C++ (Cpp) get_aof_index Beispiele

Programmiersprache: C++ (Cpp)

Methode / Funktion: get_aof_index

Beispiele auf hotexamples.com: 2

C++ (Cpp) get_aof_index - 2 Beispiele gefunden. Dies sind die am besten bewerteten C++ (Cpp) Beispiele für die get_aof_index, die aus Open Source-Projekten extrahiert wurden. Sie können Beispiele bewerten, um die Qualität der Beispiele zu verbessern.

Beispiel #1

Datei anzeigen

Datei: peparse.c Projekt: bentau/libvmi

/* returns the rva value for a windows PE export */
status_t
windows_export_to_rva(
    vmi_instance_t vmi,
    const access_context_t *ctx,
    const char *symbol,
    addr_t *rva)
{
    struct export_table et;
    addr_t et_rva;
    size_t et_size;
    int aon_index = -1;
    int aof_index = -1;

    // get export table structure
    if (peparse_get_export_table(vmi, ctx, &et, &et_rva, &et_size) != VMI_SUCCESS) {
        dbprint(VMI_DEBUG_PEPARSE, "--PEParse: failed to get export table\n");
        return VMI_FAILURE;
    }

    // find AddressOfNames index for export symbol
    aon_index = get_aon_index(vmi, symbol, &et, ctx);
    if ( -1 == aon_index ) {
        dbprint(VMI_DEBUG_PEPARSE, "--PEParse: failed to get aon index\n");
        return VMI_FAILURE;
    }

    // find AddressOfFunctions index for export symbol
    aof_index = get_aof_index(vmi, aon_index, &et, ctx);
    if ( -1 == aof_index ) {
        dbprint(VMI_DEBUG_PEPARSE, "--PEParse: failed to get aof index\n");
        return VMI_FAILURE;
    }

    // find RVA value for export symbol
    if (VMI_SUCCESS==get_export_rva(vmi, rva, aof_index, &et, ctx)) {

        // handle forwarded functions
        // If the function's RVA is inside the exports section (as given by the
        // VirtualAddress and Size fields in the idd), the symbol is forwarded.
        if (*rva>=et_rva && *rva < et_rva+et_size) {
            dbprint(VMI_DEBUG_PEPARSE, "--PEParse: %s @ 0x%p is forwarded\n", symbol, ctx);
            return VMI_FAILURE;
        } else {
            return VMI_SUCCESS;
        }
    } else {
        return VMI_FAILURE;
    }
}

Beispiel #2

Datei anzeigen

Datei: peparse.c Projekt: TaroMu/libvmi

/* returns the rva value for a windows PE export */
status_t
windows_export_to_rva(
    vmi_instance_t vmi,
    addr_t base_vaddr,
    vmi_pid_t pid,
    const char *symbol,
    addr_t *rva)
{
    struct export_table et;
    addr_t et_rva;
    size_t et_size;
    int aon_index = -1;
    int aof_index = -1;

    // get export table structure
    if (peparse_get_export_table(vmi, base_vaddr, pid, &et, &et_rva, &et_size) != VMI_SUCCESS) {
        dbprint(VMI_DEBUG_MISC, "--PEParse: failed to get export table\n");
        return VMI_FAILURE;
    }

    // find AddressOfNames index for export symbol
    if ((aon_index = get_aon_index(vmi, symbol, &et, base_vaddr, pid)) == -1) {
        dbprint(VMI_DEBUG_MISC, "--PEParse: failed to get aon index\n");
        return VMI_FAILURE;
    }

    // find AddressOfFunctions index for export symbol
    if ((aof_index = get_aof_index(vmi, aon_index, &et, base_vaddr, pid)) == -1) {
        dbprint(VMI_DEBUG_MISC, "--PEParse: failed to get aof index\n");
        return VMI_FAILURE;
    }

    // find RVA value for export symbol
    if(VMI_SUCCESS==get_export_rva(vmi, rva, aof_index, &et, base_vaddr, pid)) {

        // handle forwarded functions
        // If the function's RVA is inside the exports section (as given by the
        // VirtualAddress and Size fields in the idd), the symbol is forwarded.
        if(*rva>=et_rva && *rva < et_rva+et_size) {
            dbprint(VMI_DEBUG_MISC, "--PEParse: %s @ %u:0x%"PRIx64" is forwarded\n", symbol, pid, base_vaddr);
            return VMI_FAILURE;
        } else {
            return VMI_SUCCESS;
        }
    } else {
        return VMI_FAILURE;
    }
}