added some documentation for LLOIFF, others should look over this...

include/llodctor/llodctor_base.hpp

@@ -28,7 +28,7 @@ namespace llo::s1
         /// set raw_img to the vector passed by reference...
         /// </summary>
         /// <param name="image">vector of bytes containing the raw image...</param>
-        explicit dctor_base_t( std::vector< std::uint8_t > &image,
+        explicit dctor_base_t( const std::vector< std::uint8_t > &image,
                                llo::s1::symbol_loader_base_t *symbol_loader = nullptr )
             : raw_img{ image }, symbol_loader{ symbol_loader }
         {

include/llodisposition/llodisposition_types.cpp

@@ -0,0 +1,8 @@
+#include <llodisposition/llodisposition_types.hpp>
+
+std::shared_ptr< llo::disposition_t > llo::disposition_t::make( const llo::utils::hash_t< std::string > &iff_name,
+                                                                const llo::utils::hash_t< std::string > &section_name,
+                                                                std::uint32_t section_offset )
+{
+    return std::make_shared< disposition_t >( iff_name, section_name, section_offset );
+}

include/llodisposition/llodisposition_types.hpp

@@ -6,24 +6,19 @@ namespace llo
 {
     class disposition_t
     {
-        llo::utils::hash_t< std::string > iff_name;
-        llo::utils::hash_t< std::string > section_name;
-        std::uint32_t offset;
-
       public:
-        explicit disposition_t( llo::utils::hash_t< std::string > &iff_name,
-                                llo::utils::hash_t< std::string > &section_name, std::uint32_t section_offset )
+        explicit disposition_t( const llo::utils::hash_t< std::string > &iff_name,
+                                const llo::utils::hash_t< std::string > &section_name, std::uint32_t section_offset )
             : iff_name( iff_name ), section_name( section_name ), offset( offset )
         {
         }
 
-        disposition_t( llo::utils::hash_t< std::string > &&iff_name, llo::utils::hash_t< std::string > &&section_name,
-                       std::uint32_t section_offset )
-            : iff_name( iff_name ), section_name( section_name ), offset( offset )
-        {
-        }
+        static std::shared_ptr< disposition_t > make( const llo::utils::hash_t< std::string > &iff_name,
+                                                      const llo::utils::hash_t< std::string > &section_name,
+                                                      std::uint32_t section_offset );
 
-        llo::utils::hash_t< std::string > get_section() const;
-        std::uint32_t get_offset() const;
+        llo::utils::hash_t< std::string > iff_name;
+        llo::utils::hash_t< std::string > section_name;
+        std::uint32_t offset;
     };
 } // namespace llo

include/lloiff.hpp

@@ -9,48 +9,68 @@
 
 namespace llo
 {
+    /// <summary>
+    /// lloiff class which contains all of the information for representing a file format in a IL format...
+    /// </summary>
     class lloiff_t
     {
       public:
-        class section_t
+        /// <summary>
+        /// iff section struct containing IL information about a section...
+        /// </summary>
+        struct iff_section_t
         {
-          public:
+            /// <summary>
+            /// section name, hashed so that there can be multiple...
+            /// </summary>
             llo::utils::hash_t< std::string > section_name;
+
+            /// <summary>
+            /// opaque value, lifted from the original file format...
+            /// this is should only be used by code that understands what the underlying file
+            /// format was...
+            /// </summary>
             std::uint64_t characteristics;
-            std::vector< std::shared_ptr< llo::symbol::symbol_base_t > > symbols;
-            std::vector< std::uint8_t > section_raw;
-        };
 
-        explicit lloiff_t( std::string &&file_name ) : file_name( file_name )
-        {
-        }
+            /// <summary>
+            /// vector of symbols for this section...
+            /// </summary>
+            std::vector< std::shared_ptr< llo::symbol::symbol_base_t > > symbols;
 
-        lloiff_t( std::string &file_name ) : file_name( file_name )
-        {
-        }
+            /// <summary>
+            /// vector of raw bytes containing the original bytes of this section...
+            /// </summary>
+            std::vector< std::uint8_t > raw;
+        };
 
-        llo::utils::hash_t< std::string > get_name() const
+        /// <summary>
+        /// explicit constructor, must pass a name and the original file as a vector of bytes...
+        /// </summary>
+        /// <param name="name">name for this iff object...</param>
+        /// <param name="raw">vector of raw bytes containing the original file...</param>
+        explicit lloiff_t( const std::string &name, const std::vector< std::uint8_t > &raw ) : name( name ), raw( raw )
         {
-            return file_name;
         }
 
-        std::vector< section_t > get_sections() const
-        {
-            return sections;
-        }
+        /// <summary>
+        /// entry point, where code execution begins....
+        /// this is lifted from the underlying file format...
+        /// </summary>
+        std::shared_ptr< disposition_t > entry;
 
-        void add_section( section_t &&section )
-        {
-            sections.push_back( section );
-        }
+        /// <summary>
+        /// name of the iff file, hashed so there can be unique objects...
+        /// </summary>
+        llo::utils::hash_t< std::string > name;
 
-        void add_section( section_t &section )
-        {
-            sections.push_back( section );
-        }
+        /// <summary>
+        /// vector of iff sections...
+        /// </summary>
+        std::vector< iff_section_t > sections;
 
-      private:
-        llo::utils::hash_t< std::string > file_name;
-        std::vector< section_t > sections;
+        /// <summary>
+        /// vector of bytes containing the entire original file...
+        /// </summary>
+        std::vector< std::uint8_t > raw;
     };
 } // namespace llo

include/llosymbol/llosymbol_base.hpp

@@ -21,12 +21,8 @@ namespace llo::symbol
         std::size_t symbol_size;
 
       public:
-        explicit symbol_base_t( llo::utils::hash_t< std::string > &&symbol_name, llo::disposition_t &&disposition )
-            : disposition( disposition ), symbol_name( symbol_name )
-        {
-        }
-
-        symbol_base_t( llo::utils::hash_t< std::string > &symbol_name, llo::disposition_t &disposition )
+        explicit symbol_base_t( const llo::utils::hash_t< std::string > &symbol_name,
+                                const llo::disposition_t &disposition )
             : disposition( disposition ), symbol_name( symbol_name )
         {
         }

include/llosymbol_loader/llosymbol_loader_base.hpp

@@ -12,14 +12,9 @@ namespace llo::s1
         std::string symbols_path;
 
       public:
-        explicit symbol_loader_base_t( std::string &&path ) : symbols_path{ path }
+        explicit symbol_loader_base_t( const std::string &path ) : symbols_path{ path }
         {
         }
-
-        symbol_loader_base_t( std::string &path ) : symbols_path{ path }
-        {
-        }
-
-        virtual void load( llo::lloiff_t &) = 0;
+        virtual void load( llo::lloiff_t & ) = 0;
     };
 } // namespace llo::s1

llo-s1.vcxproj

@@ -105,6 +105,7 @@
     <ClCompile Include="dependencies\fcml\include\fcml_gas_mnemonics.cpp" />
     <ClCompile Include="dependencies\fcml\include\fcml_intel_mnemonics.cpp" />
     <ClCompile Include="dependencies\fcml\include\fcml_registers.cpp" />
+    <ClCompile Include="include\llodisposition\llodisposition_types.cpp" />
     <ClCompile Include="include\llosymbol_loader\llosymbol_loader_map.cpp" />
     <ClCompile Include="src\llodctor_pe.cpp" />
     <ClCompile Include="src\main.cpp" />

llo-s1.vcxproj.filters

@@ -327,5 +327,8 @@
     <ClCompile Include="include\llosymbol_loader\llosymbol_loader_map.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="include\llodisposition\llodisposition_types.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>

src/llodctor_pe.cpp

@@ -5,18 +5,25 @@ void llo::s1::dctor_pe_t::generate( lloiff_t &iff )
     auto dos_header = reinterpret_cast< win::dos_header_t * >( raw_img.data() );
     auto sections = dos_header->get_nt_headers()->get_sections();
     auto section_count = dos_header->get_nt_headers()->file_header.num_sections;
+    auto entry_point = dos_header->get_nt_headers()->optional_header.entry_point;
 
+    // lift section information to iff...
     for ( auto idx = 0u; idx < section_count; ++idx )
     {
-        llo::utils::hash_t< std::string > section_name{ std::string( sections[idx].name.to_string() ) };
-        llo::lloiff_t::section_t section{ section_name };
-        section.characteristics = sections[idx].characteristics.flags;
+        llo::utils::hash_t< std::string > section_name{ std::string( sections[ idx ].name.to_string() ) };
+        llo::lloiff_t::iff_section_t section{ section_name };
+        section.characteristics = sections[ idx ].characteristics.flags;
 
-        // copy the sections raw bytes...
-        section.section_raw.insert( section.section_raw.begin(), raw_img.data(),
-                                    raw_img.data() + sections[ idx ].ptr_raw_data );
+        // check to see if this section contains the entry point of the module...
+        if ( entry_point >= sections[ idx ].virtual_address &&
+             entry_point < sections[ idx ].virtual_address + sections[ idx ].virtual_size )
+            // lift entry point to iff...
+            iff.entry =
+                llo::disposition_t::make( iff.name, section_name, sections[ idx ].virtual_address - entry_point );
 
-        iff.add_section( section );
+        // copy the sections raw bytes...
+        section.raw.insert( section.raw.begin(), raw_img.data(), raw_img.data() + sections[ idx ].ptr_raw_data );
+        iff.sections.push_back( section );
     }
 
     if ( symbol_loader )

src/main.cpp

@@ -28,9 +28,9 @@ int __cdecl main( int argc, const char *argv[] )
         return -1;
     }
 
-    auto file_name{ cli_parser.get< std::string >( "input" ) };
+    auto name{ cli_parser.get< std::string >( "input" ) };
 
-    if ( !std::filesystem::exists( file_name ) )
+    if ( !std::filesystem::exists( name ) )
     {
         std::printf( "[!] input file does not exist...\n" );
         return -1;
@@ -38,7 +38,7 @@ int __cdecl main( int argc, const char *argv[] )
 
     std::vector< std::uint8_t > image;
 
-    if ( !llo::utils::open_binary_file( file_name, image ) )
+    if ( !llo::utils::open_binary_file( name, image ) )
     {
         std::printf( "[!] failed to read file off disk...\n" );
         return -1;
@@ -61,7 +61,7 @@ int __cdecl main( int argc, const char *argv[] )
     }
 
     std::shared_ptr< llo::s1::dctor_base_t > file_dctor = nullptr;
-    std::filesystem::path file_path{ file_name };
+    std::filesystem::path file_path{ name };
 
     if ( file_path.extension().compare( ".exe" ) || file_path.extension().compare( ".dll" ) ||
          file_path.extension().compare( ".sys" ) )
@@ -79,16 +79,18 @@ int __cdecl main( int argc, const char *argv[] )
         return -1;
     }
 
-    llo::lloiff_t iff( file_name );
+    llo::lloiff_t iff( name, image );
     file_dctor->generate( iff );
 
-    const auto &sections = iff.get_sections();
-    std::printf( "> number of sections = %d\n", sections.size() );
+    std::printf( "> number of sections = %d\n", iff.sections.size() );
+    if ( iff.entry )
+        std::printf( "> entry section name = %s, section offest = 0x%x\n", iff.entry->section_name.get_data().c_str(),
+                     iff.entry->offset );
 
-    for ( auto &section : sections )
+    for ( auto &section : iff.sections )
     {
         std::printf( "> section name = %s\n", section.section_name.get_data().c_str() );
-        std::printf( "> size of raw section = %d\n", section.section_raw.size() );
+        std::printf( "> size of raw section = %d\n", section.raw.size() );
         std::printf( "> number of symbols = %d\n", section.symbols.size() );
     }
 }