libPeConv
A library to load, manipulate, dump PE files.
Loading...
Searching...
No Matches
imports_uneraser.h
Go to the documentation of this file.
1
6#pragma once
7
8#include <windows.h>
9
10#include <string>
11
12#include <set>
13#include <map>
14
15#include <iterator>
16#include "fix_imports.h"
17#include "caves.h"
18
19namespace peconv {
20
24 class ImportsUneraser
25 {
26 public:
27 ImportsUneraser(PVOID _modulePtr, size_t _moduleSize)
28 : modulePtr((PBYTE)_modulePtr), moduleSize(_moduleSize)
29 {
30 is64 = peconv::is64bit((BYTE*)modulePtr);
31 }
32
33 virtual ~ImportsUneraser() {}
34
43 bool uneraseDllImports(IN OUT IMAGE_IMPORT_DESCRIPTOR* lib_desc, IN ImportedDllCoverage &dllCoverage, OUT OPTIONAL ImpsNotCovered* not_covered);
44
48 bool uneraseDllName(IMAGE_IMPORT_DESCRIPTOR* lib_desc, const std::string &dll_name);
49
50 protected:
57 bool writeFoundDllName(IMAGE_IMPORT_DESCRIPTOR* lib_desc, const std::string &dll_name);
58
68 template <typename FIELD_T, typename IMAGE_THUNK_DATA_T>
69 bool fillImportNames(IN OUT IMAGE_IMPORT_DESCRIPTOR* lib_desc,
70 IN const FIELD_T ordinal_flag,
71 IN std::map<ULONGLONG, std::set<ExportedFunc>> &addr_to_func,
72 OUT OPTIONAL ImpsNotCovered* not_covered
73 );
74
75 template <typename FIELD_T>
76 bool findNameInBinaryAndFill(IMAGE_IMPORT_DESCRIPTOR* lib_desc,
77 LPVOID call_via_ptr,
78 LPVOID thunk_ptr,
79 const FIELD_T ordinal_flag,
80 std::map<ULONGLONG, std::set<ExportedFunc>> &addr_to_func
81 );
82
89 template <typename FIELD_T, typename IMAGE_THUNK_DATA_T>
90 bool writeFoundFunction(IMAGE_THUNK_DATA_T* desc, const FIELD_T ordinal_flag, const ExportedFunc &foundFunc);
91
92 PBYTE modulePtr;
93 size_t moduleSize;
94 bool is64;
95 };
96}
caves.h
Functions related to finding caves in the loaded PE file.
peconv::ImportsUneraser::writeFoundDllName
bool writeFoundDllName(IMAGE_IMPORT_DESCRIPTOR *lib_desc, const std::string &dll_name)
Definition: imports_uneraser.cpp:21
peconv::ImportsUneraser::ImportsUneraser
ImportsUneraser(PVOID _modulePtr, size_t _moduleSize)
Definition: imports_uneraser.h:27
peconv::ImportsUneraser::fillImportNames
bool fillImportNames(IN OUT IMAGE_IMPORT_DESCRIPTOR *lib_desc, IN const FIELD_T ordinal_flag, IN std::map< ULONGLONG, std::set< ExportedFunc > > &addr_to_func, OUT OPTIONAL ImpsNotCovered *not_covered)
Definition: imports_uneraser.cpp:167
peconv::ImportsUneraser::uneraseDllName
bool uneraseDllName(IMAGE_IMPORT_DESCRIPTOR *lib_desc, const std::string &dll_name)
Definition: imports_uneraser.cpp:37
peconv::ImportsUneraser::writeFoundFunction
bool writeFoundFunction(IMAGE_THUNK_DATA_T *desc, const FIELD_T ordinal_flag, const ExportedFunc &foundFunc)
Definition: imports_uneraser.cpp:138
peconv::ImportsUneraser::uneraseDllImports
bool uneraseDllImports(IN OUT IMAGE_IMPORT_DESCRIPTOR *lib_desc, IN ImportedDllCoverage &dllCoverage, OUT OPTIONAL ImpsNotCovered *not_covered)
Definition: imports_uneraser.cpp:232
peconv::ImportsUneraser::findNameInBinaryAndFill
bool findNameInBinaryAndFill(IMAGE_IMPORT_DESCRIPTOR *lib_desc, LPVOID call_via_ptr, LPVOID thunk_ptr, const FIELD_T ordinal_flag, std::map< ULONGLONG, std::set< ExportedFunc > > &addr_to_func)
Definition: imports_uneraser.cpp:63
fix_imports.h
Functions and classes responsible for fixing Import Table. A definition of ImportedDllCoverage class.
peconv::is64bit
bool is64bit(IN const BYTE *pe_buffer)
Definition: pe_hdrs_helper.cpp:117
Generated on Tue Apr 14 2026 13:01:06 for libPeConv by doxygen 1.9.5