2024-05-04 17:43:01 +02:00
|
|
|
#include "pe.h"
|
|
|
|
|
2024-07-22 12:43:09 +02:00
|
|
|
#include "lib/stdlib.h"
|
|
|
|
|
2024-06-09 09:22:22 +02:00
|
|
|
PNT_HEADER_64
|
|
|
|
PeGetNtHeaderSafe(_In_ PVOID Image)
|
|
|
|
{
|
|
|
|
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)Image;
|
|
|
|
|
|
|
|
if (!MmIsAddressValid(Image))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (dos->e_magic != IMAGE_DOS_SIGNATURE)
|
|
|
|
return NULL;
|
|
|
|
|
2024-07-19 16:27:50 +02:00
|
|
|
return RVA(PNT_HEADER_64, Image, dos->e_lfanew);
|
2024-06-09 09:22:22 +02:00
|
|
|
}
|
|
|
|
|
2024-05-04 17:43:01 +02:00
|
|
|
PNT_HEADER_64
|
|
|
|
PeGetNtHeader(_In_ PVOID Image)
|
|
|
|
{
|
|
|
|
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)Image;
|
|
|
|
|
|
|
|
if (dos->e_magic != IMAGE_DOS_SIGNATURE)
|
|
|
|
return NULL;
|
|
|
|
|
2024-07-19 16:27:50 +02:00
|
|
|
return RVA(PNT_HEADER_64, Image, dos->e_lfanew);
|
2024-05-04 17:43:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
PIMAGE_DATA_DIRECTORY
|
|
|
|
PeGetExportDataDirectory(_In_ PVOID Image)
|
|
|
|
{
|
|
|
|
PNT_HEADER_64 nt = PeGetNtHeader(Image);
|
|
|
|
|
|
|
|
if (IMAGE_DIRECTORY_ENTRY_EXPORT >= nt->OptionalHeader.NumberOfRvaAndSizes)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return (PIMAGE_DATA_DIRECTORY)&nt->OptionalHeader
|
|
|
|
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
|
|
|
|
}
|
|
|
|
|
2024-06-09 09:22:22 +02:00
|
|
|
PIMAGE_DATA_DIRECTORY
|
|
|
|
PeGetExportDataDirectorySafe(_In_ PVOID Image)
|
|
|
|
{
|
|
|
|
PNT_HEADER_64 nt = PeGetNtHeader(Image);
|
|
|
|
|
|
|
|
if (!MmIsAddressValid(Image))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (IMAGE_DIRECTORY_ENTRY_EXPORT >= nt->OptionalHeader.NumberOfRvaAndSizes)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return (PIMAGE_DATA_DIRECTORY)&nt->OptionalHeader
|
|
|
|
.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT];
|
|
|
|
}
|
|
|
|
|
2024-05-04 17:43:01 +02:00
|
|
|
PIMAGE_EXPORT_DIRECTORY
|
2024-08-01 06:21:53 +02:00
|
|
|
PeGetExportDirectory(
|
|
|
|
_In_ PVOID Image, _In_ PIMAGE_DATA_DIRECTORY ExportDataDirectory)
|
2024-05-04 17:43:01 +02:00
|
|
|
{
|
|
|
|
if (!ExportDataDirectory->VirtualAddress || !ExportDataDirectory->Size)
|
|
|
|
return NULL;
|
|
|
|
|
2024-07-19 16:27:50 +02:00
|
|
|
return RVA(
|
2024-08-01 06:21:53 +02:00
|
|
|
PIMAGE_EXPORT_DIRECTORY,
|
|
|
|
Image,
|
|
|
|
ExportDataDirectory->VirtualAddress);
|
2024-05-04 17:43:01 +02:00
|
|
|
}
|
|
|
|
|
2024-06-09 09:22:22 +02:00
|
|
|
PIMAGE_EXPORT_DIRECTORY
|
2024-08-01 06:21:53 +02:00
|
|
|
PeGetExportDirectorySafe(
|
|
|
|
_In_ PVOID Image, _In_ PIMAGE_DATA_DIRECTORY ExportDataDirectory)
|
2024-06-09 09:22:22 +02:00
|
|
|
{
|
|
|
|
if (!MmIsAddressValid(Image))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (!ExportDataDirectory->VirtualAddress || !ExportDataDirectory->Size)
|
|
|
|
return NULL;
|
|
|
|
|
2024-07-19 16:27:50 +02:00
|
|
|
return RVA(
|
2024-08-01 06:21:53 +02:00
|
|
|
PIMAGE_EXPORT_DIRECTORY,
|
|
|
|
Image,
|
|
|
|
ExportDataDirectory->VirtualAddress);
|
2024-06-09 09:22:22 +02:00
|
|
|
}
|
|
|
|
|
2024-05-05 15:20:35 +02:00
|
|
|
UINT32
|
|
|
|
GetSectionCount(_In_ PNT_HEADER_64 Header)
|
|
|
|
{
|
|
|
|
return Header->FileHeader.NumberOfSections;
|
|
|
|
}
|
|
|
|
|
2024-06-09 09:22:22 +02:00
|
|
|
UINT32
|
|
|
|
GetSectionCountSafe(_In_ PNT_HEADER_64 Header)
|
|
|
|
{
|
|
|
|
if (!MmIsAddressValid(Header))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
return Header->FileHeader.NumberOfSections;
|
|
|
|
}
|
|
|
|
|
2024-05-04 17:43:01 +02:00
|
|
|
PVOID
|
|
|
|
PeFindExportByName(_In_ PVOID Image, _In_ PCHAR Name)
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
ANSI_STRING target = {0};
|
|
|
|
PNT_HEADER_64 nt = NULL;
|
|
|
|
PIMAGE_DATA_DIRECTORY data = NULL;
|
2024-05-04 17:43:01 +02:00
|
|
|
PIMAGE_EXPORT_DIRECTORY export = NULL;
|
|
|
|
|
|
|
|
RtlInitAnsiString(&target, Name);
|
|
|
|
|
|
|
|
nt = PeGetNtHeader(Image);
|
|
|
|
|
|
|
|
if (!nt)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
data = PeGetExportDataDirectory(Image);
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
export = PeGetExportDirectory(Image, data);
|
|
|
|
|
|
|
|
if (!export)
|
|
|
|
return NULL;
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
PUINT32 functions = RVA(PUINT32, Image, export->AddressOfFunctions);
|
|
|
|
PUINT32 names = RVA(PUINT32, Image, export->AddressOfNames);
|
|
|
|
PUINT16 ordinals = RVA(PUINT16, Image, export->AddressOfNameOrdinals);
|
2024-05-04 17:43:01 +02:00
|
|
|
|
|
|
|
for (UINT32 index = 0; index < export->NumberOfNames; index++) {
|
2024-07-19 16:27:50 +02:00
|
|
|
PCHAR export = RVA(PCHAR, Image, names[index]);
|
2024-07-22 12:43:09 +02:00
|
|
|
if (!IntCompareString(Name, export))
|
2024-08-01 06:21:53 +02:00
|
|
|
return RVA(PVOID, Image, functions[ordinals[index]]);
|
2024-05-04 17:43:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|