-
Notifications
You must be signed in to change notification settings - Fork 0
/
pehlp.h
124 lines (104 loc) · 3.49 KB
/
pehlp.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
* PROJECT: PE Converter for NT PDK v1.196 (September 1991) and PDK October 1991
* LICENSE: GPL-2.0+ (https://spdx.org/licenses/GPL-2.0+)
* PURPOSE: Helper functions for the old and new PE formats.
* COPYRIGHT: Copyright 2021-2022 Hermès Bélusca-Maïto
*/
#ifndef _PEHLP_H_
#define _PEHLP_H_
#pragma once
#define RVA(b, m) ((PVOID)((ULONG_PTR)(b) + (ULONG_PTR)(m)))
/**
* @brief Checks whether Value is in the range [Start; End[.
**/
#define VALUE_IN_RANGE(Value, Start, End) \
( ((Start) <= (Value)) && ((Value) < (End)) )
/**
* @brief Checks whether the region [RgnStart; RgnStart + RgnSize]
* is fully contained in the range [Start; End].
**/
#define REGION_IN_RANGE(RgnStart, RgnSize, Start, End) \
( ((Start) <= (RgnStart)) && ((RgnStart) + (RgnSize) <= (End)) )
/**
* @brief Checks whether Addr is in the range [Start; End[.
**/
#define ADDRESS_IN_RANGE(Addr, Start, End) \
VALUE_IN_RANGE((ULONG_PTR)(Addr), (ULONG_PTR)(Start), (ULONG_PTR)(End))
/**
* @brief Checks whether Addr is in the range [Start; Start + Size[.
**/
#define ADDRESS_IN_REGION(Addr, Start, Size) \
VALUE_IN_RANGE((ULONG_PTR)(Addr), (ULONG_PTR)(Start), (ULONG_PTR)(Start) + (Size))
/**
* @brief Checks whether the region [RgnAddr; RgnAddr + RgnSize]
* is fully contained in the region [Start; Start + Size].
**/
#define REGION_IN_REGION(RgnAddr, RgnSize, Start, Size) \
REGION_IN_RANGE((ULONG_PTR)(RgnAddr), RgnSize, \
(ULONG_PTR)(Start), (ULONG_PTR)(Start) + (Size))
BOOLEAN
LoadOldPESectionFromFile(
IN FILE* pImageFile,
IN PIMAGE_OBJECT_HEADER SectionHdr,
OUT PVOID* pSection,
OUT PULONG pSectionSize OPTIONAL);
BOOLEAN
LoadNewPESectionFromFile(
IN FILE* pImageFile,
IN PIMAGE_SECTION_HEADER SectionHdr,
OUT PVOID* pSection,
OUT PULONG pSectionSize OPTIONAL);
PVOID
LoadOldPEDirectoryEntryAndSection(
IN FILE* pImageFile,
IN PIMAGE_HEADER NtHeader,
IN USHORT Directory,
OUT PVOID* DirectoryData,
OUT PULONG Size OPTIONAL,
OUT PIMAGE_OBJECT_HEADER* pSectionHdr OPTIONAL,
OUT PULONG pSectionSize OPTIONAL);
PVOID
LoadNewPEDirectoryEntryAndSection(
IN FILE* pImageFile,
IN PIMAGE_NT_HEADERS32 NtHeader,
IN USHORT Directory,
OUT PVOID* DirectoryData,
OUT PULONG Size OPTIONAL,
OUT PIMAGE_SECTION_HEADER* pSectionHdr OPTIONAL,
OUT PULONG pSectionSize OPTIONAL);
BOOLEAN
FlushOldPESectionToFile(
IN FILE* pImageFile,
IN PIMAGE_OBJECT_HEADER SectionHdr,
IN PVOID Section);
BOOLEAN
FlushNewPESectionToFile(
IN FILE* pImageFile,
IN PIMAGE_SECTION_HEADER SectionHdr,
IN PVOID Section);
BOOLEAN
FixupExportsSectionWorker(
IN OUT PIMAGE_EXPORT_DIRECTORY ExportDirectory,
IN ULONG DirectorySize,
IN ULONG SectionRVA,
IN ULONG SectionSize,
IN PVOID Section,
OUT PULONG_PTR pEndDirectory);
BOOLEAN
FixupImportsSection(
IN OUT PIMAGE_IMPORT_DESCRIPTOR ImportDirectory,
IN ULONG DirectorySize,
IN ULONG SectionRVA,
IN ULONG SectionSize,
IN PVOID Section);
BOOLEAN
ReconstructSections(
IN PIMAGE_HEADER NtHeader,
IN PIMAGE_OBJECT_HEADER ObjTable, // Obtained from caller via the NtHeader.
IN PIMAGE_EXPORT_DIRECTORY ExportDirectory OPTIONAL,
IN PULONG ExportTable OPTIONAL,
/* These two could be replaced by a single "IN PIMAGE_NT_HEADERS32 NtHeader" */
IN PIMAGE_FILE_HEADER FileHeader,
IN OUT PIMAGE_OPTIONAL_HEADER32 OptHeader,
OUT PIMAGE_SECTION_HEADER* pSectionTable);
#endif /* _PEHLP_H_ */