Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pelite::Wrap to the top level crate documentation #250

Open
C0D3-M4513R opened this issue Aug 25, 2021 · 2 comments
Open

Add pelite::Wrap to the top level crate documentation #250

C0D3-M4513R opened this issue Aug 25, 2021 · 2 comments

Comments

@C0D3-M4513R
Copy link

First of all: Thank you for your crate. I failed miserably, to read the export table of a dll. I was just not smart enough.

In using this crate, I stumbled across the traits, mentioned in the title. I have noticed, that the functions in the traits are almost identical.

So my question: Could this library just detect the bitness, of a dll/binary, and use the required functions as needed?
For me parsing the DOS and NT -Headers was no problem, using the bindings of winapi. That worked on x64 and x86 dlls.

This is my current implementation, of reading all exports, of a dll. The branches cannot be merged, because the types differ. Due to what I am trying to accomplish, with this, I need both branches. The code below could be reduced, to 50%, of it's size, if there was a trait/type, which would hide the different types, from the user.

An Example 
if dll_is_x64 {
			let dll = result!(pelite::pe64::PeFile::from_bytes(k32.as_slice()));
			let exports = result!(dll.exports());
			let name = result!(result!(exports.dll_name()).to_str());
			debug!("dll name is {}",name);
			let fns = result!(exports.functions());
			let names = result!(exports.names());
			for name in names{
				if let Ok(name_c_str) = dll.derva_c_str(*name){
					if let Ok(name_str) = name_c_str.to_str(){
						info!("got {} as function",name_str)
					}else{
						debug!("get {} as function", String::from_utf8_lossy(name_c_str.to_vec().as_slice()))
					}
				}else{
					error!("Couldn't read specified rva");
				}
			}
		}else{
			let dll = result!(pelite::pe32::PeFile::from_bytes(k32.as_slice()));
			let exports = result!(dll.exports());
			let name = result!(result!(exports.dll_name()).to_str());
			debug!("dll name is {}",name);
			let fns=result!(exports.functions());
			let names=result!(exports.names());
			for name in names{
				if let Ok(name_c_str) = dll.derva_c_str(*name){
					if let Ok(name_str) = name_c_str.to_str(){
						info!("got {} as function",name_str)
					}else{
						debug!("get {} as function", String::from_utf8_lossy(name_c_str.to_vec().as_slice()))
					}
				}else{
					error!("Couldn't read specified rva");
				}
			}
		}
@CasualX
Copy link
Owner

CasualX commented Aug 25, 2021

Hi, thanks for taking your time to using my library!

There is a type exposed to work with both 32-bit and 64-bit Pe types: Wrap which is aliased as PeFile. From which you can get exports() and continue from there.

There is also GetProcAddress but it does not appear to work with the wrapped pefile types.

@C0D3-M4513R
Copy link
Author

GetProcAddress is not exposed via Wrap.
get_export_by_name is an exellent alternative.

To avoid having issues like this, please add Wrap as an alternative, in the crate documentation here:

pelite/src/lib.rs

Line 6 in 1efbb8e

Do you wish to inspect 32-bit PE binaries? ⟶ [continue](pe32/index.html)

I opened this issue, because it said, that it was only possible , to inspect EITHER pe64 or pe32.

@C0D3-M4513R C0D3-M4513R changed the title Merging pelite::p32::Pe and pelite::p64::Pe Add pelite::Wrap to the top level crate documentation Aug 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CasualX @C0D3-M4513R