runtime / pemagine

Clone
Source Code
GIT

Files

  1.   6c37e4684ea8a93f4d8e20b856c1fae13581b49b
  2.   include
  3.   pemagine
  4.   pemagine.h
Blob Blame History Raw 
#ifndef PEMAGINE_H
#define PEMAGINE_H

#include "pe_api.h"
#include "pe_consts.h"
#include "pe_structs.h"
#include "pe_ldso.h"

#ifdef __cplusplus
extern "C" {
#endif

enum pe_callback_reason {
	PE_CALLBACK_REASON_INIT		= 0x00,
	PE_CALLBACK_REASON_ITEM		= 0x01,
	PE_CALLBACK_REASON_INFO		= 0x02,
	PE_CALLBACK_REASON_QUERY	= 0x04,
	PE_CALLBACK_REASON_DONE		= 0x1000,
	PE_CALLBACK_REASON_ERROR	= (-1)
};


/* ldso flags */
#define PE_LDSO_INTEGRAL_ONLY		0x00000000
#define PE_LDSO_DEFAULT_EXECUTABLE	0x00000001
#define PE_LDSO_STANDALONE_EXECUTABLE	0x00000002


/* library specific structures */
struct pe_export_sym {
	uint32_t *	ordinal_base;
	uint16_t *	ordinal;
	void *		addr;
	void *		forwarder_rva;
	char *		name;
	long		status;
};


struct pe_guid {
	uint32_t	data1;
	uint16_t	data2;
	uint16_t	data3;
	unsigned char	data4[8];
};


struct pe_guid_str_utf16 {
	wchar16_t	lbrace;
	wchar16_t	group1[8];
	wchar16_t	dash1;
	wchar16_t	group2[4];
	wchar16_t	dash2;
	wchar16_t	group3[4];
	wchar16_t	dash3;
	wchar16_t	group4[4];
	wchar16_t	dash4;
	wchar16_t	group5[12];
	wchar16_t	rbrace;
};


struct pe_unicode_str {
	uint16_t	strlen;
	uint16_t	maxlen;
	uint16_t *	buffer;
};


struct pe_list_entry {
	struct pe_list_entry *	flink;
	struct pe_list_entry *	blink;
};


struct pe_client_id {
	uint32_t	process_id;
	uint32_t	thread_id;
};


struct pe_stack_heap_info {
	size_t size_of_stack_reserve;
	size_t size_of_stack_commit;
	size_t size_of_heap_reserve;
	size_t size_of_heap_commit;
};


struct pe_peb_ldr_data {
	uint32_t		length;
	uint32_t		initialized;
	void *			ss_handle;
	struct pe_list_entry	in_load_order_module_list;
	struct pe_list_entry	in_memory_order_module_list;
	struct pe_list_entry	in_init_order_module_list;
};


struct pe_ldr_tbl_entry {
	struct pe_list_entry	in_load_order_links;
	struct pe_list_entry	in_memory_order_links;
	struct pe_list_entry	in_init_order_links;
	void *			dll_base;
	void *			entry_point;

	union {
		uint32_t	size_of_image;
		unsigned char	size_of_image_padding[sizeof(uintptr_t)];
	};

	struct pe_unicode_str	full_dll_name;
	struct pe_unicode_str	base_dll_name;
	uint32_t		flags;
	uint16_t		load_count;
	uint16_t		tls_index;

	union {
		struct pe_list_entry	hash_links;
		struct {
			void *		section_pointer;
			uint32_t	check_sum;
		};
	};

	union {
		void *		loaded_imports;
		uint32_t	time_date_stamp;
	};

	void *			entry_point_activation_context;
	void *			patch_information;
	struct pe_list_entry	forwarder_links;
	struct pe_list_entry	service_tag_links;
	struct pe_list_entry	static_links;
	void *			context_information;
	uintptr_t		original_base;
	int64_t			load_time;
};


struct pe_framework_runtime_data {
	void *		hself;
	void *		hparent;
	void *		himage;
	void *		hroot;
	void *		hdsodir;
	void *		hloader;
	void *		hcwd;
	void *		hdrive;
	struct pe_guid	abi;
};


/*  static inlined functions */
static __inline__ void *	pe_get_teb_address(void);
static __inline__ void *	pe_get_peb_address(void);
static __inline__ void *	pe_get_peb_address_alt(void);
static __inline__ void *	pe_get_peb_ldr_data_address(void);
static __inline__ void *	pe_get_peb_ldr_data_address_alt(void);
static __inline__ uint32_t	pe_get_current_process_id(void);
static __inline__ uint32_t	pe_get_current_thread_id(void);
static __inline__ uint32_t	pe_get_current_session_id(void);
static __inline__ void *	pe_va_from_rva(const void * base, intptr_t offset);

#include "pe_inline_asm.h"


/**
 * user callback function responses
 *
 * positive: continue enumeration.
 * zero:     exit enumeration (ok).
 * negative: exit enumeration (error).
**/

/* callback signatures */
typedef int pe_enum_modules_callback(
	struct pe_ldr_tbl_entry *	image_ldr_tbl_entry,
	enum pe_callback_reason		reason,
	void *				context);

typedef int pe_enum_image_exports_callback(
	const void *			base,
	struct pe_raw_export_hdr *	exp_hdr,
	struct pe_export_sym  *		sym,
	enum pe_callback_reason		reason,
	void *				context);

typedef int pe_enum_image_import_hdrs_callback(
	const void *			base,
	struct pe_raw_import_hdr *	imp_hdr,
	enum pe_callback_reason		reason,
	void *				context);

/* image: low-level api */
pe_api struct pe_raw_image_dos_hdr *	pe_get_image_dos_hdr_addr	(const void * base);
pe_api struct pe_raw_coff_image_hdr *	pe_get_image_coff_hdr_addr	(const void * base);
pe_api union  pe_raw_opt_hdr *		pe_get_image_opt_hdr_addr	(const void * base);
pe_api struct pe_raw_data_dirs *	pe_get_image_data_dirs_addr	(const void * base);
pe_api struct pe_raw_sec_hdr *		pe_get_image_section_tbl_addr	(const void * base);
pe_api struct pe_raw_sec_hdr *		pe_get_image_named_section_addr	(const void * base, const char * name);
pe_api struct pe_raw_export_hdr *	pe_get_image_export_hdr_addr	(const void * base, uint32_t * sec_size);
pe_api struct pe_raw_import_hdr *	pe_get_image_import_dir_addr	(const void * base, uint32_t * sec_size);

/* image: high-level api */
pe_api void *				pe_get_image_entry_point_addr	(const void * base);
pe_api void *				pe_get_image_special_hdr_addr	(const void * base, uint32_t ordinal, uint32_t * sec_size);
pe_api int				pe_get_image_stack_heap_info	(const void * base, struct pe_stack_heap_info *);

/* image: exports api */
pe_api char *				pe_get_symbol_name		(const void * base, const void * sym_addr);
pe_api struct pe_ldr_tbl_entry *	pe_get_symbol_module_info	(const void * sym_addr);
pe_api void *				pe_get_procedure_address	(const void * base, const char * name);
pe_api int				pe_get_export_symbol_info	(const void * base, const char * name, struct pe_export_sym *);
pe_api int				pe_enum_image_exports		(const void * base,
									 pe_enum_image_exports_callback *,
									 struct pe_export_sym *,
									 void * ctx);

/* image: imports api */
pe_api char *				pe_get_import_symbol_info	(const void * sym_addr,
									 struct pe_ldr_tbl_entry ** ldr_tbl_entry);

pe_api int				pe_enum_image_import_hdrs	(const void * base,
									 pe_enum_image_import_hdrs_callback *,
									 void * ctx);

/* process: address space api */
pe_api int				pe_enum_modules_in_load_order	(pe_enum_modules_callback *, void * ctx);
pe_api int				pe_enum_modules_in_memory_order	(pe_enum_modules_callback *, void * ctx);
pe_api int				pe_enum_modules_in_init_order	(pe_enum_modules_callback *, void * ctx);
pe_api void *				pe_get_module_handle		(const uint16_t * name);
pe_api void *				pe_get_first_module_handle	(void);

/* process: system api */
pe_api void *				pe_get_ntdll_module_handle	(void);
pe_api void *				pe_get_kernel32_module_handle	(void);


/* ldso */
pe_api wchar16_t *			pe_get_peb_command_line(void);
pe_api wchar16_t *			pe_get_peb_environment_block(void);

pe_api int32_t				pe_get_framework_runtime_data(
						struct pe_framework_runtime_data **	rtdata,
						const wchar16_t *			cmdline,
						const struct pe_guid *			abi);

pe_api int32_t				pe_find_framework_loader(
						struct pe_framework_runtime_data *	rtdata,
						const wchar16_t *			basename,
						const wchar16_t *			rrelname,
						void *					refaddr,
						uintptr_t *				buffer,
						uint32_t				bufsize,
						uint32_t				flags);


pe_api int32_t 				pe_load_framework_library(
						void **					baseaddr,
						void *					hat,
						const wchar16_t *			atrelname,
						uintptr_t *				buffer,
						uint32_t				bufsize,
						uint32_t *				sysflags);


pe_api int32_t				pe_load_framework_loader(
						void **					baseaddr,
						struct pe_framework_runtime_data *	rtdata,
						uintptr_t *				buffer,
						uint32_t				bufsize,
						uint32_t *				flags);


pe_api int32_t 				pe_load_framework_loader_ex(
						void **					baseaddr,
						void **					hroot,
						void **					hdsodir,
						const struct pe_guid *			abi,
						const wchar16_t *			basename,
						const wchar16_t *			rrelname,
						void *					refaddr,
						uintptr_t *				buffer,
						uint32_t				bufsize,
						uint32_t				flags,
						uint32_t *				sysflags);


pe_api int32_t				pe_open_image_from_addr(
						void **			himage,
						void *			addr,
						uintptr_t *		buffer,
						uint32_t		buffer_size,
						uint32_t		oattr,
						uint32_t		desired_access,
						uint32_t		share_access,
						uint32_t		open_options);


pe_api int32_t				pe_open_physical_parent_directory(
						void **		hparent,
						void *		href,
						uintptr_t *	buffer,
						uint32_t	buffer_size,
						uint32_t	oattr,
						uint32_t	desired_access,
						uint32_t	share_access,
						uint32_t	open_options);


pe_api int32_t				pe_terminate_current_process(
						int32_t		estatus);


#ifdef __cplusplus
}
#endif

#endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation | About

© Red Hat, Inc. and others.