The ability to allocation and perform further initialization of large PE files. #198
Conversation
Added the ability to read files larger than 40MB at a time. This is necessary, for example, for further initialization of a large PE file, for example, its Imports and the like, which requires a full file in memory. One bool variable was added with default initialization as false, so as not to disrupt the work of projects on older versions or when switching to a new version. The file is loaded by linking two APIs: VirtualAlloc + ReadFile. Thanks for such a wonderful pe parser like this =)
|
|
|
|
||
| LPVOID ptr = nullptr; | ||
|
|
||
| if (!LargeFile) { | ||
| ptr = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0); | ||
| } else { | ||
| ptr = VirtualAlloc(NULL, fileSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); | ||
| if (ptr == INVALID_HANDLE_VALUE) { | ||
| CloseHandle(h); | ||
| CloseHandle(ptr); | ||
| return nullptr; | ||
| } | ||
|
|
||
| const bool bFileRead = ReadFile(h, ptr, fileSize, nullptr, nullptr); | ||
| if(!bFileRead) { | ||
| CloseHandle(h); | ||
| if (ptr != nullptr) { | ||
| CloseHandle(ptr); | ||
| } | ||
|
|
||
| return nullptr; | ||
| } |
There was a problem hiding this comment.
This looks like it only uses a mmap backing on Windows, but we'll probably want similar behavior on other OSes as well. Could you add that to this changeset?
| @@ -195,7 +195,7 @@ std::string GetPEErrString(); | |||
| std::string GetPEErrLoc(); | |||
|
|
|||
| // get a PE parse context from a file | |||
| parsed_pe *ParsePEFromFile(const char *filePath); | |||
| parsed_pe *ParsePEFromFile(const char *filePath, bool LargeFile = false); | |||
There was a problem hiding this comment.
I'm a weak -1 on modifying the API like this: IMO we should pick an arbitrary-ish size for the "large file" cutoff, and use stat or ftell or similar to determine when to switch over to it based on the user input.
(We could do this via a macro, so users who compile pe-parse themselves could customize it.)
There was a problem hiding this comment.
32MB seems like a reasonable starting point for the cutoff.
|
Thanks for these changes @Nitr0-G! I've given them an initial review pass and left some thoughts. |
Added the ability to read files larger than 40MB at a time. This is necessary, for example, for further initialization of a large PE file, for example, its Imports and the like, which requires a full file in memory. One bool variable was added with default initialization as false, so as not to disrupt the work of projects on older versions or when switching to a new version. The file is loaded by linking two APIs: VirtualAlloc + ReadFile. Thanks for such a wonderful pe parser like this =)