|
|
feffc7 |
#ifndef PEMAGINE_H
|
|
|
feffc7 |
#define PEMAGINE_H
|
|
|
feffc7 |
|
|
|
feffc7 |
#include "pe_api.h"
|
|
|
feffc7 |
#include "pe_consts.h"
|
|
|
feffc7 |
#include "pe_structs.h"
|
|
|
8bf8b6 |
#include "pe_ldso.h"
|
|
|
feffc7 |
|
|
|
feffc7 |
#ifdef __cplusplus
|
|
|
feffc7 |
extern "C" {
|
|
|
feffc7 |
#endif
|
|
|
feffc7 |
|
|
|
feffc7 |
enum pe_callback_reason {
|
|
|
feffc7 |
PE_CALLBACK_REASON_INIT = 0x00,
|
|
|
feffc7 |
PE_CALLBACK_REASON_ITEM = 0x01,
|
|
|
feffc7 |
PE_CALLBACK_REASON_INFO = 0x02,
|
|
|
feffc7 |
PE_CALLBACK_REASON_QUERY = 0x04,
|
|
|
feffc7 |
PE_CALLBACK_REASON_DONE = 0x1000,
|
|
|
feffc7 |
PE_CALLBACK_REASON_ERROR = (-1)
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
77cbd4 |
/* ldso flags */
|
|
|
77cbd4 |
#define PE_LDSO_INTEGRAL_ONLY 0x00000000
|
|
|
77cbd4 |
#define PE_LDSO_DEFAULT_EXECUTABLE 0x00000001
|
|
|
77cbd4 |
#define PE_LDSO_STANDALONE_EXECUTABLE 0x00000002
|
|
|
77cbd4 |
|
|
|
77cbd4 |
|
|
|
97b12c |
/* ldso loader context pointer index */
|
|
|
97b12c |
#define PE_LDSO_CTX_IDX_PREV_LOADER 0x0
|
|
|
97b12c |
#define PE_LDSO_CTX_IDX_PREV_ROOT 0x1
|
|
|
97b12c |
#define PE_LDSO_CTX_IDX_RESERVED_1 0x2
|
|
|
97b12c |
#define PE_LDSO_CTX_IDX_RESERVED_2 0x3
|
|
|
97b12c |
|
|
|
97b12c |
|
|
|
feffc7 |
/* library specific structures */
|
|
|
feffc7 |
struct pe_export_sym {
|
|
|
feffc7 |
uint32_t * ordinal_base;
|
|
|
feffc7 |
uint16_t * ordinal;
|
|
|
feffc7 |
void * addr;
|
|
|
feffc7 |
void * forwarder_rva;
|
|
|
feffc7 |
char * name;
|
|
|
feffc7 |
long status;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
7cd411 |
struct pe_guid {
|
|
|
7cd411 |
uint32_t data1;
|
|
|
7cd411 |
uint16_t data2;
|
|
|
7cd411 |
uint16_t data3;
|
|
|
7cd411 |
unsigned char data4[8];
|
|
|
7cd411 |
};
|
|
|
7cd411 |
|
|
|
7cd411 |
|
|
|
7cd411 |
struct pe_guid_str_utf16 {
|
|
|
7cd411 |
wchar16_t lbrace;
|
|
|
7cd411 |
wchar16_t group1[8];
|
|
|
7cd411 |
wchar16_t dash1;
|
|
|
7cd411 |
wchar16_t group2[4];
|
|
|
7cd411 |
wchar16_t dash2;
|
|
|
7cd411 |
wchar16_t group3[4];
|
|
|
7cd411 |
wchar16_t dash3;
|
|
|
7cd411 |
wchar16_t group4[4];
|
|
|
7cd411 |
wchar16_t dash4;
|
|
|
7cd411 |
wchar16_t group5[12];
|
|
|
7cd411 |
wchar16_t rbrace;
|
|
|
7cd411 |
};
|
|
|
7cd411 |
|
|
|
7cd411 |
|
|
|
feffc7 |
struct pe_unicode_str {
|
|
|
feffc7 |
uint16_t strlen;
|
|
|
feffc7 |
uint16_t maxlen;
|
|
|
feffc7 |
uint16_t * buffer;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_list_entry {
|
|
|
feffc7 |
struct pe_list_entry * flink;
|
|
|
feffc7 |
struct pe_list_entry * blink;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_client_id {
|
|
|
feffc7 |
uint32_t process_id;
|
|
|
feffc7 |
uint32_t thread_id;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_stack_heap_info {
|
|
|
feffc7 |
size_t size_of_stack_reserve;
|
|
|
feffc7 |
size_t size_of_stack_commit;
|
|
|
feffc7 |
size_t size_of_heap_reserve;
|
|
|
feffc7 |
size_t size_of_heap_commit;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_peb_ldr_data {
|
|
|
feffc7 |
uint32_t length;
|
|
|
feffc7 |
uint32_t initialized;
|
|
|
feffc7 |
void * ss_handle;
|
|
|
feffc7 |
struct pe_list_entry in_load_order_module_list;
|
|
|
feffc7 |
struct pe_list_entry in_memory_order_module_list;
|
|
|
feffc7 |
struct pe_list_entry in_init_order_module_list;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_ldr_tbl_entry {
|
|
|
feffc7 |
struct pe_list_entry in_load_order_links;
|
|
|
feffc7 |
struct pe_list_entry in_memory_order_links;
|
|
|
feffc7 |
struct pe_list_entry in_init_order_links;
|
|
|
feffc7 |
void * dll_base;
|
|
|
feffc7 |
void * entry_point;
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
uint32_t size_of_image;
|
|
|
feffc7 |
unsigned char size_of_image_padding[sizeof(uintptr_t)];
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_unicode_str full_dll_name;
|
|
|
feffc7 |
struct pe_unicode_str base_dll_name;
|
|
|
feffc7 |
uint32_t flags;
|
|
|
feffc7 |
uint16_t load_count;
|
|
|
feffc7 |
uint16_t tls_index;
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
struct pe_list_entry hash_links;
|
|
|
feffc7 |
struct {
|
|
|
feffc7 |
void * section_pointer;
|
|
|
feffc7 |
uint32_t check_sum;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
void * loaded_imports;
|
|
|
feffc7 |
uint32_t time_date_stamp;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
void * entry_point_activation_context;
|
|
|
feffc7 |
void * patch_information;
|
|
|
feffc7 |
struct pe_list_entry forwarder_links;
|
|
|
feffc7 |
struct pe_list_entry service_tag_links;
|
|
|
feffc7 |
struct pe_list_entry static_links;
|
|
|
feffc7 |
void * context_information;
|
|
|
feffc7 |
uintptr_t original_base;
|
|
|
feffc7 |
int64_t load_time;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
7cd411 |
struct pe_framework_runtime_data {
|
|
|
13f822 |
struct pe_guid abi;
|
|
|
7cd411 |
void * hself;
|
|
|
7cd411 |
void * hparent;
|
|
|
7cd411 |
void * himage;
|
|
|
7cd411 |
void * hroot;
|
|
|
77cbd4 |
void * hdsodir;
|
|
|
77cbd4 |
void * hloader;
|
|
|
902e11 |
void * hexec;
|
|
|
902e11 |
void * hpeer;
|
|
|
7cd411 |
void * hcwd;
|
|
|
7cd411 |
void * hdrive;
|
|
|
902e11 |
void * hldrctx[__SIZEOF_POINTER__>>1];
|
|
|
7cd411 |
};
|
|
|
7cd411 |
|
|
|
feffc7 |
|
|
|
feffc7 |
/* static inlined functions */
|
|
|
feffc7 |
static __inline__ void * pe_get_teb_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_address_alt(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_ldr_data_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_ldr_data_address_alt(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_process_id(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_thread_id(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_session_id(void);
|
|
|
feffc7 |
static __inline__ void * pe_va_from_rva(const void * base, intptr_t offset);
|
|
|
feffc7 |
|
|
|
feffc7 |
#include "pe_inline_asm.h"
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
/**
|
|
|
feffc7 |
* user callback function responses
|
|
|
feffc7 |
*
|
|
|
feffc7 |
* positive: continue enumeration.
|
|
|
feffc7 |
* zero: exit enumeration (ok).
|
|
|
feffc7 |
* negative: exit enumeration (error).
|
|
|
feffc7 |
**/
|
|
|
feffc7 |
|
|
|
feffc7 |
/* callback signatures */
|
|
|
feffc7 |
typedef int pe_enum_modules_callback(
|
|
|
feffc7 |
struct pe_ldr_tbl_entry * image_ldr_tbl_entry,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
feffc7 |
typedef int pe_enum_image_exports_callback(
|
|
|
feffc7 |
const void * base,
|
|
|
149cda |
struct pe_raw_export_hdr * exp_hdr,
|
|
|
feffc7 |
struct pe_export_sym * sym,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
feffc7 |
typedef int pe_enum_image_import_hdrs_callback(
|
|
|
feffc7 |
const void * base,
|
|
|
504536 |
struct pe_raw_import_hdr * imp_hdr,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
81c1d4 |
/* image: low-level api */
|
|
|
de5b30 |
pe_api struct pe_raw_image_dos_hdr * pe_get_image_dos_hdr_addr (const void * base);
|
|
|
02863d |
pe_api struct pe_raw_coff_image_hdr * pe_get_image_coff_hdr_addr (const void * base);
|
|
|
fad23f |
pe_api union pe_raw_opt_hdr * pe_get_image_opt_hdr_addr (const void * base);
|
|
|
fb643b |
pe_api struct pe_raw_data_dirs * pe_get_image_data_dirs_addr (const void * base);
|
|
|
9089cb |
pe_api struct pe_raw_sec_hdr * pe_get_image_section_tbl_addr (const void * base);
|
|
|
9089cb |
pe_api struct pe_raw_sec_hdr * pe_get_image_named_section_addr (const void * base, const char * name);
|
|
|
25e093 |
pe_api struct pe_raw_sec_hdr * pe_get_image_block_section_addr (const void * base, uint32_t blk_rva, uint32_t blk_size);
|
|
|
149cda |
pe_api struct pe_raw_export_hdr * pe_get_image_export_hdr_addr (const void * base, uint32_t * sec_size);
|
|
|
504536 |
pe_api struct pe_raw_import_hdr * pe_get_image_import_dir_addr (const void * base, uint32_t * sec_size);
|
|
|
81c1d4 |
|
|
|
81c1d4 |
/* image: high-level api */
|
|
|
70b202 |
pe_api void * pe_get_image_entry_point_addr (const void * base);
|
|
|
81c1d4 |
pe_api void * pe_get_image_special_hdr_addr (const void * base, uint32_t ordinal, uint32_t * sec_size);
|
|
|
70b202 |
pe_api int pe_get_image_stack_heap_info (const void * base, struct pe_stack_heap_info *);
|
|
|
70b202 |
|
|
|
81c1d4 |
/* image: exports api */
|
|
|
81c1d4 |
pe_api char * pe_get_symbol_name (const void * base, const void * sym_addr);
|
|
|
81c1d4 |
pe_api struct pe_ldr_tbl_entry * pe_get_symbol_module_info (const void * sym_addr);
|
|
|
70b202 |
pe_api void * pe_get_procedure_address (const void * base, const char * name);
|
|
|
70b202 |
pe_api int pe_get_export_symbol_info (const void * base, const char * name, struct pe_export_sym *);
|
|
|
70b202 |
pe_api int pe_enum_image_exports (const void * base,
|
|
|
70b202 |
pe_enum_image_exports_callback *,
|
|
|
70b202 |
struct pe_export_sym *,
|
|
|
70b202 |
void * ctx);
|
|
|
70b202 |
|
|
|
81c1d4 |
/* image: imports api */
|
|
|
81c1d4 |
pe_api char * pe_get_import_symbol_info (const void * sym_addr,
|
|
|
81c1d4 |
struct pe_ldr_tbl_entry ** ldr_tbl_entry);
|
|
|
81c1d4 |
|
|
|
70b202 |
pe_api int pe_enum_image_import_hdrs (const void * base,
|
|
|
70b202 |
pe_enum_image_import_hdrs_callback *,
|
|
|
70b202 |
void * ctx);
|
|
|
70b202 |
|
|
|
81c1d4 |
/* process: address space api */
|
|
|
70b202 |
pe_api int pe_enum_modules_in_load_order (pe_enum_modules_callback *, void * ctx);
|
|
|
70b202 |
pe_api int pe_enum_modules_in_memory_order (pe_enum_modules_callback *, void * ctx);
|
|
|
70b202 |
pe_api int pe_enum_modules_in_init_order (pe_enum_modules_callback *, void * ctx);
|
|
|
ff22b1 |
pe_api void * pe_get_module_handle (const uint16_t * name);
|
|
|
70b202 |
pe_api void * pe_get_first_module_handle (void);
|
|
|
81c1d4 |
|
|
|
81c1d4 |
/* process: system api */
|
|
|
70b202 |
pe_api void * pe_get_ntdll_module_handle (void);
|
|
|
70b202 |
pe_api void * pe_get_kernel32_module_handle (void);
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
393c20 |
/* ldso */
|
|
|
e13223 |
pe_api wchar16_t * pe_get_peb_command_line(void);
|
|
|
e13223 |
pe_api wchar16_t * pe_get_peb_environment_block(void);
|
|
|
c6d46c |
pe_api struct pe_ldr_tbl_entry * pe_get_ldr_entry_from_addr(const void * addr);
|
|
|
c6d46c |
|
|
|
e13223 |
|
|
|
7cd411 |
pe_api int32_t pe_get_framework_runtime_data(
|
|
|
7cd411 |
struct pe_framework_runtime_data ** rtdata,
|
|
|
7cd411 |
const wchar16_t * cmdline,
|
|
|
7cd411 |
const struct pe_guid * abi);
|
|
|
7cd411 |
|
|
|
77cbd4 |
pe_api int32_t pe_find_framework_loader(
|
|
|
77cbd4 |
struct pe_framework_runtime_data * rtdata,
|
|
|
77cbd4 |
const wchar16_t * basename,
|
|
|
77cbd4 |
const wchar16_t * rrelname,
|
|
|
77cbd4 |
void * refaddr,
|
|
|
77cbd4 |
uintptr_t * buffer,
|
|
|
77cbd4 |
uint32_t bufsize,
|
|
|
77cbd4 |
uint32_t flags);
|
|
|
77cbd4 |
|
|
|
77cbd4 |
|
|
|
224f38 |
pe_api int32_t pe_load_framework_library(
|
|
|
224f38 |
void ** baseaddr,
|
|
|
224f38 |
void * hat,
|
|
|
224f38 |
const wchar16_t * atrelname,
|
|
|
224f38 |
uintptr_t * buffer,
|
|
|
224f38 |
uint32_t bufsize,
|
|
|
224f38 |
uint32_t * sysflags);
|
|
|
224f38 |
|
|
|
224f38 |
|
|
|
482851 |
pe_api int32_t pe_load_framework_loader(
|
|
|
482851 |
void ** baseaddr,
|
|
|
482851 |
struct pe_framework_runtime_data * rtdata,
|
|
|
482851 |
uintptr_t * buffer,
|
|
|
482851 |
uint32_t bufsize,
|
|
|
482851 |
uint32_t * flags);
|
|
|
482851 |
|
|
|
482851 |
|
|
|
dab206 |
pe_api int32_t pe_load_framework_loader_ex(
|
|
|
dab206 |
void ** baseaddr,
|
|
|
dab206 |
void ** hroot,
|
|
|
dab206 |
void ** hdsodir,
|
|
|
dab206 |
const struct pe_guid * abi,
|
|
|
dab206 |
const wchar16_t * basename,
|
|
|
dab206 |
const wchar16_t * rrelname,
|
|
|
dab206 |
void * refaddr,
|
|
|
dab206 |
uintptr_t * buffer,
|
|
|
dab206 |
uint32_t bufsize,
|
|
|
dab206 |
uint32_t flags,
|
|
|
dab206 |
uint32_t * sysflags);
|
|
|
dab206 |
|
|
|
dab206 |
|
|
|
6d58d9 |
pe_api int32_t pe_open_image_from_addr(
|
|
|
6d58d9 |
void ** himage,
|
|
|
6d58d9 |
void * addr,
|
|
|
6d58d9 |
uintptr_t * buffer,
|
|
|
29ad40 |
size_t bufsize,
|
|
|
9d2131 |
uint32_t oattr,
|
|
|
6d58d9 |
uint32_t desired_access,
|
|
|
9d2131 |
uint32_t share_access,
|
|
|
6d58d9 |
uint32_t open_options);
|
|
|
6d58d9 |
|
|
|
6d58d9 |
|
|
|
393c20 |
pe_api int32_t pe_open_physical_parent_directory(
|
|
|
393c20 |
void ** hparent,
|
|
|
393c20 |
void * href,
|
|
|
393c20 |
uintptr_t * buffer,
|
|
|
29ad40 |
uint32_t bufsize,
|
|
|
9d2131 |
uint32_t oattr,
|
|
|
393c20 |
uint32_t desired_access,
|
|
|
9d2131 |
uint32_t share_access,
|
|
|
393c20 |
uint32_t open_options);
|
|
|
393c20 |
|
|
|
6d58d9 |
|
|
|
dd1a85 |
pe_api int32_t pe_terminate_current_process(
|
|
|
dd1a85 |
int32_t estatus);
|
|
|
dd1a85 |
|
|
|
dd1a85 |
|
|
|
feffc7 |
#ifdef __cplusplus
|
|
|
feffc7 |
}
|
|
|
feffc7 |
#endif
|
|
|
feffc7 |
|
|
|
feffc7 |
#endif
|