libPeConv
A library to load, manipulate, dump PE files.
Loading...
Searching...
No Matches
imports_loader.h
Go to the documentation of this file.
1
6#pragma once
7
8#include <windows.h>
9#include <set>
10
11#include "pe_hdrs_helper.h"
12#include "function_resolver.h"
13#include "exports_mapper.h"
14
15namespace peconv {
16
20 class ImportThunksCallback
21 {
22 public:
23 ImportThunksCallback(BYTE* _modulePtr, size_t _moduleSize)
24 : modulePtr(_modulePtr), moduleSize(_moduleSize)
25 {
26 this->is64b = is64bit((BYTE*)modulePtr);
27 }
28
36 virtual bool processThunks(LPSTR libName, ULONG_PTR origFirstThunkPtr, ULONG_PTR firstThunkPtr) = 0;
37
38 protected:
39 BYTE* modulePtr;
40 size_t moduleSize;
41 bool is64b;
42 };
43
44
45 struct ImportsCollection
46 {
47 public:
48 ImportsCollection() {};
49 ~ImportsCollection()
50 {
51 std::map<DWORD, peconv::ExportedFunc*>::iterator itr;
52 for (itr = thunkToFunc.begin(); itr != thunkToFunc.end(); ++itr) {
53 peconv::ExportedFunc* exp = itr->second;
54 if (!exp) continue;
55 delete exp;
56 }
57 thunkToFunc.clear();
58 }
59
60 size_t size()
61 {
62 return thunkToFunc.size();
63 }
64
65 std::map<DWORD, peconv::ExportedFunc*> thunkToFunc;
66 };
67
75 bool process_import_table(IN BYTE* modulePtr, IN SIZE_T moduleSize, IN ImportThunksCallback *callback);
76
83 bool load_imports(BYTE* modulePtr, t_function_resolver* func_resolver=nullptr);
84
88 bool has_valid_import_table(const PBYTE modulePtr, size_t moduleSize);
89
94 bool is_valid_import_name(const PBYTE modulePtr, const size_t moduleSize, LPSTR lib_name);
95
99 bool collect_thunks(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT std::set<DWORD>& thunk_rvas);
100
101 bool collect_imports(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT ImportsCollection &collection);
102
103}; // namespace peconv
peconv::ImportThunksCallback::processThunks
virtual bool processThunks(LPSTR libName, ULONG_PTR origFirstThunkPtr, ULONG_PTR firstThunkPtr)=0
peconv::ImportThunksCallback::ImportThunksCallback
ImportThunksCallback(BYTE *_modulePtr, size_t _moduleSize)
Definition imports_loader.h:23
peconv::t_function_resolver
Definition function_resolver.h:14
exports_mapper.h
A definition of ExportsMapper class. Creates a lookup of all the exported functions from the supplied...
function_resolver.h
Definitions of basic Imports Resolver classes. They can be used for filling imports when the PE is lo...
peconv::has_valid_import_table
bool has_valid_import_table(const PBYTE modulePtr, size_t moduleSize)
Definition imports_loader.cpp:330
peconv::process_import_table
bool process_import_table(IN BYTE *modulePtr, IN SIZE_T moduleSize, IN ImportThunksCallback *callback)
Definition imports_loader.cpp:269
peconv::collect_thunks
bool collect_thunks(IN BYTE *modulePtr, IN SIZE_T moduleSize, OUT std::set< DWORD > &thunk_rvas)
Definition imports_loader.cpp:370
peconv::is64bit
bool is64bit(IN const BYTE *pe_buffer)
Definition pe_hdrs_helper.cpp:121
peconv::is_valid_import_name
bool is_valid_import_name(const PBYTE modulePtr, const size_t moduleSize, LPSTR lib_name)
Definition imports_loader.cpp:313
peconv::collect_imports
bool collect_imports(IN BYTE *modulePtr, IN SIZE_T moduleSize, OUT ImportsCollection &collection)
Definition imports_loader.cpp:376
peconv::load_imports
bool load_imports(BYTE *modulePtr, t_function_resolver *func_resolver=nullptr)
Definition imports_loader.cpp:288
pe_hdrs_helper.h
Wrappers over various fields in the PE header. Read, write, parse PE headers.
peconv::ImportsCollection::thunkToFunc
std::map< DWORD, peconv::ExportedFunc * > thunkToFunc
Definition imports_loader.h:65
Generated on Thu Apr 11 2024 16:32:36 for libPeConv by doxygen 1.10.0