Reading from a PE module that is loaded within a remote process. More...

#include <windows.h>
#include "pe_hdrs_helper.h"
#include "pe_virtual_to_raw.h"
#include "exports_mapper.h"
#include "pe_dumper.h"

Namespaces
namespace	peconv

Functions
bool	peconv::fetch_region_info (HANDLE processHandle, LPVOID start_addr, MEMORY_BASIC_INFORMATION &page_info)

size_t	peconv::fetch_region_size (HANDLE processHandle, LPVOID start_addr)

ULONGLONG	peconv::fetch_alloc_base (HANDLE processHandle, LPVOID start_addr)

size_t	peconv::read_remote_memory (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const SIZE_T minimal_size=0x100)

size_t	peconv::read_remote_region (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)

size_t	peconv::read_remote_area (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)

bool	peconv::read_remote_pe_header (HANDLE processHandle, LPVOID moduleBase, OUT BYTE *buffer, const size_t bufferSize, bool force_access=false)

peconv::UNALIGNED_BUF	peconv::get_remote_pe_section (HANDLE processHandle, LPVOID moduleBase, const size_t sectionNum, OUT size_t &sectionSize, bool roundup, bool force_access=false)

size_t	peconv::read_remote_pe (const HANDLE processHandle, LPVOID moduleBase, const size_t moduleSize, OUT BYTE *buffer, const size_t bufferSize)

bool	peconv::dump_remote_pe (IN LPCTSTR outputFilePath, IN const HANDLE processHandle, IN LPVOID moduleBase, IN OUT t_pe_dump_mode &dump_mode, IN OPTIONAL peconv::ExportsMapper *exportsMap=nullptr)

DWORD	peconv::get_remote_image_size (IN const HANDLE processHandle, IN LPVOID start_addr)

Detailed Description

Reading from a PE module that is loaded within a remote process.

Definition in file remote_pe_reader.h.

Namespaces

Functions

Detailed Description