Updates PE header structure for x64 #82
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces a structure for representing the DOS header within a PE (Portable Executable) file for x64 architectures. This definition enables easier parsing and manipulation of PE header information.
Organizes the project by relocating the PE headers file to the omath directory structure. This improves code organization and maintainability.
Rephrases the explanation regarding build presets for clarity in the INSTALL.md file. The text now more explicitly advises users on selecting appropriate presets.
Introduces a method to scan for patterns within specified PE files. This facilitates searching for patterns outside of loaded modules.
Adds functionality to extract a specific section from a PE file and scan for a given pattern within that section. Introduces `extract_section_from_pe_file` to isolate a section, enabling more targeted pattern searches. Overhauls `scan_for_pattern_in_file` to utilize extracted section data and improve accuracy.
Defines `DosHeader` and `FileHeader` structures to represent PE file header information. Includes definitions for `MachineId` enum and `FileCharacteristics` union. These definitions are prerequisite for PE file parsing and analysis.
Initializes infrastructure for PE file scanning. Adds data structures for PE headers (DOS, optional, section), including user-defined types for section characteristics. Refactors existing pattern scanning code to utilize new PE data structures. Adds basic parsing of PE headers.
orange-cpp
force-pushed
the
feature/pe_scanner
branch
from
e8ed9fe to
8eda1ce
Compare
Updates the PE scanner implementation to support both 32-bit and 64-bit architectures. Leverages `std::variant` and a generic `ImageNtHeaders` to abstract architecture-specific details. Simplifies the logic for retrieving section data, generalizing the process for improved maintainability.
Eliminates the PE scanner test code from the unit tests. This removes a test that appears to be broken or no longer relevant, since the test directly references a file path.
Ensures consistency by using `std::uint16_t` instead of `uint16_t` for the `SubsystemId` enum. Relates to feature/pe_scanner
Simplifies pattern scanner logic by removing conditional compilation for non-Windows platforms. The error handling previously thrown on non-Windows platforms was unnecessary as this functionality is not intended for those systems. This change streamlines the code and removes a misleading error message.
Adjusts the virtual method calling convention based on the compiler (_MSC_VER). This ensures compatibility and correct behavior on different platforms.
Simplifies PE header reading and validation logic, extracting common functionality into helper functions. Introduces `get_nt_header_from_file` to handle both x86 and x64 PE headers. Adds validation checks for both DOS and NT headers to ensure file integrity. Improves code readability and maintainability by reducing redundancy in header parsing. Relates to feature/pe_scanner
Simplifies `extract_section_from_pe_file` by removing the unused path parameter. This clarifies the function's purpose and improves readability.
Enables users to specify the target section name when scanning a PE file for a pattern. This provides more flexibility in locating patterns within a PE file, as it's not limited to the ".text" section.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit updates the PE header structure for x64, including the PE headers file to omath directory. It is done to improve code quality and maintainability. This ensures that the code is correctly structured to efficiently process x64 PE files.
Fixes #123