-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathModules.h
More file actions
99 lines (81 loc) · 2.28 KB
/
Modules.h
File metadata and controls
99 lines (81 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#pragma once
#include"PEFile.h"
class CExportFunction
{
public:
std::string sFuncName;
WORD wFuncOrdinal;
DWORD dwFuncAddress;
DWORD dwFuncAddressHook;
CExportFunction():sFuncName(""),wFuncOrdinal(0),dwFuncAddress(0),dwFuncAddressHook(MAXDWORD) {}
};
struct SCHEMA_LIBRARY
{
TSTRING sSchemaName;
TSTRING sRealName;
};
struct FORWARDED_FUNC
{
TSTRING sToLib;
std::string sToName;
WORD wToOrdinal;
TSTRING sFromLib;
std::string sFromName;
WORD wFromOrdinal;
};
class CModule
{
friend class CModules;
friend class CTracer;
friend class CMain;
friend class CDlgEditImport;
friend class CDlgAttach;
friend class CDlgMain;
HANDLE hVictim;
DWORD dwOffsetToPe;
std::vector<CExportFunction> Exports;
public:
TSTRING sModuleName,sFullName,sImportName;
CPEFile ModuleFile;
CModule(HANDLE n_hVictim,DWORD_PTR n_ModuleBase,const TCHAR *szModuleName,
const TCHAR *szFullName,const TCHAR *szImportName);
CModule &operator=(const CModule &other);
void AddForwarded();
DWORD_PTR ModuleBase;
DWORD dwModuleSize;
DWORD_PTR HookBase;
DWORD dwHookSize;
void HookExport();
void UnHookExport();
void FreeMemory();
bool TestVictim();
};
class CModules
{
public:
CModules();
~CModules();
std::vector<CModule*> Modules;
std::vector<TSTRING> UnhookModules;
std::vector<DWORD_PTR> UnhookedBreaks;
DWORD_PTR VictimBase;
DWORD_PTR TrampolineBase;
CPEFile *pVictimFile;
HANDLE hVictim;
bool fHookedImport;
BOOL fUnhookInAction;
void Clear();
void AddModule(DWORD_PTR ModuleBase,bool fAddForwarded);
void Reload(DWORD_PTR n_VictimBase,CPEFile *n_pVictimFile,HANDLE n_hVictim);
void HookExport();
void UnHookExport();
void HookImport();
void SetUnhookedBreaksBack();
DWORD_PTR GetModHandle(const TCHAR *szModuleName) const;
DWORD_PTR GetProcedureAddr(const TCHAR *szModuleName,const char *szFuncName,WORD wFuncOrdinal,bool fAddressHook) const;
void IdentifyFunction(CImportRecord &ImportRecord,DWORD_PTR FuncAddress) const;
bool IdentifyFunctionPrev(CImportRecord &ImportRecord) const;
bool IdentifyFunctionNext(CImportRecord &ImportRecord) const;
bool ForwardedPrev(CImportRecord &ImportRecord,DWORD dwCount) const;
bool ForwardedNext(CImportRecord &ImportRecord,DWORD dwCount) const;
};