Rizin
unix-like reverse engineering framework and cli tools
Functions
pe_overlay.c File Reference
#include "pe.h"

Go to the source code of this file.

Functions

static void computeOverlayOffset (ut64 offset, ut64 size, ut64 file_size, ut64 *largest_offset, ut64 *largest_size)
 
int PE_() bin_pe_get_overlay (RzBinPEObj *bin, ut64 *size)
 
int PE_() bin_pe_init_overlay (RzBinPEObj *bin)
 

Function Documentation

◆ bin_pe_get_overlay()

int PE_() bin_pe_get_overlay ( RzBinPEObj bin,
ut64 size 
)

Definition at line 16 of file pe_overlay.c.

16  {
17  ut64 largest_offset = 0;
18  ut64 largest_size = 0;
19  *size = 0;
20  int i;
21 
22  if (!bin) {
23  return 0;
24  }
25 
26  if (bin->optional_header) {
27  computeOverlayOffset(
28  bin->nt_header_offset + 4 + sizeof(bin->nt_headers->file_header),
29  bin->nt_headers->file_header.SizeOfOptionalHeader,
30  bin->size,
31  &largest_offset,
32  &largest_size);
33  }
34 
35  struct rz_bin_pe_section_t *sects = bin->sections;
36  for (i = 0; !sects[i].last; i++) {
37  computeOverlayOffset(
38  sects[i].paddr,
39  sects[i].size,
40  bin->size,
41  &largest_offset,
42  &largest_size);
43  }
44 
45  if (bin->optional_header) {
46  for (i = 0; i < PE_IMAGE_DIRECTORY_ENTRIES; i++) {
47  if (i == PE_IMAGE_DIRECTORY_ENTRY_SECURITY) {
48  continue;
49  }
50 
51  computeOverlayOffset(
52  PE_(bin_pe_rva_to_paddr)(bin, bin->data_directory[i].VirtualAddress),
53  bin->data_directory[i].Size,
54  bin->size,
55  &largest_offset,
56  &largest_size);
57  }
58  }
59 
60  if ((ut64)bin->size > largest_offset + largest_size) {
61  *size = bin->size - largest_offset - largest_size;
62  return largest_offset + largest_size;
63  }
64  return 0;
65 }
i
lzma_index ** i
Definition: index.h:629
size
voidpf void uLong size
Definition: ioapi.h:138
bin_pe_rva_to_paddr
PE_DWord PE_() bin_pe_rva_to_paddr(RzBinPEObj *bin, PE_DWord rva)
Definition: pe.c:15
computeOverlayOffset
static void computeOverlayOffset(ut64 offset, ut64 size, ut64 file_size, ut64 *largest_offset, ut64 *largest_size)
Definition: pe_overlay.c:8
PE_
#define PE_(name)
Definition: pe_specs.h:23
PE_IMAGE_DIRECTORY_ENTRY_SECURITY
#define PE_IMAGE_DIRECTORY_ENTRY_SECURITY
Definition: pe_specs.h:147
PE_IMAGE_DIRECTORY_ENTRIES
#define PE_IMAGE_DIRECTORY_ENTRIES
Definition: pe_specs.h:142
bin
Definition: malloc.c:26
rz_bin_pe_section_t
Definition: pe.h:63
rz_bin_pe_section_t::paddr
ut64 paddr
Definition: pe.h:68
rz_bin_pe_section_t::last
int last
Definition: pe.h:71
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()

References bin_pe_rva_to_paddr(), computeOverlayOffset(), i, rz_bin_pe_section_t::last, rz_bin_pe_section_t::paddr, PE_, PE_IMAGE_DIRECTORY_ENTRIES, PE_IMAGE_DIRECTORY_ENTRY_SECURITY, and ut64().

Referenced by bin_pe_init_overlay().

◆ bin_pe_init_overlay()

int PE_() bin_pe_init_overlay ( RzBinPEObj bin)

Definition at line 67 of file pe_overlay.c.

67  {
68  ut64 pe_overlay_size;
69  ut64 pe_overlay_offset = PE_(bin_pe_get_overlay)(bin, &pe_overlay_size);
70  if (pe_overlay_offset) {
71  sdb_num_set(bin->kv, "pe_overlay.offset", pe_overlay_offset, 0);
72  sdb_num_set(bin->kv, "pe_overlay.size", pe_overlay_size, 0);
73  }
74  return 0;
75 }
sdb_num_set
RZ_API int sdb_num_set(Sdb *s, const char *key, ut64 v, ut32 cas)
Definition: num.c:25
bin_pe_get_overlay
int PE_() bin_pe_get_overlay(RzBinPEObj *bin, ut64 *size)
Definition: pe_overlay.c:16

References bin_pe_get_overlay(), PE_, sdb_num_set(), and ut64().

Referenced by bin_pe_init().

◆ computeOverlayOffset()

static void computeOverlayOffset ( ut64  offset,
ut64  size,
ut64  file_size,
ut64 largest_offset,
ut64 largest_size 
)
static

Definition at line 8 of file pe_overlay.c.

8  {
9  if (offset + size <= file_size && offset + size > (*largest_offset + *largest_size)) {
10  *largest_offset = offset;
11  *largest_size = size;
12  }
13 }
offset
voidpf uLong offset
Definition: ioapi.h:144

Referenced by bin_pe_get_overlay().