Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The ability to allocation and perform further initialization of large PE files. #198

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

The ability to allocation and perform further initialization of large PE files. #198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions pe-parser-library/include/pe-parse/parse.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ bool readDword(bounded_buffer *b, std::uint32_t offset, std::uint32_t &out);
bool readQword(bounded_buffer *b, std::uint32_t offset, std::uint64_t &out);
bool readChar16(bounded_buffer *b, std::uint32_t offset, char16_t &out);

bounded_buffer *readFileToFileBuffer(const char *filePath);
bounded_buffer *readFileToFileBuffer(const char *filePath, bool LargeFile = false);
bounded_buffer *makeBufferFromPointer(std::uint8_t *data, std::uint32_t sz);
bounded_buffer *
splitBuffer(bounded_buffer *b, std::uint32_t from, std::uint32_t to);
Expand Down Expand Up @@ -195,7 +195,7 @@ std::string GetPEErrString();
std::string GetPEErrLoc();

// get a PE parse context from a file
parsed_pe *ParsePEFromFile(const char *filePath);
parsed_pe *ParsePEFromFile(const char *filePath, bool LargeFile = false);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a weak -1 on modifying the API like this: IMO we should pick an arbitrary-ish size for the "large file" cutoff, and use stat or ftell or similar to determine when to switch over to it based on the user input.

(We could do this via a macro, so users who compile pe-parse themselves could customize it.)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

32MB seems like a reasonable starting point for the cutoff.


parsed_pe *ParsePEFromPointer(std::uint8_t *buffer, std::uint32_t sz);
parsed_pe *ParsePEFromBuffer(bounded_buffer *buffer);
Expand Down
27 changes: 24 additions & 3 deletions pe-parser-library/src/buffer.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ bool readChar16(bounded_buffer *b, std::uint32_t offset, char16_t &out) {
return true;
}

bounded_buffer *readFileToFileBuffer(const char *filePath) {
bounded_buffer *readFileToFileBuffer(const char *filePath, bool LargeFile) {
#ifdef _WIN32
HANDLE h = CreateFileA(filePath,
GENERIC_READ,
Expand Down Expand Up @@ -253,9 +253,30 @@ bounded_buffer *readFileToFileBuffer(const char *filePath) {
}

p->detail->sec = hMap;

LPVOID ptr = nullptr;

if (!LargeFile) {
ptr = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);
} else {
ptr = VirtualAlloc(NULL, fileSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (ptr == INVALID_HANDLE_VALUE) {
CloseHandle(h);
CloseHandle(ptr);
return nullptr;
}

const bool bFileRead = ReadFile(h, ptr, fileSize, nullptr, nullptr);
if(!bFileRead) {
CloseHandle(h);
if (ptr != nullptr) {
CloseHandle(ptr);
}

return nullptr;
}
Comment on lines +256 to +277
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it only uses a mmap backing on Windows, but we'll probably want similar behavior on other OSes as well. Could you add that to this changeset?


LPVOID ptr = MapViewOfFile(hMap, FILE_MAP_READ, 0, 0, 0);

}
if (ptr == nullptr) {
PE_ERR(PEERR_MEM);
return nullptr;
Expand Down
4 changes: 2 additions & 2 deletions pe-parser-library/src/parse.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2563,8 +2563,8 @@ parsed_pe *ParsePEFromBuffer(bounded_buffer *buffer) {
return p;
}

parsed_pe *ParsePEFromFile(const char *filePath) {
auto buffer = readFileToFileBuffer(filePath);
parsed_pe *ParsePEFromFile(const char *filePath, bool LargeFile) {
auto buffer = readFileToFileBuffer(filePath, LargeFile);

if (buffer == nullptr) {
// err is set by readFileToFileBuffer
Expand Down
Loading