libpeconv/remote__pe__reader_8h_source.html

#pragma once


#include <windows.h>


#include "pe_hdrs_helper.h"

#include "pe_virtual_to_raw.h"

#include "exports_mapper.h"

#include "pe_dumper.h"


namespace peconv {


    bool fetch_region_info(HANDLE processHandle, LPVOID start_addr, MEMORY_BASIC_INFORMATION &page_info);


    size_t fetch_region_size(HANDLE processHandle, LPVOID start_addr);


    ULONGLONG fetch_alloc_base(HANDLE processHandle, LPVOID start_addr);


    size_t read_remote_memory(HANDLE processHandle, LPVOID start_addr, OUT BYTE* buffer, const size_t buffer_size, const SIZE_T minimal_size = 0x100);


    size_t read_remote_region(HANDLE processHandle, LPVOID start_addr, OUT BYTE* buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size = 0x100);


    size_t read_remote_area(HANDLE processHandle, LPVOID start_addr, OUT BYTE* buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size = 0x100);


    bool read_remote_pe_header(HANDLE processHandle, LPVOID moduleBase, OUT BYTE* buffer, const size_t bufferSize, bool force_access = false);


    peconv::UNALIGNED_BUF get_remote_pe_section(HANDLE processHandle, LPVOID moduleBase, const size_t sectionNum, OUT size_t &sectionSize, bool roundup, bool force_access = false);


    size_t read_remote_pe(const HANDLE processHandle, LPVOID moduleBase, const size_t moduleSize, OUT BYTE* buffer, const size_t bufferSize);


    bool dump_remote_pe(

        IN LPCTSTR outputFilePath,

        IN const HANDLE processHandle,

        IN LPVOID moduleBase,

        IN OUT t_pe_dump_mode &dump_mode,

        IN OPTIONAL peconv::ExportsMapper* exportsMap = nullptr

    );


    DWORD get_remote_image_size(IN const HANDLE processHandle, IN LPVOID start_addr);


}; //namespace peconv

peconv::ExportsMapper
Definition exports_mapper.h:61

exports_mapper.h
A definition of ExportsMapper class. Creates a lookup of all the exported functions from the supplied...

peconv
Definition buffer_util.h:15

peconv::get_remote_pe_section
peconv::UNALIGNED_BUF get_remote_pe_section(HANDLE processHandle, LPVOID moduleBase, const size_t sectionNum, OUT size_t &sectionSize, bool roundup, bool force_access=false)
Definition remote_pe_reader.cpp:291

peconv::dump_remote_pe
bool dump_remote_pe(IN LPCTSTR outputFilePath, IN const HANDLE processHandle, IN LPVOID moduleBase, IN OUT t_pe_dump_mode &dump_mode, IN OPTIONAL peconv::ExportsMapper *exportsMap=nullptr)
Definition remote_pe_reader.cpp:388

peconv::read_remote_region
size_t read_remote_region(HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)
Definition remote_pe_reader.cpp:150

peconv::read_remote_memory
size_t read_remote_memory(HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const SIZE_T minimal_size=0x100)
Definition remote_pe_reader.cpp:106

peconv::fetch_region_info
bool fetch_region_info(HANDLE processHandle, LPVOID start_addr, MEMORY_BASIC_INFORMATION &page_info)
Definition remote_pe_reader.cpp:10

peconv::t_pe_dump_mode
t_pe_dump_mode
Definition pe_dumper.h:16

peconv::read_remote_area
size_t read_remote_area(HANDLE processHandle, LPVOID start_addr, OUT BYTE *buffer, const size_t buffer_size, const bool force_access, const SIZE_T minimal_size=0x100)
Definition remote_pe_reader.cpp:203

peconv::read_remote_pe_header
bool read_remote_pe_header(HANDLE processHandle, LPVOID moduleBase, OUT BYTE *buffer, const size_t bufferSize, bool force_access=false)
Definition remote_pe_reader.cpp:250

peconv::UNALIGNED_BUF
PBYTE UNALIGNED_BUF
Definition buffer_util.h:41

peconv::read_remote_pe
size_t read_remote_pe(const HANDLE processHandle, LPVOID moduleBase, const size_t moduleSize, OUT BYTE *buffer, const size_t bufferSize)
Definition remote_pe_reader.cpp:325

peconv::fetch_region_size
size_t fetch_region_size(HANDLE processHandle, LPVOID start_addr)
Definition remote_pe_reader.cpp:33

peconv::fetch_alloc_base
ULONGLONG fetch_alloc_base(HANDLE processHandle, LPVOID start_addr)
Definition remote_pe_reader.cpp:43

peconv::get_remote_image_size
DWORD get_remote_image_size(IN const HANDLE processHandle, IN LPVOID start_addr)
Definition remote_pe_reader.cpp:379

pe_dumper.h
Dumping PE from the memory buffer into a file.

pe_hdrs_helper.h
Wrappers over various fields in the PE header. Read, write, parse PE headers.

pe_virtual_to_raw.h
Converting PE from virtual to raw format.