hasherezade · ladislav-zezula · Feb 3, 2022 · Feb 4, 2022
diff --git a/include/pe_sieve_types.h b/include/pe_sieve_types.h
@@ -8,7 +8,6 @@
 #include <windows.h>
 #include <pshpack4.h> // ensure 4 byte packing of the structures
 
-#define MAX_MODULE_BUF_LEN 1024
 #define PARAM_LIST_SEPARATOR ';'
 
 #ifndef __cplusplus
@@ -98,8 +97,8 @@ namespace pesieve {
 		bool make_reflection;   ///< operate on a process reflection rather than on the live process (this allows i.e. to force-read inaccessible pages)
 		bool use_cache;      ///< enable cache for the scanned modules
 		t_json_level json_lvl;  ///< level of the details of the JSON report
-		char output_dir[MAX_PATH + 1];  ///< the root directory where the output should be saved (default: current directory)
-		char modules_ignored[MAX_MODULE_BUF_LEN]; ///< a list of modules that will not be scanned, separated by PARAM_LIST_SEPARATOR
+		std::string output_dir;         ///< the root directory where the output should be saved (default: current directory)
+		std::string modules_ignored;    ///< a list of modules that will not be scanned, separated by PARAM_LIST_SEPARATOR
 	} t_params;
 
 	//!  Final summary about the scanned process.

diff --git a/params.h b/params.h
@@ -183,7 +183,7 @@ class PEsieveParams : public Params
 		copyVal<EnumParam>(PARAM_IMP_REC, ps.imprec_mode);
 		copyVal<EnumParam>(PARAM_OUT_FILTER, ps.out_filter);
 
-		copyCStr<StringParam>(PARAM_MODULES_IGNORE, ps.modules_ignored, _countof(ps.modules_ignored));
+		copyString(PARAM_MODULES_IGNORE, ps.modules_ignored);
 
 		copyVal<BoolParam>(PARAM_QUIET, ps.quiet);
 		copyVal<BoolParam>(PARAM_JSON, ps.json_output);
@@ -199,7 +199,7 @@ class PEsieveParams : public Params
 		copyVal<EnumParam>(PARAM_DATA, ps.data);
 		copyVal<EnumParam>(PARAM_DUMP_MODE, ps.dump_mode);
 
-		copyCStr<StringParam>(PARAM_DIR, ps.output_dir, _countof(ps.output_dir));
+		copyString(PARAM_DIR, ps.output_dir);
 	}
 
 	void printBanner()

diff --git a/scanners/code_scanner.cpp b/scanners/code_scanner.cpp
@@ -263,7 +263,7 @@ size_t pesieve::CodeScanner::collectExecutableSections(RemoteModuleData &_remote
 		}
 		else {
 			// report about failed initialization
-			my_report.sectionToResult[i] = CodeScanReport::SECTION_SCAN_ERR;
+			my_report.sectionToResult[(DWORD)i] = CodeScanReport::SECTION_SCAN_ERR;
 		}
 		// the section was not added to the list, delete it instead:
 		delete remoteSec;

diff --git a/scanners/scanner.cpp b/scanners/scanner.cpp
@@ -302,7 +302,7 @@ size_t pesieve::ProcessScanner::scanModules(ProcessScanReport &pReport)  //throw
 		}
 		// Don't scan modules that are in the ignore list
 		const std::string plainName = peconv::get_file_name(modData.szModName);
-		if (is_in_list(plainName.c_str(), this->ignoredModules)) {
+		if (is_in_list(plainName.c_str(), ignoredModules.c_str())) {
 			// ...but add such modules to the exports lookup:
 			if (pReport.exportsMap) {
 				pReport.exportsMap->add_to_lookup(modData.szModName, (HMODULE)modData.original_module, (ULONGLONG)modData.moduleHandle);
@@ -380,7 +380,7 @@ size_t pesieve::ProcessScanner::scanModulesIATs(ProcessScanReport &pReport) //th
 
 		// Don't scan modules that are in the ignore list
 		std::string plainName = peconv::get_file_name(modData.szModName);
-		if (is_in_list(plainName.c_str(), this->ignoredModules)) {
+		if (is_in_list(plainName.c_str(), this->ignoredModules.c_str())) {
 			continue;
 		}
 

diff --git a/scanners/scanner.h b/scanners/scanner.h
@@ -23,8 +23,7 @@ namespace pesieve {
 			: args(_args), isDEP(false), isReflection(is_reflection)
 		{
 			this->processHandle = procHndl;
-			ZeroMemory(ignoredModules, _countof(ignoredModules));
-			pesieve::util::delim_list_to_multi_sz(args.modules_ignored, PARAM_LIST_SEPARATOR, ignoredModules, _countof(ignoredModules));
+			pesieve::util::delim_list_to_multi_sz(args.modules_ignored, PARAM_LIST_SEPARATOR, ignoredModules);
 		}
 
 		~ProcessScanner()
@@ -57,7 +56,7 @@ namespace pesieve {
 		size_t hModsMax;
 		pesieve::t_params args;
 
-		char ignoredModules[MAX_MODULE_BUF_LEN];
+		std::string ignoredModules;
 	};
 
 }; //namespace pesieve
diff --git a/utils/format_util.cpp b/utils/format_util.cpp
@@ -99,40 +99,48 @@ bool pesieve::util::is_in_list(const char *searched_str, const char *str_list)
 	return result;
 }
 
-size_t pesieve::util::delim_list_to_multi_sz(IN const char *delim_list_str, IN const char delimiter, OUT char *buffer, IN const size_t buffer_max_chars)
+size_t pesieve::util::delim_list_to_multi_sz(IN const std::string & input, IN const char delimiter, OUT std::string & output)
 {
-	size_t str_count = 0;
-	const char * separator;
-	char * buffer_end = buffer + buffer_max_chars - 2;
-
-	// Clear the array
-	memset(buffer, 0, buffer_max_chars);
-
-	// Parse the string
-	while (delim_list_str && delim_list_str[0])
+	char * target_begin;
+	char * source_end;
+	char * source;
+	char * target;
+	size_t length;
+
+	// Copy the source into the target; we will work on top of the target's buffer
+	output = input;
+
+	// Append two chars to make sure we have enough space for two zeros.
+	// Don't count them into length
+	length = output.size();
+	output.append(2, delimiter);
+
+	// Prepare the pointer range
+	target_begin = target = source = (char *)(output.c_str());
+	source_end = source + length;
+
+	// Parse the input string. Separator and any spaces following behind it are skipped.
+	while(source < source_end)
 	{
-		// Get the next separator
-		separator = strchr(delim_list_str, delimiter);
-		if (separator == NULL)
-		{
-			StringCchCopy(buffer, (buffer_end - buffer), delim_list_str);
-			str_count++;
-			break;
-		}
-
-		// Put the part to the string
-		if (separator > delim_list_str)
+		// Did we find the delimiter?
+		if(source[0] == delimiter)
 		{
-			StringCchCopyNEx(buffer, (buffer_end - buffer), delim_list_str, (separator - delim_list_str), &buffer, NULL, 0);
-			str_count++;
-			buffer++;
+			// Skip the source delimiter and all. Put zero to the target
+			while(source[0] == delimiter || source[0] == ' ')
+				source++;
+			*target++ = 0;
+			continue;
 		}
 
-		// Skip comma and spaces
-		while (separator[0] == delimiter || separator[0] == ' ')
-			separator++;
-		delim_list_str = separator;
+		// Simply copy the char
+		*target++ = *source++;
 	}
-	return str_count;
+
+	// Append two zeros, making it multi-sz
+	*target++ = 0;
+	*target++ = 0;
+
+	// Return length of the target
+	return (target - target_begin);
 }
 
diff --git a/utils/format_util.h b/utils/format_util.h
@@ -29,7 +29,7 @@ namespace pesieve {
 		bool is_in_list(const char *searched_string, const char *strings_list);
 
 		// Converts a delimiter-separated list (i.e. "kernel32.dll,user32.dll,ntdll.dll") into multi-SZ string. Returns the count of the strings.
-		size_t delim_list_to_multi_sz(IN const char* delim_list_str, IN const char delimiter, OUT char* buffer, IN const size_t buffer_max_chars);
+		size_t delim_list_to_multi_sz(IN const std::string & input, IN const char delimiter, OUT std::string & output);
 
 	};
 };

diff --git a/utils/process_reflection.cpp b/utils/process_reflection.cpp
@@ -188,7 +188,7 @@ namespace pesieve {
 			if (ret == S_OK) {
 				args->is_ok = true;
 				args->returned_hndl = info.ReflectionProcessHandle;
-				args->returned_pid = (DWORD)info.ReflectionClientId.UniqueProcess;
+				args->returned_pid = (DWORD)(DWORD_PTR)info.ReflectionClientId.UniqueProcess;
 			}
 			return ret;
 		}