diff options
Diffstat (limited to 'src/format/pe/e_pe.c')
-rw-r--r-- | src/format/pe/e_pe.c | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/src/format/pe/e_pe.c b/src/format/pe/e_pe.c new file mode 100644 index 0000000..a10f075 --- /dev/null +++ b/src/format/pe/e_pe.c @@ -0,0 +1,138 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * e_pe.c - support du format Portable Executable + * + * Copyright (C) 2008 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "e_pe.h" + + +#include <malloc.h> +#include <string.h> + + +#include "pe-int.h" + + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* length = taille du contenu en question. * +* * +* Description : Indique si le format peut être pris en charge ici. * +* * +* Retour : true si la réponse est positive, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool pe_is_matching(const uint8_t *content, off_t length) +{ + bool result; /* Bilan à faire connaître */ + image_dos_header dos_header; /* En-tête DOS */ + + result = false; + + if (length >= 2) + { + result = (strncmp((const char *)content, "\x4d\x5a" /* MZ */, 2) == 0); + result &= length >= sizeof(image_dos_header); + } + + if (result) + { + memcpy(&dos_header, content, sizeof(image_dos_header)); + + result = length >= (dos_header.e_lfanew + 4); + + result &= (strncmp((const char *)&content[dos_header.e_lfanew], + "\x50\x45\x00\x00" /* PE00 */, 4) == 0); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* length = taille du contenu en question. * +* * +* Description : Prend en charge une nouvelle classe PE. * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +exe_format *load_pe(const uint8_t *content, off_t length) +{ + pe_format *result; /* Adresse à retourner */ + off_t pos; /* Point d'analyse */ + + result = (pe_format *)calloc(1, sizeof(pe_format)); + + EXE_FORMAT(result)->content = content; + EXE_FORMAT(result)->length = length; + + pos = 0; + + + + + + + return EXE_FORMAT(result); + + ldp_error: + + unload_pe(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à supprimer. * +* * +* Description : Efface la prise en charge une nouvelle classe PE. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void unload_pe(pe_format *format) +{ + + + + + free(format); + +} |