blob: b5f9faad8a5952374e7de123571fbeede5c578d2 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#pragma once
namespace pe {
class virtual_image {
std::unordered_map<std::string, uintptr_t> m_exports;
IMAGE_NT_HEADERS64* m_nt;
uintptr_t m_base;
bool m_valid;
public:
virtual_image() : m_nt{ nullptr }, m_valid{ false }, m_base{ 0 } {};
virtual_image(const uintptr_t base) : m_valid{ false }, m_base{ base }, m_nt{ nullptr } {
auto dos = reinterpret_cast<IMAGE_DOS_HEADER*>(base);
if (!dos || dos->e_magic != IMAGE_DOS_SIGNATURE) {
return;
}
m_nt = reinterpret_cast<IMAGE_NT_HEADERS64*>(base + dos->e_lfanew);
if (m_nt->Signature != IMAGE_NT_SIGNATURE) {
return;
}
m_valid = true;
}
void parse_exports() {
auto dir = m_nt->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
auto exp =
reinterpret_cast<IMAGE_EXPORT_DIRECTORY*>(m_base + dir.VirtualAddress);
if (exp->NumberOfFunctions == 0) return;
auto names = reinterpret_cast<uint32_t*>(m_base + exp->AddressOfNames);
auto funcs = reinterpret_cast<uint32_t*>(m_base + exp->AddressOfFunctions);
auto ords =
reinterpret_cast<uint16_t*>(m_base + exp->AddressOfNameOrdinals);
if (!names || !funcs || !ords) return;
for (size_t i{}; i < exp->NumberOfFunctions; i++) {
uintptr_t va = m_base + funcs[ords[i]];
std::string name = reinterpret_cast<const char*>(m_base + names[i]);
m_exports[name] = va;
}
}
auto& exports() { return m_exports; }
operator bool() { return m_valid; }
};
}; // namespace pe
|