A bit of final core-level cleanup.

2025-10-12 03:28:19 +00:00 · 2015-04-19 21:59:42 -04:00 · 2015-04-19 21:59:42 -04:00 · 49d54b6a4e
commit 49d54b6a4e
parent e3d63bfee8
4 changed files with 12 additions and 10 deletions
--- a/src/file_analysis/analyzer/pe/PE.cc
+++ b/src/file_analysis/analyzer/pe/PE.cc
@ -8,7 +8,7 @@ PE::PE(RecordVal* args, File* file)
 	{
 	conn = new binpac::PE::MockConnection(this);
 	interp = new binpac::PE::File(conn);
-	done=false;
+	done = false;
 	}

 PE::~PE()
@ -27,7 +27,6 @@ bool PE::DeliverStream(const u_char* data, uint64 len)
 		}
 	catch ( const binpac::Exception& e )
 		{
-		printf("Binpac exception: %s\n", e.c_msg());
 		return false;
 		}

--- a/src/file_analysis/analyzer/pe/PE.h
+++ b/src/file_analysis/analyzer/pe/PE.h
@ -10,7 +10,7 @@
 namespace file_analysis {

 /**
- * An action to simply extract files to disk.
+ * Analyze Portable Executable files
 */
 class PE : public file_analysis::Analyzer {
 public:
--- a/src/file_analysis/analyzer/pe/pe-file-headers.pac
+++ b/src/file_analysis/analyzer/pe/pe-file-headers.pac
@ -39,9 +39,9 @@ type DOS_Code(len: uint32) = record {
 type NT_Headers = record {
 	PESignature     : uint32;
 	file_header     : File_Header;
-	have_opt_header : case file_header.SizeOfOptionalHeader of {
-		0       -> none: empty;
-		default -> optional_header : Optional_Header &length=file_header.SizeOfOptionalHeader;
+	have_opt_header : case is_exe of {
+		true  -> optional_header : Optional_Header &length=file_header.SizeOfOptionalHeader;
+		false -> none: empty;
 		};
 } &let {
 	length: uint32 = file_header.SizeOfOptionalHeader + offsetof(have_opt_header);
@ -101,7 +101,7 @@ type Optional_Header = record {
 	number_of_rva_and_sizes : uint32;
 	rvas			: RVAS(number_of_rva_and_sizes);
 } &let {
-	pe_format: uint8 = $context.connection.set_pe32_format(magic);
+	pe_format : uint8 = $context.connection.set_pe32_format(magic);
 	image_base: uint64 = pe_format == PE32_PLUS ? image_base_64 : image_base_32;
 };

@ -149,8 +149,10 @@ refine connection MockConnection += {
 		%{
 		if ( ${magic} == 0x10b )
 			pe32_format_ = PE32;
+
 		if ( ${magic} == 0x20b )
 			pe32_format_ = PE32_PLUS;
+
 		return pe32_format_;
 		%}

--- a/src/file_analysis/analyzer/pe/pe-file.pac
+++ b/src/file_analysis/analyzer/pe/pe-file.pac
@ -12,8 +12,9 @@ type Portable_Executable = record {
 	pad     : Padding(restofdata);
 } &let {
 	unparsed_hdr_len: uint32 = headers.pe_header.size_of_headers - headers.length;
-	restofdata: uint64 = headers.pe_header.is_exe ? $context.connection.get_max_file_location() - headers.pe_header.size_of_headers + unparsed_hdr_len : 0;
-	proc: bool = $context.connection.proc_pe(this);
+	data_post_hdrs:   uint64 = $context.connection.get_max_file_location() - headers.pe_header.size_of_headers + unparsed_hdr_len;
+	restofdata:       uint64 = headers.pe_header.is_exe ? data_post_hdrs : 0;
+	proc:             bool   = $context.connection.mark_done();
 } &byteorder=littleendian;

 refine connection MockConnection += {
@ -26,7 +27,7 @@ refine connection MockConnection += {
 		done_ = false;
 	%}

-	function proc_pe(p: Portable_Executable): bool
+	function mark_done(): bool
 		%{
 		done_ = true;
 		return true;