From 227518d602ef3b291a557e6568503cee4b88fd96 Mon Sep 17 00:00:00 2001
From: hasherezade <hasherezade@gmail.com>
Date: Fri, 12 Jul 2024 17:02:27 +0200
Subject: [PATCH] [FEATURE] Allow to fetch architecture

---
 parser/include/bearparser/Executable.h |  6 ++++++
 parser/include/bearparser/pe/PECore.h  |  1 +
 parser/include/bearparser/pe/PEFile.h  |  3 +++
 parser/pe/PECore.cpp                   | 14 ++++++++++++++
 4 files changed, 24 insertions(+)

diff --git a/parser/include/bearparser/Executable.h b/parser/include/bearparser/Executable.h
index 515a6ecac..18571cca5 100644
--- a/parser/include/bearparser/Executable.h
+++ b/parser/include/bearparser/Executable.h
@@ -31,6 +31,12 @@ class Executable : public AbstractByteBuffer {
         BITS_32 = 32,
         BITS_64 = 64,
     };
+	
+	enum exe_arch {
+		ARCH_UNKNOWN = 0,
+		ARCH_INTEL = 1,
+		ARCH_ARM = 2
+	};
 
     enum addr_type {
         NOT_ADDR = 0,
diff --git a/parser/include/bearparser/pe/PECore.h b/parser/include/bearparser/pe/PECore.h
index 75ba482f1..43cec0ded 100644
--- a/parser/include/bearparser/pe/PECore.h
+++ b/parser/include/bearparser/pe/PECore.h
@@ -25,6 +25,7 @@ class PECore
     virtual bufsize_t getImageSize();
 
     Executable::exe_bits getHdrBitMode() const;
+    Executable::exe_arch getHdrArch() const;
     offset_t peSignatureOffset() const;
     offset_t peFileHdrOffset() const;
     offset_t secHdrsOffset() const;
diff --git a/parser/include/bearparser/pe/PEFile.h b/parser/include/bearparser/pe/PEFile.h
index ae88971a0..150229a96 100644
--- a/parser/include/bearparser/pe/PEFile.h
+++ b/parser/include/bearparser/pe/PEFile.h
@@ -71,6 +71,7 @@ class PEFile : public MappedExe
     virtual offset_t getEntryPoint(Executable::addr_type addrType = Executable::RVA); // returns INVALID_ADDR if failed
 
     virtual exe_bits getBitMode() { return getHdrBitMode(); }
+    virtual exe_arch getArch() { return getHdrArch(); }
     //---
     // PEFile only:
     offset_t peFileHdrOffset() const { return core.peFileHdrOffset(); }
@@ -94,6 +95,8 @@ class PEFile : public MappedExe
 
     exe_bits getHdrBitMode() { return core.getHdrBitMode(); }
 
+    exe_arch getHdrArch() { return core.getHdrArch(); }
+    
 /* mutex protected: section operations */
 
     offset_t getLastMapped(Executable::addr_type aType)
diff --git a/parser/pe/PECore.cpp b/parser/pe/PECore.cpp
index 40c7a4273..8758c777d 100644
--- a/parser/pe/PECore.cpp
+++ b/parser/pe/PECore.cpp
@@ -56,6 +56,20 @@ Executable::exe_bits PECore::getHdrBitMode() const
     return Executable::BITS_32; // DEFAULT
 }
 
+Executable::exe_arch PECore::getHdrArch() const
+{
+    if (!this->fHdr) {
+        return Executable::ARCH_UNKNOWN;
+    }
+    if (this->fHdr->Machine == M_I386 || this->fHdr->Machine == M_AMD64) {
+        return Executable::ARCH_INTEL;
+    }
+    if (this->fHdr->Machine == M_ARM || this->fHdr->Machine == M_ARM64LE) {
+        return Executable::ARCH_ARM;
+    }
+    return Executable::ARCH_UNKNOWN;
+}
+
 offset_t PECore::peSignatureOffset() const
 {
     if (!dos) return INVALID_ADDR;