D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more

Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com>

EDRSandblast/Includes/PEParser.h

@@ -1,9 +1,10 @@
 #pragma once
+#pragma warning (disable:4214) //Warning Level 4: C4214: nonstandard extension used : bit field types other than int
+
 #include <Windows.h>
 
 typedef unsigned __int64    QWORD;
 
-
 typedef struct _IMAGE_RELOCATION_ENTRY {
 	WORD Offset : 12;
 	WORD Type : 4;
@@ -14,6 +15,13 @@ typedef struct PE_relocation_t {
 	WORD Type : 4;
 } PE_relocation;
 
+typedef struct PE_codeview_debug_info_t {
+	DWORD signature;
+	GUID guid;
+	DWORD age;
+	CHAR pdbName[1];
+} PE_codeview_debug_info;
+
 typedef struct PE_pointers {
 	BOOL isMemoryMapped;
 	BOOL isInAnotherAddressSpace;
@@ -34,6 +42,9 @@ typedef struct PE_pointers {
 	//relocations info
 	DWORD nbRelocations;
 	PE_relocation* relocations;
+	//debug info
+	IMAGE_DEBUG_DIRECTORY* debugDirectory;
+	PE_codeview_debug_info* codeviewDebugInfo;
 } PE;
 
 PE* PE_create(PVOID imageBase, BOOL isMemoryMapped);
@@ -47,4 +58,5 @@ PVOID PE_functionAddr(PE* pe, LPCSTR functionName);
 VOID PE_parseRelocations(PE* pe);
 VOID PE_rebasePE(PE* pe, LPVOID newBaseAddress);
 PVOID PE_search_pattern(PE* pe, PBYTE pattern, size_t patternSize);
-PVOID PE_search_relative_reference(PE* pe, PVOID target, DWORD relativeReferenceSize);
+PVOID PE_search_relative_reference(PE* pe, PVOID target, DWORD relativeReferenceSize);
+VOID PE_destroy(PE* pe);