From 758d0adfa9ba81fea0178c7f30638f6ae6915c2a Mon Sep 17 00:00:00 2001 From: hasherezade Date: Mon, 29 Aug 2022 03:03:59 +0200 Subject: [PATCH] [FEATURE] Print CodeView fields content --- .../include/bearparser/pe/DebugDirWrapper.h | 2 ++ parser/pe/DebugDirWrapper.cpp | 25 ++++++++++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/parser/include/bearparser/pe/DebugDirWrapper.h b/parser/include/bearparser/pe/DebugDirWrapper.h index fbacb4a09..4a7f489e6 100644 --- a/parser/include/bearparser/pe/DebugDirWrapper.h +++ b/parser/include/bearparser/pe/DebugDirWrapper.h @@ -83,6 +83,8 @@ class DebugDirCVEntryWrapper : public ExeNodeWrapper virtual QString getFieldName(size_t fieldId); virtual Executable::addr_type containsAddrType(size_t fieldId, size_t subField) { return Executable::NOT_ADDR; } + QString translateFieldContent(size_t fieldId); + //this wrapper only: QString getGuidString(); QString getSignature(); diff --git a/parser/pe/DebugDirWrapper.cpp b/parser/pe/DebugDirWrapper.cpp index 7d2b30698..716eaf124 100644 --- a/parser/pe/DebugDirWrapper.cpp +++ b/parser/pe/DebugDirWrapper.cpp @@ -282,11 +282,28 @@ QString DebugDirCVEntryWrapper::getSignature() QString DebugDirCVEntryWrapper::getFieldName(size_t fId) { switch (fId) { - case F_CVDBG_SIGN: return "CvSig"; - case F_CVDBG_GUID: return "Signature"; - case F_CVDBG_AGE: return "Age"; - case F_CVDBG_PDB: return "PDB"; + case F_CVDBG_SIGN: return "CvSig"; + case F_CVDBG_GUID: return "Signature"; + case F_CVDBG_AGE: return "Age"; + case F_CVDBG_PDB: return "PDB"; } return ""; } +QString DebugDirCVEntryWrapper::translateFieldContent(size_t fId) +{ + DEBUG_RSDSI* rdsi = parentDir->getRDSI(); + DEBUG_NB10* dbg = parentDir->getNB10(); + if (!rdsi && !dbg) return ""; + + char *pdb = NULL; + if (rdsi) pdb = (char*)rdsi->szPdb; + if (dbg) pdb = (char*)dbg->PdbFileName; + + switch (fId) { + case F_CVDBG_SIGN: return getSignature(); + case F_CVDBG_GUID: return getGuidString(); + case F_CVDBG_PDB: return pdb ? pdb : ""; + } + return ""; +}