LIEF: Library to Instrument Executable Formats Version 0.17.0
Loading...
Searching...
No Matches
RuntimeFunctionX64.hpp
Go to the documentation of this file.
1/* Copyright 2017 - 2025 R. Thomas
2 * Copyright 2017 - 2025 Quarkslab
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#ifndef LIEF_PE_RUNTIME_FUNCTION_X64_H
17#define LIEF_PE_RUNTIME_FUNCTION_X64_H
18
19#include <memory>
20
21#include "LIEF/errors.hpp"
22#include "LIEF/visibility.h"
23#include "LIEF/enums.hpp"
24#include "LIEF/optional.hpp"
25
26#include "LIEF/PE/ExceptionInfo.hpp"
27
28namespace LIEF {
29class BinaryStream;
30
31namespace PE {
32class Parser;
33
34namespace unwind_x64 {
35class Code;
36}
37class LIEF_API RuntimeFunctionX64 : public ExceptionInfo {
43 public:
44 LIEF_LOCAL static std::unique_ptr<RuntimeFunctionX64>
47 parse(Parser& ctx, BinaryStream& strm, bool skip_unwind = false);
48 LIEF_LOCAL static ok_error_t
51 parse_unwind(Parser& ctx, BinaryStream& strm, RuntimeFunctionX64& func);
52
53 enum class UNWIND_FLAGS : uint8_t { EXCEPTION_HANDLER = 1, TERMINATE_HANDLER = 2,
60 CHAIN_INFO = 4,
63 };
64
65 enum class UNWIND_OPCODES : uint32_t { PUSH_NONVOL = 0,
73 ALLOC_LARGE = 1,
81 ALLOC_SMALL = 2,
85 SET_FPREG = 3,
94 SAVE_NONVOL = 4,
102 SAVE_NONVOL_FAR = 5,
110 EPILOG = 6,
114 SPARE = 7,
118 SAVE_XMM128 = 8,
123 SAVE_XMM128_FAR = 9,
128 PUSH_MACHFRAME = 10,
132 };
133
134 enum class UNWIND_REG : uint32_t {
135 RAX = 0,
136 RCX, RDX, RBX, RSP, RBP, RSI, RDI, R8, R9, R10, R11, R12, R13, R14, R15,
137 };
138 struct LIEF_API unwind_info_t {
143 using opcodes_t = std::vector<std::unique_ptr<unwind_x64::Code>>;
144 uint8_t version = 0;
147 uint8_t flags = 0;
150 uint8_t sizeof_prologue = 0;
153 uint8_t count_opcodes = 0;
158 uint8_t frame_reg = 0;
164 uint8_t frame_reg_offset = 0;
168 std::vector<uint8_t> raw_opcodes;
172 optional<uint32_t> handler;
178 RuntimeFunctionX64* chained = nullptr;
182 bool has(UNWIND_FLAGS flag) const {
185 return (flags & (int)flag) != 0;
186 }
187 opcodes_t opcodes() const;
190 std::string to_string() const;
193
194 friend LIEF_API
195 std::ostream& operator<<(std::ostream& os, const unwind_info_t& info)
196 {
197 os << info.to_string();
198 return os;
199 }
200 };
201
202 RuntimeFunctionX64(uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva) :
203 ExceptionInfo(ARCH::X86_64, rva_start),
204 rva_end_(rva_end),
205 unwind_rva_(unwind_rva)
206 {}
207
208 RuntimeFunctionX64(const RuntimeFunctionX64&) = default;
209 RuntimeFunctionX64& operator=(const RuntimeFunctionX64&) = default;
210
211 RuntimeFunctionX64(RuntimeFunctionX64&&) = default;
212 RuntimeFunctionX64& operator=(RuntimeFunctionX64&&) = default;
213
214 std::unique_ptr<ExceptionInfo> clone() const override {
215 return std::unique_ptr<RuntimeFunctionX64>(new RuntimeFunctionX64(*this));
216 }
217
218 std::string to_string() const override;
219 uint32_t rva_end() const {
222 return rva_end_;
223 }
224 uint32_t unwind_rva() const {
227 return unwind_rva_;
228 }
229 uint32_t size() const {
232 return rva_end() - rva_start();
233 }
234 const unwind_info_t* unwind_info() const {
237 return unwind_info_.has_value() ? &*unwind_info_ : nullptr;
238 }
239
240 unwind_info_t* unwind_info() {
241 return unwind_info_.has_value() ? &*unwind_info_ : nullptr;
242 }
243
244 void unwind_info(unwind_info_t info) {
245 unwind_info_ = std::move(info);
246 }
247
248 static bool classof(const ExceptionInfo* info) {
249 return info->arch() == ExceptionInfo::ARCH::X86_64;
250 }
251
252 ~RuntimeFunctionX64() = default;
253
254 private:
255 uint32_t rva_end_ = 0;
256 uint32_t unwind_rva_ = 0;
257 optional<unwind_info_t> unwind_info_;
258};
259
260LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_OPCODES op);
261LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_FLAGS op);
262LIEF_API const char* to_string(RuntimeFunctionX64::UNWIND_REG op);
263
264}
265}
266
267ENABLE_BITMASK_OPERATORS(LIEF::PE::RuntimeFunctionX64::UNWIND_FLAGS);
268
269#endif
ExceptionInfo.hpp
LIEF::BinaryStream
Class that is used to a read stream of data from different sources.
Definition BinaryStream.hpp:33
LIEF::PE::ExceptionInfo
This class is the base class for any exception or runtime function entry.
Definition ExceptionInfo.hpp:33
LIEF::PE::Parser
Main interface to parse PE binaries. In particular the static functions: Parser::parse should be used...
Definition PE/Parser.hpp:52
LIEF::PE::RuntimeFunctionX64
This class represents an entry in the exception table (.pdata section) for the x86-64 architecture.
Definition RuntimeFunctionX64.hpp:42
LIEF::PE::RuntimeFunctionX64::to_string
std::string to_string() const override
LIEF::PE::RuntimeFunctionX64::UNWIND_REG
UNWIND_REG
Definition RuntimeFunctionX64.hpp:134
LIEF::PE::RuntimeFunctionX64::unwind_info
void unwind_info(unwind_info_t info)
Definition RuntimeFunctionX64.hpp:244
LIEF::PE::RuntimeFunctionX64::unwind_info
const unwind_info_t * unwind_info() const
Detailed unwind information.
Definition RuntimeFunctionX64.hpp:236
LIEF::PE::RuntimeFunctionX64::UNWIND_OPCODES
UNWIND_OPCODES
Definition RuntimeFunctionX64.hpp:65
LIEF::PE::RuntimeFunctionX64::~RuntimeFunctionX64
~RuntimeFunctionX64()=default
LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(RuntimeFunctionX64 &&)=default
LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva)
Definition RuntimeFunctionX64.hpp:202
LIEF::PE::RuntimeFunctionX64::unwind_rva
uint32_t unwind_rva() const
Unwind info address.
Definition RuntimeFunctionX64.hpp:226
LIEF::PE::RuntimeFunctionX64::operator=
RuntimeFunctionX64 & operator=(const RuntimeFunctionX64 &)=default
LIEF::PE::RuntimeFunctionX64::clone
std::unique_ptr< ExceptionInfo > clone() const override
Definition RuntimeFunctionX64.hpp:214
LIEF::PE::RuntimeFunctionX64::size
uint32_t size() const
Size of the function (in bytes)
Definition RuntimeFunctionX64.hpp:231
LIEF::PE::RuntimeFunctionX64::RuntimeFunctionX64
RuntimeFunctionX64(const RuntimeFunctionX64 &)=default
LIEF::PE::RuntimeFunctionX64::classof
static bool classof(const ExceptionInfo *info)
Definition RuntimeFunctionX64.hpp:248
LIEF::PE::RuntimeFunctionX64::UNWIND_FLAGS
UNWIND_FLAGS
Definition RuntimeFunctionX64.hpp:53
LIEF::PE::RuntimeFunctionX64::unwind_info
unwind_info_t * unwind_info()
Definition RuntimeFunctionX64.hpp:240
LIEF::PE::RuntimeFunctionX64::rva_end
uint32_t rva_end() const
Function end address.
Definition RuntimeFunctionX64.hpp:221
LIEF::PE::RuntimeFunctionX64::operator=
RuntimeFunctionX64 & operator=(RuntimeFunctionX64 &&)=default
LIEF::PE::unwind_x64::Code
Base class for all unwind operations.
Definition UnwindCodeX64.hpp:31
enums.hpp
ENABLE_BITMASK_OPERATORS
#define ENABLE_BITMASK_OPERATORS(X)
Definition enums.hpp:24
errors.hpp
LIEF::PE::unwind_x64
This namespace wraps code related to PE-x64 unwinding code.
Definition RuntimeFunctionX64.hpp:34
LIEF::PE
Namespace related to the LIEF's PE module.
Definition Abstract/Header.hpp:32
LIEF::PE::to_string
const char * to_string(AuxiliaryWeakExternal::CHARACTERISTICS e)
LIEF
LIEF namespace.
Definition Abstract/Binary.hpp:36
LIEF::ok_error_t
result< ok_t > ok_error_t
Opaque structure that is used by LIEF to avoid writing result<void> f(...). Instead,...
Definition errors.hpp:109
optional.hpp
LIEF::PE::RuntimeFunctionX64::unwind_info_t::has
bool has(UNWIND_FLAGS flag) const
Check if the given flag is used.
Definition RuntimeFunctionX64.hpp:184
LIEF::PE::RuntimeFunctionX64::unwind_info_t::opcodes
opcodes_t opcodes() const
Enhanced representation of the unwind code.
LIEF::PE::RuntimeFunctionX64::unwind_info_t::to_string
std::string to_string() const
Pretty representation of this structure as a string.
LIEF::PE::RuntimeFunctionX64::unwind_info_t::operator<<
friend std::ostream & operator<<(std::ostream &os, const unwind_info_t &info)
Definition RuntimeFunctionX64.hpp:195
visibility.h
LIEF_API
#define LIEF_API
Definition visibility.h:41
LIEF_LOCAL
#define LIEF_LOCAL
Definition visibility.h:42
Generated by doxygen 1.13.0