From c9e48c5e9eddfe5b7a895fb3940c41ccf75d3e93 Mon Sep 17 00:00:00 2001 From: auth12 <67507608+auth12@users.noreply.github.com> Date: Mon, 20 Jul 2020 03:09:25 -0700 Subject: Syscalls. Removed asmjit submodule and embedded it instead. Small PE wrapper. --- client/src/util/util.cpp | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 client/src/util/util.cpp (limited to 'client/src/util/util.cpp') diff --git a/client/src/util/util.cpp b/client/src/util/util.cpp new file mode 100644 index 0000000..a23c03c --- /dev/null +++ b/client/src/util/util.cpp @@ -0,0 +1,52 @@ +#include "../include.h" +#include "io.h" +#include "util.h" + +std::unordered_map util::loaded_modules; + +std::string util::wide_to_multibyte(const std::wstring &str) { + std::string ret; + int32_t str_len; + + // check if not empty str + if (str.empty()) + return{}; + + // count size + str_len = WideCharToMultiByte(CP_UTF8, 0, &str[0], (int32_t) str.size(), 0, 0, 0, 0); + + // setup return value + ret = std::string(str_len, 0); + + // final conversion + WideCharToMultiByte(CP_UTF8, 0, &str[0], (int32_t) str.size(), &ret[0], str_len, 0, 0); + + return ret; +} + + +native::_PEB* util::get_peb() { + return reinterpret_cast(__readgsqword(0x60)); +} + +bool util::init() { + auto peb = get_peb(); + if (!peb) return false; + + if (!peb->Ldr->InMemoryOrderModuleList.Flink) return false; + + auto* list = &peb->Ldr->InMemoryOrderModuleList; + + for (auto i = list->Flink; i != list; i = i->Flink) { + auto entry = CONTAINING_RECORD(i, native::LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks); + if (!entry) + continue; + + auto name = wide_to_multibyte(entry->BaseDllName.Buffer); + std::transform(name.begin(), name.end(), name.begin(), ::tolower); + + loaded_modules[name] = pe::image(entry->DllBase); + } + + return true; +} -- cgit v1.2.3