+ 1
How do you best use a typedef struct?
In a typedef struct you can declare data like:: DWORD Machine; from the _IMAGE_HEADERS
9 Respuestas
+ 4
This might be going to a long-winded answer but I wanna make sure to address every possible detail in the question. Btw, I don't have any experience in WinPE image and don't know the concept of it, either. So, I have to do some research.
The first thing you need to consider is that the `struct` is a user-defined collection of related data or functions or both packed under a name which makes it a `user-defined type`.
struct Point_t {
int x, y;
};
The above is a new user-defined type called Point_t containing two data members to represent x and y coordinates of a point in a 2D plane.
Now, typedef-ing a user-defined or primitive data type enables the programmer to create an `alias` (the same type with a different name) for those types with a more convenient name to fit into the context for which the programmer decides to make a program.
For a primitive type:
typedef unsigned int LENGTH;
...
LENGTH a = 10;
LENGTH b = 20;
LENGTH c = a + b;
or
typedef unsigned int DWORD;
For a user-defined type:
typedef struct Point_t {
int x, y;
} red_points;
or
struct Point_t {
int x, y;
};
typedef Point_t red_point;
...
red_points p1;
p1.x = 4;
p1.y = 5;
Note: Also like shortening a long URL, you'd get rid of the verbose declaration.
struct Point_t {
int x, y;
};
...
struct Point_t red_point;
struct Point_t blue_point;
As you can see in the second provided link, there's a fairly big user-defined data type called `_PEB` which contains required data to hold each system process' information. But in the first link description, there's a small one as
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY, *PIMAGE_DATA_DIRECTORY;
By typedef-ing the struct, the author took advantage of that and created `two aliases` for `_IMAGE_DATA_DIRECTORY` type.
`IMAGE_DATA_DIRECTORY` is just a struct as before.
`*PIMAGE_DATA_DIRECTORY` is a pointer to that struct.
[...]
+ 4
[...]
Having `IMAGE_DATA_DIRECTORY` and `*PIMAGE_DATA_DIRECTORY` as our new types, it's possible to form an array of 16 IMAGE_DATA_DIRECTORY and a pointer to the first element of that array as
// Initializing the array with table's rows values ¹
IMAGE_DATA_DIRECTORY x[16] = {
{.VirtualAddress = 96, .Size = 8}, // Export Table
{.VirtualAddress = 104, .Size = 8}, // Import Table
{.VirtualAddress = 112, .Size = 8}, // Resource Table
...
{.VirtualAddress = 216, .Size = 8}, // Reserved, must be zero
};
PIMAGE_DATA_DIRECTORY px = x; // address of x[0] being assigned to px
Now, we can access the array's elements
for (size_t i = 0; i < 16; ++i) {
(px + i)->VirtualAddress; // returns the value of VirtualAddress for the current element
(px + i)->Size; // returns the value of Size for the current element
}
Here's a brief look at each field of `_IMAGE_DATA_DIRECTORY`.
1. VirtualAddress: The RVA ² of the section.
2. Size: The size in bytes ³.
______
¹ https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format#optional-header-data-directories-image-only
² (DWORD representation of the address) the address of the table relative to the base address of the image when the table is loaded. The PE loader examines and uses the value in this field when it's mapping the section into memory. Thus if the value in this field is 1000h and the PE file is loaded at 400000h, the section will be loaded at 401000h.
³ The PE loader examines the value in this field so it knows how many bytes in the section it should map into memory.
[http://win32assembly.programminghorizon.com/pe-tut5.html]
+ 4
C++ Soldier (Babak) sl need to amend there textbox condition for your replies 😂
+ 2
Are you teaching us that right now?
Because this is the place for asking *questions*!
+ 2
Do you want to tell us a bit more about what exactly you want to do?
(Others might also not have gotten your question.)
+ 2
The goal is to learn to control pointers, and understand how to properly implement and use a typedef struct.
I want to write a program that looks for a running process given from the user in a format of name.exe
Understanding PID can change, it needs to be dynamic. I also want to read if the exe has been signed.
Microsoft uses a typedef struct in the docs. All of the syntax is there, I'm just not sure what to do with it. Below are some references I am following. I know there is software that does this already, but I want to further my own knowledge-base on low level c++
https://docs.microsoft.com/en-us/windows/desktop/debug/pe-format#section-table-section-headers
https://docs.microsoft.com/en-us/windows/desktop/api/winternl/ns-winternl-_peb
+ 2
Thanks for elaborating!
This is way out of my league so I can't help you myself. I hope someone will tackle this now. :-)
+ 2
C++ Soldier (Babak) this is amazing! Thank you! I'm going to ge to work on this ASAP!!
+ 1
No I'm asking how to best use typedef struct, and gave an example of a struct I want to use, and dont knkw how!