PELib understanding problem. Visitor classes.

Posted on 2007-04-03
Last Modified: 2008-02-01

im trying to use "PELib" ( in one of my C++ projects but have a problem with understanding some parts of the code. I was working with the FileDump3 example and it includes the following lines of code:

      DumpPeHeaderVisitor v1;

What is this visitor used for, why do i need it? Can someone explain that to me? I think there is a visitor base class that is extended in DumpPeHeaderVisitor but i dont understand what the whole purpose of this visitor is.

Question by:b3n_
  • 3
  • 3
LVL 53

Expert Comment

ID: 18848807
Check out the FileDump example on their site :

What the program does is dump the contents of a PeFile.

A PeFile has the visit() method which has to be passed a PeFileVisitor object :

This class has 2 virtual callback methods (one for 32bit and one for 64bit). So, you have to derive a class from PeFileVisitor, and implement those callback methods. In this example, they derived DumpPeHeaderVisitor like this :

        class DumpPeHeaderVisitor : public PeLib::PeFileVisitor
            virtual void callback(PeLib::PeFile32 &file) {dumpPeHeader<32>(file);}
            virtual void callback(PeLib::PeFile64 &file) {dumpPeHeader<64>(file);}

with :

        template<int bits>
        void dumpPeHeader(PeLib::PeFile& pef)
            // <SNIP>

So, the implementation of the callback methods dump the contents of the header in the PeFile.

So : the visitor is needed to specify what and how you want to use the PeFile.

Does that explain it for you ?

Author Comment

ID: 18849267
Thanks for your explanation, its getting clearer now. But what exactly does a(this) callback do and why are templates used for those methods? Is there a difference between the 32 and 64 bit file?
LVL 53

Expert Comment

ID: 18849403
>> But what exactly does a(this) callback do

In this case, you tell what you want to do in the callback() function, then you pass that function to the PeFile object, which will execute that callback function on the file. So, you're not directly working on the file, but you're providing the code to do what you want with the file. That's why they named it a callback, because it indirectly does what you want to do.
Compare it to someone that wants something done, but he can't do it himself. So, he describes what he wants to do on a piece of paper, and passes that piece of paper to another person. This other person will then do whatever is on that paper.

>> and why are templates used for those methods?

The dumpPeHeader() function uses a template to avoid having to write the same code for the 32bit and 64bit versions. This way, the same function is used for both the 32bit and 64bit versions, and the choice is made by choosing the correct templated value.

>> Is there a difference between the 32 and 64 bit file?

I assume so, otherwise they wouldn't have made the distinction in their PeFile class ...
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.


Author Comment

ID: 18849465
That makes sense, so by looking at the code:
      DumpPeHeaderVisitor v1;
      DumpImpDirVisitor v2;
      DumpTlsDirVisitor v3;

The methods that use a visitor have a different output depending on the filetype (either 32 or 64 bit) and the ones without a visitor callback have the same output on both kind of files? Thats how i understand the code now...
LVL 53

Accepted Solution

Infinity08 earned 125 total points
ID: 18849649
>> The methods that use a visitor have a different output depending on the filetype (either 32 or 64 bit)

Yes. But they also have different output depending on how you implemented those callback methods.

Notice that in the example code, three different visitor classes are used :

    DumpPeHeaderVisitor : to dump the header
    DumpImpDirVisitor : to dump the import directory
    DumpTlsDirVisitor : to dump the TLS directory

Depending on which of these three is passed to the visit() method, the output will be different.
On top of that : for each of these three visitor classes, two separate callback methods are defined - one that will be used if the file is 32bits, and the other if the file is 64bits.

>> and the ones without a visitor callback have the same output on both kind of files?

I assume you mean function calls like this :


These functions operate directly on the file without passing through the visit() method. So, indeed, no distinction is made for 32bit or 64bit files, unless the function does so explicitly.

Author Comment

ID: 18850172
thank you very much for the explanation.

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Written by John Humphreys C++ Threading and the POSIX Library This article will cover the basic information that you need to know in order to make use of the POSIX threading library available for C and C++ on UNIX and most Linux systems.   [s…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The goal of the video will be to teach the user the concept of local variables and scope. An example of a locally defined variable will be given as well as an explanation of what scope is in C++. The local variable and concept of scope will be relat…
The viewer will learn how to user default arguments when defining functions. This method of defining functions will be contrasted with the non-default-argument of defining functions.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now