-
Notifications
You must be signed in to change notification settings - Fork 162
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
manape is now completely decoupled from manacommons and hash-library;…
… this means that it's now easy to re-use the PE parser in other projects! The documentation was updated to indicate how to do this.
- Loading branch information
1 parent
7fac8c8
commit a3546f6
Showing
21 changed files
with
375 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
********************* | ||
Reusing the PE parser | ||
********************* | ||
|
||
This section will explain how you can take the PE parser (ManaPE) out of Manalyze and re-use it in another project. We will focus on Linux environments, but the instructions given here should be easy to apply to other systems. | ||
|
||
Let's start by writing some sample code that would read a PE file using Manalyze's parser:: | ||
|
||
#include <iostream> | ||
#include "manape/pe.h" | ||
|
||
int main(int argc, char** argv) | ||
{ | ||
mana::PE pe("file.exe"); | ||
if (pe.is_valid()) { // Always check this. | ||
std::cout << "File parsed successfully: " << *pe.get_path() << std::endl; | ||
} | ||
else | ||
{ | ||
std::cout << "The file is invalid!" << std::endl; | ||
return 1; | ||
} | ||
|
||
// Do stuff with the PE | ||
auto sections = pe.get_sections(); | ||
for (auto it = sections->begin() ; it != sections->end() ; ++it) { | ||
std::cout << *(*it)->get_name() << std::endl; | ||
} | ||
// ... | ||
|
||
return 0; | ||
} | ||
|
||
For this to compile, you'll have to grab ManaPE's code and put it inside your project. you need both the ``manape`` and ``include/manape`` folders. :: | ||
|
||
~/code/project$ mkdir include | ||
~/code/project$ cp -r [...]/Manalyze/manape/ . && cp -r [...]/Manalyze/include/manape/ include/ | ||
|
||
You don't have to follow the same folder structure, it's only given as an example. Then, assuming you copied the previous code in ``main.cpp``, the only thing left to do is to compile everything:: | ||
|
||
~/code/project$ g++ main.cpp manape/*.cpp -lboost_system -lboost_regex -Iinclude -std=c++11 | ||
~/code/project$ ./a.out | ||
File parsed successfully: file.exe | ||
.text | ||
.rdata | ||
.data | ||
.rsrc | ||
|
||
Obviously, you'll want to write a Makefile or use CMake, but this should be enough to get you started. If you need detailed information on available methods that you can use from here, please see this section on by :ref:`pe_objects`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
This file is part of Manalyze. | ||
Manalyze is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
Manalyze is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
You should have received a copy of the GNU General Public License | ||
along with Manalyze. If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
#pragma once | ||
|
||
// Pretty printing functions from manacommons are only imported if available. | ||
// This makes it easier to take the parser out of Manalyze and re-use it for other stuff. | ||
#if defined WITH_MANACOMMONS | ||
# include "manacommons/color.h" | ||
#else | ||
# define PRINT_ERROR std::cerr << "[!] Error: " | ||
# define PRINT_WARNING std::cerr << "[*] Warning: " | ||
|
||
# ifdef _DEBUG | ||
# define DEBUG_INFO " (" << __FILE__ << ":" << std::dec << std::dec << __LINE__ << ")" | ||
# define DEBUG_INFO_PE " (" << __FILE__ << ":" << std::dec << __LINE__ << ", " << *pe.get_path() << ")" | ||
# define DEBUG_INFO_INSIDEPE " (" << __FILE__ << ":" << std::dec << __LINE__ << ", " << *get_path() << ")" | ||
# else | ||
# define DEBUG_INFO "" | ||
# define DEBUG_INFO_PE "" | ||
# define DEBUG_INFO_INSIDEPE "" | ||
# endif | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
/* | ||
This file is part of Manalyze. | ||
Manalyze is free software: you can redistribute it and/or modify | ||
it under the terms of the GNU General Public License as published by | ||
the Free Software Foundation, either version 3 of the License, or | ||
(at your option) any later version. | ||
Manalyze is distributed in the hope that it will be useful, | ||
but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
GNU General Public License for more details. | ||
You should have received a copy of the GNU General Public License | ||
along with Manalyze. If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
#pragma once | ||
|
||
// Pretty printing functions from manacommons are only imported if available. | ||
// This makes it easier to take the parser out of Manalyze and re-use it for other stuff. | ||
#if defined WITH_MANACOMMONS | ||
# include "manacommons/escape.h" | ||
#else | ||
# include <string> | ||
# include <boost/static_assert.hpp> | ||
# include <boost/spirit/include/karma.hpp> | ||
# include <boost/type_traits/is_base_of.hpp> | ||
# include <boost/shared_ptr.hpp> | ||
# include <boost/make_shared.hpp> | ||
|
||
|
||
// Escape functions copied from manacommons/escape.h / manacommons/escape.cpp | ||
// I know that's code duplication / generally not great design. The issue is that | ||
// section names need to be escaped, and I have to provide a way to do this when | ||
// manacommons is not provided, for people who just want to reuse the PE parser | ||
// but are not interested in pulling the rest of Manalyze's code. | ||
namespace io { | ||
|
||
namespace karma = boost::spirit::karma; | ||
typedef std::back_insert_iterator<std::string> sink_type; | ||
typedef boost::shared_ptr<std::string> pString; | ||
|
||
/** | ||
* @brief This grammar is used to escape strings printed to the console. | ||
* | ||
* Printable characters are returned as-is, while the others are displayed using the C | ||
* notation. | ||
*/ | ||
template <typename OutputIterator> | ||
struct escaped_string_raw | ||
: karma::grammar<OutputIterator, std::string()> | ||
{ | ||
escaped_string_raw() | ||
: escaped_string_raw::base_type(esc_str) | ||
{ | ||
esc_str = *(boost::spirit::karma::iso8859_1::print | "\\x" << karma::right_align(2, 0)[karma::hex]); | ||
} | ||
|
||
karma::rule<OutputIterator, std::string()> esc_str; | ||
karma::symbols<char, char const*> esc_char; | ||
}; | ||
|
||
/** | ||
* @brief Performs the actual string escaping based on the grammar given as | ||
* template parameter. | ||
* | ||
* @param const std::string& s The string to escape. | ||
* | ||
* @return A pointer to the escaped string, or a null pointer if an error occurred. | ||
*/ | ||
template<typename Grammar> | ||
pString _do_escape(const std::string& s) | ||
{ | ||
BOOST_STATIC_ASSERT(boost::is_base_of<karma::grammar<sink_type, std::string()>, Grammar>::value); | ||
typedef std::back_insert_iterator<std::string> sink_type; | ||
|
||
std::string generated; | ||
sink_type sink(generated); | ||
|
||
Grammar g; | ||
if (!karma::generate(sink, g, s)) | ||
{ | ||
PRINT_WARNING << "Could not escape \"" << s << "!" << std::endl; | ||
return nullptr; | ||
} | ||
else { | ||
return boost::make_shared<std::string>(generated); | ||
} | ||
} | ||
|
||
// ---------------------------------------------------------------------------- | ||
|
||
inline pString escape(const std::string& s) { | ||
return _do_escape<escaped_string_raw<sink_type> >(s); | ||
} | ||
|
||
} // !namespace io | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.