Add ELF file hash to PE image

[Alan-Jowett]

Moving this PR to draft until the corresponding issue is in the current milestone

Resolves: #4758

Description

This pull request introduces a new API for extracting data from named sections in PE and ELF files, and adds a corresponding NetSh command to display hash information from eBPF binaries. It also includes related project file updates, utility improvements, and comprehensive tests for the new functionality.

New API and Feature Implementation

• Added the ebpf_api_get_data_section API to extract data from a named section in PE or ELF files, supporting buffer size queries and error handling for missing files or sections. (include/ebpf_api.h, libs/api/ebpf_api.cpp, ebpfapi/Source.def) [1] [2] [3]
• Implemented the NetSh command handler handle_ebpf_show_hash to display hash information from eBPF binaries, supporting both detailed and PowerShell-style output. (libs/ebpfnetsh/netsh_hash.cpp, libs/ebpfnetsh/netsh_hash.h, libs/ebpfnetsh/tokens.h) [1] [2] [3]

Project and Build System Updates

• Updated project files to include new source and header files for hash functionality. (libs/ebpfnetsh/ebpfnetsh.vcxproj, libs/ebpfnetsh/ebpfnetsh.vcxproj.filters) [1] [2] [3] [4]

Utility Improvements

• Replaced usage of Windows macros min/max with std::min/std::max for improved portability and to avoid macro conflicts. (libs/api/ebpf_api.cpp) [1] [2] [3] [4]

Testing

• Added extensive end-to-end tests for the new API, including handling of valid and invalid file paths, section existence, buffer size checks, and both PE and ELF formats. (tests/end_to_end/end_to_end.cpp)
• Added NetSh command tests for various scenarios, including missing files, missing hash sections, and output formatting for both detailed and hash-only modes. (tests/end_to_end/netsh_test.cpp, tests/end_to_end/netsh_test_helper.h) [1] [2]

Testing

New tests added.

Documentation

Netsh help updated.

Installation

No.