libpeconv/exports__mapper_8h_source.html

#pragma once


#include <windows.h>


#include <string>

#include <map>

#include <set>

#include <sstream>


#include "pe_hdrs_helper.h"

#include "pe_raw_to_virtual.h"

#include "peconv/exported_func.h"

#include "peconv/file_util.h"


namespace peconv {


    class ExportsMapper {


    public:


        size_t add_to_lookup(std::string moduleName, HMODULE modulePtr, ULONGLONG moduleBase);


        size_t add_to_lookup(std::string moduleName, HMODULE modulePtr)

        {

            return add_to_lookup(moduleName, modulePtr, reinterpret_cast<ULONGLONG>(modulePtr));

        }


        const std::set<ExportedFunc>* find_exports_by_va(ULONGLONG va) const

        {

            std::map<ULONGLONG, std::set<ExportedFunc>>::const_iterator itr = va_to_func.find(va);

            if (itr != va_to_func.end()) {

                const std::set<ExportedFunc> &fSet = itr->second;

                return &fSet;

            }

            return NULL;

        }


        std::string get_dll_path(std::string short_name) const

        {

            std::map<std::string, std::string>::const_iterator found = this->dll_shortname_to_path.find(short_name);

            if (found == dll_shortname_to_path.end()) {

                return "";

            }

            return found->second;

        }


        std::string get_dll_fullname(std::string short_name) const

        {

            std::string dll_path = get_dll_path(short_name);

            if (dll_path.length() == 0) return "";


            return get_file_name(dll_path);

        }


        const ExportedFunc* find_export_by_va(ULONGLONG va) const

        {

            const std::set<ExportedFunc>* exp_set = find_exports_by_va(va);

            if (exp_set == NULL) return NULL;


            std::set<ExportedFunc>::iterator fItr = exp_set->begin();

            const ExportedFunc* func = &(*fItr);

            return func;

        }


        void print_va_to_func(std::stringstream &stream) const;

        void print_func_to_va(std::stringstream &stream) const;


    private:

        enum ADD_FUNC_RES { RES_INVALID = 0, RES_MAPPED = 1, RES_FORWARDED = 2 };

        ADD_FUNC_RES add_function_to_lookup(HMODULE modulePtr, ULONGLONG moduleBase, size_t moduleSize, ExportedFunc &currFunc, DWORD callRVA);


        bool add_forwarded(ExportedFunc &currFunc, DWORD callRVA, PBYTE modulePtr, size_t moduleSize);

        bool add_to_maps(ULONGLONG va, ExportedFunc &currFunc);


        size_t resolve_forwarders(const ULONGLONG va, ExportedFunc &currFunc);

        size_t make_ord_lookup_tables(PVOID modulePtr, size_t moduleSize, std::map<PDWORD, DWORD> &va_to_ord);


    protected:

        void associateVaAndFunc(ULONGLONG va, const ExportedFunc& func)

        {

            va_to_func[va].insert(func);

            func_to_va[func] = va;

        }


        std::map<ULONGLONG, std::set<ExportedFunc>> va_to_func;


        std::map<ExportedFunc, std::set<ExportedFunc>> forwarders_lookup;


        std::map<ExportedFunc, ULONGLONG> func_to_va;


        std::map<std::string, std::string> dll_shortname_to_path;

    };


}; //namespace peconv

peconv::ExportedFunc
Definition: exported_func.h:54

peconv::ExportsMapper
Definition: exports_mapper.h:22

peconv::ExportsMapper::print_va_to_func
void print_va_to_func(std::stringstream &stream) const
Definition: exports_mapper.cpp:8

peconv::ExportsMapper::dll_shortname_to_path
std::map< std::string, std::string > dll_shortname_to_path
Definition: exports_mapper.h:137

peconv::ExportsMapper::add_to_lookup
size_t add_to_lookup(std::string moduleName, HMODULE modulePtr, ULONGLONG moduleBase)
Definition: exports_mapper.cpp:199

peconv::ExportsMapper::add_to_lookup
size_t add_to_lookup(std::string moduleName, HMODULE modulePtr)
Definition: exports_mapper.h:41

peconv::ExportsMapper::associateVaAndFunc
void associateVaAndFunc(ULONGLONG va, const ExportedFunc &func)
Definition: exports_mapper.h:113

peconv::ExportsMapper::get_dll_path
std::string get_dll_path(std::string short_name) const
Definition: exports_mapper.h:62

peconv::ExportsMapper::func_to_va
std::map< ExportedFunc, ULONGLONG > func_to_va
Definition: exports_mapper.h:132

peconv::ExportsMapper::print_func_to_va
void print_func_to_va(std::stringstream &stream) const
Definition: exports_mapper.cpp:25

peconv::ExportsMapper::find_export_by_va
const ExportedFunc * find_export_by_va(ULONGLONG va) const
Definition: exports_mapper.h:85

peconv::ExportsMapper::get_dll_fullname
std::string get_dll_fullname(std::string short_name) const
Definition: exports_mapper.h:74

peconv::ExportsMapper::find_exports_by_va
const std::set< ExportedFunc > * find_exports_by_va(ULONGLONG va) const
Definition: exports_mapper.h:49

peconv::ExportsMapper::forwarders_lookup
std::map< ExportedFunc, std::set< ExportedFunc > > forwarders_lookup
Definition: exports_mapper.h:127

peconv::ExportsMapper::va_to_func
std::map< ULONGLONG, std::set< ExportedFunc > > va_to_func
Definition: exports_mapper.h:122

exported_func.h
A definition of ExportedFunc class - used for storing the details of the exported function....

file_util.h
Functions related to operations on files. Wrappers for read/write.

peconv
Definition: buffer_util.h:10

peconv::get_file_name
std::string get_file_name(IN const std::string full_path)
Definition: file_util.cpp:132

pe_hdrs_helper.h
Wrappers over various fields in the PE header. Read, write, parse PE headers.

pe_raw_to_virtual.h
Converting PE from raw to virtual format.