFunctionX64>

      parse(Parser& ctx, BinaryStream& strm, bool skip_unwind = false);


  LIEF_LOCAL static ok_error_t parse_unwind(Parser& ctx, BinaryStream& strm,

                                            RuntimeFunctionX64& func);


  enum class UNWIND_FLAGS : uint8_t {

    EXCEPTION_HANDLER = 1,

    TERMINATE_HANDLER = 2,


    CHAIN_INFO = 4,

  };


  enum class UNWIND_OPCODES : uint32_t {

    PUSH_NONVOL = 0,


    ALLOC_LARGE = 1,


    ALLOC_SMALL = 2,


    SET_FPREG = 3,


    SAVE_NONVOL = 4,


    SAVE_NONVOL_FAR = 5,


    EPILOG = 6,


    SPARE = 7,


    SAVE_XMM128 = 8,


    SAVE_XMM128_FAR = 9,


    PUSH_MACHFRAME = 10,

  };


  enum class UNWIND_REG : uint32_t {

    RAX = 0,

    RCX,

    RDX,

    RBX,

    RSP,

    RBP,

    RSI,

    RDI,

    R8,

    R9,

    R10,

    R11,

    R12,

    R13,

    R14,

    R15,

  };


  struct LIEF_API unwind_info_t {

    using opcodes_t = std::vector<std::unique_ptr<unwind_x64::Code>>;


    uint8_t version = 0;


    uint8_t flags = 0;


    uint8_t sizeof_prologue = 0;


    uint8_t count_opcodes = 0;


    uint8_t frame_reg = 0;


    uint8_t frame_reg_offset = 0;


    std::vector<uint8_t> raw_opcodes;


    optional<uint32_t> handler;


    RuntimeFunctionX64* chained = nullptr;


    bool has(UNWIND_FLAGS flag) const {

      return (flags & (int)flag) != 0;

    }


    opcodes_t opcodes() const;


    std::string to_string() const;


    friend LIEF_API std::ostream& operator<<(std::ostream& os,

                                             const unwind_info_t& info) {

      os << info.to_string();

      return os;

    }


  };


  RuntimeFunctionX64(uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva) :

    ExceptionInfo(ARCH::X86_64, rva_start),

    rva_end_(rva_end),

    unwind_rva_(unwind_rva) {}


  RuntimeFunctionX64(const RuntimeFunctionX64&) = default;

  RuntimeFunctionX64& operator=(const RuntimeFunctionX64&) = default;


  RuntimeFunctionX64(RuntimeFunctionX64&&) = default;

  RuntimeFunctionX64& operator=(RuntimeFunctionX64&&) = default;


  std::unique_ptr<ExceptionInfo> clone() const override {

    return std::unique_ptr<RuntimeFunctionX64>(new RuntimeFunctionX64(*this));

  }


  std::string to_string() const override;


  uint32_t rva_end() const {

    return rva_end_;

  }


  uint32_t unwind_rva() const {

    return unwind_rva_;

  }


  uint32_t size() const {

    return rva_end() - rva_start();

  }


  const unwind_info_t* unwind_info() const {

    return unwind_info_.has_value() ? &*unwind_info_ : nullptr;

  }


  unwind_info_t* unwind_info() {

    return unwind_info_.has_value() ? &*unwind_info_ : nullptr;

  }


  void unwind_info(unwind_info_t info) {

    unwind_info_ = std::move(info);

  }


  static bool classof(const ExceptionInfo* info) {

    return info->arch() == ExceptionInfo::ARCH::X86_64;

  }


  ~RuntimeFunctionX64() = default;


  private:

  uint32_t rva_end_ = 0;

  uint32_t unwind_rva_ = 0;

  optional<unwind_info_t> unwind_info_;

};


LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_OPCODES op);

LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_FLAGS op);

LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_REG op);


}

}


ENABLE_BITMASK_OPERATORS(LIEF::PE::RuntimeFunctionX64::UNWIND_FLAGS);


#endif

ExceptionInfo.hpp

LIEF::BinaryStream
Class that is used to a read stream of data from different sources.
Definition BinaryStream.hpp:33

LIEF::PE::ExceptionInfo::rva_start
uint32_t rva_start() const
Function start address.
Definition ExceptionInfo.hpp:69

LIEF::PE::ExceptionInfo::ARCH
ARCH
Arch discriminator for the subclasses.
Definition ExceptionInfo.hpp:50

LIEF::PE::ExceptionInfo::ARCH::X86_64
@ X86_64
Definition ExceptionInfo.hpp:53

LIEF::PE::ExceptionInfo::ExceptionInfo
ExceptionInfo()=delete

LIEF::PE::Parser
Main interface to parse PE binaries. In particular, the static Parser::parse functions should be used...
Definition PE/Parser.hpp:52

LIEF::PE::RuntimeFunctionX64::to_string
std::string to_string() const override

LIEF::PE::RuntimeFunctionX64::UNWIND_REG
UNWIND_REG
Definition RuntimeFunctionX64.hpp:133

LIEF::PE::RuntimeFunctionX64::unwind_info
void unwind_info(unwind_info_t info)
Definition RuntimeFunctionX64.hpp:255

LIEF::PE::RuntimeFunctionX64::unwind_info
const unwind_info_t * unwind_info() const
Detailed unwind information.
Definition RuntimeFunctionX64.hpp:247

LIEF::PE::RuntimeFunctionX64::UNWIND_OPCODES
UNWIND_OPCODES
Definition RuntimeFunctionX64.hpp:64

LIEF::PE::RuntimeFunctionX64::~RuntimeFunctionX64
~RuntimeFunctionX64()=default

LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(RuntimeFunctionX64 &&)=default

LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva)
Definition RuntimeFunctionX64.hpp:214

LIEF::PE::RuntimeFunctionX64::unwind_rva
uint32_t unwind_rva() const
Unwind info address.
Definition RuntimeFunctionX64.hpp:237

LIEF::PE::RuntimeFunctionX64::operator=
RuntimeFunctionX64 & operator=(const RuntimeFunctionX64 &)=default

LIEF::PE::RuntimeFunctionX64::clone
std::unique_ptr< ExceptionInfo > clone() const override
Definition RuntimeFunctionX64.hpp:225

LIEF::PE::RuntimeFunctionX64::size
uint32_t size() const
Size of the function (in bytes).
Definition RuntimeFunctionX64.hpp:242

LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(const RuntimeFunctionX64 &)=default

LIEF::PE::RuntimeFunctionX64::classof
static bool classof(const ExceptionInfo *info)
Definition RuntimeFunctionX64.hpp:259

LIEF::PE::RuntimeFunctionX64::UNWIND_FLAGS
UNWIND_FLAGS
Definition RuntimeFunctionX64.hpp:52

LIEF::PE::RuntimeFunctionX64::unwind_info
unwind_info_t * unwind_info()
Definition RuntimeFunctionX64.hpp:251

LIEF::PE::RuntimeFunctionX64::rva_end
uint32_t rva_end() const
Function end address.
Definition RuntimeFunctionX64.hpp:232

LIEF::PE::RuntimeFunctionX64::operator=
RuntimeFunctionX64 & operator=(RuntimeFunctionX64 &&)=default

LIEF::PE::unwind_x64::Code
Base class for all unwind operations.
Definition UnwindCodeX64.hpp:31

LIEF::ok_error_t
Opaque structure that is used by LIEF to avoid writing result<void> f(...). Instead,...
Definition errors.hpp:114

LIEF::optional
Definition optional.hpp:23

enums.hpp

ENABLE_BITMASK_OPERATORS
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24

errors.hpp

LIEF::PE::unwind_x64
This namespace wraps code related to PE-x64 unwinding code.
Definition RuntimeFunctionX64.hpp:34

LIEF::PE
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32

LIEF::PE::to_string
const char * to_string(CODE_PAGES e)

LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:40

optional.hpp

LIEF::PE::RuntimeFunctionX64::unwind_info_t
This structure represents the UNWIND_INFO which records the effects a function has on the stack point...
Definition RuntimeFunctionX64.hpp:155

LIEF::PE::RuntimeFunctionX64::unwind_info_t::sizeof_prologue
uint8_t sizeof_prologue
Length of the function prolog in bytes.
Definition RuntimeFunctionX64.hpp:165

LIEF::PE::RuntimeFunctionX64::unwind_info_t::frame_reg
uint8_t frame_reg
If nonzero, then the function uses a frame pointer (FP), and this field is the number of the nonvolat...
Definition RuntimeFunctionX64.hpp:176

LIEF::PE::RuntimeFunctionX64::unwind_info_t::handler
optional< uint32_t > handler
An image-relative pointer to either the function's language-specific exception or termination handler...
Definition RuntimeFunctionX64.hpp:190

LIEF::PE::RuntimeFunctionX64::unwind_info_t::has
bool has(UNWIND_FLAGS flag) const
Check if the given flag is used.
Definition RuntimeFunctionX64.hpp:197

LIEF::PE::RuntimeFunctionX64::unwind_info_t::opcodes
opcodes_t opcodes() const
Enhanced representation of the unwind code.

LIEF::PE::RuntimeFunctionX64::unwind_info_t::frame_reg_offset
uint8_t frame_reg_offset
If the frame register field is nonzero, this field is the scaled offset from RSP that is applied to t...
Definition RuntimeFunctionX64.hpp:180

LIEF::PE::RuntimeFunctionX64::unwind_info_t::to_string
std::string to_string() const
Pretty representation of this structure as a string.

LIEF::PE::RuntimeFunctionX64::unwind_info_t::flags
uint8_t flags
See: UNWIND_FLAGS.
Definition RuntimeFunctionX64.hpp:162

LIEF::PE::RuntimeFunctionX64::unwind_info_t::opcodes_t
std::vector< std::unique_ptr< unwind_x64::Code > > opcodes_t
Definition RuntimeFunctionX64.hpp:156

LIEF::PE::RuntimeFunctionX64::unwind_info_t::raw_opcodes
std::vector< uint8_t > raw_opcodes
An array of items that explains the effect of the prolog on the nonvolatile registers and RSP.
Definition RuntimeFunctionX64.hpp:184

LIEF::PE::RuntimeFunctionX64::unwind_info_t::operator<<
friend std::ostream & operator<<(std::ostream &os, const unwind_info_t &info)
Definition RuntimeFunctionX64.hpp:207

LIEF::PE::RuntimeFunctionX64::unwind_info_t::version
uint8_t version
Version number of the unwind data, currently 1 or 2.
Definition RuntimeFunctionX64.hpp:159

LIEF::PE::RuntimeFunctionX64::unwind_info_t::count_opcodes
uint8_t count_opcodes
The number of slots in the unwind codes array. Some unwind codes, for example, UNWIND_OPCODES::SAVE_N...
Definition RuntimeFunctionX64.hpp:170

LIEF::PE::RuntimeFunctionX64::unwind_info_t::chained
RuntimeFunctionX64 * chained
If UNWIND_FLAGS::CHAIN_INFO is set, this attributes references the chained runtime function.
Definition RuntimeFunctionX64.hpp:194

visibility.h

LIEF_API
#define LIEF_API
Definition visibility.h:43

LIEF_LOCAL
#define LIEF_LOCAL
Definition visibility.h:44