sorting in message tables

basic LoadConfig directory info
zodiacon · May 5, 2022 · 6927618 · 6927618
1 parent d3efb00
commit 6927618
Show file tree

Hide file tree

Showing 10 changed files with 242 additions and 30 deletions.
diff --git a/TotalPE/LoadConfigView.cpp b/TotalPE/LoadConfigView.cpp
@@ -0,0 +1,114 @@
+#include "pch.h"
+#include "LoadConfigView.h"
+#include "PEStrings.h"
+#include "SortHelper.h"
+
+CString CLoadConfigView::GetColumnText(HWND h, int row, int col) const {
+	if (h == m_List) {
+		auto& item = m_Items[row];
+		switch (col) {
+			case 0: return item.Name.c_str();
+			case 1: return item.Value.c_str();
+			case 2: return item.Details.c_str();
+		}
+	}
+	else {
+		auto& item = m_CfgFunctions[row];
+		switch (col) {
+			case 0: return item.Name.c_str();
+			case 1: return std::format(L"0x{:08X}", item.Rva).c_str();
+		}
+	}
+	return L"";
+}
+
+void CLoadConfigView::DoSort(SortInfo const* si) {
+	if (si == nullptr)
+		return;
+
+	if (si->hWnd == m_List) {
+		auto compare = [&](auto& item1, auto& item2) {
+			return SortHelper::Sort(item1.Name, item2.Name, si->SortAscending);
+		};
+		std::ranges::sort(m_Items, compare);
+	}
+	else {
+		auto compare = [&](auto& f1, auto& f2) {
+			switch (si->SortColumn) {
+				case 0:	return SortHelper::Sort(f1.Name, f2.Name, si->SortAscending);
+				case 1:	return SortHelper::Sort(f1.Rva, f2.Rva, si->SortAscending);
+			}
+			return false;
+		};
+		std::ranges::sort(m_CfgFunctions, compare);
+	}
+}
+
+bool CLoadConfigView::IsSortable(HWND h, int col) const {
+	if(h == m_List)
+		return col == 0;		// sort on Name column only
+	return true;
+}
+
+LRESULT CLoadConfigView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/) {
+	m_hWndClient = m_Splitter.Create(m_hWnd, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS);
+	m_List.Create(m_Splitter, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS |
+		LVS_REPORT | LVS_OWNERDATA, WS_EX_CLIENTEDGE);
+	m_List.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
+	auto cm = GetColumnManager(m_List);
+	cm->AddColumn(L"Name", LVCFMT_LEFT, 150);
+	cm->AddColumn(L"Value", LVCFMT_LEFT, 200);
+	cm->AddColumn(L"Details", LVCFMT_LEFT, 450);
+	cm->UpdateColumns();
+
+	m_CfgList.Create(m_Splitter, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS |
+		LVS_REPORT | LVS_OWNERDATA, WS_EX_CLIENTEDGE);
+	m_CfgList.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
+	cm = GetColumnManager(m_CfgList);
+	cm->AddColumn(L"Function Name", LVCFMT_LEFT, 220);
+	cm->AddColumn(L"Address", LVCFMT_RIGHT, 100);
+	cm->UpdateColumns();
+
+	BuildItems();
+	m_Splitter.SetSplitterPanes(m_List, m_CfgList);
+	if (m_CfgFunctions.empty())
+		m_Splitter.SetSinglePaneMode(0);
+	else
+		m_Splitter.SetSplitterPosPct(70);
+
+	return 0;
+}
+
+void CLoadConfigView::BuildItems() {
+	auto& lc = PE().get_load_config();
+	auto cfg = lc.get_code_integrity();
+
+	m_Items = std::vector<DataItem>{
+		{ L"Time Stamp", std::format(L"0x{:X}", lc.get_timestamp()) },
+		{ L"Version", std::format(L"{}.{}", lc.get_major_version(), lc.get_minor_version()) },
+		{ L"Affinity Mask", std::format(L"0x{:X}", lc.get_process_affinity_mask()) },
+		{ L"CFG Flags", std::format(L"0x{:X}", lc.get_guard_flags()), PEStrings::CFGFlagsToString(lc.get_guard_flags()) },
+		{ L"Heap Flags", std::format(L"0x{:X}", lc.get_process_heap_flags()) },
+		{ L"Global Flags Set", std::format(L"0x{:X}", lc.get_global_flagsset()) },
+		{ L"Global Flags Clear", std::format(L"0x{:X}", lc.get_global_flagsclear()) },
+		{ L"Default CS Timeout", std::format(L"0x{:X}", lc.get_criticalsection_default_timeout()) },
+		{ L"Dependent Load Flags", std::format(L"0x{:X}", lc.get_dependent_load_flags()) },
+		{ L"Security Cookie", std::format(L"0x{:X}", lc.get_security_cookie()) },
+		{ L"CFG Functions", std::format(L"{}", lc.get_guard_cf_function_count()) },
+	};
+
+	m_CfgFunctions.reserve(lc.get_guard_cf_function_count());
+	auto& exports = PE().get_exports().get_functions();
+	for (auto& f : lc.get_guard_cf_functions()) {
+		CfgFunction func;
+		func.Rva = f;
+		if(auto it = std::ranges::find_if(exports,	[&](auto& exp) {
+				return exp.get_rva() == f;
+			}); it != exports.end())
+			func.Name = it->get_func_name();
+		m_CfgFunctions.emplace_back(std::move(func));
+	}
+	m_List.SetItemCount((int)m_Items.size());
+	m_CfgList.SetItemCount((int)m_CfgFunctions.size());
+}
+
diff --git a/TotalPE/LoadConfigView.h b/TotalPE/LoadConfigView.h
@@ -0,0 +1,41 @@
+#pragma once
+
+#include "View.h"
+#include <VirtualListView.h>
+#include <SortedFilteredVector.h>
+
+class CLoadConfigView :
+	public CView<CLoadConfigView>,
+	public CVirtualListView<CLoadConfigView> {
+public:
+	using CView::CView;
+
+	CString GetColumnText(HWND, int row, int col) const;
+	void DoSort(SortInfo const* si);
+	bool IsSortable(HWND, int col) const;
+
+	BEGIN_MSG_MAP(CLoadConfigView)
+		MESSAGE_HANDLER(WM_CREATE, OnCreate)
+		CHAIN_MSG_MAP(CView<CLoadConfigView>)
+		CHAIN_MSG_MAP(CVirtualListView<CLoadConfigView>)
+	END_MSG_MAP()
+
+	LRESULT OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
+
+private:
+	void BuildItems();
+
+	struct DataItem {
+		std::wstring Name, Value, Details;
+	};
+	struct CfgFunction {
+		std::string Name;
+		uint32_t Rva;
+	};
+	CListViewCtrl m_List;
+	CSplitterWindow m_Splitter;
+	CListViewCtrl m_CfgList;
+	std::vector<DataItem> m_Items;
+	std::vector<CfgFunction> m_CfgFunctions;
+};
+
diff --git a/TotalPE/MessageTableView.cpp b/TotalPE/MessageTableView.cpp
@@ -1,5 +1,6 @@
 #include "pch.h"
 #include "MessageTableView.h"
+#include "SortHelper.h"
 
 void CMessageTableView::SetData(uint8_t const* data) {
 	m_data = data;
@@ -17,6 +18,18 @@ CString CMessageTableView::GetColumnText(HWND, int row, int col) const {
 }
 
 void CMessageTableView::DoSort(SortInfo const* si) {
+	if (si == nullptr)
+		return;
+
+	auto compare = [&](auto& item1, auto& item2) {
+		switch (si->SortColumn) {
+			case 0: return SortHelper::Sort(item1.Index, item2.Index, si->SortAscending);
+			case 1: return SortHelper::Sort(item1.Id, item2.Id, si->SortAscending);
+			case 2: return SortHelper::Sort(item1.Text, item2.Text, si->SortAscending);
+		}
+		return false;
+	};
+	m_Items.Sort(compare);
 }
 
 LRESULT CMessageTableView::OnCreate(UINT, WPARAM, LPARAM, BOOL&) {

diff --git a/TotalPE/PEImageView.cpp b/TotalPE/PEImageView.cpp
@@ -31,6 +31,7 @@ bool CPEImageView::IsSortable(HWND, int col) const {
 LRESULT CPEImageView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/) {
 	m_hWndClient = m_List.Create(*this, rcDefault, nullptr, WS_CHILD | WS_VISIBLE | WS_CLIPSIBLINGS |
 		LVS_REPORT | LVS_OWNERDATA, WS_EX_CLIENTEDGE);
+	m_List.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
 	auto cm = GetColumnManager(m_List);
 
 	cm->AddColumn(L"Name", LVCFMT_LEFT, 150);
@@ -39,7 +40,6 @@ LRESULT CPEImageView::OnCreate(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam
 
 	cm->UpdateColumns();
 
-	m_List.SetExtendedListViewStyle(LVS_EX_DOUBLEBUFFER | LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
 
 	BuildItems();
 

diff --git a/TotalPE/PEStrings.cpp b/TotalPE/PEStrings.cpp
@@ -54,7 +54,7 @@ std::wstring PEStrings::SubsystemToString(uint32_t type) {
 	return L"(Unknown)";
 }
 
-std::wstring PEStrings::ToDecAndHex(DWORD value, bool hexFirst) {
+std::wstring PEStrings::ToDecAndHex(uint32_t value, bool hexFirst) {
 	std::wstring text;
 	if (hexFirst)
 		text = std::format(L"0x{:X} ({})", value, value);
@@ -116,15 +116,15 @@ std::wstring PEStrings::DllCharacteristicsToString(uint32_t dc) {
 
 }
 
-std::wstring PEStrings::Sec1970ToString(DWORD secs) {
+std::wstring PEStrings::Sec1970ToString(uint32_t secs) {
 	return (PCWSTR)CTime(secs).Format(L"%X");
 }
 
 std::wstring PEStrings::CharacteristicsToString(uint32_t cs) {
 	std::wstring result;
 
 	static const struct {
-		DWORD cs;
+		uint32_t cs;
 		PCWSTR text;
 	} chars[] = {
 		{ IMAGE_FILE_RELOCS_STRIPPED,			L"Relocations Stripped" },
@@ -145,7 +145,7 @@ std::wstring PEStrings::CharacteristicsToString(uint32_t cs) {
 	};
 
 	for (auto& ch : chars) {
-		if ((ch.cs & (DWORD)cs) == ch.cs)
+		if ((ch.cs & (uint32_t)cs) == ch.cs)
 			result += std::wstring(ch.text) + L", ";
 	}
 
@@ -154,7 +154,7 @@ std::wstring PEStrings::CharacteristicsToString(uint32_t cs) {
 	return result;
 }
 
-std::wstring PEStrings::ToHex(DWORD value, bool leadingZero) {
+std::wstring PEStrings::ToHex(uint32_t value, bool leadingZero) {
 	if (leadingZero)
 		return std::format(L"0x{:08X}", value);
 	return std::format(L"0x{:X}", value);
@@ -350,7 +350,7 @@ PCWSTR PEStrings::GetDataDirectoryName(int index) {
 	return index < 0 || index >= _countof(names) ? L"" : names[index];
 }
 
-std::wstring PEStrings::SectionCharacteristicsToString(DWORD c) {
+std::wstring PEStrings::SectionCharacteristicsToString(uint32_t c) {
 	std::wstring result;
 	auto ch = static_cast<SectionFlags>(c);
 
@@ -541,8 +541,8 @@ std::wstring PEStrings::UndecorateName(PCWSTR name) {
 	return result;
 }
 
-std::wstring PEStrings::VersionFileOSToString(DWORD type) {
-	static const std::unordered_map<DWORD, std::wstring> types = {
+std::wstring PEStrings::VersionFileOSToString(uint32_t type) {
+	static const std::unordered_map<uint32_t, std::wstring> types = {
 		{ VOS_DOS,			L"MS-DOS" },
 		{ VOS_NT,			L"Windows NT" },
 		{ VOS__WINDOWS16,	L"16-bit Windows" },
@@ -561,8 +561,8 @@ std::wstring PEStrings::VersionFileOSToString(DWORD type) {
 	return L"";
 }
 
-std::wstring PEStrings::LanguageToString(DWORD l) {
-	static const std::unordered_map<DWORD, std::wstring> languages = {
+std::wstring PEStrings::LanguageToString(uint32_t l) {
+	static const std::unordered_map<uint32_t, std::wstring> languages = {
 		{ MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),				L"en-US" },
 		{ MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_UK),				L"en-UK" },
 		{ MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_AUS),			L"en-Australia" },
@@ -594,7 +594,7 @@ std::wstring PEStrings::LanguageToString(DWORD l) {
 	return PrimaryLanguageToString(PRIMARYLANGID(l));
 }
 
-std::wstring PEStrings::FileTypeToString(DWORD type) {
+std::wstring PEStrings::FileTypeToString(uint32_t type) {
 	switch (type) {
 		case VFT_APP: return L"Application";
 		case VFT_DLL: return L"Dynamic Link Library";
@@ -606,11 +606,11 @@ std::wstring PEStrings::FileTypeToString(DWORD type) {
 	return L"Unknown";
 }
 
-std::wstring PEStrings::FileSubTypeToString(DWORD type, DWORD subType) {
+std::wstring PEStrings::FileSubTypeToString(uint32_t type, uint32_t subType) {
 	return L"";
 }
 
-PCWSTR PEStrings::DebugTypeToString(DWORD type) {
+PCWSTR PEStrings::DebugTypeToString(uint32_t type) {
 	switch (type) {
 		case IMAGE_DEBUG_TYPE_UNKNOWN: return L"Unknown";
 		case IMAGE_DEBUG_TYPE_COFF: return L"COFF";
@@ -656,9 +656,36 @@ PCWSTR PEStrings::x64RelocationTypeToString(BYTE type) {
 	return L"";
 }
 
-std::wstring PEStrings::FileFlagsToString(DWORD flags) {
+std::wstring PEStrings::CFGFlagsToString(uint32_t flags) {
 	static const struct {
-		DWORD value;
+		uint32_t value;
+		PCWSTR text;
+	} fflags[] = {
+		{ IMAGE_GUARD_CF_INSTRUMENTED,						L"Instrumented" },
+		{ IMAGE_GUARD_CFW_INSTRUMENTED,						L"Write Instrumented" },
+		{ IMAGE_GUARD_CF_FUNCTION_TABLE_PRESENT,			L"Function Table Present" },
+		{ IMAGE_GUARD_SECURITY_COOKIE_UNUSED,				L"Security Cookie Unused" },
+		{ IMAGE_GUARD_PROTECT_DELAYLOAD_IAT,				L"Protect Delay-Load IAT" },
+		{ IMAGE_GUARD_DELAYLOAD_IAT_IN_ITS_OWN_SECTION,		L"Delay-Load IAT in Own Section" },
+		{ IMAGE_GUARD_CF_EXPORT_SUPPRESSION_INFO_PRESENT,	L"Export Suppression Info" },
+		{ IMAGE_GUARD_CF_ENABLE_EXPORT_SUPPRESSION,			L"Export Suppression" },
+		{ IMAGE_GUARD_CF_LONGJUMP_TABLE_PRESENT,			L"Longjmp Table Present" },
+		{ IMAGE_GUARD_RF_INSTRUMENTED,						L"Return Flow Info" },
+		{ IMAGE_GUARD_RF_ENABLE,							L"Return Flow Enable" },
+		{ IMAGE_GUARD_RF_STRICT,							L"Strict Mode Return Flow Enable" },
+	};
+	std::wstring result;
+	for (auto& flag : fflags)
+		if (flag.value & flags)
+			result += flag.text + std::wstring(L", ");
+	if (!result.empty())
+		result = result.substr(0, result.length() - 2);
+	return result;
+}
+
+std::wstring PEStrings::FileFlagsToString(uint32_t flags) {
+	static const struct {
+		uint32_t value;
 		PCWSTR text;
 	} fflags[] = {
 		{ VS_FF_DEBUG, L"Debug Information" },
@@ -685,7 +712,7 @@ CString PEStrings::FormatInstruction(const cs_insn& inst) {
 	return CString(text);
 }
 
-PCWSTR PEStrings::CertificateTypeToString(DWORD type) {
+PCWSTR PEStrings::CertificateTypeToString(uint32_t type) {
 	switch (type) {
 		case WIN_CERT_TYPE_X509: return L"X.509";
 		case WIN_CERT_TYPE_PKCS_SIGNED_DATA: return L"PKCS SignedData";

diff --git a/TotalPE/PEStrings.h b/TotalPE/PEStrings.h
@@ -23,10 +23,10 @@ struct PEStrings abstract final {
 	static std::wstring SubsystemToString(uint32_t type);
 	static std::wstring MachineTypeToString(uint16_t);
 	static std::wstring CharacteristicsToString(uint32_t cs);
-	static std::wstring ToDecAndHex(DWORD value, bool hexFirst = false);
-	static std::wstring Sec1970ToString(DWORD secs);
+	static std::wstring ToDecAndHex(uint32_t value, bool hexFirst = false);
+	static std::wstring Sec1970ToString(uint32_t secs);
 	static std::wstring DllCharacteristicsToString(uint32_t ch);
-	static std::wstring ToHex(DWORD value, bool leadingZero = false);
+	static std::wstring ToHex(uint32_t value, bool leadingZero = false);
 	static std::wstring ToHex(ULONGLONG value);
 	static std::wstring ToMemorySize(ULONGLONG size);
 	static std::wstring ResourceTypeToString(WORD id);
@@ -38,16 +38,17 @@ struct PEStrings abstract final {
 	static std::wstring PropertyAttributesToString(CorPropertyAttr attr);
 	static std::wstring EventAttributesToString(CorEventAttr attr);
 	static PCWSTR GetDataDirectoryName(int index);
-	static std::wstring SectionCharacteristicsToString(DWORD c);
+	static std::wstring SectionCharacteristicsToString(uint32_t c);
 	static std::wstring PrimaryLanguageToString(WORD l);
-	static std::wstring LanguageToString(DWORD lang);
+	static std::wstring LanguageToString(uint32_t lang);
 	static std::wstring UndecorateName(PCWSTR name);
-	static std::wstring VersionFileOSToString(DWORD type);
-	static std::wstring FileTypeToString(DWORD type);
-	static std::wstring FileSubTypeToString(DWORD type, DWORD subType);
-	static std::wstring FileFlagsToString(DWORD flags);
-	static PCWSTR DebugTypeToString(DWORD type);
-	static PCWSTR CertificateTypeToString(DWORD type);
+	static std::wstring VersionFileOSToString(uint32_t type);
+	static std::wstring FileTypeToString(uint32_t type);
+	static std::wstring FileSubTypeToString(uint32_t type, uint32_t subType);
+	static std::wstring FileFlagsToString(uint32_t flags);
+	static PCWSTR DebugTypeToString(uint32_t type);
+	static PCWSTR CertificateTypeToString(uint32_t type);
 	static PCWSTR x64RelocationTypeToString(BYTE type);
+	static std::wstring CFGFlagsToString(uint32_t flags);
 };
 
diff --git a/TotalPE/TextView.cpp b/TotalPE/TextView.cpp
@@ -3,9 +3,9 @@
 #include "..\External\tinyxml2.h"
 
 #ifdef _DEBUG
-    #pragma comment(lib, "..\\External\\tinyxml2d")
+    #pragma comment(lib, "../External/tinyxml2d")
 #else
-    #pragma comment(lib, "../External/tinyxml2.lib")
+    #pragma comment(lib, "../External/tinyxml2")
 #endif
 
 void CTextView::SetText(PCWSTR text, TextFormat format) {