diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2024-11-24 07:56:28 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2024-11-24 07:56:28 (GMT) |
commit | 461f42dd8eb8b1932c11364d9d15367eeb294848 (patch) | |
tree | fd40ede6c00be9fe33feac4242fc4e5903296d62 /plugins/pe/python | |
parent | 31c235f145189fe146f9374d6826927de5964a07 (diff) |
Restore and improve the support for PE files.
Diffstat (limited to 'plugins/pe/python')
-rw-r--r-- | plugins/pe/python/Makefile.am | 8 | ||||
-rw-r--r-- | plugins/pe/python/constants.c | 5 | ||||
-rw-r--r-- | plugins/pe/python/constants.h | 2 | ||||
-rw-r--r-- | plugins/pe/python/format.c | 204 | ||||
-rw-r--r-- | plugins/pe/python/module.c | 6 | ||||
-rw-r--r-- | plugins/pe/python/translate.c | 290 | ||||
-rw-r--r-- | plugins/pe/python/translate.h | 10 |
7 files changed, 440 insertions, 85 deletions
diff --git a/plugins/pe/python/Makefile.am b/plugins/pe/python/Makefile.am index 5949821..4a70769 100644 --- a/plugins/pe/python/Makefile.am +++ b/plugins/pe/python/Makefile.am @@ -1,14 +1,16 @@ noinst_LTLIBRARIES = libpepython.la +# libpepython_la_SOURCES = \ +# constants.h constants.c \ +# routine.h routine.c + libpepython_la_SOURCES = \ - constants.h constants.c \ format.h format.c \ module.h module.c \ - routine.h routine.c \ translate.h translate.c -libpepython_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ +libpepython_la_CFLAGS = $(TOOLKIT_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ -I$(top_srcdir)/src -DNO_IMPORT_PYGOBJECT diff --git a/plugins/pe/python/constants.c b/plugins/pe/python/constants.c index 9b4942d..bb10a7e 100644 --- a/plugins/pe/python/constants.c +++ b/plugins/pe/python/constants.c @@ -29,7 +29,7 @@ #include "../pe_def.h" -#include "../routine.h" +//#include "../routine.h" @@ -101,7 +101,7 @@ bool define_python_pe_format_constants(PyTypeObject *type) * Remarques : - * * * ******************************************************************************/ - +#if 0 bool define_python_pe_exported_routine_constants(PyTypeObject *type) { bool result; /* Bilan à retourner */ @@ -141,3 +141,4 @@ bool define_python_pe_exported_routine_constants(PyTypeObject *type) return result; } +#endif diff --git a/plugins/pe/python/constants.h b/plugins/pe/python/constants.h index 25b0adb..fe4293c 100644 --- a/plugins/pe/python/constants.h +++ b/plugins/pe/python/constants.h @@ -35,7 +35,7 @@ bool define_python_pe_format_constants(PyTypeObject *); /* Définit les constantes pour les routines du format PE. */ -bool define_python_pe_exported_routine_constants(PyTypeObject *); +//bool define_python_pe_exported_routine_constants(PyTypeObject *); diff --git a/plugins/pe/python/format.c b/plugins/pe/python/format.c index 4bbb99a..6c97c7d 100644 --- a/plugins/pe/python/format.c +++ b/plugins/pe/python/format.c @@ -28,25 +28,23 @@ #include <pygobject.h> -#include <format/known.h> #include <plugins/dt.h> #include <plugins/pychrysalide/helpers.h> #include <plugins/pychrysalide/analysis/content.h> #include <plugins/pychrysalide/format/executable.h> -#include "constants.h" +//#include "constants.h" #include "translate.h" -#include "../format.h" -#include "../rich.h" +#include "../pe-int.h" +//#include "../rich.h" /* ------------------------ GLUE POUR CREATION DEPUIS PYTHON ------------------------ */ -/* Accompagne la création d'une instance dérivée en Python. */ -static PyObject *py_pe_format_new(PyTypeObject *, PyObject *, PyObject *); +CREATE_DYN_CONSTRUCTOR(pe_format, G_TYPE_PE_FORMAT); /* Initialise une instance sur la base du dérivé de GObject. */ static int py_pe_format_init(PyObject *, PyObject *, PyObject *); @@ -59,9 +57,15 @@ static int py_pe_format_init(PyObject *, PyObject *, PyObject *); /* Présente l'en-tête MS-DOS du format chargé. */ static PyObject *py_pe_format_get_dos_header(PyObject *, void *); +/* Présente l'en-tête NT du format chargé. */ +static PyObject *py_pe_format_get_nt_headers(PyObject *, void *); + /* Offre un raccourci vers les répertoires du format PE. */ static PyObject *py_pe_format_get_directories(PyObject *, void *); +/* Offre un raccourci vers les sections du format PE. */ +static PyObject *py_pe_format_get_sections(PyObject *, void *); + /* Présente l'en-tête enrichi du format chargé. */ static PyObject *py_pe_format_get_rich_header(PyObject *, void *); @@ -80,66 +84,6 @@ static PyObject *py_pe_format_get_comp_ids(PyObject *, void *); /****************************************************************************** * * -* Paramètres : type = type du nouvel objet à mettre en place. * -* args = éventuelle liste d'arguments. * -* kwds = éventuel dictionnaire de valeurs mises à disposition. * -* * -* Description : Accompagne la création d'une instance dérivée en Python. * -* * -* Retour : Nouvel objet Python mis en place ou NULL en cas d'échec. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static PyObject *py_pe_format_new(PyTypeObject *type, PyObject *args, PyObject *kwds) -{ - PyObject *result; /* Objet à retourner */ - PyTypeObject *base; /* Type de base à dériver */ - bool first_time; /* Evite les multiples passages*/ - GType gtype; /* Nouveau type de processeur */ - bool status; /* Bilan d'un enregistrement */ - - /* Validations diverses */ - - base = get_python_pe_format_type(); - - if (type == base) - goto simple_way; - - /* Mise en place d'un type dédié */ - - first_time = (g_type_from_name(type->tp_name) == 0); - - gtype = build_dynamic_type(G_TYPE_PE_FORMAT, type->tp_name, NULL, NULL, NULL); - - if (first_time) - { - status = register_class_for_dynamic_pygobject(gtype, type); - - if (!status) - { - result = NULL; - goto exit; - } - - } - - /* On crée, et on laisse ensuite la main à PyGObject_Type.tp_init() */ - - simple_way: - - result = PyType_GenericNew(type, args, kwds); - - exit: - - return result; - -} - - -/****************************************************************************** -* * * Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * @@ -183,7 +127,8 @@ static int py_pe_format_init(PyObject *self, PyObject *args, PyObject *kwds) format = G_PE_FORMAT(pygobject_get(self)); - g_known_format_set_content(G_KNOWN_FORMAT(format), content); + if (!g_pe_format_create(format, content)) + return -1; return 0; @@ -223,7 +168,6 @@ static PyObject *py_pe_format_get_dos_header(PyObject *self, void *closure) "\n" \ "The provided information is composed of the following" \ " properties :\n" \ - "\n" \ "* e_magic;\n" \ "* e_cblp;\n" \ "* e_cp;\n" \ @@ -259,6 +203,52 @@ static PyObject *py_pe_format_get_dos_header(PyObject *self, void *closure) * Paramètres : self = format en place à consulter. * * closure = non utilisé ici. * * * +* Description : Présente l'en-tête NT du format chargé. * +* * +* Retour : Structure Python créée pour l'occasion. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_pe_format_get_nt_headers(PyObject *self, void *closure) +{ + PyObject *result; /* Trouvaille à retourner */ + GPeFormat *format; /* Version GLib du format */ + +#define PE_FORMAT_NT_HEADERS_ATTRIB PYTHON_GET_DEF_FULL \ +( \ + nt_headers, py_pe_format, \ + "NT headers of the file format.\n" \ + "\n" \ + "This property is a pychrysalide.StructObject instance." \ + "\n" \ + "The provided information is composed of the following" \ + " properties :\n" \ + "* signature;\n" \ + "* file_header;\n" \ + "* optional_header.\n" \ + "\n" \ + "The last two fields are pychrysalide.StructObject" \ + " which contain more fields. These fields can be" \ + " enumerated with the keys() method (for instance:" \ + " *mype.nt_headers.file_header.keys()*).\n" \ +) + + format = G_PE_FORMAT(pygobject_get(self)); + + result = translate_pe_nt_headers_to_python(format, g_pe_format_get_nt_headers(format)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = format en place à consulter. * +* closure = non utilisé ici. * +* * * Description : Offre un raccourci vers les répertoires du format PE. * * * * Retour : Structure Python créée pour l'occasion. * @@ -272,7 +262,7 @@ static PyObject *py_pe_format_get_directories(PyObject *self, void *closure) PyObject *result; /* Trouvaille à retourner */ GPeFormat *format; /* Version GLib du format */ size_t count; /* Quantité de répertoires */ - const image_data_directory *directories; /* Répertoires à exporter */ + const image_data_directory_t *directories; /* Répertoires à exporter */ size_t i; /* Boucle de parcours */ PyObject *item; /* Elément de tableau */ int ret; /* Bilan d'une mise en place */ @@ -323,6 +313,76 @@ static PyObject *py_pe_format_get_directories(PyObject *self, void *closure) * Paramètres : self = format en place à consulter. * * closure = non utilisé ici. * * * +* Description : Offre un raccourci vers les sections du format PE. * +* * +* Retour : Structure Python créée pour l'occasion. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_pe_format_get_sections(PyObject *self, void *closure) +{ + PyObject *result; /* Trouvaille à retourner */ + GPeFormat *format; /* Version GLib du format */ + size_t count; /* Quantité de répertoires */ + const image_section_header_t *sections; /* Sections à exporter */ + size_t i; /* Boucle de parcours */ + PyObject *item; /* Elément de tableau */ + int ret; /* Bilan d'une mise en place */ + +#define PE_FORMAT_SECTIONS_ATTRIB PYTHON_GET_DEF_FULL \ +( \ + sections, py_pe_format, \ + "Shortcut to the definitions of all PE format sections.\n" \ + "\n" \ + "This property is a pychrysalide.StructObject instance.\n" \ + "\n" \ + "Each returned item is composed of the following properties :\n"\ + "\n" \ + "* name;\n" \ + "* misc.virtual_size;\n" \ + "* virtual_address;\n" \ + "* size_of_raw_data;\n" \ + "* pointer_to_raw_data;\n" \ + "* pointer_to_relocations;\n" \ + "* pointer_to_line_numbers;\n" \ + "* number_of_relocations;\n" \ + "* number_of_line_numbers;\n" \ + "* characteristics." \ +) + + format = G_PE_FORMAT(pygobject_get(self)); + + sections = g_pe_format_get_sections(format, &count); + + result = PyTuple_New(count); + + for (i = 0; i < count; i++) + { + item = translate_pe_section_header_to_python(format, sections + i); + + ret = PyTuple_SetItem(result, i, item); + + if (ret != 0) + { + Py_DECREF(result); + result = NULL; + break; + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = format en place à consulter. * +* closure = non utilisé ici. * +* * * Description : Présente l'en-tête enrichi du format chargé. * * * * Retour : Tableau de valeurs brutes d'information. * @@ -487,7 +547,9 @@ PyTypeObject *get_python_pe_format_type(void) static PyGetSetDef py_pe_format_getseters[] = { PE_FORMAT_DOS_HEADER_ATTRIB, + PE_FORMAT_NT_HEADERS_ATTRIB, PE_FORMAT_DIRECTORIES_ATTRIB, + PE_FORMAT_SECTIONS_ATTRIB, PE_FORMAT_RICH_HEADER_ATTRIB, PE_FORMAT_RICH_HEADER_CHECKSUM_ATTRIB, PE_FORMAT_COMP_IDS_ATTRIB, @@ -545,8 +607,8 @@ bool register_python_pe_format(PyObject *module) if (!register_class_for_pygobject(dict, G_TYPE_PE_FORMAT, type)) return false; - if (!define_python_pe_format_constants(type)) - return false; + //if (!define_python_pe_format_constants(type)) + // return false; return true; diff --git a/plugins/pe/python/module.c b/plugins/pe/python/module.c index 93b1337..ce0c8d7 100644 --- a/plugins/pe/python/module.c +++ b/plugins/pe/python/module.c @@ -33,7 +33,7 @@ #include "format.h" -#include "routine.h" +//#include "routine.h" @@ -83,8 +83,8 @@ bool add_format_pe_module_to_python_module(void) result = (module != NULL); if (result) result = register_python_pe_format(module); - if (result) result = register_python_pe_exported_routine(module); - if (result) result = register_python_pe_imported_routine(module); + //if (result) result = register_python_pe_exported_routine(module); + //if (result) result = register_python_pe_imported_routine(module); assert(result); diff --git a/plugins/pe/python/translate.c b/plugins/pe/python/translate.c index c01a337..1b4b3ce 100644 --- a/plugins/pe/python/translate.c +++ b/plugins/pe/python/translate.c @@ -45,7 +45,7 @@ * * ******************************************************************************/ -PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_header *header) +PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_header_t *header) { PyObject *result; /* Construction à retourner */ PyTypeObject *base; /* Modèle d'objet à créer */ @@ -64,6 +64,7 @@ PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_h { \ attrib = PyLong_FromUnsignedLongLong(header->e_ ## _f); \ ret = PyDict_SetItemString(result, "e_" #_f, attrib); \ + Py_DECREF(attrib); \ if (ret != 0) goto failed; \ } \ while (0); @@ -79,8 +80,13 @@ PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_h ret = PyTuple_SetItem(attrib, i, item); \ if (ret != 0) break; \ } \ - if (ret != 0) goto failed; \ + if (i < _n) \ + { \ + Py_DECREF(attrib); \ + goto failed; \ + } \ ret = PyDict_SetItemString(result, "e_" #_f, attrib); \ + Py_DECREF(attrib); \ if (ret != 0) goto failed; \ } \ while (0); @@ -119,6 +125,215 @@ PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_h /****************************************************************************** * * * Paramètres : format = format PE chargé sur lequel s'appuyer. * +* header = en-tête NT à décrire en Python. * +* * +* Description : Traduit un en-tête PE en Python. * +* * +* Retour : Structure mise en place ou NULL en cas d'erreur. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *translate_pe_nt_headers_to_python(GPeFormat *format, const image_nt_headers_t *header) +{ + PyObject *result; /* Construction à retourner */ + PyTypeObject *base; /* Modèle d'objet à créer */ + PyObject *attrib; /* Attribut à constituer */ + int ret; /* Bilan d'une mise en place */ + PyObject *sub; /* Sous-construction #1 */ + bool is_32b; /* Format en version 32 bits ? */ + const image_data_directory_t *directories; /* Répertoires à charger */ + uint32_t number_of_rva_and_sizes; /* Quantité de ces répertoires */ + uint32_t i; /* Boucle de parcours */ + PyObject *dirs; /* Répertoires de données */ + PyObject *subsub; /* Sous-construction #2 */ + + base = get_python_py_struct_type(); + + result = PyObject_CallFunction((PyObject *)base, NULL); + assert(result != NULL); + +#define TRANSLATE_IMAGE_NT_HEADERS_FIELD(_f) \ + do \ + { \ + attrib = PyLong_FromUnsignedLongLong(header->_f); \ + ret = PyDict_SetItemString(result, #_f, attrib); \ + Py_DECREF(attrib); \ + if (ret != 0) goto failed; \ + } \ + while (0); + + TRANSLATE_IMAGE_NT_HEADERS_FIELD(signature); + + /* Partie file_header */ + + sub = PyObject_CallFunction((PyObject *)base, NULL); + assert(sub != NULL); + +#define TRANSLATE_IMAGE_FILE_HEADER_FIELD(_f) \ + do \ + { \ + attrib = PyLong_FromUnsignedLongLong(header->file_header._f); \ + ret = PyDict_SetItemString(sub, #_f, attrib); \ + Py_DECREF(attrib); \ + if (ret != 0) \ + { \ + Py_DECREF(sub); \ + goto failed; \ + } \ + } \ + while (0); + + TRANSLATE_IMAGE_FILE_HEADER_FIELD(machine); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(number_of_sections); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(time_date_stamp); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(pointer_to_symbol_table); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(number_of_symbols); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(size_of_optional_header); + TRANSLATE_IMAGE_FILE_HEADER_FIELD(characteristics); + + ret = PyDict_SetItemString(result, "file_header", sub); + Py_DECREF(sub); + if (ret != 0) goto failed; + + /* Partie optional_header */ + + sub = PyObject_CallFunction((PyObject *)base, NULL); + assert(sub != NULL); + + is_32b = g_pe_format_get_is_32b(format); + +#define TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(_f) \ + do \ + { \ + if (is_32b) \ + attrib = PyLong_FromUnsignedLongLong(header->optional_header.header_32._f); \ + else \ + attrib = PyLong_FromUnsignedLongLong(header->optional_header.header_64._f); \ + ret = PyDict_SetItemString(sub, #_f, attrib); \ + Py_DECREF(attrib); \ + if (ret != 0) \ + { \ + Py_DECREF(sub); \ + goto failed; \ + } \ + } \ + while (0); + +#define TRANSLATE_IMAGE_OPTIONAL_HEADER_32B_FIELD(_f) \ + do \ + { \ + attrib = PyLong_FromUnsignedLongLong(header->optional_header.header_32._f); \ + ret = PyDict_SetItemString(sub, #_f, attrib); \ + Py_DECREF(attrib); \ + if (ret != 0) \ + { \ + Py_DECREF(sub); \ + goto failed; \ + } \ + } \ + while (0); + + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(magic); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(major_linker_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(minor_linker_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_code); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_initialized_data); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_uninitialized_data); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(address_of_entry_point); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(base_of_code); + if (is_32b) TRANSLATE_IMAGE_OPTIONAL_HEADER_32B_FIELD(base_of_data); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(image_base); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(section_alignment); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(file_alignment); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(major_operating_system_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(minor_operating_system_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(major_image_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(minor_image_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(major_subsystem_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(minor_subsystem_version); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(win32_version_value); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_image); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_headers); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(checksum); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(subsystem); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(dll_characteristics); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_stack_reserve); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_stack_commit); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_heap_reserve); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(size_of_heap_commit); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(loader_flags); + TRANSLATE_IMAGE_OPTIONAL_HEADER_FIELD(number_of_rva_and_sizes); + + ret = PyDict_SetItemString(result, "optional_header", sub); + Py_DECREF(sub); + if (ret != 0) goto failed; + + /* Répertoires de données */ + + if (is_32b) + { + directories = header->optional_header.header_32.data_directory; + number_of_rva_and_sizes = header->optional_header.header_32.number_of_rva_and_sizes; + } + else + { + directories = header->optional_header.header_64.data_directory; + number_of_rva_and_sizes = header->optional_header.header_64.number_of_rva_and_sizes; + } + + dirs = PyTuple_New(number_of_rva_and_sizes); + + for (i = 0; i < number_of_rva_and_sizes; i++) + { + subsub = translate_pe_image_data_directory_to_python(format, directories + i); + if (subsub == NULL) break; + + ret = PyTuple_SetItem(dirs, i, subsub); + if (ret != 0) break; + + } + + if (i < number_of_rva_and_sizes) + goto failed_with_dirs; + + /** + * La fonction PyTuple_SetItem() comporte le prologue suivant : + * + * if (!PyTuple_Check(op) || Py_REFCNT(op) != 1) { + * Py_XDECREF(newitem); + * PyErr_BadInternalCall(); + * return -1; + * } + * + * Comme l'appel à PyDict_SetItemString() incrémente le compte de référence + * de dirs, il convient de le réaliser après la consitution de la liste. + */ + + ret = PyDict_SetItemString(sub, "directories", dirs); + if (ret != 0) goto failed_with_dirs; + + Py_DECREF(dirs); + + return result; + + failed_with_dirs: + + Py_DECREF(dirs); + + failed: + + Py_DECREF(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = format PE chargé sur lequel s'appuyer. * * dir = répertoire PE à décrire en Python. * * * * Description : Traduit un répertoire PE en Python. * @@ -129,7 +344,7 @@ PyObject *translate_pe_dos_header_to_python(GPeFormat *format, const image_dos_h * * ******************************************************************************/ -PyObject *translate_pe_image_data_directory_to_python(GPeFormat *format, const image_data_directory *dir) +PyObject *translate_pe_image_data_directory_to_python(GPeFormat *format, const image_data_directory_t *dir) { PyObject *result; /* Construction à retourner */ PyTypeObject *base; /* Modèle d'objet à créer */ @@ -146,6 +361,7 @@ PyObject *translate_pe_image_data_directory_to_python(GPeFormat *format, const i { \ attrib = PyLong_FromUnsignedLongLong(dir->_f); \ ret = PyDict_SetItemString(result, #_f, attrib); \ + Py_DECREF(attrib); \ if (ret != 0) goto failed; \ } \ while (0); @@ -167,6 +383,73 @@ PyObject *translate_pe_image_data_directory_to_python(GPeFormat *format, const i /****************************************************************************** * * * Paramètres : format = format PE chargé sur lequel s'appuyer. * +* header = en-tête de section à décrire en Python. * +* * +* Description : Traduit une section PE en Python. * +* * +* Retour : Structure mise en place ou NULL en cas d'erreur. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *translate_pe_section_header_to_python(GPeFormat *format, const image_section_header_t *header) +{ + PyObject *result; /* Construction à retourner */ + PyTypeObject *base; /* Modèle d'objet à créer */ + PyObject *attrib; /* Attribut à constituer */ + int ret; /* Bilan d'une mise en place */ + + base = get_python_py_struct_type(); + + result = PyObject_CallFunction((PyObject *)base, NULL); + assert(result != NULL); + + /* Nom de la section */ + + attrib = PyBytes_FromStringAndSize(header->name, IMAGE_SIZEOF_SHORT_NAME); + + ret = PyDict_SetItemString(result, "name", attrib); + Py_DECREF(attrib); + + if (ret != 0) goto failed; + + /* Eléments classiques */ + +#define TRANSLATE_IMAGE_SECTION_HEADER_FIELD(_f) \ + do \ + { \ + attrib = PyLong_FromUnsignedLongLong(header->_f); \ + ret = PyDict_SetItemString(result, #_f, attrib); \ + Py_DECREF(attrib); \ + if (ret != 0) goto failed; \ + } \ + while (0); + + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(virtual_size); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(virtual_address); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(size_of_raw_data); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(pointer_to_raw_data); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(pointer_to_relocations); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(pointer_to_line_numbers); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(number_of_relocations); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(number_of_line_numbers); + TRANSLATE_IMAGE_SECTION_HEADER_FIELD(characteristics); + + return result; + + failed: + + Py_DECREF(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = format PE chargé sur lequel s'appuyer. * * id = ensemble d'informations à décrire en Python. * * * * Description : Traduit une série d'informations enrichies en Python. * @@ -194,6 +477,7 @@ PyObject *translate_pe_comp_id_to_python(GPeFormat *format, const comp_id_t *id) { \ attrib = PyLong_FromUnsignedLongLong(id->_f); \ ret = PyDict_SetItemString(result, #_f, attrib); \ + Py_DECREF(attrib); \ if (ret != 0) goto failed; \ } \ while (0); diff --git a/plugins/pe/python/translate.h b/plugins/pe/python/translate.h index dbde6c8..e12b4ae 100644 --- a/plugins/pe/python/translate.h +++ b/plugins/pe/python/translate.h @@ -35,10 +35,16 @@ /* Traduit un en-tête MS-DOS en Python. */ -PyObject *translate_pe_dos_header_to_python(GPeFormat *, const image_dos_header *); +PyObject *translate_pe_dos_header_to_python(GPeFormat *, const image_dos_header_t *); + +/* Traduit un en-tête PE en Python. */ +PyObject *translate_pe_nt_headers_to_python(GPeFormat *, const image_nt_headers_t *); /* Traduit un répertoire PE en Python. */ -PyObject *translate_pe_image_data_directory_to_python(GPeFormat *, const image_data_directory *); +PyObject *translate_pe_image_data_directory_to_python(GPeFormat *, const image_data_directory_t *); + +/* Traduit une section PE en Python. */ +PyObject *translate_pe_section_header_to_python(GPeFormat *, const image_section_header_t *); /* Traduit une série d'informations enrichies en Python. */ PyObject *translate_pe_comp_id_to_python(GPeFormat *, const comp_id_t *); |