├── .gitignore ├── LIEF ├── include │ ├── LIEF │ │ ├── Abstract │ │ │ ├── Abstract.hpp │ │ │ ├── Binary.hpp │ │ │ ├── EnumToString.hpp │ │ │ ├── Header.hpp │ │ │ ├── Parser.hpp │ │ │ ├── Relocation.hpp │ │ │ ├── Section.hpp │ │ │ ├── Symbol.hpp │ │ │ ├── enums.hpp │ │ │ └── type_traits.hpp │ │ ├── BinaryStream │ │ │ ├── BinaryStream.hpp │ │ │ └── VectorStream.hpp │ │ ├── Builder.hpp │ │ ├── ELF.h │ │ ├── ELF.hpp │ │ ├── ELF │ │ │ ├── Binary.h │ │ │ ├── Binary.hpp │ │ │ ├── Builder.hpp │ │ │ ├── DataHandler │ │ │ │ ├── Handler.hpp │ │ │ │ └── Node.hpp │ │ │ ├── DynamicEntry.h │ │ │ ├── DynamicEntry.hpp │ │ │ ├── DynamicEntryArray.hpp │ │ │ ├── DynamicEntryFlags.hpp │ │ │ ├── DynamicEntryLibrary.hpp │ │ │ ├── DynamicEntryRpath.hpp │ │ │ ├── DynamicEntryRunPath.hpp │ │ │ ├── DynamicSharedObject.hpp │ │ │ ├── EnumToString.h │ │ │ ├── EnumToString.hpp │ │ │ ├── GnuHash.hpp │ │ │ ├── Header.h │ │ │ ├── Header.hpp │ │ │ ├── Note.hpp │ │ │ ├── Parser.hpp │ │ │ ├── Relocation.hpp │ │ │ ├── RelocationSizes.hpp │ │ │ ├── Relocations │ │ │ │ ├── AArch64.def │ │ │ │ ├── ARM.def │ │ │ │ ├── Hexagon.def │ │ │ │ ├── Mips.def │ │ │ │ ├── PowerPC.def │ │ │ │ ├── PowerPC64.def │ │ │ │ ├── Sparc.def │ │ │ │ ├── SystemZ.def │ │ │ │ ├── i386.def │ │ │ │ └── x86_64.def │ │ │ ├── Section.h │ │ │ ├── Section.hpp │ │ │ ├── Segment.h │ │ │ ├── Segment.hpp │ │ │ ├── Structures.hpp │ │ │ ├── Symbol.h │ │ │ ├── Symbol.hpp │ │ │ ├── SymbolVersion.hpp │ │ │ ├── SymbolVersionAux.hpp │ │ │ ├── SymbolVersionAuxRequirement.hpp │ │ │ ├── SymbolVersionDefinition.hpp │ │ │ ├── SymbolVersionRequirement.hpp │ │ │ ├── SysvHash.hpp │ │ │ ├── enums.h │ │ │ ├── enums.hpp │ │ │ ├── structures.h │ │ │ ├── type_traits.hpp │ │ │ ├── utils.h │ │ │ └── utils.hpp │ │ ├── LIEF.h │ │ ├── LIEF.hpp │ │ ├── MachO.h │ │ ├── MachO.hpp │ │ ├── MachO │ │ │ ├── Binary.h │ │ │ ├── Binary.hpp │ │ │ ├── BinaryParser.hpp │ │ │ ├── BindingInfo.hpp │ │ │ ├── Builder.hpp │ │ │ ├── DyldInfo.hpp │ │ │ ├── DylibCommand.hpp │ │ │ ├── DylinkerCommand.hpp │ │ │ ├── DynamicSymbolCommand.hpp │ │ │ ├── EnumToString.h │ │ │ ├── EnumToString.hpp │ │ │ ├── ExportInfo.hpp │ │ │ ├── FatBinary.hpp │ │ │ ├── FunctionStarts.hpp │ │ │ ├── Header.h │ │ │ ├── Header.hpp │ │ │ ├── LoadCommand.h │ │ │ ├── LoadCommand.hpp │ │ │ ├── MainCommand.hpp │ │ │ ├── Parser.hpp │ │ │ ├── Relocation.hpp │ │ │ ├── RelocationDyld.hpp │ │ │ ├── RelocationObject.hpp │ │ │ ├── Section.h │ │ │ ├── Section.hpp │ │ │ ├── Segment.h │ │ │ ├── SegmentCommand.hpp │ │ │ ├── SourceVersion.hpp │ │ │ ├── Structures.hpp │ │ │ ├── Symbol.h │ │ │ ├── Symbol.hpp │ │ │ ├── SymbolCommand.hpp │ │ │ ├── ThreadCommand.hpp │ │ │ ├── UUIDCommand.hpp │ │ │ ├── VersionMin.hpp │ │ │ ├── enums.h │ │ │ ├── enums.hpp │ │ │ ├── structures.h │ │ │ ├── type_traits.hpp │ │ │ ├── undef.h │ │ │ └── utils.hpp │ │ ├── PE.h │ │ ├── PE.hpp │ │ ├── PE │ │ │ ├── AuxiliarySymbol.hpp │ │ │ ├── Binary.h │ │ │ ├── Binary.hpp │ │ │ ├── Builder.hpp │ │ │ ├── CodeIntegrity.hpp │ │ │ ├── DataDirectory.h │ │ │ ├── DataDirectory.hpp │ │ │ ├── Debug.hpp │ │ │ ├── DosHeader.h │ │ │ ├── DosHeader.hpp │ │ │ ├── EnumToString.h │ │ │ ├── EnumToString.hpp │ │ │ ├── Export.hpp │ │ │ ├── ExportEntry.hpp │ │ │ ├── Header.h │ │ │ ├── Header.hpp │ │ │ ├── Import.h │ │ │ ├── Import.hpp │ │ │ ├── ImportEntry.h │ │ │ ├── ImportEntry.hpp │ │ │ ├── LoadConfigurations.hpp │ │ │ ├── LoadConfigurations │ │ │ │ ├── LoadConfiguration.hpp │ │ │ │ ├── LoadConfigurationV0.hpp │ │ │ │ ├── LoadConfigurationV1.hpp │ │ │ │ ├── LoadConfigurationV2.hpp │ │ │ │ ├── LoadConfigurationV3.hpp │ │ │ │ ├── LoadConfigurationV4.hpp │ │ │ │ ├── LoadConfigurationV5.hpp │ │ │ │ ├── LoadConfigurationV6.hpp │ │ │ │ └── LoadConfigurationV7.hpp │ │ │ ├── OptionalHeader.h │ │ │ ├── OptionalHeader.hpp │ │ │ ├── Parser.hpp │ │ │ ├── Relocation.hpp │ │ │ ├── RelocationEntry.hpp │ │ │ ├── ResourceData.hpp │ │ │ ├── ResourceDirectory.hpp │ │ │ ├── ResourceNode.hpp │ │ │ ├── ResourcesManager.hpp │ │ │ ├── RichEntry.hpp │ │ │ ├── RichHeader.hpp │ │ │ ├── Section.h │ │ │ ├── Section.hpp │ │ │ ├── Structures.hpp │ │ │ ├── Symbol.hpp │ │ │ ├── TLS.hpp │ │ │ ├── enums.h │ │ │ ├── enums.hpp │ │ │ ├── resources │ │ │ │ ├── LangCodeItem.hpp │ │ │ │ ├── ResourceDialog.hpp │ │ │ │ ├── ResourceDialogItem.hpp │ │ │ │ ├── ResourceFixedFileInfo.hpp │ │ │ │ ├── ResourceIcon.hpp │ │ │ │ ├── ResourceStringFileInfo.hpp │ │ │ │ ├── ResourceVarFileInfo.hpp │ │ │ │ └── ResourceVersion.hpp │ │ │ ├── signature │ │ │ │ ├── AuthenticatedAttributes.hpp │ │ │ │ ├── ContentInfo.hpp │ │ │ │ ├── OIDToString.hpp │ │ │ │ ├── Signature.hpp │ │ │ │ ├── SignatureParser.hpp │ │ │ │ ├── SignerInfo.hpp │ │ │ │ ├── types.hpp │ │ │ │ └── x509.hpp │ │ │ ├── structures.h │ │ │ ├── type_traits.hpp │ │ │ ├── undef.h │ │ │ └── utils.hpp │ │ ├── Visitable.hpp │ │ ├── Visitor.hpp │ │ ├── config.h │ │ ├── exception.hpp │ │ ├── filesystem │ │ │ ├── filesystem.h │ │ │ ├── fwd.h │ │ │ ├── path.h │ │ │ └── resolver.h │ │ ├── iostream.hpp │ │ ├── iterators.hpp │ │ ├── json.hpp │ │ ├── logging.hpp │ │ ├── to_json.hpp │ │ ├── types.h │ │ ├── types.hpp │ │ ├── utf8.h │ │ ├── utf8 │ │ │ ├── checked.h │ │ │ ├── core.h │ │ │ └── unchecked.h │ │ ├── utils.hpp │ │ ├── version.h │ │ ├── visibility.h │ │ └── visitors │ │ │ ├── Hash.hpp │ │ │ ├── elf_json.hpp │ │ │ ├── json.hpp │ │ │ └── pe_json.hpp │ └── json.hpp ├── lib │ └── libLIEF.a └── share │ └── LIEF │ ├── cmake │ └── FindLIEF.cmake │ └── examples │ ├── c │ ├── elf_reader.c │ ├── macho_reader.c │ └── pe_reader.c │ ├── cmake │ ├── external_project │ │ ├── CMakeLists.txt │ │ ├── README.rst │ │ └── main.cpp │ └── find_package │ │ ├── CMakeLists.txt │ │ ├── README.rst │ │ └── main.cpp │ ├── cpp │ ├── abstract_reader.cpp │ ├── benchmark.cpp │ ├── elf_add_section.cpp │ ├── elf_builder.cpp │ ├── elf_reader.cpp │ ├── elf_section_rename.cpp │ ├── elf_strip.cpp │ ├── elf_symbols.cpp │ ├── logging.cpp │ ├── macho_builder.cpp │ ├── macho_instrumentation.cpp │ ├── macho_reader.cpp │ ├── pe_builder.cpp │ └── pe_reader.cpp │ └── python │ ├── abstract_json.py │ ├── abstract_reader.py │ ├── change_elf_interpreter.py │ ├── elf_json.py │ ├── elf_reader.py │ ├── elf_remove_section_table.py │ ├── elf_symbol_obfuscation.py │ ├── elf_unstrip.py │ ├── entropy.py │ ├── keygen │ ├── KeygenMe │ └── lief_patch.py │ ├── library_symbols_obfuscation │ ├── Makefile │ ├── README.md │ ├── binadd.c │ ├── libadd.c │ ├── libadd.h │ └── obfu.py │ ├── macho_reader.py │ ├── nm.py │ ├── pe_authenticode.py │ ├── pe_from_scratch.py │ ├── pe_json.py │ ├── pe_reader.py │ └── pe_resources_manager.py ├── README.md ├── uuid-modifier.xcodeproj ├── project.pbxproj ├── project.xcworkspace │ ├── contents.xcworkspacedata │ └── xcshareddata │ │ └── IDEWorkspaceChecks.plist └── xcshareddata │ └── xcschemes │ └── uuid-modifier.xcscheme └── uuid-modifier └── main.cpp /.gitignore: -------------------------------------------------------------------------------- 1 | # Xcode 2 | # 3 | # gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore 4 | 5 | ## Build generated 6 | build/ 7 | DerivedData/ 8 | 9 | ## Various settings 10 | *.pbxuser 11 | !default.pbxuser 12 | *.mode1v3 13 | !default.mode1v3 14 | *.mode2v3 15 | !default.mode2v3 16 | *.perspectivev3 17 | !default.perspectivev3 18 | xcuserdata/ 19 | 20 | ## Other 21 | *.moved-aside 22 | *.xccheckout 23 | *.xcscmblueprint 24 | 25 | ## Obj-C/Swift specific 26 | *.hmap 27 | *.ipa 28 | *.dSYM.zip 29 | *.dSYM 30 | 31 | # CocoaPods 32 | # 33 | # We recommend against adding the Pods directory to your .gitignore. However 34 | # you should judge for yourself, the pros and cons are mentioned at: 35 | # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control 36 | # 37 | # Pods/ 38 | # 39 | # Add this line if you want to avoid checking in source code from the Xcode workspace 40 | # *.xcworkspace 41 | 42 | # Carthage 43 | # 44 | # Add this line if you want to avoid checking in source code from Carthage dependencies. 45 | # Carthage/Checkouts 46 | 47 | Carthage/Build 48 | 49 | # fastlane 50 | # 51 | # It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the 52 | # screenshots whenever they are needed. 53 | # For more information about the recommended setup visit: 54 | # https://docs.fastlane.tools/best-practices/source-control/#source-control 55 | 56 | fastlane/report.xml 57 | fastlane/Preview.html 58 | fastlane/screenshots/**/*.png 59 | fastlane/test_output 60 | 61 | # Code Injection 62 | # 63 | # After new code Injection tools there's a generated folder /iOSInjectionProject 64 | # https://github.com/johnno1962/injectionforxcode 65 | 66 | iOSInjectionProject/ 67 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/Abstract.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ABSTRACT_H_ 17 | #define LIEF_ABSTRACT_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/EnumToString.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ENUM_TO_STRING_H 17 | #define LIEF_ENUM_TO_STRING_H 18 | #include "LIEF/visibility.h" 19 | 20 | #include "LIEF/Abstract/enums.hpp" 21 | 22 | namespace LIEF { 23 | DLL_PUBLIC const char* to_string(EXE_FORMATS e); 24 | DLL_PUBLIC const char* to_string(ARCHITECTURES e); 25 | DLL_PUBLIC const char* to_string(OBJECT_TYPES e); 26 | DLL_PUBLIC const char* to_string(MODES e); 27 | DLL_PUBLIC const char* to_string(ENDIANNESS e); 28 | } // namespace LIEF 29 | 30 | #endif 31 | 32 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/Header.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ABSTRACT_HEADER_H_ 17 | #define LIEF_ABSTRACT_HEADER_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/Visitable.hpp" 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | #include "LIEF/Abstract/enums.hpp" 27 | 28 | namespace LIEF { 29 | class DLL_PUBLIC Header : public Visitable { 30 | public: 31 | Header(void); 32 | Header(const Header&); 33 | Header& operator=(const Header&); 34 | virtual ~Header(void); 35 | 36 | 37 | ARCHITECTURES architecture(void) const; 38 | const std::set& modes(void) const; 39 | OBJECT_TYPES object_type(void) const; 40 | uint64_t entrypoint(void) const; 41 | ENDIANNESS endianness(void) const; 42 | 43 | 44 | //! @brief ``true`` if the binary target a ``32-bits`` architecture 45 | bool is_32(void) const; 46 | 47 | //! @brief ``true`` if the binary target a ``64-bits`` architecture 48 | bool is_64(void) const; 49 | 50 | //! @brief Method so that the ``visitor`` can visit us 51 | virtual void accept(Visitor& visitor) const override; 52 | 53 | void architecture(ARCHITECTURES arch); 54 | void modes(const std::set& m); 55 | void object_type(OBJECT_TYPES type); 56 | void entrypoint(uint64_t entrypoint); 57 | void endianness(ENDIANNESS endianness); 58 | 59 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const Header& hdr); 60 | 61 | protected: 62 | ARCHITECTURES architecture_; 63 | std::set modes_; 64 | OBJECT_TYPES object_type_; 65 | uint64_t entrypoint_; 66 | ENDIANNESS endianness_; 67 | 68 | 69 | }; 70 | } 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/Parser.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ABSTRACT_BUILDER_H_ 17 | #define LIEF_ABSTRACT_BUILDER_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/Abstract/Binary.hpp" 23 | 24 | #include "LIEF/visibility.h" 25 | 26 | namespace LIEF { 27 | class DLL_PUBLIC Parser 28 | { 29 | public: 30 | //! @brief Construct an LIEF::Binary from the given filename 31 | //! 32 | //! @warning If the target file is a FAT Mach0, it will 33 | //! return the **last** one 34 | //! @see LIEF::MachO::Parser::parse 35 | static Binary* parse(const std::string& filename); 36 | 37 | 38 | //! @brief Construct an LIEF::Binary from the given raw data 39 | //! 40 | //! @warning If the target file is a FAT Mach0, it will 41 | //! return the **last** one 42 | //! @see LIEF::MachO::Parser::parse 43 | static Binary* parse(const std::vector& raw, const std::string& name = ""); 44 | 45 | protected: 46 | Parser(const std::string& file); 47 | uint64_t binary_size_; 48 | std::string binary_name_; 49 | 50 | ~Parser(void); 51 | Parser(void); 52 | 53 | }; 54 | } 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/Symbol.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ABSTRACT_SYMBOLS_H_ 17 | #define LIEF_ABSTRACT_SYMBOLS_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/Visitable.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | namespace LIEF { 25 | class DLL_PUBLIC Symbol : public Visitable { 26 | public: 27 | Symbol(void); 28 | Symbol(const std::string& name); 29 | Symbol(const Symbol&); 30 | Symbol& operator=(const Symbol&); 31 | virtual ~Symbol(void); 32 | 33 | //! @brief Return symbol name 34 | virtual const std::string& name(void) const; 35 | 36 | //! @brief Set symbol name 37 | virtual void name(const std::string& name); 38 | 39 | //! @brief Method so that the ``visitor`` can visit us 40 | virtual void accept(Visitor& visitor) const override; 41 | 42 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const Symbol& entry); 43 | 44 | protected: 45 | std::string name_; 46 | }; 47 | } 48 | 49 | #endif 50 | 51 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/enums.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ABSTRACT_ENUMS_H_ 17 | #define LIEF_ABSTRACT_ENUMS_H_ 18 | 19 | #include "LIEF/types.hpp" 20 | 21 | namespace LIEF { 22 | 23 | enum EXE_FORMATS { 24 | FORMAT_UNKNOWN = 0, 25 | FORMAT_ELF = 1, 26 | FORMAT_PE = 2, 27 | FORMAT_MACHO = 3, 28 | }; 29 | 30 | enum OBJECT_TYPES { 31 | TYPE_NONE = 0, 32 | TYPE_EXECUTABLE = 1, 33 | TYPE_LIBRARY = 2, 34 | TYPE_OBJECT = 3, 35 | }; 36 | 37 | // Inspired from capstone 38 | enum ARCHITECTURES { 39 | ARCH_NONE = 0, 40 | ARCH_ARM = 1, 41 | ARCH_ARM64 = 2, 42 | ARCH_MIPS = 3, 43 | ARCH_X86 = 4, 44 | ARCH_PPC = 5, 45 | ARCH_SPARC = 6, 46 | ARCH_SYSZ = 7, 47 | ARCH_XCORE = 8, 48 | ARCH_INTEL = 9, 49 | }; 50 | 51 | enum MODES { 52 | MODE_NONE = 0, 53 | MODE_16 = 1, 54 | MODE_32 = 2, 55 | MODE_64 = 3, 56 | MODE_ARM = 4, 57 | MODE_THUMB = 5, 58 | MODE_MCLASS = 6, 59 | MODE_MICRO = 7, 60 | MODE_MIPS3 = 8, 61 | MODE_MIPS32R6 = 9, 62 | MODE_MIPSGP64 = 10, 63 | MODE_V7 = 11, 64 | MODE_V8 = 12, 65 | MODE_V9 = 13, 66 | MODE_MIPS32 = 14, 67 | MODE_MIPS64 = 15, 68 | }; 69 | 70 | enum ENDIANNESS { 71 | ENDIAN_NONE = 0, 72 | ENDIAN_BIG = 1, 73 | ENDIAN_LITTLE = 2, 74 | }; 75 | 76 | 77 | 78 | 79 | 80 | } // namespace LIEF 81 | #endif 82 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Abstract/type_traits.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEf_TYPE_TRAITS_H_ 17 | #define LIEf_TYPE_TRAITS_H_ 18 | #include 19 | #include "LIEF/iterators.hpp" 20 | namespace LIEF { 21 | class Symbol; 22 | class Section; 23 | class Relocation; 24 | 25 | using sections_t = std::vector; 26 | using it_sections = ref_iterator; 27 | using it_const_sections = const_ref_iterator; 28 | 29 | using symbols_t = std::vector; 30 | using it_symbols = ref_iterator; 31 | using it_const_symbols = const_ref_iterator; 32 | 33 | using relocations_t = std::vector; ///< Container used to transfert abstract relocations from binary formats 34 | using it_relocations = ref_iterator; ///< Iterator over Abstract LIEF::Relocation (read only) 35 | using it_const_relocations = const_ref_iterator; ///< Iterator over Abstract LIEF::Relocation (read/write) 36 | 37 | } 38 | #endif 39 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/BinaryStream/VectorStream.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef VECTOR_BINARY_STREAM_H 17 | #define VECTOR_BINARY_STREAM_H 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/BinaryStream/BinaryStream.hpp" 23 | 24 | class VectorStream : public BinaryStream { 25 | public: 26 | //using BinaryStream::read_integer; 27 | VectorStream(const std::string& filename); 28 | VectorStream(const std::vector& data); 29 | 30 | virtual uint64_t size(void) const override; 31 | virtual const void* read(uint64_t offset, uint64_t size) const override; 32 | virtual const char* read_string(uint64_t offset, uint64_t size = 0) const override; 33 | virtual std::string get_string(uint64_t offset, uint64_t size = 0) const override; 34 | 35 | const std::vector& content(void) const; 36 | 37 | private: 38 | std::vector binary_; 39 | uint64_t size_; 40 | }; 41 | 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Builder.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_BUILDER_H_ 17 | #define LIEF_BUILDER_H_ 18 | 19 | class Parser { 20 | public: 21 | virtual Parser(void) = 0; 22 | }; 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_H_ 17 | #define C_LIEF_ELF_H_ 18 | 19 | //! @defgroup elf_c_api ELF C API 20 | 21 | #include "LIEF/ELF/Binary.h" 22 | #include "LIEF/ELF/Symbol.h" 23 | #include "LIEF/ELF/Section.h" 24 | #include "LIEF/ELF/Header.h" 25 | #include "LIEF/ELF/DynamicEntry.h" 26 | #include "LIEF/ELF/EnumToString.h" 27 | #include "LIEF/ELF/utils.h" 28 | #endif 29 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_H_ 17 | #define LIEF_ELF_H_ 18 | 19 | #include "LIEF/ELF/Parser.hpp" 20 | #include "LIEF/ELF/Header.hpp" 21 | #include "LIEF/ELF/Section.hpp" 22 | #include "LIEF/ELF/Binary.hpp" 23 | #include "LIEF/ELF/utils.hpp" 24 | #include "LIEF/ELF/Segment.hpp" 25 | #include "LIEF/ELF/Builder.hpp" 26 | #include "LIEF/ELF/EnumToString.hpp" 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Binary.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_BINARY_H_ 17 | #define C_LIEF_ELF_BINARY_H_ 18 | 19 | /** @defgroup elf_binary_c_api Binary 20 | * @ingroup elf_c_api 21 | * @addtogroup elf_binary_c_api 22 | * @brief Binary C API 23 | * 24 | * @{ 25 | */ 26 | 27 | #include 28 | 29 | #include "LIEF/visibility.h" 30 | 31 | #include "LIEF/ELF/enums.h" 32 | 33 | #include "LIEF/ELF/Section.h" 34 | #include "LIEF/ELF/Segment.h" 35 | #include "LIEF/ELF/Header.h" 36 | #include "LIEF/ELF/DynamicEntry.h" 37 | #include "LIEF/ELF/Symbol.h" 38 | 39 | #ifdef __cplusplus 40 | extern "C" { 41 | #endif 42 | 43 | /** @brief LIEF::ELF::Binary C Handler */ 44 | struct Elf_Binary_t { 45 | void* handler; 46 | const char* name; 47 | const char* interpreter; 48 | enum ELF_CLASS type; 49 | Elf_Header_t header; 50 | Elf_Section_t **sections; 51 | Elf_Segment_t **segments; 52 | Elf_DynamicEntry_t **dynamic_entries; 53 | Elf_Symbol_t **dynamic_symbols; 54 | Elf_Symbol_t **static_symbols; 55 | }; 56 | 57 | typedef struct Elf_Binary_t Elf_Binary_t; 58 | 59 | /** @brief Wrapper for LIEF::ELF::Parser::parse */ 60 | DLL_PUBLIC Elf_Binary_t* elf_parse(const char *file); 61 | 62 | DLL_PUBLIC void elf_binary_destroy(Elf_Binary_t* binary); 63 | 64 | /* ELF::Binary methods 65 | * ================== 66 | */ 67 | 68 | /** @brief Update LIEF::ELF::Header object */ 69 | DLL_PUBLIC int elf_binary_save_header(Elf_Binary_t* binary); 70 | 71 | 72 | 73 | #ifdef __cplusplus 74 | } 75 | #endif 76 | 77 | 78 | /** @} */ 79 | #endif 80 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DataHandler/Handler.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef ELF_DATA_HANDLER_HANDLER_H_ 17 | #define ELF_DATA_HANDLER_HANDLER_H_ 18 | 19 | #include "LIEF/ELF/DataHandler/Node.hpp" 20 | #include "LIEF/visibility.h" 21 | #include "LIEF/utils.hpp" 22 | #include 23 | 24 | namespace LIEF { 25 | namespace ELF { 26 | namespace DataHandler { 27 | class DLL_PUBLIC Handler { 28 | public: 29 | static constexpr size_t MAX_SIZE = 1_GB; 30 | Handler(const std::vector& content); 31 | Handler(std::vector&& content); 32 | ~Handler(void); 33 | 34 | Handler& operator=(const Handler&); 35 | Handler(const Handler&); 36 | 37 | const std::vector& content(void) const; 38 | std::vector& content(void); 39 | 40 | Node& add(const Node& node); 41 | 42 | bool has(uint64_t offset, uint64_t size, Node::Type type); 43 | 44 | Node& get(uint64_t offset, uint64_t size, Node::Type type); 45 | 46 | Node& create(uint64_t offset, uint64_t size, Node::Type type); 47 | 48 | void remove(uint64_t offset, uint64_t size, Node::Type type); 49 | 50 | void make_hole(uint64_t offset, uint64_t size); 51 | 52 | void reserve(uint64_t offset, uint64_t size); 53 | 54 | private: 55 | Handler(void); 56 | std::vector data_; 57 | std::vector nodes_; 58 | }; 59 | } // namespace DataHandler 60 | } // namespace ELF 61 | } // namespace LIEF 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DataHandler/Node.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef ELF_DATA_HANDLER_NODE_H_ 17 | #define ELF_DATA_HANDLER_NODE_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/types.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | namespace LIEF { 25 | namespace ELF { 26 | namespace DataHandler { 27 | class DLL_PUBLIC Node { 28 | public: 29 | enum Type : uint8_t { 30 | SECTION = 0, 31 | SEGMENT = 1, 32 | UNKNOWN = 2 33 | }; 34 | Node(void); 35 | Node(uint64_t offset, uint64_t size, Type type); 36 | 37 | Node& operator=(const Node&); 38 | Node(const Node&); 39 | 40 | uint64_t size(void) const; 41 | uint64_t offset(void) const; 42 | Type type(void) const; 43 | 44 | void size(uint64_t size); 45 | void type(Type type); 46 | void offset(uint64_t offset); 47 | 48 | bool operator==(const Node& rhs) const; 49 | bool operator!=(const Node& rhs) const; 50 | 51 | bool operator<(const Node& rhs) const; 52 | bool operator<=(const Node& rhs) const; 53 | 54 | bool operator>(const Node& rhs) const; 55 | bool operator>=(const Node& rhs) const; 56 | 57 | private: 58 | uint64_t size_; 59 | uint64_t offset_; 60 | Type type_; 61 | }; 62 | 63 | } // namespace DataHandler 64 | } // namespace ELF 65 | } // namespace LIEF 66 | 67 | #endif 68 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DynamicEntry.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_DYNAMIC_ENTRY_H_ 17 | #define LIEF_ELF_DYNAMIC_ENTRY_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/Visitable.hpp" 25 | 26 | #include "LIEF/ELF/Structures.hpp" 27 | 28 | namespace LIEF { 29 | namespace ELF { 30 | 31 | class DLL_PUBLIC DynamicEntry : public Visitable { 32 | public: 33 | 34 | DynamicEntry(const Elf64_Dyn* header); 35 | DynamicEntry(const Elf32_Dyn* header); 36 | DynamicEntry(void); 37 | DynamicEntry(DYNAMIC_TAGS tag, uint64_t value); 38 | 39 | DynamicEntry& operator=(const DynamicEntry&); 40 | DynamicEntry(const DynamicEntry&); 41 | virtual ~DynamicEntry(void); 42 | 43 | DYNAMIC_TAGS tag(void) const; 44 | uint64_t value(void) const; 45 | 46 | void tag(DYNAMIC_TAGS tag); 47 | void value(uint64_t value); 48 | 49 | virtual const std::string& name(void) const; 50 | virtual void name(const std::string& name); 51 | 52 | virtual std::vector& array(void); 53 | virtual void array(const std::vector& array); 54 | 55 | virtual void accept(Visitor& visitor) const override; 56 | 57 | virtual std::ostream& print(std::ostream& os) const; 58 | 59 | bool operator==(const DynamicEntry& rhs) const; 60 | bool operator!=(const DynamicEntry& rhs) const; 61 | 62 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const DynamicEntry& entry); 63 | 64 | protected: 65 | DYNAMIC_TAGS tag_; 66 | uint64_t value_; 67 | }; 68 | } 69 | } 70 | #endif 71 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DynamicEntryArray.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_DYNAMIC_ENTRY_ARRAY_H_ 17 | #define LIEF_ELF_DYNAMIC_ENTRY_ARRAY_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/visibility.h" 22 | 23 | #include "LIEF/ELF/DynamicEntry.hpp" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | class DLL_PUBLIC DynamicEntryArray : public DynamicEntry { 28 | 29 | public: 30 | using DynamicEntry::DynamicEntry; 31 | DynamicEntryArray(const Elf64_Dyn* header); 32 | DynamicEntryArray(const Elf32_Dyn* header); 33 | DynamicEntryArray(void); 34 | 35 | DynamicEntryArray& operator=(const DynamicEntryArray&); 36 | DynamicEntryArray(const DynamicEntryArray&); 37 | 38 | virtual std::vector& array(void) override; 39 | const std::vector& array(void) const; 40 | virtual void array(const std::vector& array) override; 41 | 42 | //! @brief Insert the given callback at ``pos`` 43 | DynamicEntryArray& insert(size_t pos, uint64_t callback); 44 | 45 | //! @brief Append the given callback 46 | DynamicEntryArray& append(uint64_t callback); 47 | 48 | //! @brief Remove the given callback 49 | DynamicEntryArray& remove(uint64_t callback); 50 | 51 | //! @brief Number of callback registred 52 | size_t size(void) const; 53 | 54 | DynamicEntryArray& operator+=(uint64_t value); 55 | DynamicEntryArray& operator-=(uint64_t value); 56 | 57 | const uint64_t& operator[](size_t idx) const; 58 | uint64_t& operator[](size_t idx); 59 | 60 | //! @brief Method so that the ``visitor`` can visit us 61 | virtual void accept(Visitor& visitor) const override; 62 | 63 | virtual std::ostream& print(std::ostream& os) const override; 64 | 65 | private: 66 | std::vector array_; 67 | }; 68 | } 69 | } 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DynamicEntryFlags.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_DYNAMIC_ENTRY_FLAGS_H_ 17 | #define LIEF_ELF_DYNAMIC_ENTRY_FLAGS_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/visibility.h" 22 | 23 | #include "LIEF/ELF/type_traits.hpp" 24 | #include "LIEF/ELF/DynamicEntry.hpp" 25 | 26 | namespace LIEF { 27 | namespace ELF { 28 | class DLL_PUBLIC DynamicEntryFlags : public DynamicEntry { 29 | 30 | public: 31 | using DynamicEntry::DynamicEntry; 32 | DynamicEntryFlags(void); 33 | 34 | DynamicEntryFlags& operator=(const DynamicEntryFlags&); 35 | DynamicEntryFlags(const DynamicEntryFlags&); 36 | 37 | //! @brief If the current entry has the given DYNAMIC_FLAGS 38 | bool has(DYNAMIC_FLAGS f) const; 39 | 40 | //! @brief If the current entry has the given DYNAMIC_FLAGS_1 41 | bool has(DYNAMIC_FLAGS_1 f) const; 42 | 43 | //! @brief Return flags as a list of integers 44 | dynamic_flags_list_t flags(void) const; 45 | 46 | //! @brief Add the given DYNAMIC_FLAGS 47 | void add(DYNAMIC_FLAGS f); 48 | 49 | //! @brief Add the given DYNAMIC_FLAGS_1 50 | void add(DYNAMIC_FLAGS_1 f); 51 | 52 | //! @brief Remove the given DYNAMIC_FLAGS 53 | void remove(DYNAMIC_FLAGS f); 54 | 55 | //! @brief Remove the given DYNAMIC_FLAGS_1 56 | void remove(DYNAMIC_FLAGS_1 f); 57 | 58 | DynamicEntryFlags& operator+=(DYNAMIC_FLAGS f); 59 | DynamicEntryFlags& operator+=(DYNAMIC_FLAGS_1 f); 60 | 61 | DynamicEntryFlags& operator-=(DYNAMIC_FLAGS f); 62 | DynamicEntryFlags& operator-=(DYNAMIC_FLAGS_1 f); 63 | 64 | //! @brief Method so that the ``visitor`` can visit us 65 | virtual void accept(Visitor& visitor) const override; 66 | 67 | virtual std::ostream& print(std::ostream& os) const override; 68 | }; 69 | } 70 | } 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DynamicEntryLibrary.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_DYNAMIC_ENTRY_LIBRARY_H_ 17 | #define LIEF_ELF_DYNAMIC_ENTRY_LIBRARY_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/visibility.h" 22 | 23 | #include "LIEF/ELF/DynamicEntry.hpp" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | class DLL_PUBLIC DynamicEntryLibrary : public DynamicEntry { 28 | 29 | public: 30 | using DynamicEntry::DynamicEntry; 31 | 32 | DynamicEntryLibrary(const Elf64_Dyn* header); 33 | DynamicEntryLibrary(const Elf32_Dyn* header); 34 | DynamicEntryLibrary(void); 35 | DynamicEntryLibrary(const std::string& name = ""); 36 | 37 | DynamicEntryLibrary& operator=(const DynamicEntryLibrary&); 38 | DynamicEntryLibrary(const DynamicEntryLibrary&); 39 | 40 | virtual const std::string& name(void) const override; 41 | virtual void name(const std::string& name) override; 42 | 43 | virtual void accept(Visitor& visitor) const override; 44 | 45 | virtual std::ostream& print(std::ostream& os) const override; 46 | 47 | private: 48 | std::string libname_; 49 | }; 50 | } 51 | } 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/DynamicSharedObject.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_DYNAMIC_SHARED_OBJECT_H_ 17 | #define LIEF_ELF_DYNAMIC_SHARED_OBJECT_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/visibility.h" 22 | 23 | #include "LIEF/ELF/DynamicEntry.hpp" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | class DLL_PUBLIC DynamicSharedObject : public DynamicEntry { 28 | 29 | public: 30 | using DynamicEntry::DynamicEntry; 31 | 32 | DynamicSharedObject(const Elf64_Dyn* header); 33 | DynamicSharedObject(const Elf32_Dyn* header); 34 | DynamicSharedObject(void); 35 | DynamicSharedObject(const std::string& name); 36 | 37 | DynamicSharedObject& operator=(const DynamicSharedObject&); 38 | DynamicSharedObject(const DynamicSharedObject&); 39 | 40 | virtual const std::string& name(void) const override; 41 | virtual void name(const std::string& name) override; 42 | 43 | virtual void accept(Visitor& visitor) const override; 44 | 45 | virtual std::ostream& print(std::ostream& os) const override; 46 | 47 | private: 48 | std::string name_; 49 | }; 50 | } 51 | } 52 | #endif 53 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/EnumToString.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_ENUM_TO_STRING_H_ 17 | #define C_LIEF_ELF_ENUM_TO_STRING_H_ 18 | 19 | #include "LIEF/visibility.h" 20 | 21 | #include "LIEF/ELF/enums.h" 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | DLL_PUBLIC const char* SYMBOL_BINDINGS_to_string(enum SYMBOL_BINDINGS e); 28 | DLL_PUBLIC const char* E_TYPE_to_string(enum E_TYPE e); 29 | DLL_PUBLIC const char* VERSION_to_string(enum VERSION e); 30 | DLL_PUBLIC const char* ARCH_to_string(enum ARCH e); 31 | DLL_PUBLIC const char* SEGMENT_TYPES_to_string(enum SEGMENT_TYPES e); 32 | DLL_PUBLIC const char* DYNAMIC_TAGS_to_string(enum DYNAMIC_TAGS e); 33 | DLL_PUBLIC const char* ELF_SECTION_TYPES_to_string(enum ELF_SECTION_TYPES e); 34 | DLL_PUBLIC const char* ELF_SECTION_FLAGS_to_string(enum ELF_SECTION_FLAGS e); 35 | DLL_PUBLIC const char* ELF_SYMBOL_TYPES_to_string(enum ELF_SYMBOL_TYPES e); 36 | DLL_PUBLIC const char* ELF_CLASS_to_string(enum ELF_CLASS e); 37 | DLL_PUBLIC const char* ELF_DATA_to_string(enum ELF_DATA e); 38 | DLL_PUBLIC const char* OS_ABI_to_string(enum OS_ABI e); 39 | DLL_PUBLIC const char* DYNAMIC_FLAGS_to_string(enum DYNAMIC_FLAGS e); 40 | DLL_PUBLIC const char* DYNAMIC_FLAGS_1_to_string(enum DYNAMIC_FLAGS_1 e); 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Header.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_HEADER_H_ 17 | #define C_LIEF_ELF_HEADER_H_ 18 | #include 19 | 20 | #include "LIEF/ELF/enums.h" 21 | /** @defgroup elf_header_c_api Header 22 | * @ingroup elf_c_api 23 | * @addtogroup elf_header_c_api 24 | * @brief Header C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Elf_Header_t { 34 | uint8_t identity[EI_NIDENT]; 35 | enum E_TYPE file_type; 36 | enum ARCH machine_type; 37 | enum VERSION object_file_version; 38 | uint64_t entrypoint; 39 | uint64_t program_headers_offset; 40 | uint64_t section_headers_offset; 41 | uint32_t processor_flags; 42 | uint32_t header_size; 43 | uint32_t program_header_size; 44 | uint32_t numberof_segments; 45 | uint32_t section_header_size; 46 | uint32_t numberof_sections; 47 | uint32_t name_string_table_idx; 48 | }; 49 | 50 | typedef struct Elf_Header_t Elf_Header_t; 51 | 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | /** @} */ 58 | #endif 59 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Relocations/SystemZ.def: -------------------------------------------------------------------------------- 1 | 2 | #ifndef ELF_RELOC 3 | #error "ELF_RELOC must be defined" 4 | #endif 5 | 6 | ELF_RELOC(R_390_NONE, 0) 7 | ELF_RELOC(R_390_8, 1) 8 | ELF_RELOC(R_390_12, 2) 9 | ELF_RELOC(R_390_16, 3) 10 | ELF_RELOC(R_390_32, 4) 11 | ELF_RELOC(R_390_PC32, 5) 12 | ELF_RELOC(R_390_GOT12, 6) 13 | ELF_RELOC(R_390_GOT32, 7) 14 | ELF_RELOC(R_390_PLT32, 8) 15 | ELF_RELOC(R_390_COPY, 9) 16 | ELF_RELOC(R_390_GLOB_DAT, 10) 17 | ELF_RELOC(R_390_JMP_SLOT, 11) 18 | ELF_RELOC(R_390_RELATIVE, 12) 19 | ELF_RELOC(R_390_GOTOFF, 13) 20 | ELF_RELOC(R_390_GOTPC, 14) 21 | ELF_RELOC(R_390_GOT16, 15) 22 | ELF_RELOC(R_390_PC16, 16) 23 | ELF_RELOC(R_390_PC16DBL, 17) 24 | ELF_RELOC(R_390_PLT16DBL, 18) 25 | ELF_RELOC(R_390_PC32DBL, 19) 26 | ELF_RELOC(R_390_PLT32DBL, 20) 27 | ELF_RELOC(R_390_GOTPCDBL, 21) 28 | ELF_RELOC(R_390_64, 22) 29 | ELF_RELOC(R_390_PC64, 23) 30 | ELF_RELOC(R_390_GOT64, 24) 31 | ELF_RELOC(R_390_PLT64, 25) 32 | ELF_RELOC(R_390_GOTENT, 26) 33 | ELF_RELOC(R_390_GOTOFF16, 27) 34 | ELF_RELOC(R_390_GOTOFF64, 28) 35 | ELF_RELOC(R_390_GOTPLT12, 29) 36 | ELF_RELOC(R_390_GOTPLT16, 30) 37 | ELF_RELOC(R_390_GOTPLT32, 31) 38 | ELF_RELOC(R_390_GOTPLT64, 32) 39 | ELF_RELOC(R_390_GOTPLTENT, 33) 40 | ELF_RELOC(R_390_PLTOFF16, 34) 41 | ELF_RELOC(R_390_PLTOFF32, 35) 42 | ELF_RELOC(R_390_PLTOFF64, 36) 43 | ELF_RELOC(R_390_TLS_LOAD, 37) 44 | ELF_RELOC(R_390_TLS_GDCALL, 38) 45 | ELF_RELOC(R_390_TLS_LDCALL, 39) 46 | ELF_RELOC(R_390_TLS_GD32, 40) 47 | ELF_RELOC(R_390_TLS_GD64, 41) 48 | ELF_RELOC(R_390_TLS_GOTIE12, 42) 49 | ELF_RELOC(R_390_TLS_GOTIE32, 43) 50 | ELF_RELOC(R_390_TLS_GOTIE64, 44) 51 | ELF_RELOC(R_390_TLS_LDM32, 45) 52 | ELF_RELOC(R_390_TLS_LDM64, 46) 53 | ELF_RELOC(R_390_TLS_IE32, 47) 54 | ELF_RELOC(R_390_TLS_IE64, 48) 55 | ELF_RELOC(R_390_TLS_IEENT, 49) 56 | ELF_RELOC(R_390_TLS_LE32, 50) 57 | ELF_RELOC(R_390_TLS_LE64, 51) 58 | ELF_RELOC(R_390_TLS_LDO32, 52) 59 | ELF_RELOC(R_390_TLS_LDO64, 53) 60 | ELF_RELOC(R_390_TLS_DTPMOD, 54) 61 | ELF_RELOC(R_390_TLS_DTPOFF, 55) 62 | ELF_RELOC(R_390_TLS_TPOFF, 56) 63 | ELF_RELOC(R_390_20, 57) 64 | ELF_RELOC(R_390_GOT20, 58) 65 | ELF_RELOC(R_390_GOTPLT20, 59) 66 | ELF_RELOC(R_390_TLS_GOTIE20, 60) 67 | ELF_RELOC(R_390_IRELATIVE, 61) 68 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Relocations/i386.def: -------------------------------------------------------------------------------- 1 | 2 | #ifndef ELF_RELOC 3 | #error "ELF_RELOC must be defined" 4 | #endif 5 | 6 | /* TODO: this is just a subset */ 7 | ELF_RELOC(R_386_NONE, 0) 8 | ELF_RELOC(R_386_32, 1) 9 | ELF_RELOC(R_386_PC32, 2) 10 | ELF_RELOC(R_386_GOT32, 3) 11 | ELF_RELOC(R_386_PLT32, 4) 12 | ELF_RELOC(R_386_COPY, 5) 13 | ELF_RELOC(R_386_GLOB_DAT, 6) 14 | ELF_RELOC(R_386_JUMP_SLOT, 7) 15 | ELF_RELOC(R_386_RELATIVE, 8) 16 | ELF_RELOC(R_386_GOTOFF, 9) 17 | ELF_RELOC(R_386_GOTPC, 10) 18 | ELF_RELOC(R_386_32PLT, 11) 19 | ELF_RELOC(R_386_TLS_TPOFF, 14) 20 | ELF_RELOC(R_386_TLS_IE, 15) 21 | ELF_RELOC(R_386_TLS_GOTIE, 16) 22 | ELF_RELOC(R_386_TLS_LE, 17) 23 | ELF_RELOC(R_386_TLS_GD, 18) 24 | ELF_RELOC(R_386_TLS_LDM, 19) 25 | ELF_RELOC(R_386_16, 20) 26 | ELF_RELOC(R_386_PC16, 21) 27 | ELF_RELOC(R_386_8, 22) 28 | ELF_RELOC(R_386_PC8, 23) 29 | ELF_RELOC(R_386_TLS_GD_32, 24) 30 | ELF_RELOC(R_386_TLS_GD_PUSH, 25) 31 | ELF_RELOC(R_386_TLS_GD_CALL, 26) 32 | ELF_RELOC(R_386_TLS_GD_POP, 27) 33 | ELF_RELOC(R_386_TLS_LDM_32, 28) 34 | ELF_RELOC(R_386_TLS_LDM_PUSH, 29) 35 | ELF_RELOC(R_386_TLS_LDM_CALL, 30) 36 | ELF_RELOC(R_386_TLS_LDM_POP, 31) 37 | ELF_RELOC(R_386_TLS_LDO_32, 32) 38 | ELF_RELOC(R_386_TLS_IE_32, 33) 39 | ELF_RELOC(R_386_TLS_LE_32, 34) 40 | ELF_RELOC(R_386_TLS_DTPMOD32, 35) 41 | ELF_RELOC(R_386_TLS_DTPOFF32, 36) 42 | ELF_RELOC(R_386_TLS_TPOFF32, 37) 43 | ELF_RELOC(R_386_TLS_GOTDESC, 39) 44 | ELF_RELOC(R_386_TLS_DESC_CALL, 40) 45 | ELF_RELOC(R_386_TLS_DESC, 41) 46 | ELF_RELOC(R_386_IRELATIVE, 42) 47 | ELF_RELOC(R_386_NUM, 43) 48 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Relocations/x86_64.def: -------------------------------------------------------------------------------- 1 | 2 | #ifndef ELF_RELOC 3 | #error "ELF_RELOC must be defined" 4 | #endif 5 | 6 | ELF_RELOC(R_X86_64_NONE, 0) 7 | ELF_RELOC(R_X86_64_64, 1) 8 | ELF_RELOC(R_X86_64_PC32, 2) 9 | ELF_RELOC(R_X86_64_GOT32, 3) 10 | ELF_RELOC(R_X86_64_PLT32, 4) 11 | ELF_RELOC(R_X86_64_COPY, 5) 12 | ELF_RELOC(R_X86_64_GLOB_DAT, 6) 13 | ELF_RELOC(R_X86_64_JUMP_SLOT, 7) 14 | ELF_RELOC(R_X86_64_RELATIVE, 8) 15 | ELF_RELOC(R_X86_64_GOTPCREL, 9) 16 | ELF_RELOC(R_X86_64_32, 10) 17 | ELF_RELOC(R_X86_64_32S, 11) 18 | ELF_RELOC(R_X86_64_16, 12) 19 | ELF_RELOC(R_X86_64_PC16, 13) 20 | ELF_RELOC(R_X86_64_8, 14) 21 | ELF_RELOC(R_X86_64_PC8, 15) 22 | ELF_RELOC(R_X86_64_DTPMOD64, 16) 23 | ELF_RELOC(R_X86_64_DTPOFF64, 17) 24 | ELF_RELOC(R_X86_64_TPOFF64, 18) 25 | ELF_RELOC(R_X86_64_TLSGD, 19) 26 | ELF_RELOC(R_X86_64_TLSLD, 20) 27 | ELF_RELOC(R_X86_64_DTPOFF32, 21) 28 | ELF_RELOC(R_X86_64_GOTTPOFF, 22) 29 | ELF_RELOC(R_X86_64_TPOFF32, 23) 30 | ELF_RELOC(R_X86_64_PC64, 24) 31 | ELF_RELOC(R_X86_64_GOTOFF64, 25) 32 | ELF_RELOC(R_X86_64_GOTPC32, 26) 33 | ELF_RELOC(R_X86_64_GOT64, 27) 34 | ELF_RELOC(R_X86_64_GOTPCREL64, 28) 35 | ELF_RELOC(R_X86_64_GOTPC64, 29) 36 | ELF_RELOC(R_X86_64_GOTPLT64, 30) 37 | ELF_RELOC(R_X86_64_PLTOFF64, 31) 38 | ELF_RELOC(R_X86_64_SIZE32, 32) 39 | ELF_RELOC(R_X86_64_SIZE64, 33) 40 | ELF_RELOC(R_X86_64_GOTPC32_TLSDESC, 34) 41 | ELF_RELOC(R_X86_64_TLSDESC_CALL, 35) 42 | ELF_RELOC(R_X86_64_TLSDESC, 36) 43 | ELF_RELOC(R_X86_64_IRELATIVE, 37) 44 | 45 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Section.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_SECTION_H_ 17 | #define C_LIEF_ELF_SECTION_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/ELF/enums.h" 22 | 23 | /** @defgroup elf_section_c_api Section 24 | * @ingroup elf_c_api 25 | * @addtogroup elf_section_c_api 26 | * @brief Section C API 27 | * 28 | * @{ 29 | */ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | struct Elf_Section_t { 36 | const char* name; 37 | uint32_t flags; 38 | enum ELF_SECTION_TYPES type; 39 | uint64_t virtual_address; 40 | uint64_t offset; 41 | uint64_t original_size; 42 | uint32_t link; 43 | uint32_t info; 44 | uint64_t alignment; 45 | uint64_t entry_size; 46 | uint64_t size; 47 | uint8_t* content; 48 | double entropy; 49 | }; 50 | 51 | typedef struct Elf_Section_t Elf_Section_t; 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | /** @} */ 58 | #endif 59 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Segment.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_SEGMENT_H_ 17 | #define C_LIEF_ELF_SEGMENT_H_ 18 | 19 | #include 20 | #include "LIEF/ELF/enums.h" 21 | 22 | /** @defgroup elf_segment_c_api Segment 23 | * @ingroup elf_c_api 24 | * @addtogroup elf_segment_c_api 25 | * @brief Segment C API 26 | * 27 | * @{ 28 | */ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | struct Elf_Segment_t { 35 | enum SEGMENT_TYPES type; 36 | uint32_t flags; 37 | uint64_t virtual_address; 38 | uint64_t virtual_size; 39 | uint64_t offset; 40 | uint64_t alignment; 41 | uint64_t size; 42 | uint8_t* content; 43 | }; 44 | 45 | typedef struct Elf_Segment_t Elf_Segment_t; 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | /** @} */ 52 | #endif 53 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/Symbol.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_SYMBOL_H_ 17 | #define C_LIEF_ELF_SYMBOL_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/ELF/enums.h" 22 | #include "LIEF/types.h" 23 | /* @defgroup elf_symbol_c_api Symbol 24 | * @ingroup elf_c_api 25 | * @addtogroup elf_symbol_c_api 26 | * @brief Symbol C API 27 | * 28 | * @{ 29 | */ 30 | 31 | #ifdef __cplusplus 32 | extern "C" { 33 | #endif 34 | 35 | struct Elf_Symbol_t { 36 | const char* name; 37 | enum ELF_SYMBOL_TYPES type; 38 | enum SYMBOL_BINDINGS binding; 39 | uint8_t information; 40 | uint8_t other; 41 | uint16_t shndx; 42 | uint64_t value; 43 | uint64_t size; 44 | bool is_exported; /**< Whether or not the symbol is exported */ 45 | bool is_imported; /**< Whether or not the symbol is imported */ 46 | }; 47 | 48 | typedef struct Elf_Symbol_t Elf_Symbol_t; 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | /** @} */ 55 | #endif 56 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/SymbolVersion.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_SYMBOL_VERSION_H_ 17 | #define LIEF_ELF_SYMBOL_VERSION_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "LIEF/Visitable.hpp" 25 | #include "LIEF/visibility.h" 26 | 27 | #include "LIEF/ELF/Structures.hpp" 28 | #include "LIEF/ELF/SymbolVersionAux.hpp" 29 | 30 | namespace LIEF { 31 | namespace ELF { 32 | class Parser; 33 | 34 | //! @brief Class which modelization of an entry defined in ``DT_VERSYM`` 35 | class DLL_PUBLIC SymbolVersion : public Visitable { 36 | friend class Parser; 37 | 38 | public: 39 | SymbolVersion(uint16_t value); 40 | SymbolVersion(void); 41 | virtual ~SymbolVersion(void); 42 | 43 | SymbolVersion& operator=(const SymbolVersion&); 44 | SymbolVersion(const SymbolVersion&); 45 | 46 | uint16_t value(void) const; 47 | bool has_auxiliary_version(void) const; 48 | SymbolVersionAux& symbol_version_auxiliary(void); 49 | const SymbolVersionAux& symbol_version_auxiliary(void) const; 50 | 51 | void value(uint16_t v); 52 | 53 | virtual void accept(Visitor& visitor) const override; 54 | 55 | bool operator==(const SymbolVersion& rhs) const; 56 | bool operator!=(const SymbolVersion& rhs) const; 57 | 58 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const SymbolVersion& symv); 59 | 60 | private: 61 | uint16_t value_; 62 | SymbolVersionAux* symbol_aux_; 63 | }; 64 | } 65 | } 66 | #endif 67 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/SymbolVersionAux.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_SYMBOL_VERSION_AUX_H_ 17 | #define LIEF_ELF_SYMBOL_VERSION_AUX_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/Visitable.hpp" 23 | #include "LIEF/visibility.h" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | class Parser; 28 | 29 | //! @brief Class which modelize an Auxiliary Symbol version 30 | class DLL_PUBLIC SymbolVersionAux : public Visitable { 31 | friend class Parser; 32 | public: 33 | SymbolVersionAux(const std::string& name); 34 | SymbolVersionAux(void); 35 | virtual ~SymbolVersionAux(void); 36 | 37 | SymbolVersionAux& operator=(const SymbolVersionAux&); 38 | SymbolVersionAux(const SymbolVersionAux&); 39 | 40 | //! @brief Smybol's aux name (e.g. ``GLIBC_2.2.5``) 41 | const std::string& name(void) const; 42 | 43 | void name(const std::string& name); 44 | 45 | virtual void accept(Visitor& visitor) const override; 46 | 47 | bool operator==(const SymbolVersionAux& rhs) const; 48 | bool operator!=(const SymbolVersionAux& rhs) const; 49 | 50 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const SymbolVersionAux& symAux); 51 | 52 | protected: 53 | std::string name_; 54 | }; 55 | } 56 | } 57 | #endif 58 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/SysvHash.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_SYSV_HASH_H_ 17 | #define LIEF_ELF_SYSV_HASH_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/Visitable.hpp" 23 | #include "LIEF/visibility.h" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | 28 | class Parser; 29 | class Builder; 30 | class Binary; 31 | 32 | class DLL_PUBLIC SysvHash : public Visitable { 33 | 34 | friend class Parser; 35 | friend class Builder; 36 | friend class Binary; 37 | 38 | public: 39 | SysvHash(void); 40 | SysvHash& operator=(const SysvHash& copy); 41 | SysvHash(const SysvHash& copy); 42 | virtual ~SysvHash(void); 43 | 44 | //! @brief Return the number of buckets used 45 | uint32_t nbucket(void) const; 46 | 47 | //! @brief Return the number of chain used 48 | uint32_t nchain(void) const; 49 | 50 | //! @brief Buckets values 51 | const std::vector& buckets(void) const; 52 | 53 | //! @brief Chains values 54 | const std::vector& chains(void) const; 55 | 56 | bool operator==(const SysvHash& rhs) const; 57 | bool operator!=(const SysvHash& rhs) const; 58 | 59 | virtual void accept(Visitor& visitor) const override; 60 | 61 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const SysvHash& sysvhash); 62 | 63 | private: 64 | std::vector buckets_; 65 | std::vector chains_; 66 | 67 | }; 68 | 69 | 70 | } // namepsace ELF 71 | } // namespace LIEF 72 | 73 | #endif 74 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/utils.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_ELF_UTILS_H_ 17 | #define C_LIEF_ELF_UTILS_H_ 18 | 19 | /** @defgroup elf_utils_c_api Utils 20 | * @ingroup elf_c_api 21 | * @addtogroup elf_utils_c_api 22 | * @brief Utils C API 23 | * 24 | * @{ 25 | */ 26 | 27 | #include 28 | 29 | #include "LIEF/visibility.h" 30 | #include "LIEF/types.h" 31 | 32 | 33 | #ifdef __cplusplus 34 | extern "C" { 35 | #endif 36 | 37 | /** @brief Check if the given file is an ELF one. */ 38 | DLL_PUBLIC bool is_elf(const char* file); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | 45 | /** @} */ 46 | #endif 47 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/ELF/utils.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_ELF_UTILS_H_ 17 | #define LIEF_ELF_UTILS_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/types.hpp" 23 | #include "LIEF/visibility.h" 24 | 25 | namespace LIEF { 26 | namespace ELF { 27 | 28 | //! @brief Check if the given file is an ELF one. 29 | DLL_PUBLIC bool is_elf(const std::string& file); 30 | 31 | //! @brief check if the raw data is a ELF file 32 | DLL_PUBLIC bool is_elf(const std::vector& raw); 33 | 34 | DLL_PUBLIC unsigned long hash32(const char* name); 35 | DLL_PUBLIC unsigned long hash64(const char* name); 36 | DLL_PUBLIC uint32_t dl_new_hash(const char* name); 37 | 38 | 39 | } 40 | } 41 | 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/LIEF.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_H_ 17 | #define C_LIEF_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/LIEF.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MAIN_HEADER_H_ 17 | #define LIEF_MAIN_HEADER_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | #include 24 | 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_H_ 17 | #define C_LIEF_MACHO_H_ 18 | 19 | //! @defgroup macho_c_api MachO C API 20 | 21 | #include "LIEF/MachO/Binary.h" 22 | #include "LIEF/MachO/Symbol.h" 23 | #include "LIEF/MachO/Segment.h" 24 | #include "LIEF/MachO/Section.h" 25 | #include "LIEF/MachO/LoadCommand.h" 26 | #include "LIEF/MachO/Header.h" 27 | #include "LIEF/MachO/EnumToString.h" 28 | #endif 29 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_H_ 17 | #define LIEF_MACHO_H_ 18 | 19 | #include "LIEF/MachO/Parser.hpp" 20 | #include "LIEF/MachO/Builder.hpp" 21 | #include "LIEF/MachO/Binary.hpp" 22 | #include "LIEF/MachO/utils.hpp" 23 | #include "LIEF/MachO/RelocationObject.hpp" 24 | #include "LIEF/MachO/RelocationDyld.hpp" 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Binary.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_BINARY_H_ 17 | #define C_LIEF_MACHO_BINARY_H_ 18 | 19 | /** @defgroup macho_binary_c_api Binary 20 | * @ingroup macho_c_api 21 | * @addtogroup macho_binary_c_api 22 | * @brief Binary C API 23 | * 24 | * @{ 25 | */ 26 | 27 | #include 28 | 29 | #include "LIEF/visibility.h" 30 | 31 | #include "LIEF/MachO/Header.h" 32 | #include "LIEF/MachO/LoadCommand.h" 33 | #include "LIEF/MachO/Symbol.h" 34 | #include "LIEF/MachO/Section.h" 35 | #include "LIEF/MachO/Segment.h" 36 | #include "LIEF/MachO/enums.h" 37 | 38 | #ifdef __cplusplus 39 | extern "C" { 40 | #endif 41 | 42 | /** @brief LIEF::MachO::Binary C Handler */ 43 | struct Macho_Binary_t { 44 | void* handler; 45 | const char* name; 46 | uint64_t imagebase; 47 | Macho_Header_t header; 48 | Macho_Command_t** commands; 49 | Macho_Symbol_t** symbols; 50 | Macho_Section_t** sections; 51 | Macho_Segment_t** segments; 52 | 53 | }; 54 | 55 | typedef struct Macho_Binary_t Macho_Binary_t; 56 | 57 | /** @brief Wrapper on LIEF::MachO::Parser::parse */ 58 | DLL_PUBLIC Macho_Binary_t** macho_parse(const char *file); 59 | 60 | DLL_PUBLIC void macho_binaries_destroy(Macho_Binary_t** binaries); 61 | 62 | #ifdef __cplusplus 63 | } 64 | #endif 65 | 66 | 67 | /** @} */ 68 | #endif 69 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Builder.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_BUIDLER_H_ 17 | #define LIEF_MACHO_BUIDLER_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "LIEF/visibility.h" 25 | #include "LIEF/exception.hpp" 26 | 27 | #include "LIEF/MachO/Binary.hpp" 28 | #include "LIEF/MachO/EnumToString.hpp" 29 | 30 | namespace LIEF { 31 | namespace MachO { 32 | 33 | 34 | class DLL_PUBLIC Builder { 35 | public: 36 | Builder(Binary *binary); 37 | Builder(std::vector binaries); 38 | 39 | Builder(void) = delete; 40 | ~Builder(void); 41 | 42 | const std::vector& get_build(void); 43 | void write(const std::string& filename) const; 44 | static void write(Binary *binary, const std::string& filename); 45 | 46 | 47 | // private: 48 | void build(void); 49 | void build_header(void); 50 | void build_load_commands(void); 51 | 52 | template 53 | void build_segments(void); 54 | 55 | void build_uuid(void); 56 | 57 | template 58 | void build_symbols(void); 59 | 60 | std::vector binaries_; 61 | Binary* binary_; 62 | std::vector rawBinary_; 63 | }; 64 | 65 | } // namespace MachO 66 | } // namespace LIEF 67 | #endif 68 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/DylibCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_DYLIB_COMMAND_H_ 17 | #define LIEF_MACHO_DYLIB_COMMAND_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/types.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/MachO/LoadCommand.hpp" 25 | 26 | 27 | namespace LIEF { 28 | namespace MachO { 29 | class DLL_PUBLIC DylibCommand : public LoadCommand { 30 | public: 31 | DylibCommand(void); 32 | DylibCommand(const dylib_command *cmd); 33 | 34 | DylibCommand& operator=(const DylibCommand& copy); 35 | DylibCommand(const DylibCommand& copy); 36 | 37 | virtual ~DylibCommand(void); 38 | 39 | const std::string& name(void) const; 40 | uint32_t timestamp(void) const; 41 | uint32_t current_version(void) const; 42 | uint32_t compatibility_version(void) const; 43 | 44 | void name(const std::string& name); 45 | void timestamp(uint32_t timestamp); 46 | void current_version(uint32_t currentVersion); 47 | void compatibility_version(uint32_t compatibilityVersion); 48 | 49 | virtual std::ostream& print(std::ostream& os) const override; 50 | 51 | bool operator==(const DylibCommand& rhs) const; 52 | bool operator!=(const DylibCommand& rhs) const; 53 | 54 | virtual void accept(Visitor& visitor) const override; 55 | 56 | 57 | private: 58 | std::string name_; 59 | uint32_t timestamp_; 60 | uint32_t currentVersion_; 61 | uint32_t compatibilityVersion_; 62 | }; 63 | 64 | 65 | } 66 | } 67 | #endif 68 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/DylinkerCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_DYLINKER_COMMAND_H_ 17 | #define LIEF_MACHO_DYLINKER_COMMAND_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/types.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/MachO/LoadCommand.hpp" 25 | 26 | 27 | namespace LIEF { 28 | namespace MachO { 29 | class DLL_PUBLIC DylinkerCommand : public LoadCommand { 30 | public: 31 | DylinkerCommand(void); 32 | DylinkerCommand(const dylinker_command *cmd); 33 | 34 | DylinkerCommand& operator=(const DylinkerCommand& copy); 35 | DylinkerCommand(const DylinkerCommand& copy); 36 | 37 | virtual ~DylinkerCommand(void); 38 | 39 | virtual std::ostream& print(std::ostream& os) const override; 40 | 41 | const std::string& name(void) const; 42 | 43 | void name(const std::string& name); 44 | 45 | bool operator==(const DylinkerCommand& rhs) const; 46 | bool operator!=(const DylinkerCommand& rhs) const; 47 | 48 | virtual void accept(Visitor& visitor) const override; 49 | 50 | 51 | private: 52 | std::string name_; 53 | }; 54 | 55 | } 56 | } 57 | #endif 58 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/EnumToString.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_ENUM_TO_STRING_H_ 17 | #define C_LIEF_MACHO_ENUM_TO_STRING_H_ 18 | 19 | #include "LIEF/visibility.h" 20 | #include "LIEF/MachO/enums.h" 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | DLL_PUBLIC const char* LOAD_COMMAND_TYPES_to_string(enum LOAD_COMMAND_TYPES e); 27 | DLL_PUBLIC const char* MACHO_TYPES_to_string(enum MACHO_TYPES e); 28 | DLL_PUBLIC const char* FILE_TYPES_to_string(enum FILE_TYPES e); 29 | DLL_PUBLIC const char* CPU_TYPES_to_string(enum CPU_TYPES e); 30 | DLL_PUBLIC const char* HEADER_FLAGS_to_string(enum HEADER_FLAGS e); 31 | DLL_PUBLIC const char* MACHO_SECTION_TYPES_to_string(enum MACHO_SECTION_TYPES e); 32 | DLL_PUBLIC const char* MACHO_SYMBOL_TYPES_to_string(enum MACHO_SYMBOL_TYPES e); 33 | DLL_PUBLIC const char* N_LIST_TYPES_to_string(enum N_LIST_TYPES e); 34 | DLL_PUBLIC const char* SYMBOL_DESCRIPTIONS_to_string(enum SYMBOL_DESCRIPTIONS e); 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/EnumToString.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_ENUM_TO_STRING_H 17 | #define LIEF_MACHO_ENUM_TO_STRING_H 18 | #include "LIEF/visibility.h" 19 | 20 | #include "LIEF/MachO/Structures.hpp" 21 | 22 | namespace LIEF { 23 | namespace MachO { 24 | DLL_PUBLIC const char* to_string(LOAD_COMMAND_TYPES e); 25 | DLL_PUBLIC const char* to_string(MACHO_TYPES e); 26 | DLL_PUBLIC const char* to_string(FILE_TYPES e); 27 | DLL_PUBLIC const char* to_string(CPU_TYPES e); 28 | DLL_PUBLIC const char* to_string(HEADER_FLAGS e); 29 | DLL_PUBLIC const char* to_string(MACHO_SECTION_TYPES e); 30 | DLL_PUBLIC const char* to_string(MACHO_SECTION_FLAGS e); 31 | DLL_PUBLIC const char* to_string(MACHO_SYMBOL_TYPES e); 32 | DLL_PUBLIC const char* to_string(N_LIST_TYPES e); 33 | DLL_PUBLIC const char* to_string(SYMBOL_DESCRIPTIONS e); 34 | 35 | DLL_PUBLIC const char* to_string(X86_RELOCATION e); 36 | DLL_PUBLIC const char* to_string(X86_64_RELOCATION e); 37 | DLL_PUBLIC const char* to_string(PPC_RELOCATION e); 38 | DLL_PUBLIC const char* to_string(ARM_RELOCATION e); 39 | DLL_PUBLIC const char* to_string(ARM64_RELOCATION e); 40 | DLL_PUBLIC const char* to_string(RELOCATION_ORIGINS e); 41 | 42 | DLL_PUBLIC const char* to_string(REBASE_TYPES e); 43 | DLL_PUBLIC const char* to_string(BINDING_CLASS e); 44 | DLL_PUBLIC const char* to_string(REBASE_OPCODES e); 45 | DLL_PUBLIC const char* to_string(BIND_TYPES e); 46 | DLL_PUBLIC const char* to_string(BIND_SPECIAL_DYLIB e); 47 | DLL_PUBLIC const char* to_string(BIND_OPCODES e); 48 | DLL_PUBLIC const char* to_string(EXPORT_SYMBOL_KINDS e); 49 | DLL_PUBLIC const char* to_string(VM_PROTECTIONS e); 50 | 51 | } // namespace MachO 52 | } // namespace LIEF 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/ExportInfo.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_EXPORT_INFO_COMMAND_H_ 17 | #define LIEF_MACHO_EXPORT_INFO_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | 27 | namespace LIEF { 28 | namespace MachO { 29 | 30 | class BinaryParser; 31 | 32 | class DLL_PUBLIC ExportInfo : public Visitable { 33 | 34 | friend class BinaryParser; 35 | 36 | public: 37 | ExportInfo(void); 38 | ExportInfo(uint64_t address, uint64_t flags, uint64_t offset = 0); 39 | 40 | ExportInfo& operator=(ExportInfo copy); 41 | ExportInfo(const ExportInfo& copy); 42 | void swap(ExportInfo& other); 43 | 44 | uint64_t node_offset(void) const; 45 | 46 | uint64_t flags(void) const; 47 | void flags(uint64_t flags); 48 | 49 | uint64_t address(void) const; 50 | void address(uint64_t addr); 51 | 52 | bool has_symbol(void) const; 53 | 54 | const Symbol& symbol(void) const; 55 | Symbol& symbol(void); 56 | 57 | virtual ~ExportInfo(void); 58 | 59 | bool operator==(const ExportInfo& rhs) const; 60 | bool operator!=(const ExportInfo& rhs) const; 61 | 62 | virtual void accept(Visitor& visitor) const override; 63 | 64 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const ExportInfo& export_info); 65 | 66 | private: 67 | uint64_t node_offset_; 68 | uint64_t flags_; 69 | uint64_t address_; 70 | Symbol* symbol_; 71 | 72 | 73 | }; 74 | 75 | } 76 | } 77 | #endif 78 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/FatBinary.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_FAT_BINARY_H_ 17 | #define LIEF_MACHO_FAT_BINARY_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/types.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/MachO/Binary.hpp" 25 | 26 | 27 | namespace LIEF { 28 | class Parser; 29 | namespace MachO { 30 | 31 | class Parser; 32 | class Builder; 33 | 34 | class DLL_PUBLIC FatBinary { 35 | 36 | friend class LIEF::Parser; 37 | friend class Parser; 38 | friend class Builder; 39 | 40 | public: 41 | FatBinary(const FatBinary&) = delete; 42 | 43 | virtual ~FatBinary(void); 44 | 45 | //! @brief Number of @link MachO::Binary binary @endlink registred 46 | size_t size(void) const; 47 | 48 | it_binaries begin(void); 49 | it_const_binaries begin(void) const; 50 | 51 | it_binaries end(void); 52 | it_const_binaries end(void) const; 53 | 54 | Binary* pop_back(void); 55 | 56 | Binary& at(size_t index); 57 | const Binary& at(size_t index) const; 58 | 59 | Binary& back(void); 60 | const Binary& back(void) const; 61 | 62 | Binary& operator[](size_t index); 63 | const Binary& operator[](size_t index) const; 64 | 65 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const FatBinary& fatbinary); 66 | 67 | private: 68 | FatBinary(void); 69 | FatBinary(const std::vector& binaries); 70 | binaries_t binaries_; 71 | }; 72 | 73 | } // namespace MachO 74 | } // namespace LIEF 75 | #endif 76 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Header.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_HEADER_H_ 17 | #define C_LIEF_MACHO_HEADER_H_ 18 | #include 19 | 20 | #include "LIEF/MachO/enums.h" 21 | /** @defgroup macho_header_c_api Header 22 | * @ingroup macho_c_api 23 | * @addtogroup macho_header_c_api 24 | * @brief Header C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Macho_Header_t { 34 | uint32_t magic; 35 | enum CPU_TYPES cpu_type; 36 | uint32_t cpu_subtype; 37 | enum FILE_TYPES file_type; 38 | uint32_t nb_cmds; 39 | uint32_t sizeof_cmds; 40 | uint32_t flags; 41 | uint32_t reserved; 42 | }; 43 | 44 | typedef struct Macho_Header_t Macho_Header_t; 45 | 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | /** @} */ 52 | #endif 53 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/LoadCommand.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_LOAD_COMMAND_H_ 17 | #define C_LIEF_MACHO_LOAD_COMMAND_H_ 18 | #include 19 | 20 | #include "LIEF/MachO/enums.h" 21 | /** @defgroup macho_load_command_c_api Header 22 | * @ingroup macho_c_api 23 | * @addtogroup macho_load_command_c_api 24 | * @brief Load Command C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Macho_Command_t { 34 | enum LOAD_COMMAND_TYPES command; 35 | uint32_t size; 36 | uint8_t* data; 37 | uint32_t offset; 38 | }; 39 | 40 | typedef struct Macho_Command_t Macho_Command_t; 41 | 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | /** @} */ 48 | #endif 49 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/LoadCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_LOAD_COMMAND_H_ 17 | #define LIEF_MACHO_LOAD_COMMAND_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/types.hpp" 23 | #include "LIEF/Visitable.hpp" 24 | #include "LIEF/visibility.h" 25 | 26 | #include "LIEF/MachO/Structures.hpp" 27 | 28 | 29 | namespace LIEF { 30 | namespace MachO { 31 | class DLL_PUBLIC LoadCommand : public Visitable { 32 | public: 33 | LoadCommand(void); 34 | LoadCommand(const load_command* command); 35 | LoadCommand(LOAD_COMMAND_TYPES type, uint32_t size); 36 | 37 | LoadCommand& operator=(const LoadCommand& copy); 38 | LoadCommand(const LoadCommand& copy); 39 | 40 | virtual ~LoadCommand(void); 41 | 42 | LOAD_COMMAND_TYPES command(void) const; 43 | uint32_t size(void) const; 44 | const std::vector& data(void) const; 45 | uint64_t command_offset(void) const; 46 | 47 | void data(const std::vector& data); 48 | void command(LOAD_COMMAND_TYPES command); 49 | void size(uint32_t size); 50 | void command_offset(uint64_t offset); 51 | 52 | virtual std::ostream& print(std::ostream& os) const; 53 | 54 | bool operator==(const LoadCommand& rhs) const; 55 | bool operator!=(const LoadCommand& rhs) const; 56 | 57 | virtual void accept(Visitor& visitor) const override; 58 | 59 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const LoadCommand& cmd); 60 | 61 | protected: 62 | std::vector originalData_; 63 | LOAD_COMMAND_TYPES command_; 64 | uint32_t size_; 65 | uint64_t commandOffset_; 66 | }; 67 | 68 | } 69 | } 70 | #endif 71 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/MainCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_MAIN_COMMAND_H_ 17 | #define LIEF_MACHO_MAIN_COMMAND_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/MachO/Structures.hpp" 25 | #include "LIEF/MachO/LoadCommand.hpp" 26 | 27 | namespace LIEF { 28 | namespace MachO { 29 | 30 | class DLL_PUBLIC MainCommand : public LoadCommand { 31 | public: 32 | MainCommand(void); 33 | MainCommand(const entry_point_command *cmd); 34 | 35 | MainCommand& operator=(const MainCommand& copy); 36 | MainCommand(const MainCommand& copy); 37 | 38 | virtual ~MainCommand(void); 39 | 40 | uint64_t entrypoint(void) const; 41 | uint64_t stack_size(void) const; 42 | 43 | void entrypoint(uint64_t entrypoint); 44 | void stack_size(uint64_t stacksize); 45 | 46 | bool operator==(const MainCommand& rhs) const; 47 | bool operator!=(const MainCommand& rhs) const; 48 | 49 | virtual std::ostream& print(std::ostream& os) const override; 50 | 51 | virtual void accept(Visitor& visitor) const override; 52 | 53 | private: 54 | uint64_t entrypoint_; 55 | uint64_t stackSize_; 56 | 57 | }; 58 | 59 | } 60 | } 61 | #endif 62 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Parser.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_PARSER_H_ 17 | #define LIEF_MACHO_PARSER_H_ 18 | #include 19 | #include 20 | 21 | #include "LIEF/types.hpp" 22 | #include "LIEF/visibility.h" 23 | #include "LIEF/BinaryStream/VectorStream.hpp" 24 | 25 | #include "LIEF/Abstract/Parser.hpp" 26 | 27 | #include "LIEF/MachO/Structures.hpp" 28 | #include "LIEF/MachO/Binary.hpp" 29 | #include "LIEF/MachO/FatBinary.hpp" 30 | 31 | 32 | namespace LIEF { 33 | namespace MachO { 34 | class DLL_PUBLIC Parser : public LIEF::Parser { 35 | public: 36 | Parser& operator=(const Parser& copy) = delete; 37 | Parser(const Parser& copy) = delete; 38 | 39 | ~Parser(void); 40 | 41 | static FatBinary* parse(const std::string& filename); 42 | static FatBinary* parse(const std::vector& data, const std::string& name = ""); 43 | 44 | private: 45 | Parser(const std::string& file); 46 | Parser(const std::vector& data, const std::string& name); 47 | Parser(void); 48 | 49 | void build(void); 50 | void build_fat(void); 51 | 52 | std::unique_ptr stream_; 53 | std::vector binaries_; 54 | }; 55 | } 56 | } 57 | #endif 58 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/RelocationDyld.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_RELOCATION_DYLD_COMMAND_H_ 17 | #define LIEF_MACHO_RELOCATION_DYLD_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | #include "LIEF/Visitable.hpp" 26 | 27 | #include "LIEF/MachO/Structures.hpp" 28 | #include "LIEF/MachO/Relocation.hpp" 29 | 30 | namespace LIEF { 31 | namespace MachO { 32 | 33 | class BinaryParser; 34 | 35 | class DLL_PUBLIC RelocationDyld : public Relocation { 36 | 37 | friend class BinaryParser; 38 | 39 | public: 40 | using Relocation::Relocation; 41 | RelocationDyld(void); 42 | 43 | RelocationDyld& operator=(const RelocationDyld&); 44 | RelocationDyld(const RelocationDyld&); 45 | 46 | virtual ~RelocationDyld(void); 47 | 48 | virtual Relocation* clone(void) const override; 49 | 50 | //! @brief Indicates whether the item containing the address to be 51 | //! relocated is part of a CPU instruction that uses PC-relative addressing. 52 | //! 53 | //! For addresses contained in PC-relative instructions, the CPU adds the address of 54 | //! the instruction to the address contained in the instruction. 55 | virtual bool is_pc_relative(void) const override; 56 | 57 | //! @brief Origin of the relocation 58 | virtual RELOCATION_ORIGINS origin(void) const override; 59 | 60 | 61 | virtual void pc_relative(bool val) override; 62 | 63 | bool operator==(const RelocationDyld& rhs) const; 64 | bool operator!=(const RelocationDyld& rhs) const; 65 | 66 | virtual void accept(Visitor& visitor) const override; 67 | 68 | virtual std::ostream& print(std::ostream& os) const override; 69 | 70 | }; 71 | 72 | } 73 | } 74 | #endif 75 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Section.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_SECTION_H_ 17 | #define C_LIEF_MACHO_SECTION_H_ 18 | #include 19 | 20 | #include "LIEF/MachO/enums.h" 21 | /** @defgroup macho_section_c_api Header 22 | * @ingroup macho_c_api 23 | * @addtogroup macho_section_c_api 24 | * @brief Section C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Macho_Section_t { 34 | 35 | const char* name; 36 | uint32_t alignment; 37 | uint32_t relocation_offset; 38 | uint32_t numberof_relocations; 39 | uint32_t flags; 40 | enum MACHO_SECTION_TYPES type; 41 | uint32_t reserved1; 42 | uint32_t reserved2; 43 | uint32_t reserved3; 44 | uint64_t virtual_address; 45 | uint64_t offset; 46 | uint64_t size; 47 | uint8_t* content; 48 | double entropy; 49 | }; 50 | 51 | typedef struct Macho_Section_t Macho_Section_t; 52 | 53 | 54 | #ifdef __cplusplus 55 | } 56 | #endif 57 | 58 | /** @} */ 59 | #endif 60 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Segment.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_SEGMENT_H_ 17 | #define C_LIEF_MACHO_SEGMENT_H_ 18 | #include 19 | 20 | #include "LIEF/MachO/enums.h" 21 | /** @defgroup macho_segment_c_api Header 22 | * @ingroup macho_c_api 23 | * @addtogroup macho_segment_c_api 24 | * @brief Segment C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Macho_Segment_t { 34 | const char* name; 35 | uint64_t virtual_address; 36 | uint64_t virtual_size; 37 | uint64_t file_size; 38 | uint64_t file_offset; 39 | uint32_t max_protection; 40 | uint32_t init_protection; 41 | uint32_t numberof_sections; 42 | uint32_t flags; 43 | uint8_t* content; 44 | Macho_Section_t** sections; 45 | }; 46 | 47 | typedef struct Macho_Segment_t Macho_Segment_t; 48 | 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | /** @} */ 55 | #endif 56 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/SourceVersion.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_SOURCE_VERSION_COMMAND_H_ 17 | #define LIEF_MACHO_SOURCE_VERSION_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | #include "LIEF/MachO/LoadCommand.hpp" 27 | 28 | namespace LIEF { 29 | namespace MachO { 30 | 31 | class DLL_PUBLIC SourceVersion : public LoadCommand { 32 | 33 | public: 34 | //! @brief Version is an array of **5** integers 35 | using version_t = std::array; 36 | 37 | SourceVersion(void); 38 | SourceVersion(const source_version_command *version_cmd); 39 | 40 | SourceVersion& operator=(const SourceVersion& copy); 41 | SourceVersion(const SourceVersion& copy); 42 | 43 | virtual ~SourceVersion(void); 44 | 45 | //! @brief Return the version as an array 46 | const SourceVersion::version_t& version(void) const; 47 | void version(const SourceVersion::version_t& version); 48 | 49 | bool operator==(const SourceVersion& rhs) const; 50 | bool operator!=(const SourceVersion& rhs) const; 51 | 52 | virtual void accept(Visitor& visitor) const override; 53 | 54 | virtual std::ostream& print(std::ostream& os) const override; 55 | 56 | private: 57 | SourceVersion::version_t version_; 58 | }; 59 | 60 | } 61 | } 62 | #endif 63 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/Symbol.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_MACHO_SYMBOL_H_ 17 | #define C_LIEF_MACHO_SYMBOL_H_ 18 | #include 19 | 20 | #include "LIEF/MachO/enums.h" 21 | /** @defgroup macho_symbol_c_api Header 22 | * @ingroup macho_c_api 23 | * @addtogroup macho_symbol_c_api 24 | * @brief Symbol C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Macho_Symbol_t { 34 | const char* name; 35 | uint8_t type; 36 | uint8_t numberof_sections; 37 | uint16_t description; 38 | uint64_t value; 39 | }; 40 | 41 | typedef struct Macho_Symbol_t Macho_Symbol_t; 42 | 43 | 44 | #ifdef __cplusplus 45 | } 46 | #endif 47 | 48 | /** @} */ 49 | #endif 50 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/SymbolCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_SYMBOL_COMMAND_H_ 17 | #define LIEF_MACHO_SYMBOL_COMMAND_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/types.hpp" 25 | #include "LIEF/MachO/LoadCommand.hpp" 26 | 27 | namespace LIEF { 28 | namespace MachO { 29 | class DLL_PUBLIC SymbolCommand : public LoadCommand { 30 | public: 31 | SymbolCommand(void); 32 | SymbolCommand(const symtab_command *command); 33 | 34 | SymbolCommand& operator=(const SymbolCommand& copy); 35 | SymbolCommand(const SymbolCommand& copy); 36 | 37 | virtual ~SymbolCommand(void); 38 | 39 | uint32_t symbol_offset(void) const; 40 | uint32_t numberof_symbols(void) const; 41 | uint32_t strings_offset(void) const; 42 | uint32_t strings_size(void) const; 43 | 44 | void symbol_offset(uint32_t offset); 45 | void numberof_symbol(uint32_t nb); 46 | void strings_offset(uint32_t offset); 47 | void strings_size(uint32_t size); 48 | 49 | virtual std::ostream& print(std::ostream& os) const override; 50 | 51 | virtual void accept(Visitor& visitor) const override; 52 | 53 | bool operator==(const SymbolCommand& rhs) const; 54 | bool operator!=(const SymbolCommand& rhs) const; 55 | 56 | private: 57 | uint32_t symbolOffset_; 58 | uint32_t numberOfSymbols_; 59 | uint32_t stringsOffset_; 60 | uint32_t stringsSize_; 61 | }; 62 | 63 | } 64 | } 65 | #endif 66 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/ThreadCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_THREAD_COMMAND_H_ 17 | #define LIEF_MACHO_THREAD_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | #include "LIEF/MachO/LoadCommand.hpp" 27 | 28 | namespace LIEF { 29 | namespace MachO { 30 | 31 | class BinaryParser; 32 | 33 | class DLL_PUBLIC ThreadCommand : public LoadCommand { 34 | friend class BinaryParser; 35 | public: 36 | ThreadCommand(void); 37 | ThreadCommand(const thread_command *cmd); 38 | 39 | ThreadCommand& operator=(const ThreadCommand& copy); 40 | ThreadCommand(const ThreadCommand& copy); 41 | 42 | virtual ~ThreadCommand(void); 43 | 44 | uint32_t flavor(void) const; 45 | uint32_t count(void) const; 46 | 47 | const std::vector& state(void) const; 48 | std::vector& state(void); 49 | 50 | uint64_t pc(void) const; 51 | 52 | void state(const std::vector& state); 53 | void flavor(uint32_t flavor); 54 | void count(uint32_t count); 55 | 56 | bool operator==(const ThreadCommand& rhs) const; 57 | bool operator!=(const ThreadCommand& rhs) const; 58 | 59 | virtual void accept(Visitor& visitor) const override; 60 | 61 | virtual std::ostream& print(std::ostream& os) const override; 62 | 63 | private: 64 | uint32_t flavor_; 65 | uint32_t count_; 66 | CPU_TYPES architecture_; 67 | std::vector state_; 68 | 69 | }; 70 | 71 | } 72 | } 73 | #endif 74 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/UUIDCommand.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_UUID_COMMAND_H_ 17 | #define LIEF_MACHO_UUID_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | #include "LIEF/MachO/LoadCommand.hpp" 27 | 28 | namespace LIEF { 29 | namespace MachO { 30 | using uuid_t = std::array; 31 | 32 | class DLL_PUBLIC UUIDCommand : public LoadCommand { 33 | public: 34 | UUIDCommand(void); 35 | UUIDCommand(const uuid_command *uuidCmd); 36 | 37 | UUIDCommand& operator=(const UUIDCommand& copy); 38 | UUIDCommand(const UUIDCommand& copy); 39 | 40 | virtual ~UUIDCommand(void); 41 | 42 | uuid_t uuid(void) const; 43 | void uuid(const uuid_t& uuid); 44 | 45 | bool operator==(const UUIDCommand& rhs) const; 46 | bool operator!=(const UUIDCommand& rhs) const; 47 | 48 | virtual void accept(Visitor& visitor) const override; 49 | 50 | virtual std::ostream& print(std::ostream& os) const override; 51 | 52 | private: 53 | uuid_t uuid_; 54 | }; 55 | 56 | } 57 | } 58 | #endif 59 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/VersionMin.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_VERSION_MIN_COMMAND_H_ 17 | #define LIEF_MACHO_VERSION_MIN_COMMAND_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/types.hpp" 25 | 26 | #include "LIEF/MachO/LoadCommand.hpp" 27 | 28 | namespace LIEF { 29 | namespace MachO { 30 | 31 | class DLL_PUBLIC VersionMin : public LoadCommand { 32 | 33 | public: 34 | //! @brief Version is an array of **3** integers 35 | using version_t = std::array; 36 | 37 | VersionMin(void); 38 | VersionMin(const version_min_command *version_cmd); 39 | 40 | VersionMin& operator=(const VersionMin& copy); 41 | VersionMin(const VersionMin& copy); 42 | 43 | virtual ~VersionMin(void); 44 | 45 | //! @brief Return the version as an array 46 | const VersionMin::version_t& version(void) const; 47 | void version(const VersionMin::version_t& version); 48 | 49 | //! @brief Return the sdk as an array 50 | const VersionMin::version_t& sdk(void) const; 51 | void sdk(const VersionMin::version_t& sdk); 52 | 53 | bool operator==(const VersionMin& rhs) const; 54 | bool operator!=(const VersionMin& rhs) const; 55 | 56 | virtual void accept(Visitor& visitor) const override; 57 | 58 | virtual std::ostream& print(std::ostream& os) const override; 59 | 60 | private: 61 | VersionMin::version_t version_; 62 | VersionMin::version_t sdk_; 63 | }; 64 | 65 | } 66 | } 67 | #endif 68 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/MachO/utils.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_MACHO_UTILS_H_ 17 | #define LIEF_MACHO_UTILS_H_ 18 | 19 | #include "LIEF/types.hpp" 20 | #include "LIEF/visibility.h" 21 | 22 | #include 23 | #include 24 | 25 | namespace LIEF { 26 | namespace MachO { 27 | DLL_PUBLIC bool is_macho(const std::string& file); 28 | 29 | DLL_PUBLIC bool is_macho(const std::vector& raw); 30 | 31 | DLL_PUBLIC bool is_fat(const std::string& file); 32 | DLL_PUBLIC bool is_64(const std::string& file); 33 | DLL_PUBLIC uint64_t decode_uleb128(const std::string& file); 34 | } 35 | } 36 | 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_H_ 17 | #define C_LIEF_PE_H_ 18 | 19 | //! @defgroup pe_c_api PE C API 20 | 21 | #include "LIEF/PE/Binary.h" 22 | #include "LIEF/PE/EnumToString.h" 23 | #endif 24 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_H_ 17 | #define LIEF_PE_H_ 18 | 19 | 20 | #include "LIEF/PE/Parser.hpp" 21 | #include "LIEF/PE/Builder.hpp" 22 | #include "LIEF/PE/Binary.hpp" 23 | #include "LIEF/PE/signature/OIDToString.hpp" 24 | 25 | #include "LIEF/PE/utils.hpp" 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/AuxiliarySymbol.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_AUXILIARY_SYMBOL_H_ 17 | #define LIEF_PE_AUXILIARY_SYMBOL_H_ 18 | 19 | #include "LIEF/visibility.h" 20 | namespace LIEF { 21 | namespace PE { 22 | class DLL_PUBLIC AuxiliarySymbol { 23 | }; 24 | } 25 | } 26 | 27 | 28 | #endif 29 | 30 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/Binary.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_BINARY_H_ 17 | #define C_LIEF_PE_BINARY_H_ 18 | 19 | /** @defgroup pe_binary_c_api Binary 20 | * @ingroup pe_c_api 21 | * @addtogroup pe_binary_c_api 22 | * @brief Binary C API 23 | * 24 | * @{ 25 | */ 26 | 27 | #include 28 | 29 | #include "LIEF/visibility.h" 30 | 31 | #include "LIEF/PE/enums.h" 32 | 33 | #include "LIEF/PE/DosHeader.h" 34 | #include "LIEF/PE/Header.h" 35 | #include "LIEF/PE/OptionalHeader.h" 36 | #include "LIEF/PE/DataDirectory.h" 37 | #include "LIEF/PE/Section.h" 38 | #include "LIEF/PE/Import.h" 39 | 40 | #ifdef __cplusplus 41 | extern "C" { 42 | #endif 43 | 44 | /** @brief LIEF::PE::Binary C Handler */ 45 | struct Pe_Binary_t { 46 | void* handler; 47 | const char* name; 48 | Pe_DosHeader_t dos_header; 49 | Pe_Header_t header; 50 | Pe_OptionalHeader_t optional_header; 51 | Pe_DataDirectory_t** data_directories; 52 | Pe_Section_t** sections; 53 | Pe_Import_t** imports; 54 | }; 55 | 56 | typedef struct Pe_Binary_t Pe_Binary_t; 57 | 58 | /** @brief Wrapper on LIEF::PE::Parser::parse */ 59 | DLL_PUBLIC Pe_Binary_t* pe_parse(const char *file); 60 | 61 | DLL_PUBLIC void pe_binary_destroy(Pe_Binary_t* binary); 62 | 63 | #ifdef __cplusplus 64 | } 65 | #endif 66 | 67 | 68 | /** @} */ 69 | #endif 70 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/CodeIntegrity.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_CODE_INTEGRITY_H_ 17 | #define LIEF_PE_CODE_INTEGRITY_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "LIEF/Visitable.hpp" 25 | #include "LIEF/visibility.h" 26 | 27 | #include "LIEF/PE/Structures.hpp" 28 | 29 | namespace LIEF { 30 | namespace PE { 31 | class DLL_PUBLIC CodeIntegrity : public Visitable { 32 | public: 33 | static constexpr size_t PRINT_WIDTH = 20; 34 | CodeIntegrity(void); 35 | CodeIntegrity(const pe_code_integrity *header); 36 | virtual ~CodeIntegrity(void); 37 | 38 | CodeIntegrity& operator=(const CodeIntegrity&); 39 | CodeIntegrity(const CodeIntegrity&); 40 | 41 | //! @brief Flags to indicate if CI information is available, etc. 42 | uint16_t flags(void) const; 43 | 44 | //! @brief 0xFFFF means not available 45 | uint16_t catalog(void) const; 46 | uint32_t catalog_offset(void) const; 47 | 48 | //! @brief Additional bitmask to be defined later 49 | uint32_t reserved(void) const; 50 | 51 | void flags(uint16_t flags); 52 | void catalog(uint16_t catalog); 53 | void catalog_offset(uint32_t catalog_offset); 54 | void reserved(uint32_t reserved); 55 | 56 | virtual void accept(Visitor& visitor) const override; 57 | 58 | bool operator==(const CodeIntegrity& rhs) const; 59 | bool operator!=(const CodeIntegrity& rhs) const; 60 | 61 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const CodeIntegrity& entry); 62 | 63 | private: 64 | uint16_t flags_; 65 | uint16_t catalog_; 66 | 67 | uint32_t catalog_offset_; 68 | uint32_t reserved_; 69 | 70 | }; 71 | } 72 | } 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/DataDirectory.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_DATA_DIRECTORY_H_ 17 | #define C_LIEF_PE_DATA_DIRECTORY_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/PE/enums.h" 22 | /** @defgroup pe_data_directory_c_api Section 23 | * @ingroup pe_c_api 24 | * @addtogroup pe_data_directory_c_api 25 | * @brief Data directory C API 26 | * 27 | * @{ 28 | */ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | struct Pe_DataDirectory_t { 35 | uint32_t rva; 36 | uint32_t size; 37 | }; 38 | 39 | typedef struct Pe_DataDirectory_t Pe_DataDirectory_t; 40 | 41 | 42 | #ifdef __cplusplus 43 | } 44 | #endif 45 | 46 | /** @} */ 47 | #endif 48 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/DataDirectory.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_DATADIRECTORY_H_ 17 | #define LIEF_PE_DATADIRECTORY_H_ 18 | 19 | #include 20 | #include 21 | 22 | #include "LIEF/Visitable.hpp" 23 | #include "LIEF/visibility.h" 24 | 25 | #include "LIEF/PE/Structures.hpp" 26 | #include "LIEF/PE/Section.hpp" 27 | 28 | 29 | namespace LIEF { 30 | namespace PE { 31 | 32 | class Builder; 33 | class Parser; 34 | class Binary; 35 | 36 | class DLL_PUBLIC DataDirectory : public Visitable { 37 | 38 | friend class Builder; 39 | friend class Parser; 40 | friend class Binary; 41 | 42 | public: 43 | DataDirectory(void); 44 | DataDirectory(DATA_DIRECTORY type); 45 | DataDirectory(const pe_data_directory *header, DATA_DIRECTORY type); 46 | 47 | DataDirectory(const DataDirectory& other); 48 | DataDirectory& operator=(DataDirectory other); 49 | void swap(DataDirectory& other); 50 | virtual ~DataDirectory(void); 51 | 52 | uint32_t RVA(void) const; 53 | uint32_t size(void) const; 54 | Section& section(void); 55 | const Section& section(void) const; 56 | DATA_DIRECTORY type(void) const; 57 | bool has_section(void) const; 58 | 59 | void size(uint32_t size); 60 | void RVA(uint32_t rva); 61 | 62 | virtual void accept(Visitor& visitor) const override; 63 | 64 | bool operator==(const DataDirectory& rhs) const; 65 | bool operator!=(const DataDirectory& rhs) const; 66 | 67 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const DataDirectory& entry); 68 | 69 | private: 70 | uint32_t rva_; 71 | uint32_t size_; 72 | DATA_DIRECTORY type_; 73 | Section* section_; 74 | }; 75 | } 76 | } 77 | 78 | #endif /* LIEF_PE_DATADIRECTORY_H_ */ 79 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/DosHeader.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_DOS_HEADER_H_ 17 | #define C_LIEF_PE_DOS_HEADER_H_ 18 | #include 19 | 20 | #include "LIEF/ELF/enums.h" 21 | /** @defgroup pe_dos_header_c_api DosHeader 22 | * @ingroup pe_c_api 23 | * @addtogroup pe_dos_header_c_api 24 | * @brief Dos Header C API 25 | * 26 | * @{ 27 | */ 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | struct Pe_DosHeader_t { 34 | uint16_t magic ; 35 | uint16_t used_bytes_in_the_last_page; 36 | uint16_t file_size_in_pages; 37 | uint16_t numberof_relocation; 38 | uint16_t header_size_in_paragraphs; 39 | uint16_t minimum_extra_paragraphs; 40 | uint16_t maximum_extra_paragraphs; 41 | uint16_t initial_relative_ss; 42 | uint16_t initial_sp; 43 | uint16_t checksum; 44 | uint16_t initial_ip; 45 | uint16_t initial_relative_cs; 46 | uint16_t addressof_relocation_table; 47 | uint16_t overlay_number; 48 | uint16_t reserved[4]; 49 | uint16_t oem_id; 50 | uint16_t oem_info; 51 | uint16_t reserved2[10]; 52 | uint32_t addressof_new_exeheader; 53 | }; 54 | 55 | typedef struct Pe_DosHeader_t Pe_DosHeader_t; 56 | 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | /** @} */ 63 | #endif 64 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/EnumToString.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_ENUM_TO_STRING_H_ 17 | #define C_LIEF_PE_ENUM_TO_STRING_H_ 18 | 19 | #include "LIEF/visibility.h" 20 | 21 | #include "LIEF/PE/enums.h" 22 | 23 | #ifdef __cplusplus 24 | extern "C" { 25 | #endif 26 | 27 | 28 | DLL_PUBLIC const char* PE_TYPES_to_string(enum PE_TYPES e); 29 | DLL_PUBLIC const char* MACHINE_TYPES_to_string(enum MACHINE_TYPES e); 30 | DLL_PUBLIC const char* SUBSYSTEM_to_string(enum SUBSYSTEM e); 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/ExportEntry.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_EXPORT_ENTRY_H_ 17 | #define LIEF_PE_EXPORT_ENTRY_H_ 18 | 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "LIEF/Visitable.hpp" 25 | #include "LIEF/visibility.h" 26 | 27 | #include "LIEF/PE/Structures.hpp" 28 | 29 | 30 | namespace LIEF { 31 | namespace PE { 32 | 33 | class Builder; 34 | class Parser; 35 | 36 | class DLL_PUBLIC ExportEntry : public Visitable { 37 | 38 | friend class Builder; 39 | friend class Parser; 40 | 41 | public: 42 | ExportEntry(void); 43 | ExportEntry(const ExportEntry&); 44 | ExportEntry& operator=(const ExportEntry&); 45 | virtual ~ExportEntry(void); 46 | 47 | const std::string& name(void) const; 48 | uint16_t ordinal(void) const; 49 | uint32_t address(void) const; 50 | bool is_extern(void) const; 51 | 52 | void name(const std::string& name); 53 | void ordinal(uint16_t ordinal); 54 | void address(uint32_t address); 55 | void is_extern(bool is_extern); 56 | 57 | virtual void accept(Visitor& visitor) const override; 58 | 59 | bool operator==(const ExportEntry& rhs) const; 60 | bool operator!=(const ExportEntry& rhs) const; 61 | 62 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const ExportEntry& exportEntry); 63 | 64 | private: 65 | std::string name_; 66 | uint16_t ordinal_; 67 | uint32_t address_; 68 | bool is_extern_; 69 | 70 | }; 71 | 72 | } 73 | } 74 | 75 | #endif /* PE_EXPORTENTRY_H_ */ 76 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/Header.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_HEADER_H_ 17 | #define C_LIEF_PE_HEADER_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/PE/enums.h" 22 | /** @defgroup pe_header_c_api Header 23 | * @ingroup pe_c_api 24 | * @addtogroup pe_header_c_api 25 | * @brief Header C API 26 | * 27 | * @{ 28 | */ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | struct Pe_Header_t { 35 | uint8_t signature[4]; 36 | enum MACHINE_TYPES machine; 37 | uint16_t numberof_sections; 38 | uint32_t time_date_stamp; 39 | uint32_t pointerto_symbol_table; 40 | uint32_t numberof_symbols; 41 | uint16_t sizeof_optional_header; 42 | uint16_t characteristics; 43 | }; 44 | 45 | typedef struct Pe_Header_t Pe_Header_t; 46 | 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | 52 | /** @} */ 53 | #endif 54 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/Import.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_IMPORT_H_ 17 | #define C_LIEF_PE_IMPORT_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/PE/enums.h" 22 | #include "LIEF/PE/ImportEntry.h" 23 | 24 | /** @defgroup pe_import_c_api Import 25 | * @ingroup pe_c_api 26 | * @addtogroup pe_import_c_api 27 | * @brief Import C API 28 | * 29 | * @{ 30 | */ 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif 35 | 36 | struct Pe_Import_t { 37 | const char* name; 38 | uint32_t forwarder_chain; 39 | uint32_t timedatestamp; 40 | Pe_ImportEntry_t** entries; 41 | uint32_t import_address_table_rva; 42 | uint32_t import_lookup_table_rva; 43 | }; 44 | 45 | typedef struct Pe_Import_t Pe_Import_t; 46 | 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | 52 | /** @} */ 53 | #endif 54 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/ImportEntry.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_IMPORT_ENTRY_H_ 17 | #define C_LIEF_PE_IMPORT_ENTRY_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/types.h" 22 | 23 | #include "LIEF/PE/enums.h" 24 | #include "LIEF/PE/ImportEntry.h" 25 | 26 | /** @defgroup pe_import_entry_c_api Import Entry 27 | * @ingroup pe_c_api 28 | * @addtogroup pe_import_entry_c_api 29 | * @brief Import Entry C API 30 | * 31 | * @{ 32 | */ 33 | 34 | #ifdef __cplusplus 35 | extern "C" { 36 | #endif 37 | 38 | struct Pe_ImportEntry_t { 39 | bool is_ordinal; 40 | const char* name; 41 | uint16_t ordinal; 42 | uint64_t hint_name_rva; 43 | uint16_t hint; 44 | uint64_t iat_value; 45 | uint64_t data; 46 | uint64_t iat_address; 47 | }; 48 | 49 | typedef struct Pe_ImportEntry_t Pe_ImportEntry_t; 50 | 51 | 52 | #ifdef __cplusplus 53 | } 54 | #endif 55 | 56 | /** @} */ 57 | #endif 58 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/LoadConfigurations.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_LOAD_CONFIGURATIONS_H_ 17 | #define LIEF_PE_LOAD_CONFIGURATIONS_H_ 18 | 19 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV7.hpp" 20 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV6.hpp" 21 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV5.hpp" 22 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV4.hpp" 23 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV3.hpp" 24 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV2.hpp" 25 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV1.hpp" 26 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV0.hpp" 27 | #include "LIEF/PE/LoadConfigurations/LoadConfiguration.hpp" 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/LoadConfigurations/LoadConfigurationV2.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_LOAD_CONFIGURATION_V2_H_ 17 | #define LIEF_PE_LOAD_CONFIGURATION_V2_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | 24 | #include "LIEF/visibility.h" 25 | 26 | #include "LIEF/PE/Structures.hpp" 27 | #include "LIEF/PE/CodeIntegrity.hpp" 28 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV1.hpp" 29 | 30 | namespace LIEF { 31 | namespace PE { 32 | 33 | //! @brief LoadConfiguration enhanced with code integrity 34 | class DLL_PUBLIC LoadConfigurationV2 : public LoadConfigurationV1 { 35 | public: 36 | static constexpr WIN_VERSION VERSION = WIN_VERSION::WIN10_0_9879; 37 | LoadConfigurationV2(void); 38 | 39 | LoadConfigurationV2& operator=(const LoadConfigurationV2&); 40 | LoadConfigurationV2(const LoadConfigurationV2&); 41 | 42 | template 43 | DLL_LOCAL LoadConfigurationV2(const load_configuration_v2* header); 44 | 45 | virtual WIN_VERSION version(void) const override; 46 | 47 | //! @brief CodeIntegrity associated with 48 | const CodeIntegrity& code_integrity(void) const; 49 | CodeIntegrity& code_integrity(void); 50 | 51 | virtual ~LoadConfigurationV2(void); 52 | 53 | virtual void accept(Visitor& visitor) const override; 54 | 55 | bool operator==(const LoadConfigurationV2& rhs) const; 56 | bool operator!=(const LoadConfigurationV2& rhs) const; 57 | 58 | virtual std::ostream& print(std::ostream& os) const override; 59 | 60 | protected: 61 | CodeIntegrity code_integrity_; 62 | }; 63 | } 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/LoadConfigurations/LoadConfigurationV7.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_LOAD_CONFIGURATION_V7_H_ 17 | #define LIEF_PE_LOAD_CONFIGURATION_V7_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include "LIEF/visibility.h" 24 | 25 | #include "LIEF/PE/Structures.hpp" 26 | #include "LIEF/PE/LoadConfigurations/LoadConfigurationV6.hpp" 27 | 28 | namespace LIEF { 29 | namespace PE { 30 | class DLL_PUBLIC LoadConfigurationV7 : public LoadConfigurationV6 { 31 | public: 32 | 33 | static constexpr WIN_VERSION VERSION = WIN_VERSION::WIN10_0_16237; 34 | LoadConfigurationV7(void); 35 | 36 | template 37 | DLL_LOCAL LoadConfigurationV7(const load_configuration_v7* header); 38 | 39 | LoadConfigurationV7& operator=(const LoadConfigurationV7&); 40 | LoadConfigurationV7(const LoadConfigurationV7&); 41 | 42 | virtual WIN_VERSION version(void) const override; 43 | 44 | uint32_t reserved3(void) const; 45 | uint64_t addressof_unicode_string(void) const; 46 | 47 | void reserved3(uint32_t value); 48 | void addressof_unicode_string(uint64_t value); 49 | 50 | virtual ~LoadConfigurationV7(void); 51 | 52 | virtual void accept(Visitor& visitor) const override; 53 | 54 | bool operator==(const LoadConfigurationV7& rhs) const; 55 | bool operator!=(const LoadConfigurationV7& rhs) const; 56 | 57 | virtual std::ostream& print(std::ostream& os) const override; 58 | 59 | protected: 60 | uint32_t reserved3_; 61 | uint64_t addressof_unicode_string_; 62 | }; 63 | } 64 | } 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/Relocation.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_RELOCATION_H_ 17 | #define LIEF_PE_RELOCATION_H_ 18 | #include 19 | #include 20 | 21 | #include "LIEF/Visitable.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/PE/type_traits.hpp" 25 | #include "LIEF/PE/Structures.hpp" 26 | #include "LIEF/PE/RelocationEntry.hpp" 27 | 28 | namespace LIEF { 29 | namespace PE { 30 | 31 | class Parser; 32 | class Builder; 33 | 34 | class DLL_PUBLIC Relocation : public Visitable { 35 | 36 | friend class Parser; 37 | friend class Builder; 38 | 39 | public: 40 | Relocation(void); 41 | Relocation(const Relocation& other); 42 | Relocation& operator=(Relocation other); 43 | Relocation(const pe_base_relocation_block* header); 44 | virtual ~Relocation(void); 45 | 46 | void swap(Relocation& other); 47 | 48 | uint32_t virtual_address(void) const; 49 | uint32_t block_size(void) const; 50 | it_const_relocation_entries entries(void) const; 51 | it_relocation_entries entries(void); 52 | 53 | void virtual_address(uint32_t virtual_address); 54 | void block_size(uint32_t block_size); 55 | RelocationEntry& add_entry(const RelocationEntry& entry); 56 | 57 | virtual void accept(Visitor& visitor) const override; 58 | 59 | bool operator==(const Relocation& rhs) const; 60 | bool operator!=(const Relocation& rhs) const; 61 | 62 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const Relocation& relocation); 63 | 64 | private: 65 | uint32_t block_size_; 66 | uint32_t virtual_address_; 67 | relocation_entries_t entries_; 68 | }; 69 | 70 | } 71 | } 72 | #endif /* RELOCATION_H_ */ 73 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/RichEntry.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_RICH_ENTRY_H_ 17 | #define LIEF_PE_RICH_ENTRY_H_ 18 | #include 19 | #include 20 | 21 | #include "LIEF/Visitable.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/PE/Structures.hpp" 25 | 26 | namespace LIEF { 27 | namespace PE { 28 | 29 | class DLL_PUBLIC RichEntry : public Visitable { 30 | public: 31 | 32 | RichEntry(void); 33 | RichEntry(uint16_t id, uint16_t build_id, uint32_t count); 34 | RichEntry(const RichEntry&); 35 | RichEntry& operator=(const RichEntry&); 36 | virtual ~RichEntry(void); 37 | 38 | //! @brief Entry type 39 | uint16_t id(void) const; 40 | 41 | //! @brief Builder number of the tool (if any) 42 | uint16_t build_id(void) const; 43 | 44 | //! @brief *Occurrence* count. 45 | uint32_t count(void) const; 46 | 47 | void id(uint16_t id); 48 | void build_id(uint16_t build_id); 49 | void count(uint32_t count); 50 | 51 | virtual void accept(Visitor& visitor) const override; 52 | 53 | bool operator==(const RichEntry& rhs) const; 54 | bool operator!=(const RichEntry& rhs) const; 55 | 56 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const RichEntry& rich_entry); 57 | 58 | private: 59 | uint16_t id_; 60 | uint16_t build_id_; 61 | uint32_t count_; 62 | 63 | }; 64 | } 65 | } 66 | 67 | #endif 68 | 69 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/RichHeader.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_RICH_HEADER_H_ 17 | #define LIEF_PE_RICH_HEADER_H_ 18 | #include 19 | #include 20 | 21 | #include "LIEF/Visitable.hpp" 22 | #include "LIEF/visibility.h" 23 | 24 | #include "LIEF/PE/Structures.hpp" 25 | #include "LIEF/PE/type_traits.hpp" 26 | 27 | #include "LIEF/PE/RichEntry.hpp" 28 | 29 | namespace LIEF { 30 | namespace PE { 31 | 32 | class DLL_PUBLIC RichHeader : public Visitable { 33 | public: 34 | 35 | RichHeader(void); 36 | RichHeader(const RichHeader&); 37 | RichHeader& operator=(const RichHeader&); 38 | virtual ~RichHeader(void); 39 | 40 | //! @brief Key used to encode the header (xor operation) 41 | uint32_t key(void) const; 42 | 43 | //! @brief Return an iterator on the PE::RichEntry within the header 44 | it_rich_entries entries(void); 45 | 46 | it_const_rich_entries entries(void) const; 47 | 48 | void key(uint32_t key); 49 | 50 | //! @brief Add a new PE::RichEntry 51 | void add_entry(const RichEntry& entry); 52 | void add_entry(uint16_t id, uint16_t build_id, uint32_t count); 53 | 54 | virtual void accept(Visitor& visitor) const override; 55 | 56 | bool operator==(const RichHeader& rhs) const; 57 | bool operator!=(const RichHeader& rhs) const; 58 | 59 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const RichHeader& rich_header); 60 | 61 | private: 62 | uint32_t key_; 63 | rich_entries_t entries_; 64 | 65 | }; 66 | } 67 | } 68 | 69 | #endif 70 | 71 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/Section.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef C_LIEF_PE_SECTION_H_ 17 | #define C_LIEF_PE_SECTION_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/PE/enums.h" 22 | /** @defgroup pe_section_c_api Section 23 | * @ingroup pe_c_api 24 | * @addtogroup pe_section_c_api 25 | * @brief Section C API 26 | * 27 | * @{ 28 | */ 29 | 30 | #ifdef __cplusplus 31 | extern "C" { 32 | #endif 33 | 34 | struct Pe_Section_t { 35 | const char* name; 36 | uint64_t virtual_address; 37 | uint64_t size; 38 | uint64_t offset; 39 | 40 | uint32_t virtual_size; 41 | uint32_t pointerto_relocation; 42 | uint32_t pointerto_line_numbers; 43 | uint32_t characteristics; 44 | 45 | uint8_t* content; 46 | double entropy; 47 | 48 | }; 49 | 50 | typedef struct Pe_Section_t Pe_Section_t; 51 | 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | /** @} */ 58 | #endif 59 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/AuthenticatedAttributes.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_AUTHENTICATED_ATTRIBUTES_H_ 17 | #define LIEF_PE_AUTHENTICATED_ATTRIBUTES_H_ 18 | 19 | #include "LIEF/Visitable.hpp" 20 | #include "LIEF/visibility.h" 21 | 22 | #include "LIEF/PE/signature/types.hpp" 23 | 24 | namespace LIEF { 25 | namespace PE { 26 | 27 | class Parser; 28 | class SignatureParser; 29 | 30 | class DLL_PUBLIC AuthenticatedAttributes : public Visitable { 31 | 32 | friend class Parser; 33 | friend class SignatureParser; 34 | 35 | public: 36 | AuthenticatedAttributes(void); 37 | AuthenticatedAttributes(const AuthenticatedAttributes&); 38 | AuthenticatedAttributes& operator=(const AuthenticatedAttributes&); 39 | 40 | //! @brief Should return the ``messageDigest`` OID 41 | const oid_t& content_type(void) const; 42 | 43 | //! @brief Return an hash of the signed attributes 44 | const std::vector& message_digest(void) const; 45 | 46 | //! @brief Return the program description (if any) 47 | const std::u16string& program_name(void) const; 48 | 49 | //! @brief Return an URL to website with more information about the signer 50 | const std::string& more_info(void) const; 51 | 52 | virtual void accept(Visitor& visitor) const override; 53 | 54 | virtual ~AuthenticatedAttributes(void); 55 | 56 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const AuthenticatedAttributes& authenticated_attributes); 57 | 58 | private: 59 | oid_t content_type_; // should holds 1.2.840.113549.1.9.4 60 | 61 | std::vector message_digest_; 62 | 63 | std::u16string program_name_; 64 | std::string more_info_; 65 | 66 | }; 67 | 68 | } 69 | } 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/ContentInfo.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_CONTENT_INFO_H_ 17 | #define LIEF_PE_CONTENT_INFO_H_ 18 | 19 | #include "LIEF/Visitable.hpp" 20 | #include "LIEF/visibility.h" 21 | 22 | #include "LIEF/PE/signature/types.hpp" 23 | 24 | namespace LIEF { 25 | namespace PE { 26 | 27 | class Parser; 28 | class SignatureParser; 29 | 30 | class DLL_PUBLIC ContentInfo : public Visitable { 31 | 32 | friend class Parser; 33 | friend class SignatureParser; 34 | 35 | public: 36 | ContentInfo(void); 37 | ContentInfo(const ContentInfo&); 38 | ContentInfo& operator=(const ContentInfo&); 39 | 40 | //! @brief OID of the content type. 41 | //! This value should match ``SPC_INDIRECT_DATA_OBJID`` 42 | const oid_t& content_type(void) const; 43 | 44 | const oid_t& type(void) const; 45 | 46 | //! @brief Algorithm (OID) used to hash the file. 47 | //! This value should match SignerInfo::digest_algorithm and Signature::digest_algorithm 48 | const oid_t& digest_algorithm(void) const; 49 | 50 | //! @brief The digest 51 | const std::vector& digest(void) const; 52 | 53 | virtual void accept(Visitor& visitor) const override; 54 | 55 | virtual ~ContentInfo(void); 56 | 57 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const ContentInfo& content_info); 58 | 59 | private: 60 | oid_t content_type_; // SPC_INDIRECT_DATA_OBJID 61 | 62 | oid_t type_; // SPC_PE_IMAGE_DATAOBJ 63 | //TODO: value 64 | 65 | oid_t digest_algorithm_; // algorithm used to hash the file (should match Signature::digest_algorithms_) 66 | std::vector digest_; //hash value 67 | 68 | 69 | }; 70 | 71 | } 72 | } 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/OIDToString.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_OID_TO_STRING_H_ 17 | #define LIEF_PE_OID_TO_STRING_H_ 18 | #include "LIEF/visibility.h" 19 | #include "LIEF/PE/signature/types.hpp" 20 | 21 | namespace LIEF { 22 | namespace PE { 23 | 24 | //! @brief Convert an OID to a human-readable string 25 | DLL_PUBLIC const char* oid_to_string(const oid_t& oid); 26 | 27 | } 28 | } 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/SignatureParser.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_SIGNATURE_PARSER_H_ 17 | #define LIEF_PE_SIGNATURE_PARSER_H_ 18 | #include 19 | #include 20 | 21 | #include "LIEF/BinaryStream/VectorStream.hpp" 22 | 23 | #include "LIEF/PE/signature/Signature.hpp" 24 | #include "LIEF/PE/signature/OIDToString.hpp" 25 | 26 | 27 | namespace LIEF { 28 | namespace PE { 29 | 30 | class Parser; 31 | 32 | class DLL_PUBLIC SignatureParser { 33 | 34 | friend class Parser; 35 | 36 | public: 37 | static Signature parse(const std::vector& data); 38 | 39 | private: 40 | SignatureParser(const std::vector& data); 41 | ~SignatureParser(void); 42 | SignatureParser(void); 43 | 44 | void parse_signature(void); 45 | 46 | void parse_header(void); 47 | int32_t get_signed_data_version(void); 48 | std::string get_signed_data_digest_algorithms(void); 49 | 50 | ContentInfo parse_content_info(void); 51 | std::string get_content_info_type(void); 52 | 53 | void parse_certificates(void); 54 | 55 | SignerInfo get_signer_info(void); 56 | AuthenticatedAttributes get_authenticated_attributes(void); 57 | 58 | 59 | size_t current_offset(void) const; 60 | Signature signature_; 61 | uint8_t* p_; 62 | const uint8_t* end_; 63 | const uint8_t* signature_ptr_; 64 | std::unique_ptr stream_; 65 | 66 | }; 67 | 68 | } 69 | } 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/types.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_SIGNATURE_TYPES_H_ 17 | #define LIEF_PE_SIGNATURE_TYPES_H_ 18 | #include 19 | #include 20 | #include 21 | 22 | #include "LIEF/iterators.hpp" 23 | 24 | namespace LIEF { 25 | namespace PE { 26 | class x509; 27 | 28 | using oid_t = std::string; 29 | using issuer_t = std::pair>, std::vector>; 30 | using it_const_crt = const_ref_iterator&>; 31 | } 32 | } 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/PE/signature/x509.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_PE_X509_H_ 17 | #define LIEF_PE_X509_H_ 18 | #include 19 | 20 | #include "LIEF/Visitable.hpp" 21 | #include "LIEF/visibility.h" 22 | 23 | #include "LIEF/PE/signature/types.hpp" 24 | 25 | struct mbedtls_x509_crt; 26 | 27 | namespace LIEF { 28 | namespace PE { 29 | 30 | class Parser; 31 | class SignatureParser; 32 | 33 | class DLL_PUBLIC x509 : public Visitable { 34 | 35 | friend class Parser; 36 | friend class SignatureParser; 37 | 38 | public: 39 | //! @brief Tuple (Year, Month, Day, Hour, Minute, Second) 40 | using date_t = std::array; 41 | 42 | x509(mbedtls_x509_crt* ca); 43 | x509(const x509& other); 44 | x509& operator=(x509 other); 45 | void swap(x509& other); 46 | 47 | //! @brief X.509 version. (1=v1, 2=v2, 3=v3) 48 | uint32_t version(void) const; 49 | 50 | //! @brief Unique id for certificate issued by a specific CA. 51 | std::vector serial_number(void) const; 52 | 53 | //! @brief Signature algorithm (OID) 54 | oid_t signature_algorithm(void) const; 55 | 56 | //! @brief Start time of certificate validity 57 | x509::date_t valid_from(void) const; 58 | 59 | //! @brief End time of certificate validity 60 | x509::date_t valid_to(void) const; 61 | 62 | //! @brief Issuer informations 63 | std::string issuer(void) const; 64 | 65 | //! @brief Subject informations 66 | std::string subject(void) const; 67 | 68 | virtual void accept(Visitor& visitor) const override; 69 | 70 | virtual ~x509(void); 71 | 72 | DLL_PUBLIC friend std::ostream& operator<<(std::ostream& os, const x509& x509_cert); 73 | 74 | private: 75 | x509(void); 76 | mbedtls_x509_crt *x509_cert_; 77 | 78 | }; 79 | 80 | } 81 | } 82 | 83 | #endif 84 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/Visitable.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_VISITABLE_H_ 17 | #define LIEF_VISITABLE_H_ 18 | 19 | #include "LIEF/Visitor.hpp" 20 | 21 | namespace LIEF { 22 | 23 | class Visitable { 24 | public: 25 | Visitable(void); 26 | Visitable(const Visitable& other); 27 | Visitable& operator=(const Visitable& other); 28 | virtual ~Visitable(void); 29 | virtual void accept(Visitor& visitor) const = 0; 30 | }; 31 | } 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/config.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 A. Guinet 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef LIEF_CONFIG_H_ 18 | #define LIEF_CONFIG_H_ 19 | 20 | #if 1 21 | #define LIEF_JSON_SUPPORT 22 | #endif 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/filesystem/filesystem.h: -------------------------------------------------------------------------------- 1 | #ifndef LIEF_FILESYSTEM_H_ 2 | #define LIEF_FILESYSTEM_H_ 3 | 4 | #include "resolver.h" 5 | #include "path.h" 6 | #include "fwd.h" 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/filesystem/fwd.h: -------------------------------------------------------------------------------- 1 | /* 2 | fwd.h -- Forward declarations for path.h and resolver.h 3 | 4 | Copyright (c) 2015 Wenzel Jakob 5 | 6 | All rights reserved. Use of this source code is governed by a 7 | BSD-style license that can be found in the LICENSE file. 8 | */ 9 | 10 | #pragma once 11 | 12 | #if !defined(NAMESPACE_BEGIN) 13 | #define NAMESPACE_BEGIN(name) namespace name { 14 | #endif 15 | #if !defined(NAMESPACE_END) 16 | #define NAMESPACE_END(name) } 17 | #endif 18 | 19 | NAMESPACE_BEGIN(filesystem) 20 | 21 | class path; 22 | class resolver; 23 | 24 | NAMESPACE_END(filesystem) 25 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/filesystem/resolver.h: -------------------------------------------------------------------------------- 1 | /* 2 | resolver.h -- A simple class for cross-platform path resolution 3 | 4 | Copyright (c) 2015 Wenzel Jakob 5 | 6 | All rights reserved. Use of this source code is governed by a 7 | BSD-style license that can be found in the LICENSE file. 8 | */ 9 | 10 | #pragma once 11 | 12 | #include "path.h" 13 | 14 | NAMESPACE_BEGIN(filesystem) 15 | 16 | /** 17 | * \brief Simple class for resolving paths on Linux/Windows/Mac OS 18 | * 19 | * This convenience class looks for a file or directory given its name 20 | * and a set of search paths. The implementation walks through the 21 | * search paths in order and stops once the file is found. 22 | */ 23 | class resolver { 24 | public: 25 | typedef std::vector::iterator iterator; 26 | typedef std::vector::const_iterator const_iterator; 27 | 28 | resolver() { 29 | m_paths.push_back(path::getcwd()); 30 | } 31 | 32 | size_t size() const { return m_paths.size(); } 33 | 34 | iterator begin() { return m_paths.begin(); } 35 | iterator end() { return m_paths.end(); } 36 | 37 | const_iterator begin() const { return m_paths.begin(); } 38 | const_iterator end() const { return m_paths.end(); } 39 | 40 | void erase(iterator it) { m_paths.erase(it); } 41 | 42 | void prepend(const path &path) { m_paths.insert(m_paths.begin(), path); } 43 | void append(const path &path) { m_paths.push_back(path); } 44 | const path &operator[](size_t index) const { return m_paths[index]; } 45 | path &operator[](size_t index) { return m_paths[index]; } 46 | 47 | path resolve(const path &value) const { 48 | for (const_iterator it = m_paths.begin(); it != m_paths.end(); ++it) { 49 | path combined = *it / value; 50 | if (combined.exists()) 51 | return combined; 52 | } 53 | return value; 54 | } 55 | 56 | friend std::ostream &operator<<(std::ostream &os, const resolver &r) { 57 | os << "resolver[" << std::endl; 58 | for (size_t i = 0; i < r.m_paths.size(); ++i) { 59 | os << " \"" << r.m_paths[i] << "\""; 60 | if (i + 1 < r.m_paths.size()) 61 | os << ","; 62 | os << std::endl; 63 | } 64 | os << "]"; 65 | return os; 66 | } 67 | 68 | private: 69 | std::vector m_paths; 70 | }; 71 | 72 | NAMESPACE_END(filesystem) 73 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/iostream.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_OSTREAM_H_ 17 | #define LIEF_OSTREAM_H_ 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | namespace LIEF { 24 | class vector_iostream { 25 | public: 26 | 27 | using pos_type = std::streampos; 28 | using off_type = std::streamoff; 29 | 30 | vector_iostream(void); 31 | void reserve(size_t size); 32 | 33 | vector_iostream& put(uint8_t c); 34 | vector_iostream& write(const uint8_t* s, std::streamsize n); 35 | vector_iostream& write(const std::vector& s); 36 | vector_iostream& write(std::vector&& s); 37 | 38 | vector_iostream& get(std::vector& c); 39 | 40 | vector_iostream& flush(); 41 | 42 | // seeks: 43 | pos_type tellp(void); 44 | vector_iostream& seekp(pos_type p); 45 | vector_iostream& seekp(vector_iostream::off_type p, std::ios_base::seekdir dir); 46 | 47 | const std::vector& raw(void) const; 48 | 49 | private: 50 | pos_type current_pos_; 51 | std::vector raw_; 52 | }; 53 | 54 | 55 | // From https://stackoverflow.com/questions/27336335/c-cout-with-prefix 56 | class prefixbuf : public std::streambuf { 57 | public: 58 | prefixbuf(std::string const& prefix, std::streambuf* sbuf); 59 | 60 | private: 61 | std::string prefix; 62 | std::streambuf* sbuf; 63 | bool need_prefix; 64 | 65 | int sync(void); 66 | int overflow(int c); 67 | }; 68 | 69 | class oprefixstream : private virtual prefixbuf, public std::ostream { 70 | public: 71 | oprefixstream(std::string const& prefix, std::ostream& out); 72 | }; 73 | 74 | } 75 | #endif 76 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/json.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_JSON_H_ 17 | #define LIEF_JSON_H_ 18 | 19 | #include 20 | 21 | #ifdef LIEF_JSON_SUPPORT 22 | #include 23 | 24 | using json = nlohmann::json; 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/logging.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_LOGGING_H_ 17 | #define LIEF_LOGGING_H_ 18 | 19 | #include "LIEF/visibility.h" 20 | #include "LIEF/types.hpp" 21 | 22 | namespace LIEF { 23 | 24 | //! @brief Default logging configuration 25 | static const char* logging_config = R"config( 26 | * GLOBAL: 27 | FORMAT = "%msg" 28 | ENABLED = true 29 | TO_STANDARD_OUTPUT = true 30 | TO_FILE = false 31 | PERFORMANCE_TRACKING = true 32 | 33 | * DEBUG: 34 | FORMAT = "%func %msg" 35 | Enabled = true 36 | )config"; 37 | 38 | //! @brief **Hierarchical** logging level 39 | //! 40 | //! From a given level set, all levels below this 41 | //! level are enabled 42 | //! 43 | //! For example, if LOG_FATAL is enabled then LOG_ERROR, LOG_WARNING are also enabled 44 | enum LOGGING_LEVEL { 45 | LOG_GLOBAL = 1, 46 | LOG_TRACE = 2, 47 | LOG_DEBUG = 4, 48 | LOG_FATAL = 8, 49 | LOG_ERROR = 16, 50 | LOG_WARNING = 32, 51 | LOG_INFO = 64, 52 | LOG_VERBOSE = 128, 53 | LOG_UNKNOWN = 1010, 54 | }; 55 | 56 | DLL_PUBLIC const char* to_string(LOGGING_LEVEL e); 57 | 58 | class DLL_PUBLIC Logger { 59 | public: 60 | Logger(void); 61 | Logger(const Logger&) = delete; 62 | Logger& operator=(const Logger&) = delete; 63 | 64 | //! @brief Disable the logging module 65 | static void disable(void); 66 | 67 | //! @brief Enable the logging module 68 | static void enable(void); 69 | 70 | //! @brief Change the logging level (**hierarchical**) 71 | static void set_level(LOGGING_LEVEL level); 72 | 73 | //! @brief Change the verbose level 74 | static void set_verbose_level(uint32_t level); 75 | 76 | ~Logger(void); 77 | 78 | }; 79 | 80 | 81 | 82 | 83 | } 84 | 85 | #endif 86 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/to_json.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_TO_JSON_H_ 17 | #define LIEF_TO_JSON_H_ 18 | 19 | #include "LIEF/config.h" 20 | 21 | #ifdef LIEF_JSON_SUPPORT 22 | 23 | #include "LIEF/json.hpp" 24 | 25 | #include "LIEF/visitors/json.hpp" 26 | #include "LIEF/visitors/elf_json.hpp" 27 | #include "LIEF/visitors/pe_json.hpp" 28 | 29 | #include "LIEF/Abstract/Abstract.hpp" 30 | #include "LIEF/ELF.hpp" 31 | #include "LIEF/PE.hpp" 32 | 33 | namespace LIEF { 34 | template 35 | json to_json(const T& obj) { 36 | VISITOR visitor; 37 | visitor(obj); 38 | return visitor.get(); 39 | } 40 | 41 | template 42 | std::string to_json_str(const T& obj) { 43 | return to_json(obj).dump(); 44 | } 45 | 46 | } // namespace LIEF 47 | 48 | #endif // LIEF_JSON_SUPPORT 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/types.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_C_TYPES_H_ 17 | #define LIEF_C_TYPES_H_ 18 | #include 19 | #ifndef __cplusplus 20 | typedef int bool; 21 | #endif 22 | #endif 23 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/types.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_TYPES_H_ 17 | #define LIEF_TYPES_H_ 18 | #include 19 | #include 20 | #include 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/utf8.h: -------------------------------------------------------------------------------- 1 | // Copyright 2006 Nemanja Trifunovic 2 | 3 | /* 4 | Permission is hereby granted, free of charge, to any person or organization 5 | obtaining a copy of the software and accompanying documentation covered by 6 | this license (the "Software") to use, reproduce, display, distribute, 7 | execute, and transmit the Software, and to prepare derivative works of the 8 | Software, and to permit third-parties to whom the Software is furnished to 9 | do so, all subject to the following: 10 | 11 | The copyright notices in the Software and this entire statement, including 12 | the above license grant, this restriction and the following disclaimer, 13 | must be included in all copies of the Software, in whole or in part, and 14 | all derivative works of the Software, unless such copies or derivative 15 | works are solely in the form of machine-executable object code generated by 16 | a source language processor. 17 | 18 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 | FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT 21 | SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE 22 | FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, 23 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 24 | DEALINGS IN THE SOFTWARE. 25 | */ 26 | 27 | 28 | #ifndef UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731 29 | #define UTF8_FOR_CPP_2675DCD0_9480_4c0c_B92A_CC14C027B731 30 | 31 | #include "utf8/checked.h" 32 | #include "utf8/unchecked.h" 33 | 34 | #endif // header guard 35 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/utils.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_UTILS_HEADER 17 | #define LIEF_UTILS_HEADER 18 | #include "LIEF/types.hpp" 19 | namespace LIEF { 20 | uint64_t align(uint64_t value, uint64_t align_on); 21 | 22 | 23 | template 24 | inline constexpr T round(T x) { 25 | return static_cast(round(x)); 26 | } 27 | 28 | 29 | template<> 30 | inline uint64_t round(uint64_t x) { 31 | //From http://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2 32 | x--; 33 | x |= x >> 1; // handle 2 bit numbers 34 | x |= x >> 2; // handle 4 bit numbers 35 | x |= x >> 4; // handle 8 bit numbers 36 | x |= x >> 8; // handle 16 bit numbers 37 | x |= x >> 16; // handle 32 bit numbers 38 | x |= x >> 32; // handle 64 bit numbers 39 | x++; 40 | return x; 41 | } 42 | 43 | 44 | constexpr size_t operator ""_KB(unsigned long long kbs) 45 | { 46 | return 1024 * kbs; 47 | } 48 | 49 | constexpr size_t operator ""_MB(unsigned long long mbs) 50 | { 51 | return 1024 * 1024 * mbs; 52 | } 53 | 54 | constexpr size_t operator ""_GB(unsigned long long gbs) 55 | { 56 | return 1024 * 1024 * 1024 * gbs; 57 | } 58 | 59 | 60 | } 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/version.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_VERSION_H_ 17 | #define LIEF_VERSION_H_ 18 | 19 | #if defined(NDEBUG) 20 | #define LIEF_NAME "LIEF" 21 | #else 22 | #define LIEF_NAME "LIEF (Debug)" 23 | #endif 24 | 25 | #define LIEF_VERSION "0.8.3-18d5b75" 26 | 27 | #define HUMAN_VERSION " v" LIEF_VERSION 28 | #define HUMAN_NAME NAME HUMAN_VERSION 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/visibility.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_SYMBOL_VISIBILITY_H_ 17 | #define LIEF_SYMBOL_VISIBILITY_H_ 18 | 19 | #if defined(__clang__) || defined(__GNUC__) 20 | #define DLL_PUBLIC __attribute__ ((visibility ("default"))) 21 | #define DLL_LOCAL __attribute__ ((visibility ("hidden"))) 22 | #else 23 | #define DLL_PUBLIC 24 | #define DLL_LOCAL 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/visitors/Hash.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_HASH_H_ 17 | #define LIEF_HASH_H_ 18 | 19 | #include 20 | 21 | #include "LIEF/visibility.h" 22 | #include "LIEF/Visitable.hpp" 23 | #include "LIEF/Visitor.hpp" 24 | 25 | 26 | namespace LIEF { 27 | class DLL_PUBLIC Hash : public Visitor { 28 | 29 | public: 30 | using Visitor::visit; 31 | Hash(void); 32 | Hash(size_t init_value); 33 | 34 | template 35 | static size_t hash(const T& obj); 36 | 37 | // combine two elements to produce a size_t. 38 | template 39 | static inline size_t combine(size_t lhs, U rhs); 40 | 41 | static size_t hash(const std::vector& raw); 42 | static size_t hash(const void* raw, size_t size); 43 | 44 | virtual void visit(size_t n) override; 45 | virtual void visit(const std::string& str) override; 46 | virtual void visit(const std::u16string& str) override; 47 | virtual void visit(const std::vector& raw) override; 48 | 49 | size_t value(void) const; 50 | 51 | protected: 52 | size_t value_; 53 | 54 | }; 55 | 56 | template 57 | size_t Hash::combine(size_t lhs, U rhs) { 58 | return (lhs ^ rhs) + 0x9e3779b9 + (lhs << 6) + (rhs >> 2); 59 | } 60 | 61 | 62 | template 63 | size_t Hash::hash(const T& obj) { 64 | static_assert(std::is_base_of::value, "Hash require inheritance of 'Visitable'"); 65 | Hash hasher; 66 | obj.accept(hasher); 67 | return hasher.value(); 68 | 69 | } 70 | 71 | } 72 | 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /LIEF/include/LIEF/visitors/json.hpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #ifndef LIEF_VISITOR_JSONS_H_ 17 | #define LIEF_VISITOR_JSONS_H_ 18 | 19 | #include "LIEF/config.h" 20 | 21 | #ifdef LIEF_JSON_SUPPORT 22 | 23 | #include "LIEF/visibility.h" 24 | #include "LIEF/Visitor.hpp" 25 | #include "LIEF/json.hpp" 26 | 27 | namespace LIEF { 28 | class DLL_PUBLIC JsonVisitor : public Visitor { 29 | 30 | public: 31 | using LIEF::Visitor::visit; 32 | 33 | JsonVisitor(void); 34 | JsonVisitor(const json& node); 35 | JsonVisitor(const JsonVisitor&); 36 | JsonVisitor& operator=(const JsonVisitor&); 37 | 38 | virtual void visit(const Binary& binary) override; 39 | virtual void visit(const Header& header) override; 40 | virtual void visit(const Section& section) override; 41 | virtual void visit(const Symbol& symbol) override; 42 | 43 | const json& get(void) const; 44 | 45 | protected: 46 | json node_; 47 | 48 | 49 | }; 50 | 51 | } 52 | 53 | #endif // LIEF_JSON_SUPPORT 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /LIEF/lib/libLIEF.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bestswifter/bsUUIDModifier/ff5cf866dfbb99e5b8ca5ec3bd0b906f7b0fd8f4/LIEF/lib/libLIEF.a -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/external_project/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.02) 2 | 3 | include(ExternalProject) 4 | 5 | project(CMakeLIEF) 6 | 7 | # LIEF as an External Project 8 | # =========================== 9 | set(LIEF_PREFIX "${CMAKE_CURRENT_BINARY_DIR}/LIEF") 10 | set(LIEF_INSTALL_DIR "${LIEF_PREFIX}") 11 | set(LIEF_INCLUDE_DIRS "${LIEF_PREFIX}/include") 12 | 13 | # LIEF static library 14 | set(LIB_LIEF_STATIC 15 | "${LIEF_PREFIX}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}LIEF${CMAKE_STATIC_LIBRARY_SUFFIX}") 16 | 17 | # URL of the LIEF repo (Can be your fork) 18 | set(LIEF_GIT_URL "https://github.com/lief-project/LIEF.git") 19 | 20 | # LIEF's version to be used (can be 'master') 21 | set(LIEF_VERSION 0.7.0) 22 | 23 | # LIEF compilation config 24 | set(LIEF_CMAKE_ARGS 25 | -DCMAKE_INSTALL_PREFIX= 26 | -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE} 27 | -DLIEF_DOC=off 28 | -DLIEF_PYTHON_API=off 29 | -DLIEF_EXAMPLES=off 30 | -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER} 31 | -DCMAKE_C_COMPILER=${CMAKE_C_COMPILER} 32 | ) 33 | 34 | ExternalProject_Add(LIEF 35 | PREFIX "${PACKER_LIEF_PREFIX}" 36 | GIT_REPOSITORY ${LIEF_GIT_URL} 37 | GIT_TAG ${LIEF_VERSION} 38 | INSTALL_DIR ${LIEF_INSTALL_DIR} 39 | CMAKE_ARGS ${LIEF_CMAKE_ARGS} 40 | BUILD_BYPRODUCTS ${LIEF_LIBRARIES} 41 | UPDATE_COMMAND "" 42 | ) 43 | 44 | 45 | # Add our executable 46 | # ================== 47 | add_executable(HelloLIEF main.cpp) 48 | 49 | if (MSVC) 50 | # Used for the 'and', 'or' ... keywords - See: http://www.cplusplus.com/reference/ciso646/ 51 | target_compile_options(HelloLIEF PUBLIC /FIiso646.h) 52 | set_property(TARGET HelloLIEF PROPERTY LINK_FLAGS /NODEFAULTLIB:MSVCRT) 53 | endif() 54 | 55 | # Setup the LIEF include directory 56 | target_include_directories(HelloLIEF 57 | PUBLIC 58 | ${LIEF_INCLUDE_DIRS} 59 | ) 60 | 61 | # Enable C++11 62 | set_property(TARGET HelloLIEF PROPERTY CXX_STANDARD 11) 63 | set_property(TARGET HelloLIEF PROPERTY CXX_STANDARD_REQUIRED ON) 64 | 65 | # Link the executable with LIEF 66 | target_link_libraries(HelloLIEF PUBLIC ${LIB_LIEF_STATIC}) 67 | 68 | add_dependencies(HelloLIEF LIEF) 69 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/external_project/README.rst: -------------------------------------------------------------------------------- 1 | LIEF CMake Integration Example - ExternalProject 2 | ================================================ 3 | 4 | 5 | .. code-block:: console 6 | 7 | $ mkdir build 8 | $ cd build 9 | $ cmake .. 10 | $ make 11 | $ HelloLIEF /bin/ls # or explorer.exe or what ever 12 | 13 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/external_project/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char** argv) { 5 | if (argc != 2) { 6 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 7 | return 1; 8 | } 9 | 10 | LIEF::Binary* binary = LIEF::Parser::parse(argv[1]); 11 | std::cout << *binary << std::endl; 12 | delete binary; 13 | } 14 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/find_package/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.1) 2 | 3 | project(CMakeLIEF) 4 | 5 | # Use LIEF with 'find_package()' 6 | # ============================== 7 | 8 | # Custom path to the LIEF install directory 9 | set(LIEF_ROOT CACHE PATH ${CMAKE_INSTALL_PREFIX}) 10 | 11 | # Directory to 'FindLIEF.cmake' 12 | list(APPEND CMAKE_MODULE_PATH ${LIEF_ROOT}/share/LIEF/cmake) 13 | 14 | # include 'FindLIEF.cmake' 15 | include(FindLIEF) 16 | 17 | # Find LIEF 18 | find_package(LIEF REQUIRED COMPONENTS STATIC) # COMPONENTS: - Default: STATIC 19 | 20 | # Add our executable 21 | # ================== 22 | add_executable(HelloLIEF main.cpp) 23 | 24 | if (MSVC) 25 | # Used for the 'and', 'or' ... keywords - See: http://www.cplusplus.com/reference/ciso646/ 26 | target_compile_options(HelloLIEF PUBLIC /FIiso646.h) 27 | set_property(TARGET HelloLIEF PROPERTY LINK_FLAGS /NODEFAULTLIB:MSVCRT) 28 | endif() 29 | 30 | # Setup the LIEF include directory 31 | target_include_directories(HelloLIEF 32 | PUBLIC 33 | ${LIEF_INCLUDE_DIRS} 34 | ) 35 | 36 | # Enable C++11 37 | set_property(TARGET HelloLIEF PROPERTY CXX_STANDARD 11) 38 | set_property(TARGET HelloLIEF PROPERTY CXX_STANDARD_REQUIRED ON) 39 | 40 | # Link the executable with LIEF 41 | target_link_libraries(HelloLIEF PUBLIC ${LIEF_LIBRARIES}) 42 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/find_package/README.rst: -------------------------------------------------------------------------------- 1 | LIEF CMake Integration Example - find_package() 2 | =============================================== 3 | 4 | 5 | .. code-block:: console 6 | 7 | $ mkdir build 8 | $ cd build 9 | $ cmake -DLIEF_ROOT= .. # By default, LIEF_ROOT=CMAKE_INSTALL_PREFIX 10 | $ make 11 | $ HelloLIEF /bin/ls # or explorer.exe or whatever 12 | 13 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cmake/find_package/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int main(int argc, char** argv) { 5 | if (argc != 2) { 6 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 7 | return 1; 8 | } 9 | 10 | LIEF::Binary* binary = LIEF::Parser::parse(argv[1]); 11 | std::cout << *binary << std::endl; 12 | delete binary; 13 | } 14 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/abstract_reader.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | 19 | #include 20 | #include 21 | 22 | int main(int argc, char **argv) { 23 | std::cout << "Abstract Reader" << std::endl; 24 | if (argc != 2) { 25 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 26 | return -1; 27 | } 28 | 29 | std::unique_ptr binary{LIEF::Parser::parse(argv[1])}; 30 | 31 | std::cout << "== Header ==" << std::endl; 32 | std::cout << binary->header() << std::endl; 33 | 34 | std::cout << "== Sections ==" << std::endl; 35 | for (const LIEF::Section& s : binary->sections()) { 36 | std::cout << s << std::endl; 37 | } 38 | 39 | std::cout << "== Symbols ==" << std::endl; 40 | for (const LIEF::Symbol& s : binary->symbols()) { 41 | std::cout << s << std::endl; 42 | } 43 | 44 | std::cout << "== Exported functions ==" << std::endl; 45 | for(const std::string& name : binary->exported_functions()) { 46 | std::cout << name << std::endl; 47 | } 48 | 49 | std::cout << "== Imported functions ==" << std::endl; 50 | for(const std::string& name : binary->imported_functions()) { 51 | std::cout << name << std::endl; 52 | } 53 | 54 | std::cout << "== Imported Libraries ==" << std::endl; 55 | for(const std::string& name : binary->imported_libraries()) { 56 | std::cout << name << std::endl; 57 | } 58 | 59 | std::cout << "== Relocation ==" << std::endl; 60 | for(const LIEF::Relocation& relocation : binary->relocations()) { 61 | std::cout << relocation << std::endl; 62 | } 63 | 64 | return 0; 65 | 66 | 67 | } 68 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/benchmark.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | 19 | #include 20 | 21 | 22 | int main(int argc, char **argv) { 23 | LIEF::Logger::set_level(LIEF::LOGGING_LEVEL::LOG_INFO); 24 | if (argc != 2) { 25 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 26 | return EXIT_FAILURE; 27 | } 28 | 29 | std::chrono::time_point start, end; 30 | start = std::chrono::system_clock::now(); 31 | 32 | const LIEF::Binary* binary = LIEF::Parser::parse(argv[1]); 33 | 34 | end = std::chrono::system_clock::now(); 35 | 36 | delete binary; 37 | 38 | size_t elapsed_seconds = std::chrono::duration_cast(end - start).count(); 39 | std::cout << "[Parser] Time: " << std::dec << elapsed_seconds << "s" << std::endl; 40 | 41 | } 42 | 43 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/elf_add_section.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | #include 24 | 25 | #include 26 | 27 | using namespace LIEF::ELF; 28 | 29 | int main(int argc, char **argv) { 30 | std::cout << "ELF Section rename" << std::endl; 31 | if (argc != 3) { 32 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 33 | return -1; 34 | } 35 | 36 | std::unique_ptr binary{Parser::parse(argv[1])}; 37 | for (size_t i = 0; i < 2; ++i) { 38 | Section new_section{".test"}; 39 | std::vector data(100, 0); 40 | new_section.content(std::move(data)); 41 | binary->add(new_section); 42 | } 43 | binary->write(argv[2]); 44 | 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/elf_builder.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | // 17 | // Description 18 | // =========== 19 | // The tool is used to test the rebuilding of a binary. 20 | // It take a binary as first argument, decompose it, rebuild the binary and then 21 | // save it (second argument) 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | #include 30 | #include 31 | 32 | int main(int argc, char **argv) { 33 | std::cout << "ELF builder" << std::endl; 34 | if (argc != 3) { 35 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 36 | return -1; 37 | } 38 | 39 | std::unique_ptr binary{LIEF::ELF::Parser::parse(argv[1])}; 40 | //LIEF::ELF::Builder builder{binary.release()}; 41 | //builder.empties_gnuhash(true); 42 | //builder.build(); 43 | //builder.write(argv[2]); 44 | binary->write(argv[2]); 45 | 46 | return 0; 47 | } 48 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/elf_strip.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | 22 | #include 23 | 24 | int main(int argc, char **argv) { 25 | std::cout << "ELF Strip" << std::endl; 26 | if (argc != 3) { 27 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 28 | return -1; 29 | } 30 | 31 | std::unique_ptr binary{LIEF::ELF::Parser::parse(argv[1])}; 32 | binary->strip(); 33 | binary->write(argv[2]); 34 | 35 | return 0; 36 | } 37 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/elf_symbols.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | 19 | #include 20 | 21 | using namespace LIEF::ELF; 22 | 23 | int main(int argc, char **argv) { 24 | if (argc != 2) { 25 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 26 | return EXIT_FAILURE; 27 | } 28 | 29 | if (not is_elf(argv[1])) { 30 | std::cerr << argv[1] << " is not a ELF file. Abort !" << std::endl; 31 | return EXIT_FAILURE; 32 | } 33 | 34 | std::unique_ptr binary{Parser::parse(argv[1])}; 35 | 36 | std::cout << "== Exported Symbols ==" << std::endl; 37 | for (const Symbol& symbol : binary->exported_symbols()) { 38 | std::cout << symbol << std::endl; 39 | } 40 | std::cout << "== Imported Symbols ==" << std::endl; 41 | for (const Symbol& symbol : binary->imported_symbols()) { 42 | std::cout << symbol << std::endl; 43 | } 44 | 45 | 46 | return 0; 47 | 48 | } 49 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/logging.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | #include 17 | #include 18 | 19 | #include 20 | 21 | int main(int argc, char **argv) { 22 | std::cout << "Abstract Reader" << std::endl; 23 | if (argc != 2) { 24 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 25 | return -1; 26 | } 27 | 28 | std::cout << "Parsing with Global level" << std::endl; 29 | std::cout << "=========================" << std::endl; 30 | 31 | LIEF::Logger::set_level(LIEF::LOGGING_LEVEL::LOG_GLOBAL); 32 | std::unique_ptr binary_global{LIEF::Parser::parse(argv[1])}; 33 | 34 | std::cout << "Parsing with Debug level" << std::endl; 35 | std::cout << "========================" << std::endl; 36 | 37 | LIEF::Logger::set_level(LIEF::LOGGING_LEVEL::LOG_DEBUG); 38 | std::unique_ptr binary_debug{LIEF::Parser::parse(argv[1])}; 39 | 40 | return 0; 41 | } 42 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/macho_builder.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | // 17 | // Description 18 | // =========== 19 | // The tool is used to test the rebuilding of a binary. 20 | // It take a binary as first argument, decompose it, rebuild the binary and then 21 | // save it (second argument) 22 | // 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include 31 | 32 | using namespace LIEF; 33 | 34 | int main(int argc, char **argv) { 35 | std::cout << "MachO Rebuilder" << std::endl; 36 | if (argc != 3) { 37 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 38 | return -1; 39 | } 40 | 41 | std::unique_ptr binaries{MachO::Parser::parse(argv[1])}; 42 | MachO::Binary& binary = binaries->back(); 43 | binary.write(argv[2]); 44 | 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/cpp/pe_builder.cpp: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | // 17 | // Description 18 | // =========== 19 | // The tool is used to test the rebuilding of a binary. 20 | // It take a binary as first argument, decompose it, rebuild the binary and then 21 | // save it (second argument) 22 | // 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | #include 31 | 32 | using namespace LIEF::PE; 33 | int main(int argc, char **argv) { 34 | std::cout << "PE Rebuilder" << std::endl; 35 | if (argc != 3) { 36 | std::cerr << "Usage: " << argv[0] << " " << std::endl; 37 | return -1; 38 | } 39 | 40 | std::unique_ptr binary{Parser::parse(argv[1])}; 41 | Builder builder{binary.get()}; 42 | 43 | builder 44 | .build_imports(false) 45 | .patch_imports(false) 46 | .build_tls(false) 47 | .build_resources(false); 48 | 49 | builder.build(); 50 | builder.write(argv[2]); 51 | std::cout << binary->name() << std::endl; 52 | 53 | return 0; 54 | } 55 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/abstract_json.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # Dump abstract informations in a JSON format 7 | # see: abstract_reader.py 8 | 9 | import argparse 10 | import sys 11 | import lief 12 | import json 13 | 14 | def main(): 15 | parser = argparse.ArgumentParser() 16 | parser.add_argument('binary', help = 'A binary') 17 | args = parser.parse_args() 18 | 19 | binary = lief.parse(args.binary) 20 | json_data = json.loads(lief.abstract_to_json(binary)) 21 | print(json.dumps(json_data, sort_keys = True, indent = 4)) 22 | 23 | if __name__ == "__main__": 24 | sys.exit(main()) 25 | 26 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/change_elf_interpreter.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import lief 3 | import argparse 4 | import os 5 | import stat 6 | import sys 7 | 8 | def change_interpreter(target, interpreter, output=None): 9 | if not os.path.isfile(target) or not lief.is_elf(target): 10 | print("Wrong target! ({})".format(target)) 11 | return 1 12 | 13 | 14 | if not os.path.isfile(interpreter) or not lief.is_elf(interpreter): 15 | print("Wrong interpreter! ({})".format(interpreter)) 16 | return 1 17 | 18 | binary = lief.parse(target) 19 | if not binary.has_interpreter: 20 | print("The given target doesn't have interpreter!") 21 | return 1 22 | 23 | binary.interpreter = interpreter 24 | 25 | output_path = output 26 | if output_path is None: 27 | output_path = os.path.basename(target) 28 | output_path += "_updated" 29 | 30 | if os.path.isfile(output_path): 31 | os.remove(output_path) 32 | 33 | binary.write(output_path) 34 | 35 | # Set as executable 36 | st = os.stat(output_path) 37 | os.chmod(output_path, st.st_mode | stat.S_IEXEC) 38 | return 0 39 | 40 | 41 | def main(): 42 | parser = argparse.ArgumentParser(description='Change the ELF interpreter of the given binary') 43 | 44 | 45 | parser.add_argument("-o", "--output", 46 | help = 'Path to the binary rewritten', 47 | action = 'store', 48 | default = None) 49 | 50 | parser.add_argument("target", 51 | metavar="", 52 | help='Target ELF file') 53 | 54 | parser.add_argument("interpreter", 55 | metavar="", 56 | help='Path to the new interpreter') 57 | 58 | 59 | args = parser.parse_args() 60 | 61 | status = change_interpreter(args.target, args.interpreter, args.output) 62 | sys.exit(status) 63 | 64 | 65 | if __name__ == "__main__": 66 | main() 67 | 68 | 69 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/elf_json.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # Print information about a ELF binary in the JSON format 7 | # 8 | # python elf_json.py /bin/ls 9 | #   10 | # { 11 | # "dynamic_entries": [ 12 | # { 13 | # "library": "libcap.so.2", 14 | # "tag": "NEEDED", 15 | # "value": 1 16 | # }, 17 | # { 18 | # "library": "libc.so.6", 19 | # "tag": "NEEDED", 20 | # "value": 74 21 | # }, 22 | # ... 23 | 24 | 25 | import argparse 26 | import sys 27 | import lief 28 | import json 29 | 30 | 31 | 32 | def main(): 33 | parser = argparse.ArgumentParser() 34 | parser.add_argument('binary', help='ELF binary') 35 | args = parser.parse_args() 36 | 37 | binary = lief.parse(args.binary) 38 | json_data = json.loads(lief.to_json(binary)) 39 | print(json.dumps(json_data, sort_keys = True, indent = 4)) 40 | 41 | if __name__ == "__main__": 42 | sys.exit(main()) 43 | 44 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/elf_remove_section_table.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # Remove the section table from an ELF binary 7 | # so that some tools are blow minded (e.g. gdb) 8 | # 9 | # Example: 10 | # $ python elf_remove_section_table.py /bin/ls ls_without_sections 11 | # $ ls 12 | # elf_remove_section_table.py ls_without_sections 13 | # $ ls_without_sections 14 | # $ elf_remove_section_table.py ls_without_sections 15 | # $ readelf -S ls_without_sections 16 | # 17 | # Il n'y a pas de section dans ce fichier. 18 | # $ gdb ls_without_sections 19 | # "ls_without_sections": not in executable format: File format not recognized 20 | 21 | import sys 22 | import lief 23 | from lief import ELF 24 | 25 | def remove_section_table(filename, output): 26 | binary = lief.parse(filename) # Build an ELF binary 27 | 28 | header = binary.header 29 | header.section_header_offset = 0; 30 | header.numberof_sections = 0; 31 | 32 | binary.write(output); 33 | 34 | 35 | if __name__ == "__main__": 36 | 37 | if len(sys.argv) != 3: 38 | print("Usage: {} ".format(sys.argv[0])) 39 | sys.exit(1) 40 | 41 | remove_section_table(sys.argv[1], sys.argv[2]) 42 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/elf_symbol_obfuscation.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | 5 | # In this example, we replace all statics symbols in the .symtab 6 | # with a random name. 7 | # 8 | # Example: 9 | # 10 | # >>> readelf -s ./hello_c 11 | # 12 | # 28: 0600700 0 OBJECT LOCAL DEFAULT 19 __JCR_LIST__ 13 | # 29: 0400420 0 FUNC LOCAL DEFAULT 12 deregister_tm_clones 14 | # 30: 0400460 0 FUNC LOCAL DEFAULT 12 register_tm_clones 15 | # 31: 04004a0 0 FUNC LOCAL DEFAULT 12 __do_global_dtors_aux 16 | # 32: 0600920 1 OBJECT LOCAL DEFAULT 24 completed.6940 17 | # 33: 06006f8 0 OBJECT LOCAL DEFAULT 18 __do_global_dtors_aux_fin 18 | # ... 19 | # 20 | # >>> python elf_symbol_obfuscation ./hello_c ./hello_c.obf 21 | # 22 | # >>> readelf -s ./hello_c.obf 23 | # 24 | # 28: 0600700 0 OBJECT LOCAL DEFAULT 19 xnsffdfsryna 25 | # 29: 0400420 0 FUNC LOCAL DEFAULT 12 wsadqwrubbmdugrxzwiv 26 | # 30: 0400460 0 FUNC LOCAL DEFAULT 12 wrgeecrckeskyishte 27 | # 31: 04004a0 0 FUNC LOCAL DEFAULT 12 pqhfpptwtqzuiefrwnwdk 28 | # 32: 0600920 1 OBJECT LOCAL DEFAULT 24 vwevxfvdmcrjdv 29 | # 33: 06006f8 0 OBJECT LOCAL DEFAULT 18 rksefyibghsyhbbnfikknpvzc 30 | 31 | 32 | 33 | import lief 34 | import sys 35 | import random, string 36 | 37 | def randomword(length): 38 | return ''.join(random.choice(string.ascii_lowercase) for i in range(length)) 39 | 40 | def randomize(binary, output): 41 | 42 | symbols = binary.static_symbols 43 | if len(symbols) == 0: 44 | print("No symbols") 45 | return 46 | for symbol in symbols: 47 | symbol.name = randomword(len(symbol.name)) 48 | 49 | binary.write(output) 50 | 51 | if __name__ == '__main__': 52 | if len(sys.argv) != 3: 53 | print("Usage:", sys.argv[0], " ") 54 | sys.exit(-1) 55 | 56 | binary = lief.parse(sys.argv[1]) 57 | randomize(binary, sys.argv[2]) 58 | 59 | 60 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/elf_unstrip.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # In this example, we assume that we found 7 | # the ``main`` function at address 0x402A00 8 | # and we add a static symbol to the binary 9 | # so that we can do: 10 | # 11 | # (gdb) break main 12 | # Breakpoint 1 at 0x402a00 13 | 14 | from lief import ELF 15 | import sys 16 | 17 | binary = ELF.parse(sys.argv[1]) 18 | 19 | symtab_section = ELF.Section() 20 | symtab_section.name = "" 21 | symtab_section.type = ELF.SECTION_TYPES.SYMTAB 22 | symtab_section.entry_size = 0x18 23 | symtab_section.alignment = 8 24 | symtab_section.link = len(binary.sections) + 1 25 | symtab_section.content = [0] * 100 26 | 27 | symstr_section = ELF.Section() 28 | symstr_section.name = "" 29 | symstr_section.type = ELF.SECTION_TYPES.STRTAB 30 | symstr_section.entry_size = 1 31 | symstr_section.alignment = 1 32 | symstr_section.content = [0] * 100 33 | 34 | symtab_section = binary.add(symtab_section, loaded=False) 35 | symstr_section = binary.add(symstr_section, loaded=False) 36 | 37 | symbol = ELF.Symbol() 38 | symbol.name = "" 39 | symbol.type = ELF.SYMBOL_TYPES.NOTYPE 40 | symbol.value = 0 41 | symbol.binding = ELF.SYMBOL_BINDINGS.LOCAL 42 | symbol.size = 0 43 | symbol.shndx = 0 44 | symbol = binary.add_static_symbol(symbol) 45 | 46 | symbol = ELF.Symbol() 47 | symbol.name = "main" 48 | symbol.type = ELF.SYMBOL_TYPES.FUNC 49 | symbol.value = 0x402A00 50 | symbol.binding = ELF.SYMBOL_BINDINGS.LOCAL 51 | symbol.shndx = 14 52 | symbol = binary.add_static_symbol(symbol) 53 | 54 | print(symbol) 55 | 56 | binary.write(sys.argv[2]) 57 | 58 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/keygen/KeygenMe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bestswifter/bsUUIDModifier/ff5cf866dfbb99e5b8ca5ec3bd0b906f7b0fd8f4/LIEF/share/LIEF/examples/python/keygen/KeygenMe -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/keygen/lief_patch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python2 2 | 3 | # Description 4 | # ----------- 5 | # Patch binary to remove anti-debug 6 | 7 | import sys 8 | from lief import ELF 9 | import distorm3 10 | 11 | 12 | def remove_anti_debug(binary): 13 | patch = [0x83, 0xf8, 0xff, 0x90, 0x90] # cmp eax, 0xFFFFFFFF 14 | ep = binary.header.entrypoint 15 | text_section = binary.section_from_virtual_address(ep) 16 | code = "".join(map(chr, text_section.content)) 17 | iterable = distorm3.DecodeGenerator(text_section.virtual_address, code, distorm3.Decode32Bits) 18 | for (offset, size, instruction, hexdump) in iterable: 19 | if "CMP EAX, 0x3000" in instruction: 20 | # Patch 3d 00 30 00 00 21 | binary.patch_address(offset, patch) 22 | print("[PATCH] %.8x: %-32s %s" % (offset, hexdump, instruction)) 23 | 24 | # Distorm didn't get this one 25 | binary.patch_address(0x804936B, patch) 26 | 27 | def crack_it(binary): 28 | # user: what you wants 29 | # serial: any NUMBER 30 | 31 | patch1 = [0x31, 0xD2] # xor edx, edx 32 | patch2 = [0x31, 0xC0] # xor eax, eax 33 | 34 | binary.patch_address(0x8049486, patch1) # xor edx, edi --> xor edx, edx 35 | binary.patch_address(0x8049488, patch2) # xor eax, ecx --> xor eax, eax 36 | 37 | def main(argv): 38 | binary = ELF.parse("./KeygenMe") 39 | remove_anti_debug(binary) 40 | crack_it(binary) 41 | binary.write("./KeygenMe.crack") 42 | return 0 43 | 44 | 45 | if __name__ == "__main__": 46 | sys.exit(main(sys.argv)) 47 | 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/Makefile: -------------------------------------------------------------------------------- 1 | CC=gcc 2 | CXX=g++ 3 | 4 | all: binadd.bin obfu 5 | 6 | libadd.so: libadd.c 7 | $(CC) -Wl,--hash-style=gnu -fPIC -shared -o $@ $^ 8 | 9 | binadd.bin: binadd.c libadd.so 10 | $(CC) $^ -Wl,--hash-style=gnu -L. -ladd -o $@ 11 | chmod a+rx $@ 12 | 13 | run: libadd.so binadd.bin obfu 14 | LD_LIBRARY_PATH=. ./binadd.bin 1 2 15 | LD_LIBRARY_PATH=. ./binadd_obf.bin 1 2 16 | 17 | 18 | obfu: binadd.bin libadd.so 19 | python ./obfu.py 20 | chmod a+x *.bin 21 | chmod a+x *.so 22 | 23 | .PHONY: clean 24 | 25 | clean: 26 | rm -rf *.o *~ *.so *.bin 27 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/README.md: -------------------------------------------------------------------------------- 1 | Presentation 2 | ============ 3 | 4 | The aim of this example is to show how we can change dynamic symbols in both 5 | library and binary. 6 | 7 | In the example we will change the symbol `add` to `abc` and the library name 8 | `libadd.so` to `libabc.so` 9 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/binadd.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "libadd.h" 5 | 6 | int main(int argc, char **argv) { 7 | if (argc != 3) { 8 | printf("Usage: %s \n", argv[0]); 9 | exit(-1); 10 | } 11 | 12 | int res = add(atoi(argv[1]), atoi(argv[2])); 13 | printf("From myLIb, a + b = %d\n", res); 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/libadd.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "libadd.h" 4 | 5 | int add(int a, int b) { 6 | printf("%d + %d = %d\n", a, b, a+b); 7 | return a + b; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/libadd.h: -------------------------------------------------------------------------------- 1 | /* Copyright 2017 R. Thomas 2 | * Copyright 2017 Quarkslab 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | int add(int a, int b); 17 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/library_symbols_obfuscation/obfu.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import lief 3 | 4 | libadd = lief.ELF.parse("./libadd.so") 5 | binadd = lief.ELF.parse("./binadd.bin") 6 | 7 | libadd_dynsym = libadd.dynamic_symbols 8 | binadd_dynsym = binadd.dynamic_symbols 9 | 10 | # Change add in the libary 11 | for sym in libadd_dynsym: 12 | if sym.name == "add": 13 | sym.name = "abc" 14 | 15 | # Change "add" in the binary 16 | for sym in binadd_dynsym: 17 | if sym.name == "add": 18 | sym.name = "abc" 19 | 20 | 21 | # change library name in the binary 22 | for entry in binadd.dynamic_entries: 23 | if entry.tag == lief.ELF.NEEDED and entry.name == "libadd.so": 24 | entry.name = "libabc.so" 25 | 26 | 27 | libadd.write("libabc.so"); 28 | binadd.write("binadd_obf.bin") 29 | 30 | 31 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/nm.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # 7 | # This tool is a cross format Linux nm like. It prints all symbols 8 | # present in the binary. For `PE` it will print symbols in the *symbol section* 9 | # and for `ELF` it will print *static* symbols **AND** *dynamic* symbols. 10 | # 11 | # Example: 12 | # 13 | # >>> nm("/usr/bin/ls") 14 | # >>> nm("C:\\Windows\\explorer.exe") 15 | 16 | import sys 17 | from lief import parse 18 | 19 | def nm(filename): 20 | """ Return symbols from *filename* binary """ 21 | binary = parse(filename) # Build an abstract binary 22 | symbols = binary.symbols 23 | 24 | if len(symbols) > 0: 25 | for symbol in symbols: 26 | print(symbol) 27 | else: 28 | print("No symbols found") 29 | 30 | 31 | if __name__ == "__main__": 32 | 33 | if len(sys.argv) != 2: 34 | print("Usage: " + sys.argv[0] + " ") 35 | sys.exit(-1) 36 | 37 | nm(sys.argv[1]) 38 | 39 | 40 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/pe_authenticode.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | import sys 5 | import lief 6 | 7 | # Description: 8 | # ----------- 9 | # Print certificates included in a signed PE 10 | # 11 | # Example: 12 | # python pe_authenticode.py driver.sys 13 | # 14 | # Version: 3 15 | # Serial Number: 61:04:ca:69:00:00:00:00:00:08 16 | # Signature Algorithm: SHA1_WITH_RSA_ENCRYPTION 17 | # Valid from: 2007-6-5 22:3:21 18 | # Valid to: 2012-6-5 22:13:21 19 | # Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time-Stamp PCA 20 | # Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=nCipher DSE ESN:A5B0-CDE0-DC94, CN=Microsoft Time-Stamp Service 21 | # 22 | # Version: 3 23 | # Serial Number: 61:01:c6:c1:00:00:00:00:00:07 24 | # Signature Algorithm: SHA1_WITH_RSA_ENCRYPTION 25 | # Valid from: 2008-10-22 20:39:22 26 | # Valid to: 2010-1-22 20:49:22 27 | # Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Verification PCA 28 | # Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=MOPR, CN=Microsoft Windows 29 | # .... 30 | 31 | def print_crt(binary): 32 | for crt in binary.signature.certificates: 33 | print(crt) 34 | 35 | if __name__ == '__main__': 36 | if len(sys.argv) != 2: 37 | print("Usage: {} ".format(sys.argv[0])) 38 | sys.exit(1) 39 | 40 | binary = lief.parse(sys.argv[1]) 41 | print_crt(binary) 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/pe_from_scratch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description: 5 | # Create a PE which pop a MessageBox 6 | # with the message "Hello World" 7 | 8 | from lief import PE 9 | 10 | title = "LIEF is awesome\0" 11 | message = "Hello World\0" 12 | 13 | data = list(map(ord, title)) 14 | data += list(map(ord, message)) 15 | code = [ 16 | 0x6a, 0x00, # push 0x00 uType 17 | 0x68, 0x00, 0x20, 0x40, 0x00, # push VA(title) 18 | 0x68, 0x10, 0x20, 0x40, 0x00, # push VA(message) 19 | 0x6a, 0x00, # push 0 hWnd 20 | 0xFF, 0x15, 0x54, 0x30, 0x40, 0x00, # call MessageBoxA 21 | 0x6A, 0x00, # push 0 uExitCode 22 | 0xFF, 0x15, 0x4C, 0x30, 0x40, 0x00 # call ExitProcess 23 | ] 24 | 25 | binary32 = PE.Binary("pe_from_scratch", PE.PE_TYPE.PE32) 26 | 27 | section_text = PE.Section(".text") 28 | section_text.content = code 29 | section_text.virtual_address = 0x1000 30 | 31 | section_data = PE.Section(".data") 32 | section_data.content = data 33 | section_data.virtual_address = 0x2000 34 | 35 | section_text = binary32.add_section(section_text, PE.SECTION_TYPES.TEXT) 36 | section_data = binary32.add_section(section_data, PE.SECTION_TYPES.DATA) 37 | 38 | print(section_text) 39 | print(section_data) 40 | 41 | binary32.optional_header.addressof_entrypoint = section_text.virtual_address 42 | 43 | kernel32 = binary32.add_library("kernel32.dll") 44 | kernel32.add_entry("ExitProcess") 45 | 46 | user32 = binary32.add_library("user32.dll") 47 | user32.add_entry("MessageBoxA") 48 | 49 | 50 | ExitProcess_addr = binary32.predict_function_rva("kernel32.dll", "ExitProcess") 51 | MessageBoxA_addr = binary32.predict_function_rva("user32.dll", "MessageBoxA") 52 | print("Address of 'ExitProcess': 0x{:06x} ".format(ExitProcess_addr)) 53 | print("Address of 'MessageBoxA': 0x{:06x} ".format(MessageBoxA_addr)) 54 | 55 | builder = PE.Builder(binary32) 56 | builder.build_imports(True) 57 | builder.build() 58 | builder.write("pe_from_scratch.exe") 59 | 60 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/pe_json.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | # Description 5 | # ----------- 6 | # Print information about a PE binary in the JSON format 7 | # 8 | # python pe_json.py C:\\windows\\explorer.exe 9 | #   10 | # { 11 | # "dynamic_entries": [ 12 | # { 13 | # "library": "libcap.so.2", 14 | # "tag": "NEEDED", 15 | # "value": 1 16 | # }, 17 | # { 18 | # "library": "libc.so.6", 19 | # "tag": "NEEDED", 20 | # "value": 74 21 | # }, 22 | # ... 23 | 24 | 25 | import argparse 26 | import sys 27 | import lief 28 | import json 29 | 30 | 31 | 32 | def main(): 33 | parser = argparse.ArgumentParser() 34 | parser.add_argument('binary', help='PE binary') 35 | args = parser.parse_args() 36 | 37 | binary = lief.parse(args.binary) 38 | json_data = json.loads(lief.to_json(binary)) 39 | print(json.dumps(json_data, sort_keys=True, indent=4)) 40 | 41 | if __name__ == "__main__": 42 | sys.exit(main()) 43 | 44 | -------------------------------------------------------------------------------- /LIEF/share/LIEF/examples/python/pe_resources_manager.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import sys 3 | import lief 4 | 5 | b = lief.parse(sys.argv[1]) 6 | manager = b.resources_manager 7 | print(manager) 8 | print(manager.manifest) 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Usage: 2 | 3 | ```shell 4 | bsUUIDModifier path/to/mach-o -armv7 3BC4C67F-XXXX-XXXX-XXXX-0863C5E33FCE -arm64 3BC4C67F-XXXX-XXXX-XXXX-0863C5E33FCE ... -o output_path 5 | ``` 6 | -------------------------------------------------------------------------------- /uuid-modifier.xcodeproj/project.xcworkspace/contents.xcworkspacedata: -------------------------------------------------------------------------------- 1 | 2 | 4 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /uuid-modifier.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | IDEDidComputeMac32BitWarning 6 | 7 | 8 | 9 | --------------------------------------------------------------------------------