remote_pe_reader.h File Reference

Reading from a PE module that is loaded within a remote process. More...

#include <windows.h>
#include "pe_hdrs_helper.h"
#include "pe_virtual_to_raw.h"
#include "exports_mapper.h"
#include "pe_dumper.h"

Go to the source code of this file.

Namespaces
namespace	peconv

Functions
bool	peconv::fetch_region_info (HANDLE processHandle, LPVOID start_addr, MEMORY_BASIC_INFORMATION &page_info)
size_t	peconv::fetch_region_size (HANDLE processHandle, LPVOID start_addr)
ULONGLONG	peconv::fetch_alloc_base (HANDLE processHandle, LPVOID start_addr)
size_t	peconv::read_remote_memory (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const SIZE_T minimal_size=0x100)
size_t	peconv::read_remote_region (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)
size_t	peconv::read_remote_area (HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)
bool	peconv::read_remote_pe_header (HANDLE processHandle, LPVOID moduleBase, OUT BYTE *buffer, const size_t bufferSize, bool force_access=false)
peconv::UNALIGNED_BUF	peconv::get_remote_pe_section (HANDLE processHandle, LPVOID moduleBase, const size_t sectionNum, OUT size_t &sectionSize, bool roundup, bool force_access=false)
size_t	peconv::read_remote_pe (const HANDLE processHandle, LPVOID moduleBase, const size_t moduleSize, OUT BYTE *buffer, const size_t bufferSize)
bool	peconv::dump_remote_pe (IN LPCTSTR outputFilePath, IN const HANDLE processHandle, IN LPVOID moduleBase, IN OUT t_pe_dump_mode &dump_mode, IN OPTIONAL peconv::ExportsMapper *exportsMap=nullptr)
DWORD	peconv::get_remote_image_size (IN const HANDLE processHandle, IN LPVOID start_addr)

Detailed Description

Reading from a PE module that is loaded within a remote process.

Definition in file remote_pe_reader.h.