pe-parse Add support for debug entry iteration

Add support for debug entry iteration

Open woodruffw opened this issue 5 years ago • 1 comments

We should add a high-level iter-style API for the debug data directory entry vector, similar to the other iter-style APIs.

One challenge: the contents of the debug entries are heterogeneously typed and have drastically different contents. Maybe a visitor pattern instead, where IterDebug is registered with a struct of callbacks, one per type.

See https://github.com/trailofbits/winchecksec/issues/44.

Mar 31 '20 02:03 woodruffw

One downside to the visitor-style iter design: most entries in the vector will probably be one of a kind, so there isn't much of a point in "iterating" over them.

Some options:

VFS-style visitor pattern:

visitors = { .extended_dll_characteristics = some_func, /* ... */ };
VisitDebugEntries(pe, visitors);

Individual iter-style interfaces for each type:

IterDebugCodeviewEntries(pe, /* ... */);
IterDebugReproEntries(pe, /* ... */);

Others?

Mar 31 '20 02:03 woodruffw

cc @yardenshafir for visibility: this is the backing work we'll need for CET detection in winchecksec.

Oct 27 '22 14:10 woodruffw

I think we can consider this closed. Users can use the functionality in #173 to iterate over the referenced debug entries.

Nov 14 '22 15:11 woodruffw

pe-parse pe-parse copied to clipboard

Add support for debug entry iteration

pe-parse
pe-parse copied to clipboard