/* OpenIDA - Outil d'analyse de fichiers binaires
* e_pe.c - support du format Portable Executable
*
* Copyright (C) 2008 Cyrille Bagard
*
* This file is part of OpenIDA.
*
* OpenIDA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* OpenIDA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Foobar. If not, see .
*/
#include "e_pe.h"
#include
#include
#include "pe-int.h"
/******************************************************************************
* *
* Paramètres : content = contenu binaire à parcourir. *
* length = taille du contenu en question. *
* *
* Description : Indique si le format peut être pris en charge ici. *
* *
* Retour : true si la réponse est positive, false sinon. *
* *
* Remarques : - *
* *
******************************************************************************/
bool pe_is_matching(const uint8_t *content, off_t length)
{
bool result; /* Bilan à faire connaître */
image_dos_header dos_header; /* En-tête DOS */
result = false;
if (length >= 2)
{
result = (strncmp((const char *)content, "\x4d\x5a" /* MZ */, 2) == 0);
result &= length >= sizeof(image_dos_header);
}
if (result)
{
memcpy(&dos_header, content, sizeof(image_dos_header));
result = length >= (dos_header.e_lfanew + 4);
result &= (strncmp((const char *)&content[dos_header.e_lfanew],
"\x50\x45\x00\x00" /* PE00 */, 4) == 0);
}
return result;
}
/******************************************************************************
* *
* Paramètres : content = contenu binaire à parcourir. *
* length = taille du contenu en question. *
* *
* Description : Prend en charge une nouvelle classe PE. *
* *
* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.*
* *
* Remarques : - *
* *
******************************************************************************/
exe_format *load_pe(const uint8_t *content, off_t length)
{
pe_format *result; /* Adresse à retourner */
off_t pos; /* Point d'analyse */
result = (pe_format *)calloc(1, sizeof(pe_format));
EXE_FORMAT(result)->content = content;
EXE_FORMAT(result)->length = length;
pos = 0;
return EXE_FORMAT(result);
ldp_error:
unload_pe(result);
return NULL;
}
/******************************************************************************
* *
* Paramètres : format = description de l'exécutable à supprimer. *
* *
* Description : Efface la prise en charge une nouvelle classe PE. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
void unload_pe(pe_format *format)
{
free(format);
}