Magic-Mirror/retdec
1
0
Fork 0
mirror of https://github.com/avast/retdec.git synced 2025-03-02 18:56:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Do not return entry point offset if it's not backed up by disk data (#975)

Browse Source 
* Add sanity check for offset existence within a file

* Change unsigned long long to std::uint64_t

* Fix the entry point anomaly flow and add new anomaly for memory only entry point

* Change the entry point evaluation so that EP offset ouside of a file doesn't give warning about invalid entry point due to the memory-only entry points

* Edit the RvaToOffset so it uses virtual size in case real size is larger. Separate the ignore of invalid offset just for PE.

* Create separate function for the valid offset calculation

* Fix comment

* More unsigned long long refactoring, fix found indent issues

* Remove unsigned long long from tests aswell
This commit is contained in:
HoundThe 2021-08-30 10:44:53 +02:00 committed by GitHub
parent 6f26feaccb
commit d89571528e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
50 changed files with 261 additions and 238 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/retdec/cpdetect/cptypes.h
View File

@ -195,17 +195,17 @@ struct ToolInformation
/// @c false if file has no has no or invalid EP offset
bool entryPointOffset = false;
/// entry point offset
long long unsigned int epOffset =
std::numeric_limits<long long unsigned int>::max();
std::uint64_t epOffset =
std::numeric_limits<std::uint64_t>::max();
/// @c false if file has no has no or invalid EP address
bool entryPointAddress = false;
/// entry point address
long long unsigned int epAddress =
std::numeric_limits<long long unsigned int>::max();
std::uint64_t epAddress =
std::numeric_limits<std::uint64_t>::max();
/// image base address
long long unsigned int imageBase =
std::numeric_limits<long long unsigned int>::max();
std::uint64_t imageBase =
std::numeric_limits<std::uint64_t>::max();
/// offset of the file overlay. 0 if no overlay
uint64_t overlayOffset = 0;

10
include/retdec/fileformat/file_format/coff/coff_format.h
View File

@ -72,11 +72,11 @@ class CoffFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &epOffset) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &epOffset) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;

10
include/retdec/fileformat/file_format/elf/elf_format.h
View File

@ -116,11 +116,11 @@ class ElfFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &epOffset) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &epOffset) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;

14
include/retdec/fileformat/file_format/file_format.h
View File

@ -206,8 +206,8 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
std::size_t nibblesFromBytes(std::size_t bytes) const;
std::size_t bytesFromNibbles(std::size_t nibbles) const;
std::size_t bytesFromNibblesRounded(std::size_t nibbles) const;
bool getOffsetFromAddress(unsigned long long &result, unsigned long long address) const;
bool getAddressFromOffset(unsigned long long &result, unsigned long long offset) const;
bool getOffsetFromAddress(std::uint64_t &result, std::uint64_t address) const;
bool getAddressFromOffset(std::uint64_t &result, std::uint64_t offset) const;
bool getBytes(std::vector<std::uint8_t> &result, unsigned long long offset, unsigned long long numberOfBytes) const;
bool getEpBytes(std::vector<std::uint8_t> &result, unsigned long long numberOfBytes) const;
bool getHexBytes(std::string &result, unsigned long long offset, unsigned long long numberOfBytes) const;
@ -307,11 +307,11 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
virtual bool isObjectFile() const = 0;
virtual bool isDll() const = 0;
virtual bool isExecutable() const = 0;
virtual bool getMachineCode(unsigned long long &result) const = 0;
virtual bool getAbiVersion(unsigned long long &result) const = 0;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const = 0;
virtual bool getEpAddress(unsigned long long &result) const = 0;
virtual bool getEpOffset(unsigned long long &epOffset) const = 0;
virtual bool getMachineCode(std::uint64_t &result) const = 0;
virtual bool getAbiVersion(std::uint64_t &result) const = 0;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const = 0;
virtual bool getEpAddress(std::uint64_t &result) const = 0;
virtual bool getEpOffset(std::uint64_t &epOffset) const = 0;
virtual Architecture getTargetArchitecture() const = 0;
virtual std::size_t getDeclaredNumberOfSections() const = 0;
virtual std::size_t getDeclaredNumberOfSegments() const = 0;

10
include/retdec/fileformat/file_format/intel_hex/intel_hex_format.h
View File

@ -56,11 +56,11 @@ class IntelHexFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &epOffset) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &epOffset) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;

10
include/retdec/fileformat/file_format/macho/macho_format.h
View File

@ -130,11 +130,11 @@ class MachOFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &epOffset) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &epOffset) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;

26
include/retdec/fileformat/file_format/pe/pe_format.h
View File

@ -132,11 +132,11 @@ class PeFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &epOffset) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &epOffset) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;
@ -181,15 +181,15 @@ class PeFormat : public FileFormat
bool isDotNet() const;
bool isPackedDotNet() const;
bool isVisualBasic(unsigned long long &version) const;
bool getDllFlags(unsigned long long &dllFlags) const;
bool getNumberOfBaseRelocationBlocks(unsigned long long &relocs) const;
bool getNumberOfRelocations(unsigned long long &relocs) const;
bool getDataDirectoryRelative(unsigned long long index, unsigned long long &relAddr, unsigned long long &size) const;
bool getDataDirectoryAbsolute(unsigned long long index, unsigned long long &absAddr, unsigned long long &size) const;
bool getComDirectoryRelative(unsigned long long &relAddr, unsigned long long &size) const;
bool isVisualBasic(std::uint64_t &version) const;
bool getDllFlags(std::uint64_t &dllFlags) const;
bool getNumberOfBaseRelocationBlocks(std::uint64_t &relocs) const;
bool getNumberOfRelocations(std::uint64_t &relocs) const;
bool getDataDirectoryRelative(std::uint64_t index, std::uint64_t &relAddr, std::uint64_t &size) const;
bool getDataDirectoryAbsolute(std::uint64_t index, std::uint64_t &absAddr, std::uint64_t &size) const;
bool getComDirectoryRelative(std::uint64_t &relAddr, std::uint64_t &size) const;
const PeCoffSection* getPeSection(const std::string &secName) const;
const PeCoffSection* getPeSection(unsigned long long secIndex) const;
const PeCoffSection* getPeSection(std::uint64_t secIndex) const;
const CLRHeader* getCLRHeader() const;
const MetadataHeader* getMetadataHeader() const;
const MetadataStream* getMetadataStream() const;

10
include/retdec/fileformat/file_format/pe/pe_format_parser.h
View File

@ -212,7 +212,7 @@ class PeFormatParser
{
std::uint32_t entryPoint = peFile->imageLoader().getOptionalHeader().AddressOfEntryPoint;
epOffset = peFile->imageLoader().getFileOffsetFromRva(entryPoint);
epOffset = peFile->imageLoader().getValidOffsetFromRva(entryPoint);
return (entryPoint != 0 || isDll() == false) && (epOffset != UINT32_MAX);
}
@ -274,27 +274,27 @@ class PeFormatParser
return true;
}
bool getDllFlags(unsigned long long & dllFlags) const
bool getDllFlags(std::uint64_t &dllFlags) const
{
dllFlags = peFile->imageLoader().getOptionalHeader().DllCharacteristics;
return true;
}
bool getDataDirectoryRelative(unsigned long long index, unsigned long long &relAddr, unsigned long long &size) const
bool getDataDirectoryRelative(std::uint64_t index, std::uint64_t &relAddr, std::uint64_t &size) const
{
relAddr = peFile->imageLoader().getDataDirRva(index);
size = peFile->imageLoader().getDataDirSize(index);
return (relAddr != 0);
}
bool getComDirectoryRelative(unsigned long long &relAddr, unsigned long long &size) const
bool getComDirectoryRelative(std::uint64_t &relAddr, std::uint64_t &size) const
{
relAddr = peFile->imageLoader().getComDirRva();
size = peFile->imageLoader().getComDirSize();
return (relAddr != 0);
}
bool getDataDirectoryAbsolute(unsigned long long index, unsigned long long &absAddr, unsigned long long &size) const
bool getDataDirectoryAbsolute(std::uint64_t index, std::uint64_t &absAddr, std::uint64_t &size) const
{
if(getDataDirectoryRelative(index, absAddr, size))
{

10
include/retdec/fileformat/file_format/raw_data/raw_data_format.h
View File

@ -80,11 +80,11 @@ class RawDataFormat : public FileFormat
virtual bool isObjectFile() const override;
virtual bool isDll() const override;
virtual bool isExecutable() const override;
virtual bool getMachineCode(unsigned long long &result) const override;
virtual bool getAbiVersion(unsigned long long &result) const override;
virtual bool getImageBaseAddress(unsigned long long &imageBase) const override;
virtual bool getEpAddress(unsigned long long &result) const override;
virtual bool getEpOffset(unsigned long long &result) const override;
virtual bool getMachineCode(std::uint64_t &result) const override;
virtual bool getAbiVersion(std::uint64_t &result) const override;
virtual bool getImageBaseAddress(std::uint64_t &imageBase) const override;
virtual bool getEpAddress(std::uint64_t &result) const override;
virtual bool getEpOffset(std::uint64_t &result) const override;
virtual Architecture getTargetArchitecture() const override;
virtual std::size_t getDeclaredNumberOfSections() const override;
virtual std::size_t getDeclaredNumberOfSegments() const override;

12
include/retdec/fileformat/types/export_table/export.h
View File

@ -19,8 +19,8 @@ class Export
{
private:
std::string name;
unsigned long long address = 0;
unsigned long long ordinalNumber = 0;
std::uint64_t address = 0;
std::uint64_t ordinalNumber = 0;
bool ordinalNumberIsValid = false;
public:
virtual ~Export() = default;
@ -28,15 +28,15 @@ class Export
/// @name Getters
/// @{
std::string getName() const;
unsigned long long getAddress() const;
bool getOrdinalNumber(unsigned long long &exportOrdinalNumber) const;
std::uint64_t getAddress() const;
bool getOrdinalNumber(std::uint64_t &exportOrdinalNumber) const;
/// @}
/// @name Setters
/// @{
void setName(std::string exportName);
void setAddress(unsigned long long exportAddress);
void setOrdinalNumber(unsigned long long exportOrdinalNumber);
void setAddress(std::uint64_t exportAddress);
void setOrdinalNumber(std::uint64_t exportOrdinalNumber);
/// @}
/// @name Other methods

18
include/retdec/fileformat/types/import_table/import.h
View File

@ -28,9 +28,9 @@ class Import
private:
std::string name;
unsigned long long libraryIndex = 0;
unsigned long long address = 0;
unsigned long long ordinalNumber = 0;
std::uint64_t libraryIndex = 0;
std::uint64_t address = 0;
std::uint64_t ordinalNumber = 0;
bool ordinalNumberIsValid = false;
UsageType usageType = UsageType::UNKNOWN;
public:
@ -39,9 +39,9 @@ class Import
/// @name Getters
/// @{
std::string getName() const;
unsigned long long getLibraryIndex() const;
unsigned long long getAddress() const;
bool getOrdinalNumber(unsigned long long &importOrdinalNumber) const;
std::uint64_t getLibraryIndex() const;
std::uint64_t getAddress() const;
bool getOrdinalNumber(std::uint64_t &importOrdinalNumber) const;
Import::UsageType getUsageType() const;
/// @}
@ -56,9 +56,9 @@ class Import
/// @name Setters
/// @{
void setName(std::string importName);
void setLibraryIndex(unsigned long long importLibraryIndex);
void setAddress(unsigned long long importAddress);
void setOrdinalNumber(unsigned long long importOrdinalNumber);
void setLibraryIndex(std::uint64_t importLibraryIndex);
void setAddress(std::uint64_t importAddress);
void setOrdinalNumber(std::uint64_t importOrdinalNumber);
void setUsageType(Import::UsageType importUsageType);
/// @}

4
include/retdec/pelib/ImageLoader.h
View File

@ -314,13 +314,13 @@ class ImageLoader
return securityDirFileOffset;
}
std::uint32_t getDataDirRva(std::size_t dataDirIndex) const
std::uint32_t getDataDirRva(std::uint64_t dataDirIndex) const
{
// The data directory must be present there
return (optionalHeader.NumberOfRvaAndSizes > dataDirIndex) ? optionalHeader.DataDirectory[dataDirIndex].VirtualAddress : 0;
}
std::uint32_t getDataDirSize(std::size_t dataDirIndex) const
std::uint32_t getDataDirSize(std::uint64_t dataDirIndex) const
{
// The data directory must be present there
return (optionalHeader.NumberOfRvaAndSizes > dataDirIndex) ? optionalHeader.DataDirectory[dataDirIndex].Size : 0;

4
src/bin2llvmir/optimizations/provider_init/provider_init.cpp
View File

@ -137,7 +137,7 @@ common::Pattern saveCryptoRule(
patMatch.setEntrySize(entrySizeValue / file->getByteLength());
}
patMatch.setOffset(match->getOffset());
unsigned long long val = 0;
std::uint64_t val = 0;
if(file->getAddressFromOffset(val, match->getOffset()))
{
patMatch.setAddress(val);
@ -253,7 +253,7 @@ bool ProviderInitialization::runOnModule(Module& m)
if (f->getFileFormat()->isObjectFile()) ft.setIsObject();
if (f->getFileFormat()->isDll()) ft.setIsShared();
}
unsigned long long ep = 0;
std::uint64_t ep = 0;
if (f->getFileFormat()->getEpAddress(ep))
{
c->getConfig().parameters.setEntryPoint(ep);

46
src/bin2llvmir/providers/names.cpp
View File

@ -367,7 +367,7 @@ void NameContainer::initFromImage()
{
Address addr = imp->getAddress();
std::string name = imp->getName();
unsigned long long ord = 0;
std::uint64_t ord = 0;
bool ordOk = false;
if (name.empty())
@ -401,24 +401,24 @@ void NameContainer::initFromImage()
}
}
if (auto *exTbl = _image->getFileFormat()->getExportTable())
for (const auto &exp : *exTbl)
{
addNameForAddress(
exp.getAddress(),
exp.getName(),
Name::eType::EXPORT);
}
if (auto* exTbl = _image->getFileFormat()->getExportTable())
for (const auto& exp : *exTbl)
{
addNameForAddress(
exp.getAddress(),
exp.getName(),
Name::eType::EXPORT);
}
for (const auto* t : _image->getFileFormat()->getSymbolTables())
for (const auto& s : *t)
{
unsigned long long a = 0;
if (s->getRealAddress(a))
for (const auto& s : *t)
{
Name::eType t = Name::eType::SYMBOL_OTHER;
switch (s->getUsageType())
unsigned long long a = 0;
if (s->getRealAddress(a))
{
Name::eType t = Name::eType::SYMBOL_OTHER;
switch (s->getUsageType())
{
case retdec::fileformat::Symbol::UsageType::FUNCTION:
t = Name::eType::SYMBOL_FUNCTION;
break;
@ -431,20 +431,20 @@ void NameContainer::initFromImage()
default:
t = Name::eType::SYMBOL_OTHER;
break;
}
}
if (_config->getConfig().architecture.isArm32OrThumb() && a % 2)
{
a -= 1;
}
if (_config->getConfig().architecture.isArm32OrThumb() && a % 2)
{
a -= 1;
}
addNameForAddress(a, s->getName(), t);
addNameForAddress(a, s->getName(), t);
}
}
}
if (_image->getFileFormat())
{
unsigned long long ep = 0;
std::uint64_t ep = 0;
if (_image->getFileFormat()->getEpAddress(ep))
{
if (_config->getConfig().architecture.isArm32OrThumb() && ep % 2)

16
src/cpdetect/cpdetect.cpp
View File

@ -766,6 +766,7 @@ ReturnCode CompilerDetector::getAllInformation()
}
fileParser.getImageBaseAddress(toolInfo.imageBase);
toolInfo.entryPointAddress = fileParser.getEpAddress(toolInfo.epAddress);
toolInfo.entryPointOffset = fileParser.getEpOffset(toolInfo.epOffset);
@ -774,8 +775,19 @@ ReturnCode CompilerDetector::getAllInformation()
toolInfo.overlayOffset = fileParser.getDeclaredFileLength();
}
const bool invalidEntryPoint = !toolInfo.entryPointAddress
|| !toolInfo.entryPointOffset;
bool invalidEntryPoint = false;
Format format = fileParser.getFileFormat();
if (format == Format::PE)
{
// False EP offset (offset outside of file) doesn't have
// to mean invalid EP as it can be memory only
invalidEntryPoint = !toolInfo.entryPointAddress;
}
else
{
invalidEntryPoint = !toolInfo.entryPointAddress || !toolInfo.entryPointOffset;
}
if (!fileParser.getHexEpBytes(toolInfo.epBytes, cpParams.epBytesCount)
&& !invalidEntryPoint
&& !fileParser.isInValidState())

8
src/cpdetect/heuristics/pe_heuristics.cpp
View File

@ -330,7 +330,7 @@ void PeHeuristics::getVisualBasicHeuristics()
auto source = DetectionMethod::LINKED_LIBRARIES_H;
auto strength = DetectionStrength::HIGH;
unsigned long long version = 0;
std::uint64_t version = 0;
if (peParser.isVisualBasic(version))
{
addCompiler(source, strength, "Visual Basic", std::to_string(version));
@ -483,7 +483,7 @@ void PeHeuristics::getMorphineHeuristics()
&& sections[2]->getName() == ".idata"
&& sections[2]->getSizeInFile() == 0x200)
{
unsigned long long rva, size;
std::uint64_t rva, size;
if (peParser.getDataDirectoryRelative(1, rva, size) && size == 0x1000)
{
addPacker(source, strength, "Morphine", "1.2");
@ -813,7 +813,7 @@ void PeHeuristics::getPetiteHeuristics()
*/
void PeHeuristics::getPelockHeuristics()
{
unsigned long long rva, size;
std::uint64_t rva, size;
if (peParser.getDataDirectoryRelative(1, rva, size)
&& size == 0x5C
&& peParser.getDataDirectoryRelative(15, rva, size)
@ -1354,7 +1354,7 @@ void PeHeuristics::getBorlandDelphiHeuristics()
auto source = DetectionMethod::COMBINED;
auto strength = DetectionStrength::MEDIUM;
unsigned long long imageBaseAddr;
std::uint64_t imageBaseAddr;
if (!fileParser.getImageBaseAddress(imageBaseAddr)
|| !toolInfo.entryPointSection
|| toolInfo.epSection.getIndex()

2
src/debugformat/debugformat.cpp
View File

@ -42,7 +42,7 @@ DebugFormat::DebugFormat(
{
LOG << "\n*** DebugFormat::DebugFormat(): PDB" << std::endl;
unsigned long long imageBase = 0;
std::uint64_t imageBase = 0;
if (auto* pe = dynamic_cast<const fileformat::PeFormat*>(
inFile->getFileFormat()))
{

10
src/fileformat/file_format/coff/coff_format.cpp
View File

@ -609,34 +609,34 @@ bool CoffFormat::isExecutable() const
return !isDll() && !isObjectFile();
}
bool CoffFormat::getMachineCode(unsigned long long &result) const
bool CoffFormat::getMachineCode(std::uint64_t &result) const
{
result = file->getMachine();
return true;
}
bool CoffFormat::getAbiVersion(unsigned long long &result) const
bool CoffFormat::getAbiVersion(std::uint64_t &result) const
{
// not in COFF files
static_cast<void>(result);
return false;
}
bool CoffFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool CoffFormat::getImageBaseAddress(std::uint64_t &imageBase) const
{
// not in COFF files
static_cast<void>(imageBase);
return false;
}
bool CoffFormat::getEpAddress(unsigned long long &result) const
bool CoffFormat::getEpAddress(std::uint64_t &result) const
{
// not in COFF files
static_cast<void>(result);
return false;
}
bool CoffFormat::getEpOffset(unsigned long long &epOffset) const
bool CoffFormat::getEpOffset(std::uint64_t &epOffset) const
{
// not in COFF files
static_cast<void>(epOffset);

14
src/fileformat/file_format/elf/elf_format.cpp
View File

@ -2699,7 +2699,7 @@ std::size_t ElfFormat::getBytesPerWord() const
bool ElfFormat::hasMixedEndianForDouble() const
{
unsigned long long abiVersion = 0;
std::uint64_t abiVersion = 0;
bool hasAbi = getAbiVersion(abiVersion);
return isArm() && (!hasAbi || abiVersion < 5);
}
@ -2734,13 +2734,13 @@ bool ElfFormat::isExecutable() const
return reader.get_type() == ET_EXEC;
}
bool ElfFormat::getMachineCode(unsigned long long &result) const
bool ElfFormat::getMachineCode(std::uint64_t &result) const
{
result = reader.get_machine();
return true;
}
bool ElfFormat::getAbiVersion(unsigned long long &result) const
bool ElfFormat::getAbiVersion(std::uint64_t &result) const
{
// this works only for 32-bit ARM
if(!isArm() || getWordLength() != 32)
@ -2757,14 +2757,14 @@ bool ElfFormat::getAbiVersion(unsigned long long &result) const
return abi;
}
bool ElfFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool ElfFormat::getImageBaseAddress(std::uint64_t &imageBase) const
{
// not in ELF files
static_cast<void>(imageBase);
return false;
}
bool ElfFormat::getEpAddress(unsigned long long &result) const
bool ElfFormat::getEpAddress(std::uint64_t &result) const
{
const unsigned long long epAddress = reader.get_entry();
if(epAddress)
@ -2795,9 +2795,9 @@ bool ElfFormat::getEpAddress(unsigned long long &result) const
return false;
}
bool ElfFormat::getEpOffset(unsigned long long &epOffset) const
bool ElfFormat::getEpOffset(std::uint64_t &epOffset) const
{
unsigned long long epRva;
std::uint64_t epRva;
if(!getEpAddress(epRva))
{
return false;

18
src/fileformat/file_format/file_format.cpp
View File

@ -7,6 +7,7 @@
#include <algorithm>
#include <cassert>
#include <climits>
#include <cstdint>
#include <cstring>
#include <functional>
#include <sstream>
@ -1132,7 +1133,7 @@ std::size_t FileFormat::bytesFromNibblesRounded(std::size_t nibbles) const
*
* If method returns @c false, @a result is left unchanged
*/
bool FileFormat::getOffsetFromAddress(unsigned long long &result, unsigned long long address) const
bool FileFormat::getOffsetFromAddress(std::uint64_t &result, std::uint64_t address) const
{
const auto *secSeg = getSectionOrSegmentFromAddress(address);
if(!secSeg)
@ -1158,7 +1159,7 @@ bool FileFormat::getOffsetFromAddress(unsigned long long &result, unsigned long
*
* If method returns @c false, @a result is left unchanged
*/
bool FileFormat::getAddressFromOffset(unsigned long long &result, unsigned long long offset) const
bool FileFormat::getAddressFromOffset(std::uint64_t &result, std::uint64_t offset) const
{
const auto *secSeg = getSectionOrSegmentFromOffset(offset);
if(!secSeg)
@ -1211,7 +1212,7 @@ bool FileFormat::getBytes(std::vector<std::uint8_t> &result, unsigned long long
*/
bool FileFormat::getEpBytes(std::vector<std::uint8_t> &result, unsigned long long numberOfBytes) const
{
unsigned long long epOffset;
std::uint64_t epOffset;
if(stateIsValid && getEpOffset(epOffset))
{
return getBytes(result, epOffset, numberOfBytes);
@ -1247,7 +1248,7 @@ bool FileFormat::getHexBytes(std::string &result, unsigned long long offset, uns
*/
bool FileFormat::getHexEpBytes(std::string &result, unsigned long long numberOfBytes) const
{
unsigned long long epOffset;
std::uint64_t epOffset;
if(stateIsValid && getEpOffset(epOffset))
{
return getHexBytes(result, epOffset, numberOfBytes);
@ -1329,9 +1330,10 @@ bool FileFormat::isObjectStretchedOverSections(std::size_t addr, std::size_t siz
* Get information about section containing entry point
* @return Pointer to EP section if file has entry point and EP section was detected, @c nullptr otherwise
*/
// useless?
const Section* FileFormat::getEpSection()
{
unsigned long long ep;
std::uint64_t ep;
if(!getEpOffset(ep))
{
return nullptr;
@ -1415,7 +1417,7 @@ const Section* FileFormat::getLastButOneSection() const
*/
const Segment* FileFormat::getEpSegment()
{
unsigned long long epAddress;
std::uint64_t epAddress;
if(!getEpAddress(epAddress))
{
return nullptr;
@ -2434,13 +2436,13 @@ void FileFormat::dump(std::string &dumpFile)
ret << "; Endianness: " << sEndian << "\n";
ret << "; Type: " << sType << "\n";
unsigned long long addr;
std::uint64_t addr;
if(getEpAddress(addr))
{
ret << "; Entry point address: " << std::hex << addr << "\n";
}
unsigned long long offset;
std::uint64_t offset;
if(getEpOffset(offset))
{
ret << "; Entry point offset: " << offset << "\n";

10
src/fileformat/file_format/intel_hex/intel_hex_format.cpp
View File

@ -164,25 +164,25 @@ bool IntelHexFormat::isExecutable() const
return true;
}
bool IntelHexFormat::getMachineCode(unsigned long long &result) const
bool IntelHexFormat::getMachineCode(std::uint64_t &result) const
{
// Intel HEX does not provide such information
return false;
}
bool IntelHexFormat::getAbiVersion(unsigned long long &result) const
bool IntelHexFormat::getAbiVersion(std::uint64_t &result) const
{
// Intel HEX does not provide such information
return false;
}
bool IntelHexFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool IntelHexFormat::getImageBaseAddress(std::uint64_t &imageBase) const
{
// Intel HEX does not provide such information
return false;
}
bool IntelHexFormat::getEpAddress(unsigned long long &result) const
bool IntelHexFormat::getEpAddress(std::uint64_t &result) const
{
if(parser.hasEntryPoint())
{
@ -193,7 +193,7 @@ bool IntelHexFormat::getEpAddress(unsigned long long &result) const
return false;
}
bool IntelHexFormat::getEpOffset(unsigned long long &epOffset) const
bool IntelHexFormat::getEpOffset(std::uint64_t &epOffset) const
{
if(parser.hasEntryPoint())
{

10
src/fileformat/file_format/macho/macho_format.cpp
View File

@ -1380,23 +1380,23 @@ bool MachOFormat::isExecutable() const
return filetype == MachO::MH_EXECUTE || filetype == MachO::MH_PRELOAD;
}
bool MachOFormat::getMachineCode(unsigned long long &result) const
bool MachOFormat::getMachineCode(std::uint64_t &result) const
{
is32 ? result = static_cast<unsigned long long>(header32.cputype) : result = static_cast<unsigned long long>(header64.cputype);
return true;
}
bool MachOFormat::getAbiVersion(unsigned long long &result) const
bool MachOFormat::getAbiVersion(std::uint64_t &result) const
{
return false;
}
bool MachOFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool MachOFormat::getImageBaseAddress(std::uint64_t &imageBase) const
{
return false;
}
bool MachOFormat::getEpAddress(unsigned long long &result) const
bool MachOFormat::getEpAddress(std::uint64_t &result) const
{
if(hasEntryPoint)
{
@ -1407,7 +1407,7 @@ bool MachOFormat::getEpAddress(unsigned long long &result) const
return false;
}
bool MachOFormat::getEpOffset(unsigned long long &epOffset) const
bool MachOFormat::getEpOffset(std::uint64_t &epOffset) const
{
if(hasEntryPoint)
{

103
src/fileformat/file_format/pe/pe_format.cpp
View File

@ -855,11 +855,11 @@ void PeFormat::loadVisualBasicHeader()
{
const auto &allBytes = getBytes();
std::vector<std::uint8_t> bytes;
unsigned long long version = 0;
unsigned long long vbHeaderAddress = 0;
unsigned long long vbHeaderOffset = 0;
unsigned long long vbProjectInfoOffset = 0;
unsigned long long vbComDataRegistrationOffset = 0;
std::uint64_t version = 0;
std::uint64_t vbHeaderAddress = 0;
std::uint64_t vbHeaderOffset = 0;
std::uint64_t vbProjectInfoOffset = 0;
std::uint64_t vbComDataRegistrationOffset = 0;
std::string projLanguageDLL;
std::string projBackupLanguageDLL;
std::string projExeName;
@ -1110,8 +1110,8 @@ bool PeFormat::parseVisualBasicComRegistrationInfo(std::size_t structureOffset,
bool PeFormat::parseVisualBasicProjectInfo(std::size_t structureOffset)
{
std::vector<std::uint8_t> bytes;
unsigned long long vbExternTableOffset = 0;
unsigned long long vbObjectTableOffset = 0;
std::uint64_t vbExternTableOffset = 0;
std::uint64_t vbObjectTableOffset = 0;
std::string projPath;
std::size_t offset = 0;
struct VBProjInfo vbpi;
@ -1164,7 +1164,7 @@ bool PeFormat::parseVisualBasicExternTable(std::size_t structureOffset, std::siz
std::vector<std::uint8_t> bytes;
struct VBExternTableEntry entry;
struct VBExternTableEntryData entryData;
unsigned long long vbExternEntryDataOffset = 0;
std::uint64_t vbExternEntryDataOffset = 0;
std::size_t offset = 0;
for (std::size_t i = 0; i < nEntries; i++)
@ -1204,14 +1204,14 @@ bool PeFormat::parseVisualBasicExternTable(std::size_t structureOffset, std::siz
entryData.moduleNameAddr = entryDataContent.read<std::uint32_t>(offset); offset += sizeof(entryData.moduleNameAddr);
entryData.apiNameAddr = entryDataContent.read<std::uint32_t>(offset); offset += sizeof(entryData.apiNameAddr);
unsigned long long moduleNameOffset;
std::uint64_t moduleNameOffset;
if (getOffsetFromAddress(moduleNameOffset, entryData.moduleNameAddr))
{
moduleName = retdec::utils::readNullTerminatedAscii(allBytes.data(), allBytes.size(),
moduleNameOffset, VB_MAX_STRING_LEN, true);
}
unsigned long long apiNameOffset;
std::uint64_t apiNameOffset;
if (getOffsetFromAddress(apiNameOffset, entryData.apiNameAddr))
{
apiName = retdec::utils::readNullTerminatedAscii(allBytes.data(), allBytes.size(),
@ -1242,8 +1242,8 @@ bool PeFormat::parseVisualBasicObjectTable(std::size_t structureOffset)
const auto &allBytes = getBytes();
std::vector<std::uint8_t> bytes;
std::size_t offset = 0;
unsigned long long projectNameOffset = 0;
unsigned long long objectDescriptorsOffset = 0;
std::uint64_t projectNameOffset = 0;
std::uint64_t objectDescriptorsOffset = 0;
struct VBObjectTable vbot;
std::string projName;
@ -1331,7 +1331,7 @@ bool PeFormat::parseVisualBasicObjects(std::size_t structureOffset, std::size_t
vbpod.objectType = structContent.read<std::uint32_t>(offset); offset += sizeof(vbpod.objectType);
vbpod.null = structContent.read<std::uint32_t>(offset); offset += sizeof(vbpod.null);
unsigned long long objectNameOffset;
std::uint64_t objectNameOffset;
if (!getOffsetFromAddress(objectNameOffset, vbpod.objectNameAddr))
{
continue;
@ -1342,7 +1342,7 @@ bool PeFormat::parseVisualBasicObjects(std::size_t structureOffset, std::size_t
object = std::make_unique<VisualBasicObject>();
object->setName(objectName);
unsigned long long methodAddrOffset;
std::uint64_t methodAddrOffset;
if (getOffsetFromAddress(methodAddrOffset, vbpod.methodNamesAddr))
{
for (std::size_t mIdx = 0; mIdx < vbpod.nMethods; mIdx++)
@ -1360,7 +1360,7 @@ bool PeFormat::parseVisualBasicObjects(std::size_t structureOffset, std::size_t
methodNameAddr = byteSwap32(methodNameAddr);
}
unsigned long long methodNameOffset;
std::uint64_t methodNameOffset;
if (!getOffsetFromAddress(methodNameOffset, methodNameAddr))
{
continue;
@ -1616,7 +1616,7 @@ void PeFormat::loadPdbInfo()
*/
void PeFormat::loadResourceNodes(std::vector<const PeLib::ResourceChild*> &nodes, const std::vector<std::size_t> &levels)
{
unsigned long long rva = 0, size = 0;
std::uint64_t rva = 0, size = 0;
if(levels.empty() || !getDataDirectoryRelative(PELIB_IMAGE_DIRECTORY_ENTRY_RESOURCE, rva, size))
{
return;
@ -1657,7 +1657,8 @@ void PeFormat::loadResourceNodes(std::vector<const PeLib::ResourceChild*> &nodes
void PeFormat::loadResources()
{
size_t iconGroupIDcounter = 0;
unsigned long long rva = 0, size = 0, imageBase = 0;
std::uint64_t rva = 0, size = 0;
std::uint64_t imageBase = 0;
if(!getDataDirectoryRelative(PELIB_IMAGE_DIRECTORY_ENTRY_RESOURCE, rva, size))
{
return;
@ -1815,7 +1816,7 @@ void PeFormat::loadCertificates()
*/
void PeFormat::loadTlsInformation()
{
unsigned long long rva = 0, size = 0;
std::uint64_t rva = 0, size = 0;
if (!getDataDirectoryRelative(PELIB_IMAGE_DIRECTORY_ENTRY_TLS, rva, size) || size == 0)
{
return;
@ -1843,7 +1844,7 @@ void PeFormat::loadDotnetHeaders()
// If our file contains CLR header, then use it. Note that .NET framework doesn't
// verify the OPTIONAL_HEADER::NumberOfRvaAndSizes, so we must do it the same way.
unsigned long long comHeaderAddress, comHeaderSize;
std::uint64_t comHeaderAddress, comHeaderSize;
if(getComDirectoryRelative(comHeaderAddress, comHeaderSize) && comHeaderSize)
{
clrHeader = formatParser->getClrHeader();
@ -2763,26 +2764,26 @@ bool PeFormat::isExecutable() const
return !isDll();
}
bool PeFormat::getMachineCode(unsigned long long &result) const
bool PeFormat::getMachineCode(std::uint64_t &result) const
{
result = formatParser->getMachineType();
return true;
}
bool PeFormat::getAbiVersion(unsigned long long &result) const
bool PeFormat::getAbiVersion(std::uint64_t &result) const
{
// not in PE files
static_cast<void>(result);
return false;
}
bool PeFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool PeFormat::getImageBaseAddress(std::uint64_t &imageBase) const
{
imageBase = formatParser->getImageBaseAddress();
return true;
}
bool PeFormat::getEpAddress(unsigned long long &result) const
bool PeFormat::getEpAddress(std::uint64_t &result) const
{
std::uint64_t tempResult = 0;
@ -2795,7 +2796,7 @@ bool PeFormat::getEpAddress(unsigned long long &result) const
return false;
}
bool PeFormat::getEpOffset(unsigned long long &epOffset) const
bool PeFormat::getEpOffset(std::uint64_t &epOffset) const
{
std::uint64_t tempResult = 0;
@ -3211,7 +3212,7 @@ bool PeFormat::isPackedDotNet() const
* version was not detected
* @return @c true if input file original language is Visual Basic, @c false otherwise
*/
bool PeFormat::isVisualBasic(unsigned long long &version) const
bool PeFormat::isVisualBasic(std::uint64_t &version) const
{
version = 0;
return importTable && std::any_of(visualBasicLibrariesMap.begin(), visualBasicLibrariesMap.end(),
@ -3233,7 +3234,7 @@ bool PeFormat::isVisualBasic(unsigned long long &version) const
* @param dllFlags Into this parameter DLL flags will be stored
* @return @c true if file is DLL and flags are successfully detected, @c false otherwise
*/
bool PeFormat::getDllFlags(unsigned long long &dllFlags) const
bool PeFormat::getDllFlags(std::uint64_t &dllFlags) const
{
return formatParser->getDllFlags(dllFlags);
}
@ -3245,9 +3246,9 @@ bool PeFormat::getDllFlags(unsigned long long &dllFlags) const
*
* If function returns @c false, @a relocs is left unchanged
*/
bool PeFormat::getNumberOfBaseRelocationBlocks(unsigned long long &relocs) const
bool PeFormat::getNumberOfBaseRelocationBlocks(std::uint64_t &relocs) const
{
unsigned long long addr, size;
std::uint64_t addr, size;
if(!getDataDirectoryRelative(PELIB_IMAGE_DIRECTORY_ENTRY_BASERELOC, addr, size) || !addr)
{
return false;
@ -3264,16 +3265,16 @@ bool PeFormat::getNumberOfBaseRelocationBlocks(unsigned long long &relocs) const
*
* If function returns @c false, @a relocs is left unchanged
*/
bool PeFormat::getNumberOfRelocations(unsigned long long &relocs) const
bool PeFormat::getNumberOfRelocations(std::uint64_t &relocs) const
{
unsigned long long blocks = 0;
std::uint64_t blocks = 0;
if(!getNumberOfBaseRelocationBlocks(blocks))
{
return false;
}
relocs = 0;
for(unsigned long long i = 0; i < blocks; ++i)
for(std::uint64_t i = 0; i < blocks; ++i)
{
relocs += formatParser->getNumberOfRelocationData(i);
}
@ -3290,7 +3291,7 @@ bool PeFormat::getNumberOfRelocations(unsigned long long &relocs) const
*
* If method returns @c false, @a relAddr and @a size are left unchanged.
*/
bool PeFormat::getDataDirectoryRelative(unsigned long long index, unsigned long long &relAddr, unsigned long long &size) const
bool PeFormat::getDataDirectoryRelative(std::uint64_t index, std::uint64_t &relAddr, std::uint64_t &size) const
{
return formatParser->getDataDirectoryRelative(index, relAddr, size);
}
@ -3304,7 +3305,7 @@ bool PeFormat::getDataDirectoryRelative(unsigned long long index, unsigned long
*
* If method returns @c false, @a absAddr and @a size are left unchanged.
*/
bool PeFormat::getDataDirectoryAbsolute(unsigned long long index, unsigned long long &absAddr, unsigned long long &size) const
bool PeFormat::getDataDirectoryAbsolute(std::uint64_t index, std::uint64_t &absAddr, std::uint64_t &size) const
{
return formatParser->getDataDirectoryAbsolute(index, absAddr, size);
}
@ -3317,7 +3318,7 @@ bool PeFormat::getDataDirectoryAbsolute(unsigned long long index, unsigned long
*
* If method returns @c false, @a relAddr and @a size are left unchanged.
*/
bool PeFormat::getComDirectoryRelative(unsigned long long &relAddr, unsigned long long &size) const
bool PeFormat::getComDirectoryRelative(std::uint64_t &relAddr, std::uint64_t &size) const
{
return formatParser->getComDirectoryRelative(relAddr, size);
}
@ -3339,7 +3340,7 @@ const PeCoffSection* PeFormat::getPeSection(const std::string &secName) const
* @param secIndex Index of section (indexed from 0)
* @return Pointer to section or @c nullptr if section was not detected
*/
const PeCoffSection* PeFormat::getPeSection(unsigned long long secIndex) const
const PeCoffSection* PeFormat::getPeSection(std::uint64_t secIndex) const
{
return dynamic_cast<const PeCoffSection*>(getSection(secIndex));
}
@ -3434,20 +3435,19 @@ void PeFormat::scanForAnomalies()
/**
* Scan for section anomalies
*/
void PeFormat::scanForSectionAnomalies(unsigned anamaliesLimit)
void PeFormat::scanForSectionAnomalies(unsigned anomaliesLimit)
{
std::size_t nSecs = getDeclaredNumberOfSections();
unsigned long long imageBase;
unsigned long long epAddr;
std::uint64_t imageBase, epAddr;
if (getEpAddress(epAddr))
{
auto *epSec = dynamic_cast<const PeCoffSection*>(getEpSection());
auto* epSec = dynamic_cast<const PeCoffSection*>(getSectionFromAddress(epAddr));
if (epSec)
{
// scan EP in last section
const PeCoffSection *lastSec = (nSecs) ? getPeSection(nSecs - 1) : nullptr;
const PeCoffSection* lastSec = (nSecs) ? getPeSection(nSecs - 1) : nullptr;
if (epSec == lastSec)
{
anomalies.emplace_back(
@ -3462,6 +3462,13 @@ void PeFormat::scanForSectionAnomalies(unsigned anamaliesLimit)
"EpInWritableSection", "Entry point in writable section"
);
}
// if we can't get valid offset then the EP is outside of the physical file
std::uint64_t epOffset = 0;
if (!getEpOffset(epOffset))
{
anomalies.emplace_back(
"EpInMemoryOnly", "Entry point in memory-only part of a section");
}
}
else
{
@ -3474,7 +3481,7 @@ void PeFormat::scanForSectionAnomalies(unsigned anamaliesLimit)
std::set<std::string> secNames;
for (std::size_t i = 0; i < nSecs; i++)
{
if (anomalies.size() > anamaliesLimit)
if (anomalies.size() > anomaliesLimit)
{
break;
}
@ -3559,7 +3566,7 @@ void PeFormat::scanForSectionAnomalies(unsigned anamaliesLimit)
for (std::size_t j = i + 1; j < nSecs; j++)
{
if (anomalies.size() > anamaliesLimit)
if (anomalies.size() > anomaliesLimit)
{
break;
}
@ -3621,9 +3628,9 @@ void PeFormat::scanForResourceAnomalies()
}
// scan for resource stretched over multiple sections
unsigned long long resAddr;
std::uint64_t resAddr;
if (res->isValidOffset() && getAddressFromOffset(resAddr, res->getOffset()) &&
isObjectStretchedOverSections(resAddr, res->getSizeInFile()))
isObjectStretchedOverSections(resAddr, res->getSizeInFile()))
{
anomalies.emplace_back("StretchedResource", "Resource " + replaceNonprintableChars(msgName) + " is stretched over multiple sections");
}
@ -3638,7 +3645,7 @@ void PeFormat::scanForImportAnomalies()
// scan for import stretched over multiple sections
for(const auto &impRange : formatParser->getImportDirectoryOccupiedAddresses())
{
unsigned long long impAddr;
std::uint64_t impAddr;
if (getAddressFromOffset(impAddr, impRange.getStart()) &&
isObjectStretchedOverSections(impAddr, impRange.getSize()))
{
@ -3652,7 +3659,7 @@ void PeFormat::scanForImportAnomalies()
{
if (imp->hasEmptyName())
{
unsigned long long ordNum;
std::uint64_t ordNum;
if (!imp->getOrdinalNumber(ordNum))
{
msgName = "<unknown>";
@ -3682,7 +3689,7 @@ void PeFormat::scanForExportAnomalies()
// scan for export stretched over multiple sections
for(const auto &expRange : formatParser->getExportDirectoryOccupiedAddresses())
{
unsigned long long expAddr;
std::uint64_t expAddr;
if (getAddressFromOffset(expAddr, expRange.getStart()) &&
isObjectStretchedOverSections(expAddr, expRange.getSize()))
{
@ -3696,7 +3703,7 @@ void PeFormat::scanForExportAnomalies()
{
if (exp->hasEmptyName())
{
unsigned long long ordNum;
std::uint64_t ordNum;
if (!exp->getOrdinalNumber(ordNum))
{
msgName = "<unknown>";

10
src/fileformat/file_format/raw_data/raw_data_format.cpp
View File

@ -136,22 +136,22 @@ bool RawDataFormat::isExecutable() const
return true;
}
bool RawDataFormat::getMachineCode(unsigned long long &result) const
bool RawDataFormat::getMachineCode(std::uint64_t &result) const
{
return false;
}
bool RawDataFormat::getAbiVersion(unsigned long long &result) const
bool RawDataFormat::getAbiVersion(std::uint64_t &result) const
{
return false;
}
bool RawDataFormat::getImageBaseAddress(unsigned long long &imageBase) const
bool RawDataFormat::getImageBaseAddress(std::uint64_t&imageBase) const
{
return false;
}
bool RawDataFormat::getEpAddress(unsigned long long &result) const
bool RawDataFormat::getEpAddress(std::uint64_t &result) const
{
if(hasEntryPoint && isEntryPointValid())
{
@ -164,7 +164,7 @@ bool RawDataFormat::getEpAddress(unsigned long long &result) const
return true;
}
bool RawDataFormat::getEpOffset(unsigned long long &result) const
bool RawDataFormat::getEpOffset(std::uint64_t &result) const
{
if(hasEntryPoint && isEntryPointValid())
{

8
src/fileformat/types/export_table/export.cpp
View File

@ -22,7 +22,7 @@ std::string Export::getName() const
* Get export address
* @return Export address
*/
unsigned long long Export::getAddress() const
std::uint64_t Export::getAddress() const
{
return address;
}
@ -34,7 +34,7 @@ unsigned long long Export::getAddress() const
*
* If method returns @c false, @a exportOrdinalNumber is left unchanged
*/
bool Export::getOrdinalNumber(unsigned long long &exportOrdinalNumber) const
bool Export::getOrdinalNumber(std::uint64_t &exportOrdinalNumber) const
{
if(ordinalNumberIsValid)
{
@ -57,7 +57,7 @@ void Export::setName(std::string exportName)
* Set export address
* @param exportAddress Export address
*/
void Export::setAddress(unsigned long long exportAddress)
void Export::setAddress(std::uint64_t exportAddress)
{
address = exportAddress;
}
@ -66,7 +66,7 @@ void Export::setAddress(unsigned long long exportAddress)
* Set export ordinal number
* @param exportOrdinalNumber Export ordinal number
*/
void Export::setOrdinalNumber(unsigned long long exportOrdinalNumber)
void Export::setOrdinalNumber(std::uint64_t exportOrdinalNumber)
{
ordinalNumber = exportOrdinalNumber;
ordinalNumberIsValid = true;

4
src/fileformat/types/export_table/export_table.cpp
View File

@ -134,7 +134,7 @@ void ExportTable::computeHashes()
// convert ordinal to export name
if(funcName.empty())
{
unsigned long long ord;
std::uint64_t ord;
if(newExport.getOrdinalNumber(ord))
{
funcName = toLower("ord" + std::to_string(ord));
@ -236,7 +236,7 @@ void ExportTable::dump(std::string &dumpTable) const
if(hasExports())
{
unsigned long long aux;
std::uint64_t aux;
ret << ";\n";
for(const auto &exp : exports)

12
src/fileformat/types/import_table/import.cpp
View File

@ -22,7 +22,7 @@ std::string Import::getName() const
* Get index of library from which is import
* @return Index of library from which is import
*/
unsigned long long Import::getLibraryIndex() const
std::uint64_t Import::getLibraryIndex() const
{
return libraryIndex;
}
@ -31,7 +31,7 @@ unsigned long long Import::getLibraryIndex() const
* Get address of import
* @return Address of import
*/
unsigned long long Import::getAddress() const
std::uint64_t Import::getAddress() const
{
return address;
}
@ -43,7 +43,7 @@ unsigned long long Import::getAddress() const
*
* If method returns @c false, @a importOrdinalNumber is left unchanged
*/
bool Import::getOrdinalNumber(unsigned long long &importOrdinalNumber) const
bool Import::getOrdinalNumber(std::uint64_t &importOrdinalNumber) const
{
if(ordinalNumberIsValid)
{
@ -107,7 +107,7 @@ void Import::setName(std::string importName)
* Set library index
* @param importLibraryIndex Index of library from which is import
*/
void Import::setLibraryIndex(unsigned long long importLibraryIndex)
void Import::setLibraryIndex(std::uint64_t importLibraryIndex)
{
libraryIndex = importLibraryIndex;
}
@ -116,7 +116,7 @@ void Import::setLibraryIndex(unsigned long long importLibraryIndex)
* Set address of import
* @param importAddress Address of import
*/
void Import::setAddress(unsigned long long importAddress)
void Import::setAddress(std::uint64_t importAddress)
{
address = importAddress;
}
@ -125,7 +125,7 @@ void Import::setAddress(unsigned long long importAddress)
* Set ordinal number of import
* @param importOrdinalNumber Ordinal number of import
*/
void Import::setOrdinalNumber(unsigned long long importOrdinalNumber)
void Import::setOrdinalNumber(std::uint64_t importOrdinalNumber)
{
ordinalNumber = importOrdinalNumber;
ordinalNumberIsValid = true;

6
src/fileformat/types/import_table/import_table.cpp
View File

@ -238,7 +238,7 @@ void ImportTable::computeHashes()
// YARA compatible name lookup
if(funcName.empty())
{
unsigned long long ord;
std::uint64_t ord;
if(import->getOrdinalNumber(ord))
{
funcName = toLower(retdec::utils::ordLookUp(libName, ord, true));
@ -450,7 +450,7 @@ void ImportTable::dump(std::string &dumpTable) const
if(hasImports())
{
unsigned long long aux;
std::uint64_t aux;
ret << ";\n";
for(const auto &imp : imports)
@ -495,7 +495,7 @@ void ImportTable::dumpLibrary(std::size_t libraryIndex, std::string &libraryDump
if(!indexes.empty())
{
unsigned long long aux;
std::uint64_t aux;
ret << ";\n";
for(const auto &i : indexes)

2
src/fileinfo/file_detector/coff_detector.cpp
View File

@ -378,7 +378,7 @@ void CoffDetector::detectFileClass()
void CoffDetector::detectArchitecture()
{
unsigned long long machineType = 0;
std::uint64_t machineType = 0;
if(!coffParser->getMachineCode(machineType))
{
return;

4
src/fileinfo/file_detector/elf_detector.cpp
View File

@ -870,7 +870,7 @@ void ElfDetector::getSegments()
void ElfDetector::getSymbolTable()
{
// specific analysis for ARM architecture
unsigned long long machineType;
std::uint64_t machineType;
const bool isArm = elfParser->getMachineCode(machineType) && machineType == EM_ARM;
SpecialInformation specInfo("instruction set", "iset");
@ -1377,7 +1377,7 @@ void ElfDetector::detectFileClass()
void ElfDetector::detectArchitecture()
{
unsigned long long machineType = 0;
std::uint64_t machineType = 0;
if(!elfParser->getMachineCode(machineType))
{
return;

2
src/fileinfo/file_detector/intel_hex_detector.cpp
View File

@ -122,7 +122,7 @@ void IntelHexDetector::detectFileType()
void IntelHexDetector::getAdditionalInfo()
{
unsigned long long ep = 0;
std::uint64_t ep = 0;
if(fileParser->getEpAddress(ep))
{
fileInfo.toolInfo.epAddress = ep;

4
src/fileinfo/file_detector/macho_detector.cpp
View File

@ -44,7 +44,7 @@ MachODetector::MachODetector(
*/
void MachODetector::getEntryPoint()
{
unsigned long long res = 0;
std::uint64_t res = 0;
if(fileParser->getEpAddress(res))
{
fileInfo.toolInfo.epAddress = res;
@ -259,7 +259,7 @@ void MachODetector::detectFileClass()
void MachODetector::detectArchitecture()
{
unsigned long long machineType = 0;
std::uint64_t machineType = 0;
if(!machoParser->getMachineCode(machineType))
{
return;

8
src/fileinfo/file_detector/pe_detector.cpp
View File

@ -104,7 +104,7 @@ void PeDetector::getFileFlags()
*/
void PeDetector::getDllFlags()
{
unsigned long long flags;
std::uint64_t flags;
if(!peParser->getDllFlags(flags))
{
return;
@ -184,7 +184,7 @@ void PeDetector::getCoffSymbols()
*/
void PeDetector::getRelocationTableInfo()
{
unsigned long long relocs = 0;
std::uint64_t relocs = 0;
if(peParser->getNumberOfRelocations(relocs))
{
RelocationTable relTable;
@ -344,7 +344,7 @@ void PeDetector::getDotnetInfo()
*/
void PeDetector::getVisualBasicInfo()
{
unsigned long long version;
std::uint64_t version;
if (!peParser->isVisualBasic(version))
{
return;
@ -369,7 +369,7 @@ void PeDetector::detectFileClass()
void PeDetector::detectArchitecture()
{
unsigned long long machineType = 0;
std::uint64_t machineType = 0;
if(!peParser->getMachineCode(machineType))
{
return;

2
src/fileinfo/file_detector/raw_data_detector.cpp
View File

@ -120,7 +120,7 @@ void RawDataDetector::detectFileType()
void RawDataDetector::getAdditionalInfo()
{
unsigned long long ep = 0;
std::uint64_t ep = 0;
if(fileParser->getEpAddress(ep))
{
fileInfo.toolInfo.epAddress = ep;

2
src/fileinfo/file_information/file_information_types/export_table.cpp
View File

@ -77,7 +77,7 @@ std::string ExportTable::getExportAddressStr(std::size_t position, std::ios_base
*/
std::string ExportTable::getExportOrdinalNumberStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const
{
unsigned long long ordinal;
std::uint64_t ordinal;
const auto *record = table ? table->getExport(position) : nullptr;
return record && record->getOrdinalNumber(ordinal) ? getNumberAsString(ordinal, format) : "";
}

2
src/fileinfo/file_information/file_information_types/import_table.cpp
View File

@ -133,7 +133,7 @@ std::string ImportTable::getImportAddressStr(std::size_t position, std::ios_base
*/
std::string ImportTable::getImportOrdinalNumberStr(std::size_t position, std::ios_base &(* format)(std::ios_base &)) const
{
unsigned long long ordinal;
std::uint64_t ordinal;
const auto *record = table ? table->getImport(position) : nullptr;
return record && record->getOrdinalNumber(ordinal) ? getNumberAsString(ordinal, format) : "";
}

4
src/fileinfo/pattern_detector/pattern_detector.cpp
View File

@ -85,7 +85,7 @@ void PatternDetector::createPatternFromRule(Pattern &pattern, const yaracpp::Yar
PatternMatch patMatch;
patMatch.setDataSize(match->getDataSize());
patMatch.setOffset(match->getOffset());
unsigned long long val;
std::uint64_t val;
if(fileParser && fileParser->getAddressFromOffset(val, match->getOffset()))
{
patMatch.setAddress(val);
@ -250,7 +250,7 @@ void PatternDetector::saveCryptoRule(const yaracpp::YaraRule &rule)
}
}
patMatch.setOffset(match->getOffset());
unsigned long long val = 0;
std::uint64_t val = 0;
if(fileParser && fileParser->getAddressFromOffset(val, match->getOffset()))
{
patMatch.setAddress(val);

2
src/getsig/getsig.cpp
View File

@ -84,7 +84,7 @@ struct Options
// Search settings.
long long unsigned size = 100; ///< maximum size of pattern (bytes)
long long unsigned offset; ///< value of search offset
std::uint64_t offset; ///< value of search offset
bool isOffset = false; ///< @c true if user provided offset
};

2
src/loader/loader/image.cpp
View File

@ -288,7 +288,7 @@ const Segment* Image::getSegmentFromAddress(std::uint64_t address) const
*/
const Segment* Image::getEpSegment()
{
unsigned long long epAddress;
std::uint64_t epAddress;
if (!getFileFormat()->getEpAddress(epAddress))
return nullptr;

2
src/loader/loader/pe/pe_image.cpp
View File

@ -34,7 +34,7 @@ bool PeImage::load()
const retdec::fileformat::PeFormat* peFormat = static_cast<const retdec::fileformat::PeFormat*>(getFileFormat());
// Load image base address from fileformat and store it into loader image
unsigned long long imageBase;
std::uint64_t imageBase;
peFormat->getImageBaseAddress(imageBase);
setBaseAddress(imageBase);

1
src/pelib/ImageLoader.cpp
View File

@ -4,6 +4,7 @@
* @copyright (c) 2020 Avast Software, licensed under the MIT license
*/
#include <cstdint>
#include <iostream>
#include <fstream>

2
src/stacofin/stacofin.cpp
View File

@ -751,7 +751,7 @@ void Finder::search(
{
// This is different for every match.
detectedFunction.offset = ruleMatch.getOffset();
unsigned long long address = 0;
std::uint64_t address = 0;
if (!fileFormat->getAddressFromOffset(
address, detectedFunction.offset))
{

8
src/unpackertool/plugins/mpress/mpress.cpp
View File

@ -101,7 +101,7 @@ void MpressPlugin::prepare()
void MpressPlugin::unpack()
{
// Find the section which contains the packed content
unsigned long long ep;
std::uint64_t ep;
std::vector<std::uint8_t> packedContentSectAddrBytes;
_file->getFileFormat()->getEpAddress(ep);
@ -215,7 +215,7 @@ void MpressPlugin::decodeLzmaProperties(DynamicBuffer& compressedContent, std::u
std::uint32_t MpressPlugin::getFixStub()
{
unsigned long long ep, epOffset;
std::uint64_t ep, epOffset;
std::vector<std::uint8_t> fixStubOffsetBytes;
// Fix imports stub is calculated from the EP section where there is offset into it written at specific offset
@ -580,7 +580,7 @@ void MpressPlugin::fixRelocations()
PeLib::ImageLoader & imageLoader = _peFile->imageLoader();
// Calculate the offset of EP in EP section
unsigned long long epAddress;
std::uint64_t epAddress;
_file->getFileFormat()->getEpAddress(epAddress);
epAddress -= epSegment->getAddress();
@ -605,7 +605,7 @@ void MpressPlugin::fixRelocations()
MpressUnpackerStub MpressPlugin::detectUnpackerStubVersion()
{
unsigned long long ep;
std::uint64_t ep;
std::vector<std::uint8_t> signatureBytes;
// Get the data in EP section so we can compare it with signature

2
src/unpackertool/plugins/upx/elf/elf_upx_stub.cpp
View File

@ -151,7 +151,7 @@ template <int bits> void ElfUpxStub<bits>::unpack(const std::string& outputFile)
// Thus there is no way we can get this data through fileformat nor elfio
std::string inputFilePath = _file->getFileFormat()->getPathToFile();
unsigned long long ep;
std::uint64_t ep;
_file->getFileFormat()->getEpAddress(ep);
ep -= _file->getEpSegment()->getAddress();

2
src/unpackertool/plugins/upx/pe/pe_upx_stub.cpp
View File

@ -160,7 +160,7 @@ template <int bits> PeUpxStub<bits>::PeUpxStub(retdec::loader::Image* inputFile,
_realEpAddress(0), _newPeFile(nullptr), _rvaShift(0), _exportsCompressed(false),
_filterId(FILTER_UNKNOWN), _filterCount(0), _filterParam(0)
{
unsigned long long ep;
std::uint64_t ep;
_file->getFileFormat()->getEpAddress(ep);
_realEpAddress = ep;
}

2
src/unpackertool/plugins/upx/upx_stub.cpp
View File

@ -385,7 +385,7 @@ void UpxStub::setStubCapturedData(const DynamicBuffer& stubCapturedData)
*/
uint32_t UpxStub::getRealEpAddress() const
{
unsigned long long ep;
std::uint64_t ep;
_file->getFileFormat()->getEpAddress(ep);
return ep;
}

2
src/unpackertool/plugins/upx/upx_stub_signatures.cpp
View File

@ -2157,7 +2157,7 @@ const UpxStubData* UpxStubSignatures::matchSignatures(Image* file, DynamicBuffer
return nullptr;
// Offset of EP in its section/segment
unsigned long long ep;
std::uint64_t ep;
file->getFileFormat()->getEpAddress(ep);
ep -= epSeg->getAddress();

3
tests/fileformat/intel_hex_format_20bit_tests.cpp
View File

@ -4,6 +4,7 @@
* @copyright (c) 2017 Avast Software, licensed under the MIT license
*/
#include <cstdint>
#include <memory>
#include <string>
@ -62,7 +63,7 @@ TEST_F(IntelHexFormat20BitTests, CorrectSection)
TEST_F(IntelHexFormat20BitTests, CorrectInfo)
{
unsigned long long res;
std::uint64_t res;
EXPECT_EQ(true, parser->getEpOffset(res));
EXPECT_EQ(0x05, res);
EXPECT_EQ(true, parser->getEpAddress(res));

8
tests/fileformat/intel_hex_format_tests.cpp
View File

@ -71,7 +71,7 @@ TEST_F(IntelHexFormatTests_istream, CorrectParsing)
TEST_F(IntelHexFormatTests_istream, CorrectSections)
{
unsigned long long res;
std::uint64_t res;
EXPECT_EQ(true, parser->getEpAddress(res));
EXPECT_EQ(2, parser->getDeclaredNumberOfSections());
EXPECT_EQ(0xffff0001, res);
@ -91,7 +91,7 @@ TEST_F(IntelHexFormatTests_istream, CorrectSections)
TEST_F(IntelHexFormatTests_istream, CorrectSerialization)
{
unsigned long long res;
std::uint64_t res;
EXPECT_EQ(true, parser->getEpOffset(res));
EXPECT_EQ(0x01, res);
EXPECT_EQ(0x63, parser->getLoadedBytes().size());
@ -99,7 +99,7 @@ TEST_F(IntelHexFormatTests_istream, CorrectSerialization)
TEST_F(IntelHexFormatTests_istream, CorrectFileInfo)
{
unsigned long long res;
std::uint64_t res;
EXPECT_EQ(330, parser->getFileLength());
EXPECT_EQ(99, parser->getDeclaredFileLength());
EXPECT_EQ(parser->getLoadedFileLength(), parser->getDeclaredFileLength());
@ -170,7 +170,7 @@ TEST_F(IntelHexFormatTests_data, CorrectParsing)
TEST_F(IntelHexFormatTests_data, CorrectSections)
{
unsigned long long res;
std::uint64_t res;
EXPECT_EQ(true, parser->getEpAddress(res));
EXPECT_EQ(2, parser->getDeclaredNumberOfSections());
EXPECT_EQ(0xffff0001, res);

6
tests/fileformat/raw_data_format_tests.cpp
View File

@ -56,7 +56,7 @@ TEST_F(RawDataFormatTests_istream, TestSettersGetters)
parser->setBaseAddress(0x8000);
EXPECT_EQ(0x8000, parser->getSections()[0]->getAddress());
unsigned long long result = 0;
std::uint64_t result = 0;
EXPECT_EQ(true, parser->getEpOffset(result));
EXPECT_EQ(0x2, result);
EXPECT_EQ(true, parser->getEpAddress(result));
@ -68,7 +68,7 @@ TEST_F(RawDataFormatTests_istream, TestSettersGetters)
TEST_F(RawDataFormatTests_istream, TestInvalidEP)
{
unsigned long long result;
std::uint64_t result;
parser->setBaseAddress(0x8000);
parser->setEntryPoint(0x800B);
@ -110,7 +110,7 @@ TEST_F(RawDataFormatTests_data, CorrectLoading)
TEST_F(RawDataFormatTests_data, TestInvalidEP)
{
unsigned long long result;
std::uint64_t result;
parser->setBaseAddress(0x8000);
parser->setEntryPoint(0x800B);