VOID PhpMappedArchiveProbe( _In_ PPH_MAPPED_ARCHIVE MappedArchive, _In_ PVOID Address, _In_ SIZE_T Length ) { PhProbeAddress(Address, Length, MappedArchive->ViewBase, MappedArchive->Size, 1); }
VOID PhpMappedImageProbe( _In_ PPH_MAPPED_IMAGE MappedImage, _In_ PVOID Address, _In_ SIZE_T Length ) { PhProbeAddress(Address, Length, MappedImage->ViewBase, MappedImage->Size, 1); }
VOID PvPeProperties( VOID ) { NTSTATUS status; PROPSHEETHEADER propSheetHeader = { sizeof(propSheetHeader) }; PROPSHEETPAGE propSheetPage; HPROPSHEETPAGE pages[5]; PH_MAPPED_IMAGE_IMPORTS imports; PH_MAPPED_IMAGE_EXPORTS exports; PIMAGE_DATA_DIRECTORY entry; status = PhLoadMappedImage(PvFileName->Buffer, NULL, TRUE, &PvMappedImage); if (!NT_SUCCESS(status)) { PhShowStatus(NULL, L"Unable to load the PE file", status, 0); return; } propSheetHeader.dwFlags = PSH_NOAPPLYNOW | PSH_NOCONTEXTHELP | PSH_PROPTITLE; propSheetHeader.hwndParent = NULL; propSheetHeader.pszCaption = PvFileName->Buffer; propSheetHeader.nPages = 0; propSheetHeader.nStartPage = 0; propSheetHeader.phpage = pages; // General page memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE)); propSheetPage.dwSize = sizeof(PROPSHEETPAGE); propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_PEGENERAL); propSheetPage.pfnDlgProc = PvpPeGeneralDlgProc; pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage); // Imports page if ((NT_SUCCESS(PhGetMappedImageImports(&imports, &PvMappedImage)) && imports.NumberOfDlls != 0) || (NT_SUCCESS(PhGetMappedImageDelayImports(&imports, &PvMappedImage)) && imports.NumberOfDlls != 0)) { memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE)); propSheetPage.dwSize = sizeof(PROPSHEETPAGE); propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_PEIMPORTS); propSheetPage.pfnDlgProc = PvpPeImportsDlgProc; pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage); } // Exports page if (NT_SUCCESS(PhGetMappedImageExports(&exports, &PvMappedImage)) && exports.NumberOfEntries != 0) { memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE)); propSheetPage.dwSize = sizeof(PROPSHEETPAGE); propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_PEEXPORTS); propSheetPage.pfnDlgProc = PvpPeExportsDlgProc; pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage); } // Load Config page if (NT_SUCCESS(PhGetMappedImageDataEntry(&PvMappedImage, IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG, &entry)) && entry->VirtualAddress) { memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE)); propSheetPage.dwSize = sizeof(PROPSHEETPAGE); propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_PELOADCONFIG); propSheetPage.pfnDlgProc = PvpPeLoadConfigDlgProc; pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage); } // CLR page if (NT_SUCCESS(PhGetMappedImageDataEntry(&PvMappedImage, IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, &entry)) && entry->VirtualAddress && (PvImageCor20Header = PhMappedImageRvaToVa(&PvMappedImage, entry->VirtualAddress, NULL))) { status = STATUS_SUCCESS; __try { PhProbeAddress(PvImageCor20Header, sizeof(IMAGE_COR20_HEADER), PvMappedImage.ViewBase, PvMappedImage.Size, 4); } __except (EXCEPTION_EXECUTE_HANDLER) { status = GetExceptionCode(); } if (NT_SUCCESS(status)) { memset(&propSheetPage, 0, sizeof(PROPSHEETPAGE)); propSheetPage.dwSize = sizeof(PROPSHEETPAGE); propSheetPage.pszTemplate = MAKEINTRESOURCE(IDD_PECLR); propSheetPage.pfnDlgProc = PvpPeClrDlgProc; pages[propSheetHeader.nPages++] = CreatePropertySheetPage(&propSheetPage); } }