imports_loader.h

Go to the documentation of this file.

 
#pragma once
 
#include <windows.h>
#include <set>
 
#include "pe_hdrs_helper.h"
#include "function_resolver.h"
#include "exports_mapper.h"
 
namespace peconv {
 
    class ImportThunksCallback
    {
    public:
        ImportThunksCallback(BYTE* _modulePtr, size_t _moduleSize)
            : modulePtr(_modulePtr), moduleSize(_moduleSize)
        {
            this->is64b = is64bit((BYTE*)modulePtr);
        }
 
        virtual bool processThunks(LPSTR libName, ULONG_PTR origFirstThunkPtr, ULONG_PTR firstThunkPtr) = 0;
 
    protected:
        BYTE* modulePtr;
        size_t moduleSize;
        bool is64b;
    };
 
 
    struct ImportsCollection
    {
    public:
        ImportsCollection() {};
        ~ImportsCollection()
        {
            std::map<DWORD, peconv::ExportedFunc*>::iterator itr;
            for (itr = thunkToFunc.begin(); itr != thunkToFunc.end(); ++itr) {
                peconv::ExportedFunc* exp = itr->second;
                if (!exp) continue;
                delete exp;
            }
            thunkToFunc.clear();
        }
 
        size_t size()
        {
            return thunkToFunc.size();
        }
 
        std::map<DWORD, peconv::ExportedFunc*> thunkToFunc;
    };
 
    bool process_import_table(IN BYTE* modulePtr, IN SIZE_T moduleSize, IN ImportThunksCallback *callback);
 
    bool load_imports(BYTE* modulePtr, t_function_resolver* func_resolver=nullptr);
 
    bool has_valid_import_table(const PBYTE modulePtr, size_t moduleSize);
 
    bool is_valid_import_name(const PBYTE modulePtr, const size_t moduleSize, LPSTR lib_name);
 
    bool collect_thunks(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT std::set<DWORD>& thunk_rvas);
 
    bool collect_imports(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT ImportsCollection &collection);
 
}; // namespace peconv