Cannot access to parsed_pe::internal in IDEs in C++

[pol4bear]

I wanted to check contents in internal with below code but I couldn't access because some structs are defined in cpp file not header file.

	string path = ((AnalyzeInput*)input)->second;
	string file_name = path.substr(path.find_last_of("/") + 1);
	parsed_pe* pe = ParsePEFromFile(path.c_str());
	bool is_mallware = false;
	

	if (pe == nullptr) {
		handle->on_result(file_name, Results::RES_CANNOT_PARSE_PE);
		return;
	}

	if (pe->internal->secs.size() < 2) {
		handle->on_result(file_name, Results::RES_HAS_LESS_SEC);
	}

Structs below have to move the definition from parse.cpp to parse.h. parsed_pe_internal has declaration in parse.h but doesn't have member variables so cannot access from code neither.

struct section {
    std::string sectionName;
    std::uint64_t sectionBase;
    bounded_buffer* sectionData;
    image_section_header sec;
};

struct importent {
    VA addr;
    std::string symbolName;
    std::string moduleName;
};

struct exportent {
    VA addr;
    std::string symbolName;
    std::string moduleName;
};

union symbol_name {
    std::uint8_t shortName[NT_SHORT_NAME_LEN];
    std::uint32_t zeroes;
    std::uint64_t data;
};

struct aux_symbol_f1 {
    std::uint32_t tagIndex;
    std::uint32_t totalSize;
    std::uint32_t pointerToLineNumber;
    std::uint32_t pointerToNextFunction;
};

struct aux_symbol_f2 {
    std::uint16_t lineNumber;
    std::uint32_t pointerToNextFunction;
};

struct aux_symbol_f3 {
    std::uint32_t tagIndex;
    std::uint32_t characteristics;
};

struct aux_symbol_f4 {
    std::uint8_t filename[SYMTAB_RECORD_LEN];
    std::string strFilename;
};

struct aux_symbol_f5 {
    std::uint32_t length;
    std::uint16_t numberOfRelocations;
    std::uint16_t numberOfLineNumbers;
    std::uint32_t checkSum;
    std::uint16_t number;
    std::uint8_t selection;
};

struct symbol {
    std::string strName;
    symbol_name name;
    std::uint32_t value;
    std::int16_t sectionNumber;
    std::uint16_t type;
    std::uint8_t storageClass;
    std::uint8_t numberOfAuxSymbols;
    std::vector<aux_symbol_f1> aux_symbols_f1;
    std::vector<aux_symbol_f2> aux_symbols_f2;
    std::vector<aux_symbol_f3> aux_symbols_f3;
    std::vector<aux_symbol_f4> aux_symbols_f4;
    std::vector<aux_symbol_f5> aux_symbols_f5;
};

struct reloc {
    VA shiftedAddr;
    reloc_type type;
};

struct parsed_pe_internal {
    std::vector<section> secs;
    std::vector<resource> rsrcs;
    std::vector<importent> imports;
    std::vector<reloc> relocs;
    std::vector<exportent> exports;
    std::vector<symbol> symbols;
};

[woodruffw]

Hi @pol4bear!

The non-inclusion of internal structures in pe-parse's headers is intentional. This sounds like a shortcoming of your IDE, not pe-parse itself -- most IDEs should be able to resolve past a forward-declared structure.

[woodruffw]

To clarify: if what you're looking for is a public (i.e. non-internal) API that gets you access to the section count, you can throw one together with IterSec.

Something like this (not tested):

int countSec(void *cbd, VA secBase, std::string &secName, image_section_header s, bounded_buffer *data) {
  uint64_t *counter = reinterpret_cast<uint64_t *>(cbd);
  (*counter)++;
  return 0;
}

and then, to register the callback:

uint64_t counter = 0;
IterSec(pe, countSec, &counter);