|
|
feffc7 |
#ifndef PEMAGINE_H
|
|
|
feffc7 |
#define PEMAGINE_H
|
|
|
feffc7 |
|
|
|
feffc7 |
#include "pe_api.h"
|
|
|
feffc7 |
#include "pe_consts.h"
|
|
|
feffc7 |
#include "pe_structs.h"
|
|
|
feffc7 |
|
|
|
feffc7 |
#ifdef __cplusplus
|
|
|
feffc7 |
extern "C" {
|
|
|
feffc7 |
#endif
|
|
|
feffc7 |
|
|
|
feffc7 |
enum pe_callback_reason {
|
|
|
feffc7 |
PE_CALLBACK_REASON_INIT = 0x00,
|
|
|
feffc7 |
PE_CALLBACK_REASON_ITEM = 0x01,
|
|
|
feffc7 |
PE_CALLBACK_REASON_INFO = 0x02,
|
|
|
feffc7 |
PE_CALLBACK_REASON_QUERY = 0x04,
|
|
|
feffc7 |
PE_CALLBACK_REASON_DONE = 0x1000,
|
|
|
feffc7 |
PE_CALLBACK_REASON_ERROR = (-1)
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
/* library specific structures */
|
|
|
feffc7 |
struct pe_export_sym {
|
|
|
feffc7 |
uint32_t * ordinal_base;
|
|
|
feffc7 |
uint16_t * ordinal;
|
|
|
feffc7 |
void * addr;
|
|
|
feffc7 |
void * forwarder_rva;
|
|
|
feffc7 |
char * name;
|
|
|
feffc7 |
long status;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_unicode_str {
|
|
|
feffc7 |
uint16_t strlen;
|
|
|
feffc7 |
uint16_t maxlen;
|
|
|
feffc7 |
uint16_t * buffer;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_list_entry {
|
|
|
feffc7 |
struct pe_list_entry * flink;
|
|
|
feffc7 |
struct pe_list_entry * blink;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_client_id {
|
|
|
feffc7 |
uint32_t process_id;
|
|
|
feffc7 |
uint32_t thread_id;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_stack_heap_info {
|
|
|
feffc7 |
size_t size_of_stack_reserve;
|
|
|
feffc7 |
size_t size_of_stack_commit;
|
|
|
feffc7 |
size_t size_of_heap_reserve;
|
|
|
feffc7 |
size_t size_of_heap_commit;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_peb_ldr_data {
|
|
|
feffc7 |
uint32_t length;
|
|
|
feffc7 |
uint32_t initialized;
|
|
|
feffc7 |
void * ss_handle;
|
|
|
feffc7 |
struct pe_list_entry in_load_order_module_list;
|
|
|
feffc7 |
struct pe_list_entry in_memory_order_module_list;
|
|
|
feffc7 |
struct pe_list_entry in_init_order_module_list;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_ldr_tbl_entry {
|
|
|
feffc7 |
struct pe_list_entry in_load_order_links;
|
|
|
feffc7 |
struct pe_list_entry in_memory_order_links;
|
|
|
feffc7 |
struct pe_list_entry in_init_order_links;
|
|
|
feffc7 |
void * dll_base;
|
|
|
feffc7 |
void * entry_point;
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
uint32_t size_of_image;
|
|
|
feffc7 |
unsigned char size_of_image_padding[sizeof(uintptr_t)];
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
struct pe_unicode_str full_dll_name;
|
|
|
feffc7 |
struct pe_unicode_str base_dll_name;
|
|
|
feffc7 |
uint32_t flags;
|
|
|
feffc7 |
uint16_t load_count;
|
|
|
feffc7 |
uint16_t tls_index;
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
struct pe_list_entry hash_links;
|
|
|
feffc7 |
struct {
|
|
|
feffc7 |
void * section_pointer;
|
|
|
feffc7 |
uint32_t check_sum;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
union {
|
|
|
feffc7 |
void * loaded_imports;
|
|
|
feffc7 |
uint32_t time_date_stamp;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
void * entry_point_activation_context;
|
|
|
feffc7 |
void * patch_information;
|
|
|
feffc7 |
struct pe_list_entry forwarder_links;
|
|
|
feffc7 |
struct pe_list_entry service_tag_links;
|
|
|
feffc7 |
struct pe_list_entry static_links;
|
|
|
feffc7 |
void * context_information;
|
|
|
feffc7 |
uintptr_t original_base;
|
|
|
feffc7 |
int64_t load_time;
|
|
|
feffc7 |
};
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
/* static inlined functions */
|
|
|
feffc7 |
static __inline__ void * pe_get_teb_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_address_alt(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_ldr_data_address(void);
|
|
|
feffc7 |
static __inline__ void * pe_get_peb_ldr_data_address_alt(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_process_id(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_thread_id(void);
|
|
|
feffc7 |
static __inline__ uint32_t pe_get_current_session_id(void);
|
|
|
feffc7 |
static __inline__ void * pe_va_from_rva(const void * base, intptr_t offset);
|
|
|
feffc7 |
|
|
|
feffc7 |
#include "pe_inline_asm.h"
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
/**
|
|
|
feffc7 |
* user callback function responses
|
|
|
feffc7 |
*
|
|
|
feffc7 |
* positive: continue enumeration.
|
|
|
feffc7 |
* zero: exit enumeration (ok).
|
|
|
feffc7 |
* negative: exit enumeration (error).
|
|
|
feffc7 |
**/
|
|
|
feffc7 |
|
|
|
feffc7 |
/* callback signatures */
|
|
|
feffc7 |
typedef int pe_enum_modules_callback(
|
|
|
feffc7 |
struct pe_ldr_tbl_entry * image_ldr_tbl_entry,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
feffc7 |
typedef int pe_enum_image_exports_callback(
|
|
|
feffc7 |
const void * base,
|
|
|
149cda |
struct pe_raw_export_hdr * exp_hdr,
|
|
|
feffc7 |
struct pe_export_sym * sym,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
feffc7 |
typedef int pe_enum_image_import_hdrs_callback(
|
|
|
feffc7 |
const void * base,
|
|
|
504536 |
struct pe_raw_import_hdr * imp_hdr,
|
|
|
feffc7 |
enum pe_callback_reason reason,
|
|
|
feffc7 |
void * context);
|
|
|
feffc7 |
|
|
|
feffc7 |
/* library functions */
|
|
|
de5b30 |
pe_api struct pe_raw_image_dos_hdr * pe_get_image_dos_hdr_addr (const void * base);
|
|
|
945985 |
pe_api struct pe_raw_coff_file_hdr * pe_get_image_coff_hdr_addr (const void * base);
|
|
|
fad23f |
pe_api union pe_raw_opt_hdr * pe_get_image_opt_hdr_addr (const void * base);
|
|
|
fb643b |
pe_api struct pe_raw_data_dirs * pe_get_image_data_dirs_addr (const void * base);
|
|
|
9089cb |
pe_api struct pe_raw_sec_hdr * pe_get_image_section_tbl_addr (const void * base);
|
|
|
9089cb |
pe_api struct pe_raw_sec_hdr * pe_get_image_named_section_addr (const void * base, const char * name);
|
|
|
149cda |
pe_api struct pe_raw_export_hdr * pe_get_image_export_hdr_addr (const void * base, uint32_t * sec_size);
|
|
|
504536 |
pe_api struct pe_raw_import_hdr * pe_get_image_import_dir_addr (const void * base, uint32_t * sec_size);
|
|
|
70b202 |
pe_api void * pe_get_image_special_hdr_addr (const void * base, uint32_t ordinal, uint32_t * sec_size);
|
|
|
70b202 |
pe_api void * pe_get_image_entry_point_addr (const void * base);
|
|
|
70b202 |
pe_api int pe_get_image_stack_heap_info (const void * base, struct pe_stack_heap_info *);
|
|
|
70b202 |
|
|
|
70b202 |
pe_api void * pe_get_procedure_address (const void * base, const char * name);
|
|
|
70b202 |
pe_api int pe_get_export_symbol_info (const void * base, const char * name, struct pe_export_sym *);
|
|
|
70b202 |
pe_api int pe_enum_image_exports (const void * base,
|
|
|
70b202 |
pe_enum_image_exports_callback *,
|
|
|
70b202 |
struct pe_export_sym *,
|
|
|
70b202 |
void * ctx);
|
|
|
70b202 |
|
|
|
70b202 |
pe_api int pe_enum_image_import_hdrs (const void * base,
|
|
|
70b202 |
pe_enum_image_import_hdrs_callback *,
|
|
|
70b202 |
void * ctx);
|
|
|
70b202 |
|
|
|
70b202 |
pe_api char * pe_get_symbol_name (const void * base, const void * sym_addr);
|
|
|
70b202 |
pe_api struct pe_ldr_tbl_entry * pe_get_symbol_module_info (const void * sym_addr);
|
|
|
70b202 |
pe_api char * pe_get_import_symbol_info (const void * sym_addr,
|
|
|
70b202 |
struct pe_ldr_tbl_entry ** ldr_tbl_entry);
|
|
|
70b202 |
|
|
|
70b202 |
pe_api int pe_enum_modules_in_load_order (pe_enum_modules_callback *, void * ctx);
|
|
|
70b202 |
pe_api int pe_enum_modules_in_memory_order (pe_enum_modules_callback *, void * ctx);
|
|
|
70b202 |
pe_api int pe_enum_modules_in_init_order (pe_enum_modules_callback *, void * ctx);
|
|
|
70b202 |
pe_api void * pe_get_module_handle (const wchar16_t * name);
|
|
|
70b202 |
pe_api void * pe_get_first_module_handle (void);
|
|
|
70b202 |
pe_api void * pe_get_ntdll_module_handle (void);
|
|
|
70b202 |
pe_api void * pe_get_kernel32_module_handle (void);
|
|
|
feffc7 |
|
|
|
feffc7 |
|
|
|
feffc7 |
#ifdef __cplusplus
|
|
|
feffc7 |
}
|
|
|
feffc7 |
#endif
|
|
|
feffc7 |
|
|
|
feffc7 |
#endif
|