blob: f50192bf19171ee8c6c5a5d9a26c3734c83a38b2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
#pragma once
namespace util {
struct module_data_t {
std::string name;
uintptr_t base;
size_t size;
std::string full_path;
};
std::string to_multibyte(std::wstring_view str) {
return std::filesystem::path(str.data()).string();
}
std::wstring to_wide(std::string_view str) {
return std::filesystem::path(str.data()).wstring();
}
TEB* get_teb() {
return reinterpret_cast<TEB*>(__readgsqword(0x30));
}
std::vector<module_data_t> get_modules() {
std::vector<module_data_t> ret{};
auto* list = &get_teb()->ProcessEnvironmentBlock->Ldr->InMemoryOrderModuleList;
for (auto i = list->Flink; i != list; i = i->Flink) {
auto entry = CONTAINING_RECORD(i, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
if (!entry)
continue;
auto name = util::to_multibyte(entry->BaseDllName.Buffer);
std::transform(name.begin(), name.end(), name.begin(), tolower);
auto full_path = util::to_multibyte(entry->FullDllName.Buffer);
ret.emplace_back(module_data_t{name, uintptr_t(entry->DllBase), entry->SizeOfImage, full_path});
}
return ret;
}
};
namespace x64 {
enum inst : uint8_t {
retn = 0xC3,
mov_imm16 = 0xB8,
nop = 0x90,
test_imm8 = 0xF6
};
};
|