pe-sieve/hook__targets__resolver_8cpp_source.html

#include "hook_targets_resolver.h"

#include "scanned_modules.h"


#include "scan_report.h"

#include "code_scanner.h"


using namespace pesieve;


bool pesieve::HookTargetResolver::resolveTarget(PatchList::Patch* currPatch)

{

    if (!currPatch) return false;


    const ULONGLONG searchedAddr = currPatch->getHookTargetVA();

    const ScannedModule* foundMod = processReport.getModuleContaining(searchedAddr);

    if (!foundMod) return false;


    if (processReport.exportsMap) {

        const peconv::ExportedFunc* expFunc = processReport.exportsMap->find_export_by_va(searchedAddr);

        if (expFunc) {

            const std::string targetName = foundMod->getModName() + "." + expFunc->nameToString();

            currPatch->setHookTargetInfo(foundMod->getStart(), foundMod->isSuspicious(), targetName);

            return true;

        }

    }

    currPatch->setHookTargetInfo(foundMod->getStart(), foundMod->isSuspicious(), foundMod->getModName());

    return true;

}


size_t pesieve::HookTargetResolver::resolveAllHooks(IN OUT std::set<ModuleScanReport*> &code_reports)

{

    size_t resolved = 0;

    std::set<ModuleScanReport*>::iterator cItr;

    for (cItr = code_reports.begin(); cItr != code_reports.end(); ++cItr) {

        ModuleScanReport* modrep = *cItr;

        CodeScanReport *coderep = dynamic_cast<CodeScanReport*>(modrep);

        if (!coderep) continue;


        std::vector<PatchList::Patch*>::iterator patchItr;

        for (patchItr = coderep->patchesList.patches.begin();

            patchItr != coderep->patchesList.patches.end();

            ++patchItr)

        {

            PatchList::Patch* currPatch = *patchItr;

            if (resolveTarget(currPatch)) {

                resolved++;

            }

        }

    }

    return resolved;

}


pesieve::CodeScanReport
A report from the code scan, generated by CodeScanner.
Definition code_scanner.h:14

pesieve::CodeScanReport::patchesList
PatchList patchesList
Definition code_scanner.h:102

pesieve::HookTargetResolver::processReport
ProcessScanReport & processReport
Definition hook_targets_resolver.h:24

pesieve::HookTargetResolver::resolveAllHooks
size_t resolveAllHooks(IN OUT std::set< ModuleScanReport * > &code_reports)
Resolves all the hooks collected within the given set of reports.
Definition hook_targets_resolver.cpp:29

pesieve::HookTargetResolver::resolveTarget
bool resolveTarget(IN OUT PatchList::Patch *currPatch)
Resolves the information about the target of the provided hook, and fills it back into the object.
Definition hook_targets_resolver.cpp:9

pesieve::ModuleScanReport
A base class of all the reports detailing on the output of the performed module's scan.
Definition module_scan_report.h:26

pesieve::PatchList::Patch
Definition patch_list.h:23

pesieve::PatchList::Patch::setHookTargetInfo
bool setHookTargetInfo(ULONGLONG targetModuleBase, bool isSuspiocious, std::string targetModuleName)
Definition patch_list.h:69

pesieve::PatchList::Patch::getHookTargetVA
ULONGLONG getHookTargetVA()
Definition patch_list.h:64

pesieve::PatchList::patches
std::vector< Patch * > patches
Definition patch_list.h:147

pesieve::ProcessScanReport::exportsMap
peconv::ExportsMapper * exportsMap
Definition scan_report.h:98

pesieve::ProcessScanReport::getModuleContaining
ScannedModule * getModuleContaining(ULONGLONG field_addr, size_t field_size=0) const
Definition scan_report.h:85

pesieve::ScannedModule
Represents a basic info about the scanned module, such as its base offset, size, and the status.
Definition scanned_modules.h:14

pesieve::ScannedModule::getModName
std::string getModName() const
Definition scanned_modules.h:38

pesieve::ScannedModule::isSuspicious
bool isSuspicious() const
Definition scanned_modules.h:33

pesieve::ScannedModule::getStart
ULONGLONG getStart() const
Definition scanned_modules.h:18

code_scanner.h

hook_targets_resolver.h

pesieve
Definition pesieve.py:1

scan_report.h

scanned_modules.h