-
Notifications
You must be signed in to change notification settings - Fork 2
/
module.h
68 lines (55 loc) · 1.43 KB
/
module.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#pragma once
#include "pdb_util.h"
void LoadNtModule(ULONG n, const ULONG ph[]);
void DumpStack(PCSTR txt);
ULONG HashString(PCSTR lpsz, ULONG hash = 0);
class CModule : LIST_ENTRY
{
PVOID _ImageBase;
ULONG _size;
ULONG _hash;
ULONG _nSymbols;
char _name[32];
RVAOFS _Symbols[];
//CHAR Names[];
void Init(ULONG hash, PCSTR name, PVOID ImageBase, ULONG size)
{
_hash = hash, _size = size, _ImageBase = ImageBase;
strcpy_s(_name, _countof(_name), name);
DbgPrint("++CModule<%p>(%s) %p\n", this, name, ImageBase);
}
static LIST_ENTRY s_head;
CModule()
{
InsertHeadList(&s_head, this);
}
~CModule()
{
DbgPrint("--CModule<%p>(%s) %p\n", this, _name, _ImageBase);
}
PCSTR GetNameFromRva(ULONG rva, PULONG pdisp, PCSTR* ppname);
public:
void* operator new(size_t s, ULONG nSymbols, ULONG cbNames)
{
if (PVOID pv = ExAllocatePool(NonPagedPoolNx, s + nSymbols * sizeof(RVAOFS) + cbNames))
{
reinterpret_cast<CModule*>(pv)->_nSymbols = nSymbols;
return pv;
}
return 0;
}
void operator delete(void* pv)
{
ExFreePool(pv);
}
static NTSTATUS Create(ULONG hash, PCSTR name, PVOID ImageBase, ULONG size);
static PVOID GetVaFromName(PCSTR pszModule, PCSTR Name);
static PCSTR GetNameFromVa(PVOID pv, PULONG pdisp, PCSTR* ppname);
PVOID GetVaFromName(PCSTR Name);
static CModule* ByName(PCSTR pszModule)
{
return ByHash(HashString(pszModule));
}
static CModule* ByHash(ULONG hash);
static void Cleanup();
};