libPeConv
A library to load, manipulate, dump PE files.
Loading...
Searching...
No Matches
imports_loader.h
Go to the documentation of this file.
1
6#pragma once
7
8#include <windows.h>
9#include <set>
10
11#include "pe_hdrs_helper.h"
12#include "function_resolver.h"
13#include "exports_mapper.h"
14
15namespace peconv {
16
20 class ImportThunksCallback
21 {
22 public:
23 ImportThunksCallback(BYTE* _modulePtr, size_t _moduleSize)
24 : modulePtr(_modulePtr), moduleSize(_moduleSize)
25 {
26 this->is64b = is64bit((BYTE*)modulePtr);
27 }
28
29 virtual ~ImportThunksCallback() {}
30
38 virtual bool processThunks(LPSTR libName, ULONG_PTR origFirstThunkPtr, ULONG_PTR firstThunkPtr) = 0;
39
40 protected:
41 BYTE* modulePtr;
42 size_t moduleSize;
43 bool is64b;
44 };
45
46 //--
47 class ImportsCollection {
48 public:
49 ImportsCollection() {}
50
51 ~ImportsCollection()
52 {
53 clear();
54 }
55
56 void clear()
57 {
58 std::map<DWORD, peconv::ExportedFunc*>::iterator it;
59 for (it = thunkToFunc.begin(); it != thunkToFunc.end(); ++it) {
60 delete it->second;
61 }
62 thunkToFunc.clear();
63 }
64
65 size_t size() const
66 {
67 return thunkToFunc.size();
68 }
69
70 public:
71 std::map<DWORD, peconv::ExportedFunc*> thunkToFunc;
72
73 private:
74 // not implemented: no copying of the structure allowed
75 ImportsCollection(const ImportsCollection&);
76 ImportsCollection& operator=(const ImportsCollection&);
77 };
78
79
87 bool process_import_table(IN BYTE* modulePtr, IN SIZE_T moduleSize, IN ImportThunksCallback *callback);
88
95 bool load_imports(BYTE* modulePtr, t_function_resolver* func_resolver=nullptr);
96
100 bool has_valid_import_table(const PBYTE modulePtr, size_t moduleSize, size_t max_count = 0);
101
106 bool is_valid_import_name(const PBYTE modulePtr, const size_t moduleSize, LPSTR lib_name);
107
111 bool collect_thunks(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT std::set<DWORD>& thunk_rvas);
112
113 bool collect_imports(IN BYTE* modulePtr, IN SIZE_T moduleSize, OUT ImportsCollection &collection);
114
115}; // namespace peconv
peconv::ImportThunksCallback::processThunks
virtual bool processThunks(LPSTR libName, ULONG_PTR origFirstThunkPtr, ULONG_PTR firstThunkPtr)=0
peconv::ImportThunksCallback::ImportThunksCallback
ImportThunksCallback(BYTE *_modulePtr, size_t _moduleSize)
Definition: imports_loader.h:23
peconv::ImportsCollection::thunkToFunc
std::map< DWORD, peconv::ExportedFunc * > thunkToFunc
Definition: imports_loader.h:71
peconv::t_function_resolver
Definition: function_resolver.h:16
exports_mapper.h
A definition of ExportsMapper class. Creates a lookup of all the exported functions from the supplied...
function_resolver.h
Definitions of basic Imports Resolver classes. They can be used for filling imports when the PE is lo...
peconv::has_valid_import_table
bool has_valid_import_table(const PBYTE modulePtr, size_t moduleSize, size_t max_count=0)
Definition: imports_loader.cpp:388
peconv::process_import_table
bool process_import_table(IN BYTE *modulePtr, IN SIZE_T moduleSize, IN ImportThunksCallback *callback)
Definition: imports_loader.cpp:274
peconv::collect_thunks
bool collect_thunks(IN BYTE *modulePtr, IN SIZE_T moduleSize, OUT std::set< DWORD > &thunk_rvas)
Definition: imports_loader.cpp:396
peconv::is64bit
bool is64bit(IN const BYTE *pe_buffer)
Definition: pe_hdrs_helper.cpp:117
peconv::is_valid_import_name
bool is_valid_import_name(const PBYTE modulePtr, const size_t moduleSize, LPSTR lib_name)
Definition: imports_loader.cpp:318
peconv::collect_imports
bool collect_imports(IN BYTE *modulePtr, IN SIZE_T moduleSize, OUT ImportsCollection &collection)
Definition: imports_loader.cpp:402
peconv::load_imports
bool load_imports(BYTE *modulePtr, t_function_resolver *func_resolver=nullptr)
Definition: imports_loader.cpp:293
pe_hdrs_helper.h
Wrappers over various fields in the PE header. Read, write, parse PE headers.
Generated on Tue Apr 14 2026 13:01:06 for libPeConv by doxygen 1.9.5