libPeConv
A library to load, manipulate, dump PE files.
file_util.cpp
Go to the documentation of this file.
1#include "peconv/file_util.h"
2#include "peconv/buffer_util.h"
3#include "peconv/util.h"
4
5#include <fstream>
6#ifdef _DEBUG
7 #include <iostream>
8#endif
9
10//load file content using MapViewOfFile
11peconv::ALIGNED_BUF peconv::load_file(IN const char *filename, OUT size_t &read_size)
12{
13 HANDLE file = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
14 if(file == INVALID_HANDLE_VALUE) {
15#ifdef _DEBUG
16 std::cerr << "Could not open file!" << std::endl;
17#endif
18 return nullptr;
19 }
20 HANDLE mapping = CreateFileMapping(file, 0, PAGE_READONLY, 0, 0, 0);
21 if (!mapping) {
22#ifdef _DEBUG
23 std::cerr << "Could not create mapping!" << std::endl;
24#endif
25 CloseHandle(file);
26 return nullptr;
27 }
28 BYTE *dllRawData = (BYTE*) MapViewOfFile(mapping, FILE_MAP_READ, 0, 0, 0);
29 if (!dllRawData) {
30#ifdef _DEBUG
31 std::cerr << "Could not map view of file" << std::endl;
32#endif
33 CloseHandle(mapping);
34 CloseHandle(file);
35 return nullptr;
36 }
37 size_t r_size = GetFileSize(file, 0);
38 if (read_size != 0 && read_size <= r_size) {
39 r_size = read_size;
40 }
41 if (peconv::is_bad_read_ptr(dllRawData, r_size)) {
42 std::cerr << "[-] Mapping of " << filename << " is invalid!" << std::endl;
43 UnmapViewOfFile(dllRawData);
44 CloseHandle(mapping);
45 CloseHandle(file);
46 return nullptr;
47 }
48 peconv::ALIGNED_BUF localCopyAddress = peconv::alloc_aligned(r_size, PAGE_READWRITE);
49 if (localCopyAddress != nullptr) {
50 memcpy(localCopyAddress, dllRawData, r_size);
51 read_size = r_size;
52 } else {
53 read_size = 0;
54#ifdef _DEBUG
55 std::cerr << "Could not allocate memory in the current process" << std::endl;
56#endif
57 }
58 UnmapViewOfFile(dllRawData);
59 CloseHandle(mapping);
60 CloseHandle(file);
61 return localCopyAddress;
62}
63
64//load file content using ReadFile
65peconv::ALIGNED_BUF peconv::read_from_file(IN const char *in_path, IN OUT size_t &read_size)
66{
67 HANDLE file = CreateFileA(in_path, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
68 if (file == INVALID_HANDLE_VALUE) {
69#ifdef _DEBUG
70 std::cerr << "Cannot open the file for reading!" << std::endl;
71#endif
72 return nullptr;
73 }
74 size_t r_size = static_cast<size_t>(GetFileSize(file, 0));
75 if (read_size != 0 && read_size <= r_size) {
76 r_size = read_size;
77 }
78 PBYTE buffer = peconv::alloc_pe_buffer(r_size, PAGE_READWRITE);
79 if (buffer == nullptr) {
80#ifdef _DEBUG
81 std::cerr << "Allocation has failed!" << std::endl;
82#endif
83 return nullptr;
84 }
85 DWORD out_size = 0;
86 if (!ReadFile(file, buffer, r_size, &out_size, nullptr)) {
87#ifdef _DEBUG
88 std::cerr << "Reading failed!" << std::endl;
89#endif
90 peconv::free_pe_buffer(buffer, r_size);
91 buffer = nullptr;
92 read_size = 0;
93 } else {
94 read_size = r_size;
95 }
96 CloseHandle(file);
97 return buffer;
98}
99
100//save the given buffer into a file
101bool peconv::dump_to_file(IN const char *out_path, IN PBYTE dump_data, IN size_t dump_size)
102{
103 if (!out_path || !dump_data || !dump_size) return false;
104
105 HANDLE file = CreateFileA(out_path, GENERIC_WRITE, FILE_SHARE_WRITE, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
106 if (file == INVALID_HANDLE_VALUE) {
107#ifdef _DEBUG
108 std::cerr << "Cannot open the file for writing!" << std::endl;
109#endif
110 return false;
111 }
112 DWORD written_size = 0;
113 bool is_dumped = false;
114 if (WriteFile(file, dump_data, (DWORD) dump_size, &written_size, nullptr)) {
115 is_dumped = true;
116 }
117#ifdef _DEBUG
118 else {
119 std::cerr << "Failed to write to the file : " << out_path << std::endl;
120 }
121#endif
122 CloseHandle(file);
123 return is_dumped;
124}
125
126//free the buffer allocated by load_file/read_from_file
127void peconv::free_file(IN peconv::ALIGNED_BUF buffer)
128{
129 peconv::free_aligned(buffer);
130}
131
132std::string peconv::get_file_name(IN const std::string str)
133{
134 size_t found = str.find_last_of("/\\");
135 if (found == std::string::npos) {
136 return str;
137 }
138 return str.substr(found + 1);
139}
140
141std::string peconv::get_directory_name(IN const std::string str)
142{
143 size_t found = str.find_last_of("/\\");
144 if (found == std::string::npos) {
145 return "";
146 }
147 return str.substr(0, found);
148}
buffer_util.h
Definitions of the used buffer types. Functions for their allocation and deallocation.
file_util.h
Functions related to operations on files. Wrappers for read/write.
peconv::free_aligned
bool free_aligned(ALIGNED_BUF buffer, size_t buffer_size=0)
Definition: buffer_util.cpp:60
peconv::alloc_aligned
ALIGNED_BUF alloc_aligned(size_t buffer_size, DWORD protect, ULONGLONG desired_base=NULL)
Definition: buffer_util.cpp:52
peconv::ALIGNED_BUF
PBYTE ALIGNED_BUF
Definition: buffer_util.h:41
peconv::free_file
void free_file(IN peconv::ALIGNED_BUF buffer)
Definition: file_util.cpp:127
peconv::get_directory_name
std::string get_directory_name(IN const std::string full_path)
Definition: file_util.cpp:141
peconv::free_pe_buffer
bool free_pe_buffer(ALIGNED_BUF buffer, size_t buffer_size=0)
Definition: buffer_util.cpp:84
peconv::read_from_file
peconv::ALIGNED_BUF read_from_file(IN const char *path, IN OUT size_t &read_size)
Definition: file_util.cpp:65
peconv::alloc_pe_buffer
ALIGNED_BUF alloc_pe_buffer(size_t buffer_size, DWORD protect, ULONGLONG desired_base=NULL)
Definition: buffer_util.cpp:78
peconv::load_file
peconv::ALIGNED_BUF load_file(IN const char *filename, OUT size_t &r_size)
Definition: file_util.cpp:11
peconv::is_bad_read_ptr
bool is_bad_read_ptr(LPCVOID areaStart, SIZE_T areaSize)
Definition: util.cpp:150
peconv::dump_to_file
bool dump_to_file(IN const char *path, IN PBYTE dump_data, IN size_t dump_size)
Definition: file_util.cpp:101
peconv::get_file_name
std::string get_file_name(IN const std::string full_path)
Definition: file_util.cpp:132
util.h
Miscellaneous utility functions.
Generated by doxygen 1.9.2