LIEF: Library to Instrument Executable Formats Version 0.15.1
Loading...
Searching...
No Matches
LIEF::PE::LoadConfigurationV1 Class Reference

LoadConfiguration enhanced with Control Flow Guard. More...

#include <LoadConfigurationV1.hpp>

Inheritance diagram for LIEF::PE::LoadConfigurationV1:
Collaboration diagram for LIEF::PE::LoadConfigurationV1:

Public Types

enum class  IMAGE_GUARD : uint32_t {
  NONE = 0x00000000 , CF_INSTRUMENTED = 0x00000100 , CFW_INSTRUMENTED = 0x00000200 , CF_FUNCTION_TABLE_PRESENT = 0x00000400 ,
  SECURITY_COOKIE_UNUSED = 0x00000800 , PROTECT_DELAYLOAD_IAT = 0x00001000 , DELAYLOAD_IAT_IN_ITS_OWN_SECTION = 0x00002000 , CF_EXPORT_SUPPRESSION_INFO_PRESENT = 0x00004000 ,
  CF_ENABLE_EXPORT_SUPPRESSION = 0x00008000 , CF_LONGJUMP_TABLE_PRESENT = 0x00010000 , RF_INSTRUMENTED = 0x00020000 , RF_ENABLE = 0x00040000 ,
  RF_STRICT = 0x00080000 , RETPOLINE_PRESENT = 0x00100000 , EH_CONTINUATION_TABLE_PRESENT = 0x00200000
}
 
- Public Types inherited from LIEF::PE::LoadConfiguration
enum class  VERSION {
  UNKNOWN = 0 , SEH , WIN_8_1 , WIN_10_0_9879 ,
  WIN_10_0_14286 , WIN_10_0_14383 , WIN_10_0_14901 , WIN_10_0_15002 ,
  WIN_10_0_16237 , WIN_10_0_18362 , WIN_10_0_19534 , WIN_10_0_MSVC_2019 ,
  WIN_10_0_MSVC_2019_16
}
 
- Public Types inherited from LIEF::Object
template<class T >
using output_t = add_pointer_t<decay_t<T>>
 
template<class T >
using output_const_t = add_pointer_t<add_const_t<decay_t<T>>>
 

Public Member Functions

 LoadConfigurationV1 ()=default
 
template<class T >
 LoadConfigurationV1 (const details::load_configuration_v1< T > &header)
 
LoadConfigurationV1operator= (const LoadConfigurationV1 &)=default
 
 LoadConfigurationV1 (const LoadConfigurationV1 &)=default
 
VERSION version () const override
 (SDK) Version of the structure
 
uint64_t guard_cf_check_function_pointer () const
 The VA where Control Flow Guard check-function pointer is stored.
 
uint64_t guard_cf_dispatch_function_pointer () const
 The VA where Control Flow Guard dispatch-function pointer is stored.
 
uint64_t guard_cf_function_table () const
 The VA of the sorted table of RVAs of each Control Flow Guard function in the image.
 
uint64_t guard_cf_function_count () const
 The count of unique RVAs in the LoadConfigurationV1::guard_cf_function_table.
 
IMAGE_GUARD guard_flags () const
 Control Flow Guard related flags.
 
bool has (IMAGE_GUARD flag) const
 Check if the given flag is present in LoadConfigurationV1::guard_flags.
 
std::vector< IMAGE_GUARDguard_cf_flags_list () const
 LoadConfigurationV1::guard_flags as a list of LIEF::PE::GUARD_CF_FLAGS.
 
void guard_cf_check_function_pointer (uint64_t check_pointer)
 
void guard_cf_dispatch_function_pointer (uint64_t dispatch_pointer)
 
void guard_cf_function_table (uint64_t guard_cf_function_table)
 
void guard_cf_function_count (uint64_t guard_cf_function_count)
 
void guard_flags (IMAGE_GUARD flags)
 
 ~LoadConfigurationV1 () override=default
 
void accept (Visitor &visitor) const override
 
std::ostream & print (std::ostream &os) const override
 
- Public Member Functions inherited from LIEF::PE::LoadConfigurationV0
 LoadConfigurationV0 ()=default
 
LoadConfigurationV0operator= (const LoadConfigurationV0 &)=default
 
 LoadConfigurationV0 (const LoadConfigurationV0 &)=default
 
template<class T >
 LoadConfigurationV0 (const details::load_configuration_v0< T > &header)
 
uint64_t se_handler_table () const
 The VA of the sorted table of RVAs of each valid, unique SE handler in the image.
 
uint64_t se_handler_count () const
 The count of unique handlers in the table.
 
void se_handler_table (uint64_t se_handler_table)
 
void se_handler_count (uint64_t se_handler_count)
 
 ~LoadConfigurationV0 () override=default
 
- Public Member Functions inherited from LIEF::PE::LoadConfiguration
 LoadConfiguration ()=default
 
template<class T >
 LoadConfiguration (const details::load_configuration< T > &header)
 
LoadConfigurationoperator= (const LoadConfiguration &)=default
 
 LoadConfiguration (const LoadConfiguration &)=default
 
uint32_t characteristics () const
 Characteristics of the structure It usually holds its size.
 
uint32_t size () const
 Size of the current structure which is an alias for characteristics.
 
uint32_t timedatestamp () const
 Date and time stamp value.
 
uint16_t major_version () const
 Major Version.
 
uint16_t minor_version () const
 Minor version.
 
uint32_t global_flags_clear () const
 The global loader flags to clear for this process as the loader start the process.
 
uint32_t global_flags_set () const
 The global loader flags to set for this process as the loader starts the process.
 
uint32_t critical_section_default_timeout () const
 The default timeout value to use for this process’s critical sections that are abandoned.
 
uint64_t decommit_free_block_threshold () const
 Memory that must be freed before it is returned to the system, in bytes.
 
uint64_t decommit_total_free_threshold () const
 Total amount of free memory, in bytes.
 
uint64_t lock_prefix_table () const
 The VA of a list of addresses where the LOCK prefix is used so that they can be replaced with NOP on single processor machines.
 
uint64_t maximum_allocation_size () const
 Maximum allocation size, in bytes.
 
uint64_t virtual_memory_threshold () const
 Maximum virtual memory size, in bytes.
 
uint64_t process_affinity_mask () const
 Setting this field to a non-zero value is equivalent to calling SetProcessAffinityMask with this value during process startup (.exe only)
 
uint32_t process_heap_flags () const
 Process heap flags that correspond to the first argument of the HeapCreate function. These flags apply to the process heap that is created during process startup.
 
uint16_t csd_version () const
 The service pack version identifier.
 
uint16_t reserved1 () const
 Must be zero.
 
uint16_t dependent_load_flags () const
 Alias for reserved1.
 
uint32_t editlist () const
 Reserved for use by the system.
 
uint32_t security_cookie () const
 A pointer to a cookie that is used by Visual C++ or GS implementation.
 
void characteristics (uint32_t characteristics)
 
void timedatestamp (uint32_t timedatestamp)
 
void major_version (uint16_t major_version)
 
void minor_version (uint16_t minor_version)
 
void global_flags_clear (uint32_t global_flags_clear)
 
void global_flags_set (uint32_t global_flags_set)
 
void critical_section_default_timeout (uint32_t critical_section_default_timeout)
 
void decommit_free_block_threshold (uint64_t decommit_free_block_threshold)
 
void decommit_total_free_threshold (uint64_t decommit_total_free_threshold)
 
void lock_prefix_table (uint64_t lock_prefix_table)
 
void maximum_allocation_size (uint64_t maximum_allocation_size)
 
void virtual_memory_threshold (uint64_t virtual_memory_threshold)
 
void process_affinity_mask (uint64_t process_affinity_mask)
 
void process_heap_flags (uint32_t process_heap_flagsid)
 
void csd_version (uint16_t csd_version)
 
void reserved1 (uint16_t reserved1)
 
void dependent_load_flags (uint16_t flags)
 
void editlist (uint32_t editlist)
 
void security_cookie (uint32_t security_cookie)
 
 ~LoadConfiguration () override=default
 
- Public Member Functions inherited from LIEF::Object
 Object ()
 
 Object (const Object &other)
 
Objectoperator= (const Object &other)
 
template<class T >
output_t< T > as ()
 
template<class T >
output_const_t< T > as () const
 
virtual bool operator== (const Object &other) const
 
virtual bool operator!= (const Object &other) const
 
virtual ~Object ()
 

Static Public Member Functions

static bool classof (const LoadConfiguration *config)
 
- Static Public Member Functions inherited from LIEF::PE::LoadConfigurationV0
static bool classof (const LoadConfiguration *config)
 
- Static Public Member Functions inherited from LIEF::PE::LoadConfiguration
static bool classof (const LoadConfiguration *)
 
template<class T >
static const T * cast (const LoadConfiguration *config)
 

Static Public Attributes

static constexpr VERSION WIN_VERSION = VERSION::WIN_8_1
 
- Static Public Attributes inherited from LIEF::PE::LoadConfigurationV0
static constexpr VERSION WIN_VERSION = VERSION::SEH
 
- Static Public Attributes inherited from LIEF::PE::LoadConfiguration
static constexpr VERSION WIN_VERSION = VERSION::UNKNOWN
 

Detailed Description

LoadConfiguration enhanced with Control Flow Guard.

This structure is available from Windows 8.1

Member Enumeration Documentation

◆ IMAGE_GUARD

enum class LIEF::PE::LoadConfigurationV1::IMAGE_GUARD : uint32_t
strong
Enumerator
NONE 
CF_INSTRUMENTED 

Module performs control flow integrity checks using system-supplied support

CFW_INSTRUMENTED 

Module performs control flow and write integrity checks

CF_FUNCTION_TABLE_PRESENT 

Module contains valid control flow target metadata

SECURITY_COOKIE_UNUSED 

Module does not make use of the /GS security cookie

PROTECT_DELAYLOAD_IAT 

Module supports read only delay load IAT

DELAYLOAD_IAT_IN_ITS_OWN_SECTION 

Delayload import table in its own .didat section (with nothing else in it) that can be freely reprotected

CF_EXPORT_SUPPRESSION_INFO_PRESENT 

Module contains suppressed export information. This also infers that the address taken taken IAT table is also present in the load config.

CF_ENABLE_EXPORT_SUPPRESSION 

Module enables suppression of exports

CF_LONGJUMP_TABLE_PRESENT 

Module contains longjmp target information

RF_INSTRUMENTED 

Module contains return flow instrumentation and metadata

RF_ENABLE 

Module requests that the OS enable return flow protection

RF_STRICT 

Module requests that the OS enable return flow protection in strict mode

RETPOLINE_PRESENT 

Module was built with retpoline support

EH_CONTINUATION_TABLE_PRESENT 

Module contains EH continuation target information

Constructor & Destructor Documentation

◆ LoadConfigurationV1() [1/3]

LIEF::PE::LoadConfigurationV1::LoadConfigurationV1 ( )
default

◆ LoadConfigurationV1() [2/3]

template<class T >
LIEF::PE::LoadConfigurationV1::LoadConfigurationV1 ( const details::load_configuration_v1< T > & header)

◆ LoadConfigurationV1() [3/3]

LIEF::PE::LoadConfigurationV1::LoadConfigurationV1 ( const LoadConfigurationV1 & )
default

◆ ~LoadConfigurationV1()

LIEF::PE::LoadConfigurationV1::~LoadConfigurationV1 ( )
overridedefault

Member Function Documentation

◆ accept()

◆ classof()

static bool LIEF::PE::LoadConfigurationV1::classof ( const LoadConfiguration * config)
inlinestatic

◆ guard_cf_check_function_pointer() [1/2]

uint64_t LIEF::PE::LoadConfigurationV1::guard_cf_check_function_pointer ( ) const
inline

The VA where Control Flow Guard check-function pointer is stored.

◆ guard_cf_check_function_pointer() [2/2]

void LIEF::PE::LoadConfigurationV1::guard_cf_check_function_pointer ( uint64_t check_pointer)
inline

◆ guard_cf_dispatch_function_pointer() [1/2]

uint64_t LIEF::PE::LoadConfigurationV1::guard_cf_dispatch_function_pointer ( ) const
inline

The VA where Control Flow Guard dispatch-function pointer is stored.

◆ guard_cf_dispatch_function_pointer() [2/2]

void LIEF::PE::LoadConfigurationV1::guard_cf_dispatch_function_pointer ( uint64_t dispatch_pointer)
inline

◆ guard_cf_flags_list()

std::vector< IMAGE_GUARD > LIEF::PE::LoadConfigurationV1::guard_cf_flags_list ( ) const

LoadConfigurationV1::guard_flags as a list of LIEF::PE::GUARD_CF_FLAGS.

◆ guard_cf_function_count() [1/2]

uint64_t LIEF::PE::LoadConfigurationV1::guard_cf_function_count ( ) const
inline

The count of unique RVAs in the LoadConfigurationV1::guard_cf_function_table.

◆ guard_cf_function_count() [2/2]

void LIEF::PE::LoadConfigurationV1::guard_cf_function_count ( uint64_t guard_cf_function_count)
inline

◆ guard_cf_function_table() [1/2]

uint64_t LIEF::PE::LoadConfigurationV1::guard_cf_function_table ( ) const
inline

The VA of the sorted table of RVAs of each Control Flow Guard function in the image.

◆ guard_cf_function_table() [2/2]

void LIEF::PE::LoadConfigurationV1::guard_cf_function_table ( uint64_t guard_cf_function_table)
inline

◆ guard_flags() [1/2]

IMAGE_GUARD LIEF::PE::LoadConfigurationV1::guard_flags ( ) const
inline

Control Flow Guard related flags.

◆ guard_flags() [2/2]

void LIEF::PE::LoadConfigurationV1::guard_flags ( IMAGE_GUARD flags)
inline

◆ has()

bool LIEF::PE::LoadConfigurationV1::has ( IMAGE_GUARD flag) const

Check if the given flag is present in LoadConfigurationV1::guard_flags.

◆ operator=()

LoadConfigurationV1 & LIEF::PE::LoadConfigurationV1::operator= ( const LoadConfigurationV1 & )
default

◆ print()

◆ version()

Member Data Documentation

◆ WIN_VERSION

VERSION LIEF::PE::LoadConfigurationV1::WIN_VERSION = VERSION::WIN_8_1
staticconstexpr

The documentation for this class was generated from the following file: