forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpe_image_reader_win.h
164 lines (130 loc) · 5.99 KB
/
pe_image_reader_win.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_COMMON_SAFE_BROWSING_PE_IMAGE_READER_WIN_H_
#define CHROME_COMMON_SAFE_BROWSING_PE_IMAGE_READER_WIN_H_
#include <stddef.h>
#include <stdint.h>
#include <windows.h>
#include <memory>
#include "base/macros.h"
namespace safe_browsing {
// Parses headers and various data from a PE image. This parser is safe for use
// on untrusted data.
class PeImageReader {
public:
enum WordSize {
WORD_SIZE_32,
WORD_SIZE_64,
};
// A callback invoked by EnumCertificates once for each attribute certificate
// entry in the image's attribute certificate table. |revision| and
// |certificate_type| identify the contents of |certificate_data| (which is of
// |certificate_data_size| bytes). |context| is the value provided by the
// caller to EnumCertificates(). Implementations must return true to continue
// the enumeration, or false to abort.
typedef bool (*EnumCertificatesCallback)(uint16_t revision,
uint16_t certificate_type,
const uint8_t* certificate_data,
size_t certificate_data_size,
void* context);
PeImageReader();
~PeImageReader();
// Returns false if the given data does not appear to be a valid PE image.
bool Initialize(const uint8_t* image_data, size_t image_size);
// Returns the machine word size for the image.
WordSize GetWordSize();
const IMAGE_DOS_HEADER* GetDosHeader();
const IMAGE_FILE_HEADER* GetCoffFileHeader();
// Returns a pointer to the optional header and its size.
const uint8_t* GetOptionalHeaderData(size_t* optional_data_size);
size_t GetNumberOfSections();
const IMAGE_SECTION_HEADER* GetSectionHeaderAt(size_t index);
// Returns a pointer to the image's export data (.edata) section and its size,
// or NULL if the section is not present.
const uint8_t* GetExportSection(size_t* section_size);
size_t GetNumberOfDebugEntries();
const IMAGE_DEBUG_DIRECTORY* GetDebugEntry(size_t index,
const uint8_t** raw_data,
size_t* raw_data_size);
// Invokes |callback| once per attribute certificate entry. |context| is a
// caller-specific value that is passed to |callback|. Returns true if all
// certificate entries are visited (even if there are no such entries) and
// |callback| returns true for each. Conversely, returns |false| if |callback|
// returns false or if the image is malformed in any way.
bool EnumCertificates(EnumCertificatesCallback callback,
void* context);
// Returns the size of the image file.
DWORD GetSizeOfImage();
private:
// Bits indicating what portions of the image have been validated.
enum ValidationStages {
VALID_DOS_HEADER = 1 << 0,
VALID_PE_SIGNATURE = 1 << 1,
VALID_COFF_FILE_HEADER = 1 << 2,
VALID_OPTIONAL_HEADER = 1 << 3,
VALID_SECTION_HEADERS = 1 << 4,
};
// An interface to an image's optional header.
class OptionalHeader {
public:
virtual ~OptionalHeader() {}
virtual WordSize GetWordSize() = 0;
// Returns the offset of the DataDirectory member relative to the start of
// the optional header.
virtual size_t GetDataDirectoryOffset() = 0;
// Returns the number of entries in the data directory.
virtual DWORD GetDataDirectorySize() = 0;
// Returns a pointer to the first data directory entry.
virtual const IMAGE_DATA_DIRECTORY* GetDataDirectoryEntries() = 0;
// Returns the size of the image file.
virtual DWORD GetSizeOfImage() = 0;
};
template<class OPTIONAL_HEADER_TYPE>
class OptionalHeaderImpl;
void Clear();
bool ValidateDosHeader();
bool ValidatePeSignature();
bool ValidateCoffFileHeader();
bool ValidateOptionalHeader();
bool ValidateSectionHeaders();
// Return a pointer to the first byte of the image's optional header.
const uint8_t* GetOptionalHeaderStart();
size_t GetOptionalHeaderSize();
// Returns the desired directory entry, or NULL if |index| is out of bounds.
const IMAGE_DATA_DIRECTORY* GetDataDirectoryEntryAt(size_t index);
// Returns the header for the section that contains the given address, or NULL
// if the address is out of bounds or the image does not contain the section.
const IMAGE_SECTION_HEADER* FindSectionFromRva(uint32_t relative_address);
// Returns a pointer to the |data_length| bytes referenced by the |index|'th
// data directory entry.
const uint8_t* GetImageData(size_t index, size_t* data_length);
// Populates |structure| with a pointer to a desired structure of type T at
// the given offset if the image is sufficiently large to contain it. Returns
// false if the structure does not fully fit within the image at the given
// offset.
template<typename T> bool GetStructureAt(size_t offset, const T** structure) {
return GetStructureAt(offset, sizeof(**structure), structure);
}
// Populates |structure| with a pointer to a desired structure of type T at
// the given offset if the image is sufficiently large to contain
// |structure_size| bytes. Returns false if the structure does not fully fit
// within the image at the given offset.
template<typename T> bool GetStructureAt(size_t offset,
size_t structure_size,
const T** structure) {
if (offset > image_size_)
return false;
if (structure_size > image_size_ - offset)
return false;
*structure = reinterpret_cast<const T*>(image_data_ + offset);
return true;
}
const uint8_t* image_data_;
size_t image_size_;
uint32_t validation_state_;
std::unique_ptr<OptionalHeader> optional_header_;
DISALLOW_COPY_AND_ASSIGN(PeImageReader);
};
} // namespace safe_browsing
#endif // CHROME_COMMON_SAFE_BROWSING_PE_IMAGE_READER_WIN_H_