Line data Source code
1 : //! PE Delayed import module
2 : use std::marker::PhantomData;
3 :
4 : use crate::{common::FromFFI, declare_iterator, generic};
5 : use lief_ffi as ffi;
6 :
7 : pub struct DelayImport<'a> {
8 : ptr: cxx::UniquePtr<ffi::PE_DelayImport>,
9 : _owner: PhantomData<&'a ffi::PE_Binary>,
10 : }
11 :
12 : impl DelayImport<'_> {
13 : /// According to the official PE specifications, this value is reserved and should be set to 0
14 130 : pub fn attribute(&self) -> u32 {
15 130 : self.ptr.attribute()
16 130 : }
17 :
18 : /// Return the library's name (e.g. `kernel32.dll`)
19 130 : pub fn name(&self) -> String {
20 130 : self.ptr.name().to_string()
21 130 : }
22 :
23 : /// The RVA of the module handle (in the ``.data`` section).
24 : /// It is used for storage by the routine that is supplied to manage delay-loading.
25 130 : pub fn handle(&self) -> u32 {
26 130 : self.ptr.handle()
27 130 : }
28 :
29 : /// RVA of the delay-load import address table.
30 130 : pub fn iat(&self) -> u32 {
31 130 : self.ptr.iat()
32 130 : }
33 :
34 : /// RVA of the delay-load import names table.
35 : ///
36 : /// The content of this table has the layout as the Import lookup table
37 130 : pub fn names_table(&self) -> u32 {
38 130 : self.ptr.names_table()
39 130 : }
40 :
41 : /// RVA of the **bound** delay-load import address table or 0 if the table does not exist.
42 130 : pub fn biat(&self) -> u32 {
43 130 : self.ptr.biat()
44 130 : }
45 :
46 :
47 : /// RVA of the **unload** delay-load import address table or 0
48 : /// if the table does not exist.
49 : ///
50 : /// According to the PE specifications, this table is an
51 : /// exact copy of the delay import address table that can be
52 : /// used to to restore the original IAT the case of unloading.
53 130 : pub fn uiat(&self) -> u32 {
54 130 : self.ptr.uiat()
55 130 : }
56 :
57 : /// The timestamp of the DLL to which this image has been bound.
58 130 : pub fn timestamp(&self) -> u32 {
59 130 : self.ptr.timestamp()
60 130 : }
61 :
62 : /// Iterator over the DelayImport's entries ([`DelayImportEntry`])
63 130 : pub fn entries(&self) -> Entries {
64 130 : Entries::new(self.ptr.entries())
65 130 : }
66 : }
67 :
68 : impl std::fmt::Debug for DelayImport<'_> {
69 130 : fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
70 130 : f.debug_struct("DelayImport")
71 130 : .field("attribute", &self.attribute())
72 130 : .field("name", &self.name())
73 130 : .field("handle", &self.handle())
74 130 : .field("iat", &self.iat())
75 130 : .field("names_table", &self.names_table())
76 130 : .field("biat", &self.biat())
77 130 : .field("uiat", &self.uiat())
78 130 : .field("timestamp", &self.timestamp())
79 130 : .finish()
80 130 : }
81 : }
82 :
83 : impl<'a> FromFFI<ffi::PE_DelayImport> for DelayImport<'a> {
84 140 : fn from_ffi(ptr: cxx::UniquePtr<ffi::PE_DelayImport>) -> Self {
85 140 : DelayImport {
86 140 : ptr,
87 140 : _owner: PhantomData,
88 140 : }
89 140 : }
90 : }
91 :
92 : /// Structure that represents an entry (i.e. an import) in the delay import table.
93 : ///
94 : /// It implements the [`generic::Symbol`] trait that exposes [`generic::Symbol::name`] and
95 : /// [`generic::Symbol::value`].
96 : ///
97 : /// The meaning of [`generic::Symbol::value`] for this PE object is the address (as an RVA) in the
98 : /// IAT where the resolution should take place.
99 : pub struct DelayImportEntry<'a> {
100 : ptr: cxx::UniquePtr<ffi::PE_DelayImportEntry>,
101 : _owner: PhantomData<&'a ffi::PE_DelayImport>,
102 : }
103 :
104 : impl DelayImportEntry<'_> {
105 : /// `True` if it is an import by ordinal
106 0 : pub fn is_ordinal(&self) -> bool {
107 0 : self.ptr.is_ordinal()
108 0 : }
109 :
110 : /// The ordinal value
111 640 : pub fn ordinal(&self) -> u16 {
112 640 : self.ptr.ordinal()
113 640 : }
114 :
115 : /// See: [`DelayImportEntry::data`]
116 640 : pub fn hint_name_rva(&self) -> u64 {
117 640 : self.ptr.hint_name_rva()
118 640 : }
119 :
120 : /// Index into the export table that is used to speed-up the symbol resolution
121 640 : pub fn hint(&self) -> u16 {
122 640 : self.ptr.hint()
123 640 : }
124 :
125 : /// Value of the current entry in the Import Address Table.
126 640 : pub fn iat_value(&self) -> u64 {
127 640 : self.ptr.iat_value()
128 640 : }
129 :
130 : /// Raw value
131 640 : pub fn data(&self) -> u64 {
132 640 : self.ptr.data()
133 640 : }
134 :
135 : /// Demangled representation of the symbol or an empty string if it can't
136 : /// be demangled
137 0 : pub fn demangled_name(&self) -> String {
138 0 : self.ptr.demangled_name().to_string()
139 0 : }
140 : }
141 :
142 : impl generic::Symbol for DelayImportEntry<'_> {
143 1920 : fn as_generic(&self) -> &ffi::AbstractSymbol {
144 1920 : self.ptr.as_ref().unwrap().as_ref()
145 1920 : }
146 : }
147 :
148 : impl std::fmt::Debug for DelayImportEntry<'_> {
149 640 : fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
150 640 : let base = self as &dyn generic::Symbol;
151 640 : f.debug_struct("DelayImportEntry")
152 640 : .field("base", &base)
153 640 : .field("ordinal", &self.ordinal())
154 640 : .field("hint_name_rva", &self.hint_name_rva())
155 640 : .field("hint", &self.hint())
156 640 : .field("iat_value", &self.iat_value())
157 640 : .field("data", &self.data())
158 640 : .finish()
159 640 : }
160 : }
161 :
162 : impl<'a> FromFFI<ffi::PE_DelayImportEntry> for DelayImportEntry<'a> {
163 640 : fn from_ffi(ptr: cxx::UniquePtr<ffi::PE_DelayImportEntry>) -> Self {
164 640 : Self {
165 640 : ptr,
166 640 : _owner: PhantomData,
167 640 : }
168 640 : }
169 : }
170 :
171 130 : declare_iterator!(
172 130 : DelayImports,
173 130 : DelayImport<'a>,
174 130 : ffi::PE_DelayImport,
175 130 : ffi::PE_Binary,
176 130 : ffi::PE_Binary_it_delay_imports
177 130 : );
178 640 : declare_iterator!(
179 640 : Entries,
180 640 : DelayImportEntry<'a>,
181 640 : ffi::PE_DelayImportEntry,
182 640 : ffi::PE_DelayImport,
183 640 : ffi::PE_DelayImport_it_entries
184 640 : );
|
