#include <exports_mapper.h>
Public Member Functions | |
| size_t | add_to_lookup (std::string moduleName, HMODULE modulePtr, size_t moduleSize, ULONGLONG moduleBase) |
| size_t | add_to_lookup (std::string moduleName, HMODULE modulePtr, ULONGLONG moduleBase) |
| size_t | add_to_lookup (std::string moduleName, HMODULE modulePtr) |
| const std::set< ExportedFunc > * | find_exports_by_va (ULONGLONG va) const |
| ULONGLONG | find_dll_base_by_func_va (ULONGLONG func_rva) const |
| std::string | get_dll_path (ULONGLONG base) const |
| std::string | get_dll_path (std::string short_name) const |
| size_t | get_dll_paths (IN std::string short_name, OUT std::set< std::string > &paths) const |
| std::string | get_dll_fullname (std::string short_name) const |
| const ExportedFunc * | find_export_by_va (ULONGLONG va) const |
| void | print_va_to_func (std::stringstream &stream) const |
| void | print_func_to_va (std::stringstream &stream) const |
Protected Member Functions | |
| void | associateVaAndFunc (ULONGLONG va, const ExportedFunc &func) |
Protected Attributes | |
| std::map< ULONGLONG, std::set< ExportedFunc > > | va_to_func |
| std::map< ExportedFunc, std::set< ExportedFunc > > | forwarders_lookup |
| std::map< ExportedFunc, ULONGLONG > | func_to_va |
| std::map< std::string, std::set< ULONGLONG > > | dll_shortname_to_base |
| std::map< ULONGLONG, DllInfo > | dll_base_to_info |
Detailed Description
Definition at line 61 of file exports_mapper.h.
Member Function Documentation
◆ add_to_lookup() [1/3]
Appends the given DLL to the lookup table of exported functions. Returns the number of functions exported from this DLL (not forwarded). Assumes that the module was relocated to the same address as is the address of the given buffer (modulePtr). (A wrapper for the case if we are adding a DLL that was loaded within the current process.)
- Parameters
-
moduleName : name of the DLL modulePtr : buffer containing the DLL in a Virtual format.
Definition at line 92 of file exports_mapper.h.
◆ add_to_lookup() [2/3]
| size_t ExportsMapper::add_to_lookup | ( | std::string | moduleName, |
| HMODULE | modulePtr, | ||
| size_t | moduleSize, | ||
| ULONGLONG | moduleBase ) |
Appends the given DLL to the lookup table of exported functions. Returns the number of functions exported from this DLL (not forwarded).
- Parameters
-
moduleName : name of the DLL modulePtr : buffer containing the DLL in a Virtual format moduleSize : size of the DLL buffer. If moduleSize == 0, the ImageSize from the PE headers will be used. moduleBase : a base address to which the given DLL was relocated
Definition at line 200 of file exports_mapper.cpp.
◆ add_to_lookup() [3/3]
|
inline |
Appends the given DLL to the lookup table of exported functions. Returns the number of functions exported from this DLL (not forwarded).
- Parameters
-
moduleName : name of the DLL modulePtr : buffer containing the DLL in a Virtual format moduleBase : a base address to which the given DLL was relocated
Definition at line 80 of file exports_mapper.h.
◆ associateVaAndFunc()
|
inlineprotected |
Add a function and a VA into a mutual mapping.
Definition at line 195 of file exports_mapper.h.
◆ find_dll_base_by_func_va()
Retrieve the base of the DLL containing the given function. If not found, returns 0.
Definition at line 113 of file exports_mapper.h.
◆ find_export_by_va()
|
inline |
Find an Exported Function that can be mapped to the given VA,
Definition at line 167 of file exports_mapper.h.
◆ find_exports_by_va()
|
inline |
Find the set of Exported Functions that can be mapped to the given VA. Includes forwarders, and function aliases.
Definition at line 100 of file exports_mapper.h.
◆ get_dll_fullname()
|
inline |
Retrieve the full name of the DLL (including the extension) using its short name (without the extension).
Definition at line 156 of file exports_mapper.h.
◆ get_dll_path() [1/2]
| std::string ExportsMapper::get_dll_path | ( | std::string | short_name | ) | const |
Retrieve the path of the DLL with the given short name. If multiple paths are mapped to the same short name, it retrieves the first one.
Definition at line 293 of file exports_mapper.cpp.
◆ get_dll_path() [2/2]
|
inline |
Retrieve the full path of the DLL with the given module base.
Definition at line 133 of file exports_mapper.h.
◆ get_dll_paths()
| size_t ExportsMapper::get_dll_paths | ( | IN std::string | short_name, |
| OUT std::set< std::string > & | paths ) const |
Retrieve the paths of the DLL with the given short name.
Definition at line 275 of file exports_mapper.cpp.
◆ print_func_to_va()
| void ExportsMapper::print_func_to_va | ( | std::stringstream & | stream | ) | const |
◆ print_va_to_func()
| void ExportsMapper::print_va_to_func | ( | std::stringstream & | stream | ) | const |
Member Data Documentation
◆ dll_base_to_info
Definition at line 221 of file exports_mapper.h.
◆ dll_shortname_to_base
|
protected |
A map associating DLL shortname with the base(s) at which it was mapped
Definition at line 219 of file exports_mapper.h.
◆ forwarders_lookup
|
protected |
A map associating an exported functions with its forwarders.
Definition at line 209 of file exports_mapper.h.
◆ func_to_va
|
protected |
A map associating an exported functions with its VA.
Definition at line 214 of file exports_mapper.h.
◆ va_to_func
|
protected |
A map associating VA of the function with the related exports.
Definition at line 204 of file exports_mapper.h.
The documentation for this class was generated from the following files:
- libpeconv/include/peconv/exports_mapper.h
- libpeconv/src/exports_mapper.cpp
