libpeconv/relocate_8h_source.html

#pragma once

#include <windows.h>

#include <unordered_set>


#include "peconv/buffer_util.h"


namespace peconv {


    typedef struct _BASE_RELOCATION_ENTRY {

        WORD Offset : 12;

        WORD Type : 4;

    } BASE_RELOCATION_ENTRY;


    class RelocBlockCallback

    {

    public:

        RelocBlockCallback(bool _is64bit)

            : is64bit(_is64bit)

        {

        }


        virtual ~RelocBlockCallback() {}


        virtual bool processRelocField(ULONG_PTR relocField) = 0;


    protected:

        bool is64bit;

    };


    //--


    class CollectRelocs : public peconv::RelocBlockCallback

    {

    public:

        CollectRelocs(const BYTE* pe_buffer, size_t buffer_size, IN bool _is64bit, OUT std::unordered_set<ULONGLONG>& _relocs)

            : RelocBlockCallback(_is64bit), relocs(_relocs),

            peBuffer(pe_buffer), bufferSize(buffer_size)

        {

        }


        virtual bool processRelocField(ULONG_PTR relocField)

        {

            ULONGLONG rva = 0;

            if (is64bit) {


                ULONGLONG* relocateAddr = (ULONGLONG*)((ULONG_PTR)relocField);

                if (!validate_ptr(peBuffer, bufferSize, relocateAddr, sizeof(ULONGLONG))) {

                    return false;

                }

                rva = (*relocateAddr);

            }

            else {

                DWORD* relocateAddr = (DWORD*)((ULONG_PTR)relocField);

                if (!validate_ptr(peBuffer, bufferSize, relocateAddr, sizeof(DWORD))) {

                    return false;

                }

                rva = ULONGLONG(*relocateAddr);

            }

            relocs.insert(rva);

            return true;

        }


    protected:

        std::unordered_set<ULONGLONG>& relocs;


        const BYTE* peBuffer;

        size_t bufferSize;

    };


    // Processs the relocation table and make your own callback on each relocation field

    bool process_relocation_table(IN PVOID modulePtr, IN SIZE_T moduleSize, IN RelocBlockCallback *callback);


    bool relocate_module(IN PBYTE modulePtr, IN SIZE_T moduleSize, IN ULONGLONG newBase, IN ULONGLONG oldBase = 0);


    bool has_valid_relocation_table(IN const PBYTE modulePtr, IN const size_t moduleSize);


    bool virtual_addr_to_rva(IN const PBYTE imgBase, IN const size_t imgSize, IN ULONGLONG virtualAddr, OUT DWORD& outRVA, IN std::unordered_set<ULONGLONG>* relocs=nullptr);


};//namespace peconv

buffer_util.h
Definitions of the used buffer types. Functions for their allocation and deallocation.

peconv::CollectRelocs
Definition: relocate.h:38

peconv::CollectRelocs::peBuffer
const BYTE * peBuffer
Definition: relocate.h:71

peconv::CollectRelocs::CollectRelocs
CollectRelocs(const BYTE *pe_buffer, size_t buffer_size, IN bool _is64bit, OUT std::unordered_set< ULONGLONG > &_relocs)
Definition: relocate.h:40

peconv::CollectRelocs::processRelocField
virtual bool processRelocField(ULONG_PTR relocField)
Definition: relocate.h:46

peconv::CollectRelocs::relocs
std::unordered_set< ULONGLONG > & relocs
Definition: relocate.h:69

peconv::CollectRelocs::bufferSize
size_t bufferSize
Definition: relocate.h:72

peconv::RelocBlockCallback
Definition: relocate.h:20

peconv::RelocBlockCallback::~RelocBlockCallback
virtual ~RelocBlockCallback()
Definition: relocate.h:27

peconv::RelocBlockCallback::RelocBlockCallback
RelocBlockCallback(bool _is64bit)
Definition: relocate.h:22

peconv::RelocBlockCallback::is64bit
bool is64bit
Definition: relocate.h:32

peconv::RelocBlockCallback::processRelocField
virtual bool processRelocField(ULONG_PTR relocField)=0

peconv
Definition: buffer_util.h:15

peconv::virtual_addr_to_rva
bool virtual_addr_to_rva(IN const PBYTE imgBase, IN const size_t imgSize, IN ULONGLONG virtualAddr, OUT DWORD &outRVA, IN std::unordered_set< ULONGLONG > *relocs=nullptr)
Definition: relocate.cpp:215

peconv::validate_ptr
bool validate_ptr(IN const void *buffer_bgn, IN size_t buffer_size, IN const void *field_bgn, IN size_t field_size)
Definition: buffer_util.cpp:9

peconv::process_relocation_table
bool process_relocation_table(IN PVOID modulePtr, IN SIZE_T moduleSize, IN RelocBlockCallback *callback)
Definition: relocate.cpp:111

peconv::BASE_RELOCATION_ENTRY
struct peconv::_BASE_RELOCATION_ENTRY BASE_RELOCATION_ENTRY

peconv::relocate_module
bool relocate_module(IN PBYTE modulePtr, IN SIZE_T moduleSize, IN ULONGLONG newBase, IN ULONGLONG oldBase=0)
Definition: relocate.cpp:172

peconv::has_valid_relocation_table
bool has_valid_relocation_table(IN const PBYTE modulePtr, IN const size_t moduleSize)
Definition: relocate.cpp:192

peconv::_BASE_RELOCATION_ENTRY
Definition: relocate.h:14

peconv::_BASE_RELOCATION_ENTRY::Offset
WORD Offset
Definition: relocate.h:15

peconv::_BASE_RELOCATION_ENTRY::Type
WORD Type
Definition: relocate.h:16