/*

  *  Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
  *  Copyright (C) 2007-2013 Sourcefire, Inc.

  *

  *  Authors: Alberto Wu, Tomasz Kojm, Andrew Williams

  *
  *  Acknowledgements: The header structures were based upon a PE format

  *                    analysis by B. Luevelsmeyer.

  *

  *  This program is free software; you can redistribute it and/or modify

  *  it under the terms of the GNU General Public License version 2 as
  *  published by the Free Software Foundation.

  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU General Public License for more details.
  *
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software

  *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  *  MA 02110-1301, USA.

  */
 
 #ifndef __PE_H
 #define __PE_H
 
 #include "clamav.h"

 #include "others.h"

 #include "fmap.h"

 #include "bcfeatures.h"

 #include "pe_structs.h"
 #include "execs.h"

 /** Data for the bytecode PE hook

  * \group_pe

  *
  *  NOTE: This structure must stay in-sync with the ones defined within the
  *  clamav-bytecode-compiler source at:
  *  - clang/lib/Headers/bytecode_pe.h
  *  - llvm/tools/clang/lib/Headers/bytecode_pe.h
  *  We allocate space for this, populate the values via cli_peheader, and pass
  *  it to the bytecode sig runtime for use.
  *
  *  TODO Next time we are making changes to the clamav-bytecode-compiler
  *  source, update pe_image_optional_hdr32 and pe_image_optional_hdr64 to
  *  remove DataDirectory from both (like with the definitions here).  Then,
  *  remove opt32_dirs and opt64_dirs below.  There's no need to have these
  *  bytes in 3 places!  Also, consider using a union to hold opt32 and opt64,
  *  since you never need more than one at a time.
  */

 struct cli_pe_hook_data {

     uint32_t offset;
     uint32_t ep;                          /**< EntryPoint as file offset */
     uint16_t nsections;                   /**< Number of sections */
     uint16_t dummy;                       /* align */
     struct pe_image_file_hdr file_hdr;    /**< Header for this PE file */
     struct pe_image_optional_hdr32 opt32; /**< 32-bit PE optional header */

     /** Our opt32 no longer includes DataDirectory[16], but the one in the

      * bytecode compiler source still does.  Add this here as a placeholder (and
      * it gets used, so we need to populate it also */

     struct pe_image_data_dir opt32_dirs[16];
     uint32_t dummy2;                         /* align */
     struct pe_image_optional_hdr64 opt64;    /**< 64-bit PE optional header */
     struct pe_image_data_dir opt64_dirs[16]; /** See note about opt32_dirs */
     struct pe_image_data_dir dirs[16];       /**< PE data directory header */
     uint32_t e_lfanew;                       /**< address of new exe header */
     uint32_t overlays;                       /**< number of overlays */
     int32_t overlays_sz;                     /**< size of overlays */
     uint32_t hdr_size;                       /**< internally needed by rawaddr */

 };
 

 int cli_scanpe(cli_ctx *ctx);

 enum {
     CL_GENHASH_PE_CLASS_SECTION,
     CL_GENHASH_PE_CLASS_IMPTBL,
     /* place new class types above this line */
     CL_GENHASH_PE_CLASS_LAST
 };
 

 // For info about these, see the cli_peheader definition in pe.c
 #define CLI_PEHEADER_OPT_NONE 0x0
 #define CLI_PEHEADER_OPT_COLLECT_JSON 0x1
 #define CLI_PEHEADER_OPT_DBG_PRINT_INFO 0x2
 #define CLI_PEHEADER_OPT_EXTRACT_VINFO 0x4
 #define CLI_PEHEADER_OPT_STRICT_ON_PE_ERRORS 0x8

 #define CLI_PEHEADER_OPT_REMOVE_MISSING_SECTIONS 0x10

 
 #define CLI_PEHEADER_RET_SUCCESS 0
 #define CLI_PEHEADER_RET_GENERIC_ERROR -1
 #define CLI_PEHEADER_RET_BROKEN_PE -2
 #define CLI_PEHEADER_RET_JSON_TIMEOUT -3
 
 int cli_pe_targetinfo(fmap_t *map, struct cli_exe_info *peinfo);
 int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts, cli_ctx *ctx);
 

 cl_error_t cli_check_auth_header(cli_ctx *ctx, struct cli_exe_info *peinfo);

 int cli_genhash_pe(cli_ctx *ctx, unsigned int class, int type, stats_section_t *hashes);

 uint32_t cli_rawaddr(uint32_t, const struct cli_exe_section *, uint16_t, unsigned int *, size_t, uint32_t);

 void findres(uint32_t, uint32_t, fmap_t *map, struct cli_exe_info *, int (*)(void *, uint32_t, uint32_t, uint32_t, uint32_t), void *);

 #endif