Main Page | Class Hierarchy | Class List | File List | Class Members | Related Pages

PeHeaderT Class Template Reference

Class that handles the PE header of files. More...

#include <PeHeader.h>

List of all members.

Public Types

typedef FieldSizes< x >::VAR4_8 VAR4_8

Public Member Functions

void addDataDirectory ()
int addSection (const std::string &strName, dword dwSize)
 Add a section to the header.

dword calcNumberOfRvaAndSizes () const
word calcNumberOfSections () const
 Returns the number of sections in the current file.

unsigned int calcOffset () const
 Calculates the offset for a new section of size uiSize.

unsigned int calcRva () const
 Calculates the Rva for a new section of size uiSize.

unsigned int calcSizeOfImage () const
unsigned int calcSpaceAfterHeader () const
 Returns the unused space after the header.

unsigned int calcStartOfCode () const
 Returns the address of the physically first section (not the first defined section).

void enlargeLastSection (unsigned int uiSize)
dword getAddressOfEntryPoint () const
 Returns the AddressOfEntryPoint value of the header.

dword getBaseOfCode () const
 Returns the BaseOfCode value of the header.

dword getCharacteristics (word uiSectionnr) const
 Returns the characteristics of a section.

word getCharacteristics () const
 Returns the Characteristics value of the header.

dword getCheckSum () const
 Returns the CheckSum value of the header.

word getDllCharacteristics () const
 Returns the DllCharacteristics value of the header.

dword getFileAlignment () const
 Returns the FileAlignment value of the header.

dword getIddArchitectureRva () const
 Returns the relative virtual address of the image directory Architecture.

dword getIddArchitectureSize () const
 Returns the size of the image directory Architecture.

dword getIddBaseRelocRva () const
 Returns the relative virtual address of the image directory Base Reloc.

dword getIddBaseRelocSize () const
 Returns the size of the image directory Base Reloc.

dword getIddBoundImportRva () const
 Returns the relative virtual address of the image directory BoundImport.

dword getIddBoundImportSize () const
 Returns the size of the image directory BoundImport.

dword getIddComHeaderRva () const
 Returns the relative virtual address of the image directory COM Descriptor.

dword getIddComHeaderSize () const
 Returns the size of the image directory COM Descriptor.

dword getIddDebugRva () const
 Returns the relative virtual address of the image directory Debug.

dword getIddDebugSize () const
 Returns the size of the image directory Debug.

dword getIddDelayImportRva () const
 Returns the relative virtual address of the image directory DelayImport.

dword getIddDelayImportSize () const
 Returns the size of the image directory DelayImport.

dword getIddExceptionRva () const
 Returns the relative virtual address of the image directory Exception.

dword getIddExceptionSize () const
 Returns the size of the image directory Exception.

dword getIddExportRva () const
 Returns the relative virtual address of the image directory Export.

dword getIddExportSize () const
 Returns the size of the image directory Export.

dword getIddGlobalPtrRva () const
 Returns the relative virtual address of the image directory GlobalPtr.

dword getIddGlobalPtrSize () const
 Returns the size of the image directory GlobalPtr.

dword getIddIatRva () const
 Returns the relative virtual address of the image directory Iat.

dword getIddIatSize () const
 Returns the size of the image directory Iat.

dword getIddImportRva () const
 Returns the relative virtual address of the image directory Import.

dword getIddImportSize () const
 Returns the size of the image directory Import.

dword getIddLoadConfigRva () const
 Returns the relative virtual address of the image directory LoadConfig.

dword getIddLoadConfigSize () const
 Returns the size of the image directory LoadConfig.

dword getIddResourceRva () const
 Returns the relative virtual address of the image directory Resource.

dword getIddResourceSize () const
 Returns the size of the image directory Resource.

dword getIddSecurityRva () const
 Returns the relative virtual address of the image directory Security.

dword getIddSecuritySize () const
 Returns the size of the image directory Security.

dword getIddTlsRva () const
 Returns the relative virtual address of the image directory Tls.

dword getIddTlsSize () const
 Returns the size of the image directory Tls.

VAR4_8 getImageBase () const
 Returns the ImageBase value of the header.

dword getImageDataDirectoryRva (dword dwDirectory) const
 Returns the relative virtual address of an image directory.

dword getImageDataDirectorySize (dword dwDirectory) const
 Returns the size of an image directory.

dword getLoaderFlags () const
 Returns the LoaderFlags value of the header.

word getMachine () const
 Returns the Machine value of the header.

word getMagic () const
 Returns the Magic value of the header.

word getMajorImageVersion () const
 Returns the MajorImageVersion value of the header.

byte getMajorLinkerVersion () const
 Returns the MajorLinkerVersion value of the header.

word getMajorOperatingSystemVersion () const
 Returns the MajorOperatingSystemVersion value of the header.

word getMajorSubsystemVersion () const
 Returns the MajorSubsystemVersion value of the header.

word getMinorImageVersion () const
 Returns the MinorImageVersion value of the header.

byte getMinorLinkerVersion () const
 Returns the MinorLinkerVersion value of the header.

word getMinorOperatingSystemVersion () const
 Returns the MinorOperatingSystemVersion value of the header.

word getMinorSubsystemVersion () const
 Returns the MinorSubsystemVersion value of the header.

dword getNtSignature () const
 Returns the Signature value of the header.

dword getNumberOfLinenumbers (word uiSectionnr) const
 Returns the number of line numbers of a section.

dword getNumberOfRelocations (word uiSectionnr) const
 Returns the number of relocations of a section.

dword getNumberOfRvaAndSizes () const
 Returns the NumberOfRvaAndSizes value of the header.

word getNumberOfSections () const
 Returns the Sections value of the header.

dword getNumberOfSymbols () const
 Returns the NumberOfSymbols value of the header.

dword getPointerToLinenumbers (word uiSectionnr) const
 Returns the rva of the line numbers of a section.

dword getPointerToRawData (word uiSectionnr) const
 Returns file offset of the data of a section.

dword getPointerToRelocations (word uiSectionnr) const
 Returns the rva of the relocations of a section.

dword getPointerToSymbolTable () const
 Returns the PointerToSymbolTable value of the header.

dword getSectionAlignment () const
 Returns the SectionAlignment value of the header.

std::string getSectionName (word uiSectionnr) const
 Returns the name of a section.

word getSectionWithOffset (VAR4_8 dwOffset) const
 Returns the section Id of the section that contains the offset.

word getSectionWithRva (VAR4_8 rva) const
 Returns the number of the section which the given relative address points to.

dword getSizeOfCode () const
 Returns the SizeOfCode value of the header.

dword getSizeOfHeaders () const
 Returns the SizeOfHeaders value of the header.

VAR4_8 getSizeOfHeapCommit () const
 Returns the SizeOfHeapCommit value of the header.

VAR4_8 getSizeOfHeapReserve () const
 Returns the SizeOfHeapReserve value of the header.

dword getSizeOfImage () const
 Returns the SizeOfImage value of the header.

dword getSizeOfInitializedData () const
 Returns the SizeOfInitializedData value of the header.

word getSizeOfOptionalHeader () const
 Returns the SizeOfOptionalHeader value of the header.

dword getSizeOfRawData (word uiSectionnr) const
 Returns the size of a section's raw data.

VAR4_8 getSizeOfStackCommit () const
 Returns the SizeOfStackCommit value of the header.

VAR4_8 getSizeOfStackReserve () const
 Returns the SizeOfStackReserve value of the header.

dword getSizeOfUninitializedData () const
 Returns the SizeOfUninitializedData value of the header.

word getSubsystem () const
 Returns the Subsystem value of the header.

dword getTimeDateStamp () const
 Returns the TimeDateStamp value of the header.

dword getVirtualAddress (word uiSectionnr) const
 Returns the virtual address of a section.

dword getVirtualSize (word uiSectionnr) const
 Returns the virtual size of a section.

dword getWin32VersionValue () const
 Returns the Reserved1 value of the header.

bool isValid (unsigned int) const
void makeValid (dword dwOffset)
 Corrects the current PE header.

unsigned int offsetToRva (VAR4_8 dwOffset) const
 Converts a file offset to a relative virtual offset.

unsigned int offsetToVa (VAR4_8 dwOffset) const
 Converts a file offset to a virtual address.

int read (std::string strFilename, unsigned int uiOffset)
 Reads the PE header of a file.

void rebuild (std::vector< byte > &vBuffer) const
 Rebuilds the current PE header.

void removeDataDirectory (dword index)
FieldSizes< x >::VAR4_8 rvaToOffset (VAR4_8 dwRva) const
 Converts a relative virtual address to a file offset.

FieldSizes< x >::VAR4_8 rvaToVa (VAR4_8 dwRva) const
 Converts a relative virtual address to a virtual address.

void setAddressOfEntryPoint (dword value)
 Sets the AddressOfEntryPoint value of the header.

void setBaseOfCode (dword value)
 Sets the BaseOfCode value of the header.

void setCharacteristics (word uiSectionnr, dword dwValue)
 Set the characteristics of a section.

void setCharacteristics (word value)
 Sets the Characteristics value of the header.

void setCheckSum (dword value)
 Sets the CheckSum value of the header.

void setDllCharacteristics (word value)
 Sets the DllCharacteristics value of the header.

void setFileAlignment (dword value)
 Sets the FileAlignment value of the header.

void setIddDebugRva (dword dwValue)
void setIddDebugSize (dword dwValue)
void setIddDelayImportRva (dword dwValue)
void setIddDelayImportSize (dword dwValue)
void setIddExceptionRva (dword dwValue)
void setIddExceptionSize (dword dwValue)
void setIddExportRva (dword dwValue)
void setIddExportSize (dword dwValue)
void setIddGlobalPtrRva (dword dwValue)
void setIddGlobalPtrSize (dword dwValue)
void setIddIatRva (dword dwValue)
void setIddIatSize (dword dwValue)
void setIddImportRva (dword dwValue)
void setIddImportSize (dword dwValue)
void setIddLoadConfigRva (dword dwValue)
void setIddLoadConfigSize (dword dwValue)
void setIddResourceRva (dword dwValue)
void setIddResourceSize (dword dwValue)
void setIddSecurityRva (dword dwValue)
void setIddSecuritySize (dword dwValue)
void setIddTlsRva (dword dwValue)
void setIddTlsSize (dword dwValue)
void setImageBase (VAR4_8 value)
 Sets the ImageBase value of the header.

void setLoaderFlags (dword value)
 Sets the LoaderFlags value of the header.

void setMachine (word value)
 Sets the Machine value of the header.

void setMagic (word value)
 Sets the Magic value of the header.

void setMajorImageVersion (word value)
 Sets the MajorImageVersion value of the header.

void setMajorLinkerVersion (byte value)
 Sets the MajorLinkerVersion value of the header.

void setMajorOperatingSystemVersion (word value)
 Sets the MajorOperatingSystemVersion value of the header.

void setMajorSubsystemVersion (word value)
 Sets the MajorSubsystemVersion value of the header.

void setMinorImageVersion (word value)
 Sets the MinorImageVersion value of the header.

void setMinorLinkerVersion (byte value)
 Sets the MinorLinkerVersion value of the header.

void setMinorOperatingSystemVersion (word value)
 Sets the MinorOperatingSystemVersion value of the header.

void setMinorSubsystemVersion (word value)
 Sets the MinorSubsystemVersion value of the header.

void setNtSignature (dword value)
 Sets the Signature value of the header.

void setNumberOfLinenumbers (word uiSectionnr, dword dwValue)
 Set the number of linenumbers section.

void setNumberOfRelocations (word uiSectionnr, dword dwValue)
 Set the number of relocations a section.

void setNumberOfRvaAndSizes (dword value)
 Sets the NumberOfRvaAndSizes value of the header.

void setNumberOfSections (word value)
 Sets the Sections value of the header.

void setNumberOfSymbols (dword value)
 Sets the NumberOfSymbols value of the header.

void setPointerToLinenumbers (word uiSectionnr, dword dwValue)
 Set the pointer to linenumbers of a section.

void setPointerToRawData (word uiSectionnr, dword dwValue)
 Set the file offset of a section.

void setPointerToRelocations (word uiSectionnr, dword dwValue)
 Set the pointer to relocations of a section.

void setPointerToSymbolTable (dword value)
 Sets the PointerToSymbolTable value of the header.

void setSectionAlignment (dword value)
 Sets the SectionAlignment value of the header.

void setSectionName (word uiSectionnr, std::string strName)
 Set the name of a section.

void setSizeOfCode (dword value)
 Sets the SizeOfCode value of the header.

void setSizeOfHeaders (dword value)
 Sets the SizeOfHeaders value of the header.

void setSizeOfHeapCommit (VAR4_8 value)
 Sets the SizeOfHeapCommit value of the header.

void setSizeOfHeapReserve (VAR4_8 value)
 Sets the SizeOfHeapReserve value of the header.

void setSizeOfImage (dword value)
 Sets the SizeOfImage value of the header.

void setSizeOfInitializedData (dword value)
 Sets the SizeOfInitializedData value of the header.

void setSizeOfOptionalHeader (word value)
 Sets the SizeOfOptionalHeader value of the header.

void setSizeOfRawData (word uiSectionnr, dword dwValue)
 Set the size of raw data of a section.

void setSizeOfStackCommit (VAR4_8 value)
 Sets the SizeOfStackCommit value of the header.

void setSizeOfStackReserve (VAR4_8 value)
 Sets the SizeOfStackReserve value of the header.

void setSizeOfUninitializedData (dword value)
 Sets the SizeOfUninitializedData value of the header.

void setSubsystem (word value)
 Sets the Subsystem value of the header.

void setTimeDateStamp (dword value)
 Sets the TimeDateStamp value of the header.

void setVirtualAddress (word uiSectionnr, dword dwValue)
 Set the virtual address of a section.

void setVirtualSize (word uiSectionnr, dword dwValue)
 Set the virtual size of a section.

void setWin32VersionValue (dword value)
 Sets the Reserved1 value of the header.

unsigned int size () const
 Calculates the size for the current PE header including all section definitions.

FieldSizes< x >::VAR4_8 vaToOffset (VAR4_8 dwRva) const
FieldSizes< x >::VAR4_8 vaToRva (VAR4_8 dwRva) const
int write (std::string strFilename, unsigned int uiOffset) const
 Save the PE header to a file.

int writeSectionData (const std::string &strFilename, word wSecnr, const std::vector< byte > &vBuffer) const
 Overwrites a section with new data.

int writeSections (const std::string &strFilename) const
 Writes sections to a file.


Protected Attributes

PELIB_IMAGE_NT_HEADERS< x > m_inthHeader
 Stores Nt header information.

dword m_uiOffset
 Equivalent to the value returned by #PeLib::MzHeader::getAddressOfPeFile.

std::vector< PELIB_IMAGE_SECTION_HEADER > m_vIsh
 Stores section header information.

Detailed Description

template<int x>
class PeLib::PeHeaderT< x >

Class that handles the PE header of files.

This class can read and modify PE headers. It provides set- and get functions to access all individual members of a PE header. Furthermore it's possible to validate and rebuild PE headers. A PE header includes the IMAGE_Nt_HEADERS and the section definitions of a PE file.

Todo:
getIdReservedRva

Member Function Documentation

int addSection const std::string &  strName,
dword  dwSize
 

Add a section to the header.

Adds a new section to the header. The physical and virtual address as well as the virtual size of the section will be determined automatically from the raw size. The section characteristics will be set to IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_READ | IMAGE_SCN_CNT_INITIALIZED_DATA | IMAGE_SCN_CNT_CODE. All other values will be set to 0. Note: It's important that if the current header's FileAlignment and/or SectionAlignment values are 0 this function will fail.

Parameters:
strName Name of the new section. If this name is longer than 8 bytes only the first 8 bytes will be used.
dwSize Physical size of the new section in bytes.
Todo:
Better code that handles files with 0 sections.

Here is the call graph for this function:

word calcNumberOfSections  )  const
 

Returns the number of sections in the current file.

Returns the number of currently defined sections. Note that this value can be different from the number of sections according to the header (see PeLib::PeHeaderT<x>::getNumberOfSections).

Returns:
Number of currently defined sections.

unsigned int calcOffset  )  const
 

Calculates the offset for a new section of size uiSize.

Calculates the file offset for a new section. The file offset will already be aligned to the file's FileAlignment.

Returns:
Aligned file offset.
Todo:
uiSize isn't used yet. Will be used later on to search for caves.

Here is the call graph for this function:

unsigned int calcRva  )  const
 

Calculates the Rva for a new section of size uiSize.

Calculates the Rva for a new section. The Rva will already be aligned to the file's SectionAlignment.

Todo:
uiSize isn't used yet. Will be used later on to search for caves.
Returns:
Aligned Rva.

Here is the call graph for this function:

unsigned int calcSizeOfImage  )  const
 

Calculates a valid SizeOfImage value given the information from the current PE header. Note that this calculation works in Win2K but probably does not work in Win9X. I didn't test that though.

Returns:
Valid SizeOfImage value.

unsigned int calcSpaceAfterHeader  )  const
 

Returns the unused space after the header.

Calculates the space between the last byte of the header and the first byte that's used for something else (that's either the first section or an image directory).

Returns:
Unused space after the header.

Todo:
There are PE files with sections beginning at offset 0. They need to be considered.

Here is the call graph for this function:

unsigned int calcStartOfCode  )  const
 

Returns the address of the physically first section (not the first defined section).

Returns the first offset of the file that's actually used for something different than the header. That something is not necessarily code, it can be a data directory too. This offset can be the beginning of a section or the beginning of a directory.

Todo:
Some optimizization is surely possible here.

There are PE files with sections beginning at offset 0. They need to be considered. Returning 0 for these files doesn't really make sense. So far these sections are disregarded.

Here is the call graph for this function:

void enlargeLastSection unsigned int  uiSize  ) 
 

Enlarges the physically last section in the file.

Parameters:
uiSize Additional size that's added to the section's size.

Here is the call graph for this function:

dword getAddressOfEntryPoint  )  const
 

Returns the AddressOfEntryPoint value of the header.

Returns:
The AddressOfEntryPoint value from the PE header.

dword getBaseOfCode  )  const
 

Returns the BaseOfCode value of the header.

Returns:
The BaseOfCode value from the PE header.

dword getCharacteristics word  wSectionnr  )  const
 

Returns the characteristics of a section.

Returns the characteristics of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The characteristics of the section.

word getCharacteristics  )  const
 

Returns the Characteristics value of the header.

Returns:
The Characteristics value from the PE header.

dword getCheckSum  )  const
 

Returns the CheckSum value of the header.

Returns:
The CheckSums value from the PE header.

word getDllCharacteristics  )  const
 

Returns the DllCharacteristics value of the header.

Returns:
The DllCharacteristics value from the PE header.

dword getFileAlignment  )  const
 

Returns the FileAlignment value of the header.

Returns:
The FileAlignment value from the PE header.

dword getIddArchitectureRva  )  const
 

Returns the relative virtual address of the image directory Architecture.

Returns the relative virtual address of the current file's Architecture directory.

Returns:
The Rva of the Architecture directory.

dword getIddArchitectureSize  )  const
 

Returns the size of the image directory Architecture.

Returns the size of the current file's Architecture directory.

Returns:
The size of the Architecture directory.

dword getIddBaseRelocRva  )  const
 

Returns the relative virtual address of the image directory Base Reloc.

Returns the relative virtual address of the current file's base reloc directory.

Returns:
The Rva of the Base Reloc directory.

dword getIddBaseRelocSize  )  const
 

Returns the size of the image directory Base Reloc.

Returns the size of the current file's base reloc directory.

Returns:
The size of the Base Reloc directory.

dword getIddBoundImportRva  )  const
 

Returns the relative virtual address of the image directory BoundImport.

Returns the relative virtual address of the current file's bound import directory.

Returns:
The Rva of the BoundImport directory.

dword getIddBoundImportSize  )  const
 

Returns the size of the image directory BoundImport.

Returns the size of the current file's bound import directory.

Returns:
The size of the BoundImport directory.

dword getIddComHeaderRva  )  const
 

Returns the relative virtual address of the image directory COM Descriptor.

Returns the relative virtual address of the current file's COM Descriptor directory.

Returns:
The Rva of the COM Descriptor directory.

dword getIddComHeaderSize  )  const
 

Returns the size of the image directory COM Descriptor.

Returns the size of the current file's COM Descriptor directory.

Returns:
The Rva of the COM Descriptor directory.

dword getIddDebugRva  )  const
 

Returns the relative virtual address of the image directory Debug.

Returns the relative virtual address of the current file's debug directory.

Returns:
The Rva of the Debug directory.

dword getIddDebugSize  )  const
 

Returns the size of the image directory Debug.

Returns the size of the current file's debug directory.

Returns:
The size of the Debug directory.

dword getIddDelayImportRva  )  const
 

Returns the relative virtual address of the image directory DelayImport.

Returns the relative virtual address of the current file's Delay Import directory.

Returns:
The Rva of the DelayImport directory.

dword getIddDelayImportSize  )  const
 

Returns the size of the image directory DelayImport.

Returns the size of the current file's Delay Import directory.

Returns:
The size of the DelayImport directory.

dword getIddExceptionRva  )  const
 

Returns the relative virtual address of the image directory Exception.

Returns the relative virtual address of the current file's exception directory.

Returns:
The Rva of the Exception directory.

dword getIddExceptionSize  )  const
 

Returns the size of the image directory Exception.

Returns the size of the current file's exception directory.

Returns:
The size of the Exception directory.

dword getIddExportRva  )  const
 

Returns the relative virtual address of the image directory Export.

Returns the relative virtual address of the current file's export directory.

Returns:
The Rva of the Export directory.

dword getIddExportSize  )  const
 

Returns the size of the image directory Export.

Returns the size of the current file's export directory.

Returns:
The sizeof the Export directory.

dword getIddGlobalPtrRva  )  const
 

Returns the relative virtual address of the image directory GlobalPtr.

Returns the relative virtual address of the current file's global ptr directory.

Returns:
The Rva of the GlobalPtr directory.

dword getIddGlobalPtrSize  )  const
 

Returns the size of the image directory GlobalPtr.

Returns the size of the current file's global ptr directory.

Returns:
The size of the GlobalPtr directory.

dword getIddIatRva  )  const
 

Returns the relative virtual address of the image directory Iat.

Returns the relative virtual address of the current file's IAT directory.

Returns:
The Rva of the IAT directory.

dword getIddIatSize  )  const
 

Returns the size of the image directory Iat.

Returns the size of the current file's IAT directory.

Returns:
The size of the IAT directory.

dword getIddImportRva  )  const
 

Returns the relative virtual address of the image directory Import.

Returns the relative virtual address of the current file's import directory.

Returns:
The Rva of the Import directory.

dword getIddImportSize  )  const
 

Returns the size of the image directory Import.

Returns the size of the current file's import directory.

Returns:
The size of the Import directory.

dword getIddLoadConfigRva  )  const
 

Returns the relative virtual address of the image directory LoadConfig.

Returns the relative virtual address of the current file's load config directory.

Returns:
The Rva of the LoadConfig directory.

dword getIddLoadConfigSize  )  const
 

Returns the size of the image directory LoadConfig.

Returns the size of the current file's load config directory.

Returns:
The size of the LoadConfig directory.

dword getIddResourceRva  )  const
 

Returns the relative virtual address of the image directory Resource.

Returns the relative virtual address of the current file's resource directory.

Returns:
The Rva of the Resource directory.

dword getIddResourceSize  )  const
 

Returns the size of the image directory Resource.

Returns the size of the current file'resource resource directory.

Returns:
The size of the Resource directory.

dword getIddSecurityRva  )  const
 

Returns the relative virtual address of the image directory Security.

Returns the relative virtual address of the current file's security directory.

Returns:
The Rva of the Security directory.

dword getIddSecuritySize  )  const
 

Returns the size of the image directory Security.

Returns the size of the current file's security directory.

Returns:
The size of the Security directory.

dword getIddTlsRva  )  const
 

Returns the relative virtual address of the image directory Tls.

Returns the relative virtual address of the current file's TLS directory.

Returns:
The Rva of the Tls directory.

dword getIddTlsSize  )  const
 

Returns the size of the image directory Tls.

Returns the size of the current file's TLS directory.

Returns:
The size of the Tls directory.

FieldSizes< x >::VAR4_8 getImageBase  )  const
 

Returns the ImageBase value of the header.

Returns:
The ImageBase value from the PE header.

dword getImageDataDirectoryRva dword  dwDirectory  )  const
 

Returns the relative virtual address of an image directory.

Returns the relative virtual address of an image directory.

Parameters:
dwDirectory The identifier of an image directory.
Returns:
The Rva of the image directory.

dword getImageDataDirectorySize dword  dwDirectory  )  const
 

Returns the size of an image directory.

Returns the size of an image directory.

Parameters:
dwDirectory The identifier of an image directory.
Returns:
The size of the image directory.

dword getLoaderFlags  )  const
 

Returns the LoaderFlags value of the header.

Returns:
The LoaderFlags value from the PE header.

word getMachine  )  const
 

Returns the Machine value of the header.

Returns the file's machine.

Returns:
The Machine value from the PE header.

word getMagic  )  const
 

Returns the Magic value of the header.

Returns:
The Magic value from the PE header.

word getMajorImageVersion  )  const
 

Returns the MajorImageVersion value of the header.

Returns:
The MajorImageVersion value from the PE header.

byte getMajorLinkerVersion  )  const
 

Returns the MajorLinkerVersion value of the header.

Returns:
The MajorLinkerVersion value from the PE header.

word getMajorOperatingSystemVersion  )  const
 

Returns the MajorOperatingSystemVersion value of the header.

Returns:
The MajorOperatingSystemVersion value from the PE header.

word getMajorSubsystemVersion  )  const
 

Returns the MajorSubsystemVersion value of the header.

Returns:
The MajorSubsystemVersion value from the PE header.

word getMinorImageVersion  )  const
 

Returns the MinorImageVersion value of the header.

Returns:
The MinorImageVersion value from the PE header.

byte getMinorLinkerVersion  )  const
 

Returns the MinorLinkerVersion value of the header.

Returns:
The MinorLinkerVersion value from the PE header.

word getMinorOperatingSystemVersion  )  const
 

Returns the MinorOperatingSystemVersion value of the header.

Returns:
The MinorOperatingSystemVersion value from the PE header.

word getMinorSubsystemVersion  )  const
 

Returns the MinorSubsystemVersion value of the header.

Returns:
The MinorSubsystemVersion value from the PE header.

dword getNtSignature  )  const
 

Returns the Signature value of the header.

Returns the file's Nt signature.

Returns:
The Nt signature value from the PE header.

dword getNumberOfLinenumbers word  wSectionnr  )  const
 

Returns the number of line numbers of a section.

Returns the number of line numbers of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The number of line numbers of the section.

dword getNumberOfRelocations word  wSectionnr  )  const
 

Returns the number of relocations of a section.

Returns the number of relocations of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The number of relocations of the section.

dword getNumberOfRvaAndSizes  )  const
 

Returns the NumberOfRvaAndSizes value of the header.

Returns:
The NumberOfRvaAndSizes value from the PE header.

word getNumberOfSections  )  const
 

Returns the Sections value of the header.

Returns the file's number of sections as defined in the header. Note that this value can be different from the number of defined sections (#see PeLib::PeHeaderT<x>::getNumberOfSections).

Returns:
The NumberOfSections value from the PE header.

dword getNumberOfSymbols  )  const
 

Returns the NumberOfSymbols value of the header.

Returns the number of symbols of the file's symbol table.

Returns:
The NumberOfSymbols value from the PE header.

dword getPointerToLinenumbers word  wSectionnr  )  const
 

Returns the rva of the line numbers of a section.

Returns the poiner to line numbers of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The pointer to line numbers of the section.

dword getPointerToRawData word  wSectionnr  )  const
 

Returns file offset of the data of a section.

Returns the file offset of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The file offset of the section.

dword getPointerToRelocations word  wSectionnr  )  const
 

Returns the rva of the relocations of a section.

Returns the pointer to relocations of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The pointer to relocations of the section.

dword getPointerToSymbolTable  )  const
 

Returns the PointerToSymbolTable value of the header.

Returns the relative virtual address of the file's symbol table.

Returns:
The PointerToSymbolTable value from the PE header.

dword getSectionAlignment  )  const
 

Returns the SectionAlignment value of the header.

Returns:
The SectionAlignment value from the PE header.

std::string getSectionName word  wSectionnr  )  const
 

Returns the name of a section.

Returns the name of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The name of the section.

word getSectionWithOffset VAR4_8  dwOffset  )  const
 

Returns the section Id of the section that contains the offset.

Determines the section which contains the file offset.

Parameters:
dwOffset File offset.
Returns:
Section Id of the section which contains the offset.

Here is the call graph for this function:

word getSectionWithRva VAR4_8  dwRva  )  const
 

Returns the number of the section which the given relative address points to.

Determines the section which contains the Rva.

Parameters:
dwRva A relative virtual address.
Returns:
Section Id of the section which contains the Rva.

Here is the call graph for this function:

dword getSizeOfCode  )  const
 

Returns the SizeOfCode value of the header.

Returns:
The SizeOfCode value from the PE header.

dword getSizeOfHeaders  )  const
 

Returns the SizeOfHeaders value of the header.

Returns:
The SizeOfHeaders value from the PE header.

FieldSizes< x >::VAR4_8 getSizeOfHeapCommit  )  const
 

Returns the SizeOfHeapCommit value of the header.

Returns:
The SizeOfHeapCommit value from the PE header.

FieldSizes< x >::VAR4_8 getSizeOfHeapReserve  )  const
 

Returns the SizeOfHeapReserve value of the header.

Returns:
The SizeOfHeapReserve value from the PE header.

dword getSizeOfImage  )  const
 

Returns the SizeOfImage value of the header.

Returns:
The SizeOfImage value from the PE header.

dword getSizeOfInitializedData  )  const
 

Returns the SizeOfInitializedData value of the header.

Returns:
The SizeOfInitializedData value from the PE header.

word getSizeOfOptionalHeader  )  const
 

Returns the SizeOfOptionalHeader value of the header.

Returns the size of optional header of the file.

Returns:
The SizeOfOptionalHeader value from the PE header.

dword getSizeOfRawData word  wSectionnr  )  const
 

Returns the size of a section's raw data.

Returns the size of raw data of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The size of raw data of the section.

FieldSizes< x >::VAR4_8 getSizeOfStackCommit  )  const
 

Returns the SizeOfStackCommit value of the header.

Returns:
The SizeOfStackCommit value from the PE header.

FieldSizes< x >::VAR4_8 getSizeOfStackReserve  )  const
 

Returns the SizeOfStackReserve value of the header.

Returns:
The SizeOfStackReserve value from the PE header.

dword getSizeOfUninitializedData  )  const
 

Returns the SizeOfUninitializedData value of the header.

Returns:
The SizeOfUninitializedData value from the PE header.

word getSubsystem  )  const
 

Returns the Subsystem value of the header.

Returns:
The Subsystem value from the PE header.

dword getTimeDateStamp  )  const
 

Returns the TimeDateStamp value of the header.

Returns the file's TimeDateStamp.

Returns:
The TimeDateStamp value from the PE header.

dword getVirtualAddress word  wSectionnr  )  const
 

Returns the virtual address of a section.

Returns the relative virtual address of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The Rva of the section.

dword getVirtualSize word  wSectionnr  )  const
 

Returns the virtual size of a section.

Returns the virtual size of the section which is specified by the parameter wSectionnr.

Parameters:
wSectionnr Index of the section.
Returns:
The virtual size of the section.

dword getWin32VersionValue  )  const
 

Returns the Reserved1 value of the header.

Returns:
The WinVersionValue value from the PE header.

void makeValid dword  dwOffset  ) 
 

Corrects the current PE header.

Corrects all faulty values of the current PE header. The following values will be corrected: NtSignature, NumberOfSections, SizeOfOptionalHeader, FileAlignment (will be aligned to n*0x200), SectionAlignment (will be aligned to n*0x1000), NumberOfRvaAndSizes, SizeOfHeaders, SizeOfImage, Magic, Characteristics.

Parameters:
dwOffset Beginning of PeHeader (see PeLib::MzHeader::getAddressOfPeHeader).
Todo:
32bit and 64bit versions.

Here is the call graph for this function:

unsigned int offsetToVa VAR4_8  dwOffset  )  const
 

Converts a file offset to a virtual address.

Converts a file offset to a virtual address.

Parameters:
dwOffset File offset.
Returns:
Virtual Address.

Here is the call graph for this function:

int read std::string  strFilename,
unsigned int  uiOffset
 

Reads the PE header of a file.

Reads the PE header from a file Note that this function does not verify if a file is actually a MZ file. For this purpose see #PeLib::PeHeaderT<x>::isValid. The only check this function makes is a check to see if the file is large enough to be a PE header. If the data is valid doesn't matter.

Parameters:
strFilename Name of the file which will be read.
uiOffset File offset of PE header (see PeLib::MzHeader::getAddressOfPeHeader).

Here is the call graph for this function:

void rebuild std::vector< byte > &  vBuffer  )  const
 

Rebuilds the current PE header.

Rebuilds the PE header so that it can be written to a file. It's not guaranteed that the header will be valid. If you want to make sure that the header will be valid you must call PeLib::PeHeaderT<x>::makeValid first.

Parameters:
vBuffer Buffer where the rebuilt header will be stored.

Here is the call graph for this function:

FieldSizes< x >::VAR4_8 rvaToOffset VAR4_8  dwRva  )  const
 

Converts a relative virtual address to a file offset.

Converts a relative virtual offset to a file offset.

Parameters:
dwRva A relative virtual offset.
Returns:
A file offset.
Todo:
It's not always 0x1000.

Here is the call graph for this function:

FieldSizes< x >::VAR4_8 rvaToVa VAR4_8  dwRva  )  const
 

Converts a relative virtual address to a virtual address.

Converts a relative virtual offset to a virtual offset.

Parameters:
dwRva A relative virtual offset.
Returns:
A virtual offset.

Here is the call graph for this function:

void setAddressOfEntryPoint dword  dwValue  ) 
 

Sets the AddressOfEntryPoint value of the header.

Changes the file's AddressOfEntryPoint.

Parameters:
dwValue New value.

void setBaseOfCode dword  dwValue  ) 
 

Sets the BaseOfCode value of the header.

Changes the file's BaseOfCode.

Parameters:
dwValue New value.

void setCharacteristics word  wSectionnr,
dword  dwValue
 

Set the characteristics of a section.

Changes the characteristics of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setCharacteristics word  wValue  ) 
 

Sets the Characteristics value of the header.

Changes the file's Characteristics.

Parameters:
wValue New value.

void setCheckSum dword  dwValue  ) 
 

Sets the CheckSum value of the header.

Changes the file's CheckSum.

Parameters:
dwValue New value.

void setDllCharacteristics word  wValue  ) 
 

Sets the DllCharacteristics value of the header.

Changes the file's DllCharacteristics.

Parameters:
wValue New value.

void setFileAlignment dword  dwValue  ) 
 

Sets the FileAlignment value of the header.

Changes the file's FileAlignment.

Parameters:
dwValue New value.

void setIddExportRva dword  dwValue  ) 
 

Changes the rva of the file's export directory.

Parameters:
dwValue New value.

void setIddExportSize dword  dwValue  ) 
 

Changes the size of the file's export directory.

Parameters:
dwValue New value.

void setIddImportRva dword  dwValue  ) 
 

Changes the rva of the file's import directory.

Parameters:
dwValue New value.

void setIddImportSize dword  dwValue  ) 
 

Changes the size of the file's import directory.

Parameters:
dwValue New value.

void setLoaderFlags dword  dwValue  ) 
 

Sets the LoaderFlags value of the header.

Changes the file's LoaderFlags.

Parameters:
dwValue New value.

void setMachine word  wValue  ) 
 

Sets the Machine value of the header.

Changes the file's Machine.

Parameters:
wValue New value.

void setMagic word  wValue  ) 
 

Sets the Magic value of the header.

Changes the file's Magic.

Parameters:
wValue New value.

void setMajorImageVersion word  wValue  ) 
 

Sets the MajorImageVersion value of the header.

Changes the file's MajorImageVersion.

Parameters:
wValue New value.

void setMajorLinkerVersion byte  bValue  ) 
 

Sets the MajorLinkerVersion value of the header.

Changes the file's MajorLinkerVersion.

Parameters:
bValue New value.

void setMajorOperatingSystemVersion word  wValue  ) 
 

Sets the MajorOperatingSystemVersion value of the header.

Changes the file's MajorOperatingSystemVersion.

Parameters:
wValue New value.

void setMajorSubsystemVersion word  wValue  ) 
 

Sets the MajorSubsystemVersion value of the header.

Changes the file's MajorSubsystemVersion.

Parameters:
wValue New value.

void setMinorImageVersion word  wValue  ) 
 

Sets the MinorImageVersion value of the header.

Changes the file's MinorImageVersion.

Parameters:
wValue New value.

void setMinorLinkerVersion byte  bValue  ) 
 

Sets the MinorLinkerVersion value of the header.

Changes the file's MinorLinkerVersion.

Parameters:
bValue New value.

void setMinorOperatingSystemVersion word  wValue  ) 
 

Sets the MinorOperatingSystemVersion value of the header.

Changes the file's MinorOperatingSystemVersion.

Parameters:
wValue New value.

void setMinorSubsystemVersion word  wValue  ) 
 

Sets the MinorSubsystemVersion value of the header.

Changes the file's MinorSubsystemVersion.

Parameters:
wValue New value.

void setNtSignature dword  dwValue  ) 
 

Sets the Signature value of the header.

Changes the file's Nt signature.

Parameters:
dwValue New value.

void setNumberOfLinenumbers word  wSectionnr,
dword  dwValue
 

Set the number of linenumbers section.

Changes the number of line numbers of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setNumberOfRelocations word  wSectionnr,
dword  dwValue
 

Set the number of relocations a section.

Changes the number of relocations of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setNumberOfRvaAndSizes dword  dwValue  ) 
 

Sets the NumberOfRvaAndSizes value of the header.

Changes the file's NumberOfRvaAndSizes.

Parameters:
dwValue New value.

void setNumberOfSections word  wValue  ) 
 

Sets the Sections value of the header.

Changes the number of sections.

Parameters:
wValue New value.

void setNumberOfSymbols dword  dwValue  ) 
 

Sets the NumberOfSymbols value of the header.

Changes the file's NumberOfSymbols.

Parameters:
dwValue New value.

void setPointerToLinenumbers word  wSectionnr,
dword  dwValue
 

Set the pointer to linenumbers of a section.

Changes the pointer to line numbers of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setPointerToRawData word  wSectionnr,
dword  dwValue
 

Set the file offset of a section.

Changes the size of raw data of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setPointerToRelocations word  wSectionnr,
dword  dwValue
 

Set the pointer to relocations of a section.

Changes the pointer to relocations of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setPointerToSymbolTable dword  dwValue  ) 
 

Sets the PointerToSymbolTable value of the header.

Changes the file's PointerToSymbolTable.

Parameters:
dwValue New value.

void setSectionAlignment dword  dwValue  ) 
 

Sets the SectionAlignment value of the header.

Changes the file's SectionAlignment.

Parameters:
dwValue New value.

void setSectionName word  wSectionnr,
std::string  strName
 

Set the name of a section.

Changes the name of a section.

Parameters:
wSectionnr Identifier of the section
strName New name.

void setSizeOfCode dword  dwValue  ) 
 

Sets the SizeOfCode value of the header.

Changes the file's SizeOfCode.

Parameters:
dwValue New value.

void setSizeOfHeaders dword  dwValue  ) 
 

Sets the SizeOfHeaders value of the header.

Changes the file's SizeOfHeaders.

Parameters:
dwValue New value.

void setSizeOfImage dword  dwValue  ) 
 

Sets the SizeOfImage value of the header.

Changes the file's SizeOfImage.

Parameters:
dwValue New value.

void setSizeOfInitializedData dword  dwValue  ) 
 

Sets the SizeOfInitializedData value of the header.

Changes the file's SizeOfInitializedData.

Parameters:
dwValue New value.

void setSizeOfOptionalHeader word  wValue  ) 
 

Sets the SizeOfOptionalHeader value of the header.

Changes the file's SizeOfOptionalHeader.

Parameters:
wValue New value.

void setSizeOfRawData word  wSectionnr,
dword  dwValue
 

Set the size of raw data of a section.

Changes the size of raw data of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setSizeOfUninitializedData dword  dwValue  ) 
 

Sets the SizeOfUninitializedData value of the header.

Changes the file's SizeOfUninitializedData.

Parameters:
dwValue New value.

void setSubsystem word  wValue  ) 
 

Sets the Subsystem value of the header.

Changes the file's Subsystem.

Parameters:
wValue New value.

void setTimeDateStamp dword  dwValue  ) 
 

Sets the TimeDateStamp value of the header.

Changes the file's TimeDateStamp.

Parameters:
dwValue New value.

void setVirtualAddress word  wSectionnr,
dword  dwValue
 

Set the virtual address of a section.

Changes the virtual address of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setVirtualSize word  wSectionnr,
dword  dwValue
 

Set the virtual size of a section.

Changes the virtual size of a section.

Parameters:
wSectionnr Identifier of the section
dwValue New value.

void setWin32VersionValue dword  dwValue  ) 
 

Sets the Reserved1 value of the header.

Changes the file's Win32VersionValue.

Parameters:
dwValue New value.

unsigned int size  )  const
 

Calculates the size for the current PE header including all section definitions.

Calculates the size of the current PE header. This includes the actual header and the section definitions.

Returns:
Size of the current PE header.
Todo:
Better handling of files with less than 0x10 directories.

Here is the call graph for this function:

int write std::string  strFilename,
unsigned int  uiOffset
const
 

Save the PE header to a file.

Saves the PE header to a file. Note that this only saves the header information, if you have added sections and want to save these to the file you have to call #PeLib::PeHeaderT<x>::saveSections too. This function also does not verify if the PE header is correct. If you want to make sure that the current PE header is valid, call #PeLib::PeHeaderT<x>::isValid and PeLib::PeHeaderT<x>::makeValid first.

Parameters:
strFilename Filename of the file the header will be written to.
uiOffset File offset the header will be written to.

Here is the call graph for this function:

int writeSectionData const std::string &  strFilename,
word  wSecnr,
const std::vector< byte > &  vBuffer
const
 

Overwrites a section with new data.

Overwrites a section's data.

Parameters:
wSecnr Number of the section which will be overwritten.
strFilename Name of the file where the section will be written to.
wSecnr Number of the section that will be written.
vBuffer New data of the section.

Here is the call graph for this function:

The documentation for this class was generated from the following file:
Generated on Mon Jan 17 20:50:18 2005 for PeLib by doxygen 1.3.7