char *convert_address_to_dll_name_and_offset(ULONG_PTR addr, unsigned int *offset)
{
LDR_MODULE *mod; PEB *peb = (PEB *)get_peb();
if (addr >= g_our_dll_base && addr < (g_our_dll_base + g_our_dll_size))
{
char *buf = calloc(1, strlen("cuckoomon.dll") + 1);
if (buf == NULL)
return NULL;
strcpy(buf, "cuckoomon.dll");
*offset = (unsigned int)(addr - g_our_dll_base);
return buf;
}
for (mod = (LDR_MODULE *)peb->LoaderData->InLoadOrderModuleList.Flink;
mod->BaseAddress != NULL;
mod = (LDR_MODULE *)mod->InLoadOrderModuleList.Flink) {
if (addr < (ULONG_PTR)mod->BaseAddress || addr >= ((ULONG_PTR)mod->BaseAddress + mod->SizeOfImage))
continue;
char *buf = calloc(1, (mod->BaseDllName.Length / sizeof(wchar_t)) + 1);
unsigned int i;
if (buf == NULL)
return NULL;
for (i = 0; i < (mod->BaseDllName.Length / sizeof(wchar_t)); i++)
buf[i] = (char)mod->BaseDllName.Buffer[i];
*offset = (unsigned int)(addr - (ULONG_PTR)mod->BaseAddress);
return buf;
}
return NULL;
}
void WINAPI
redirect_RtlFreeOemString(OEM_STRING *string)
{
if (is_dynamo_address((app_pc)string->Buffer)) {
PEB *peb = get_peb(NT_CURRENT_PROCESS);
redirect_RtlFreeHeap(peb->ProcessHeap, 0, (byte *)string->Buffer);
memset(string, 0, sizeof(*string));
} else
RtlFreeOemString(string);
}
HANDLE
WINAPI
redirect_GetProcessHeap(VOID)
{
#ifdef CLIENT_INTERFACE
/* XXX: perhaps all of these redirection routines should be ifdef CLIENT_INTERFACE.
* The loader itself is not, for use w/ hotpatching, etc.
*/
return get_private_peb()->ProcessHeap;
#else
return get_peb(NT_CURRENT_PROCESS)->ProcessHeap;
#endif
}
void add_all_dlls_to_dll_ranges(void)
{
LDR_MODULE *mod; PEB *peb = (PEB *)get_peb();
/* skip the base image */
mod = (LDR_MODULE *)peb->LoaderData->InLoadOrderModuleList.Flink;
if (mod->BaseAddress == NULL)
return;
for (mod = (LDR_MODULE *)mod->InLoadOrderModuleList.Flink;
mod->BaseAddress != NULL;
mod = (LDR_MODULE *)mod->InLoadOrderModuleList.Flink) {
if ((ULONG_PTR)mod->BaseAddress != base_of_dll_of_interest)
add_dll_range((ULONG_PTR)mod->BaseAddress, (ULONG_PTR)mod->BaseAddress + mod->SizeOfImage);
}
}
bool
redirect_heap_call(HANDLE heap)
{
ASSERT(!dynamo_initialized || dynamo_exited || standalone_library ||
get_thread_private_dcontext() == NULL /*thread exiting*/ ||
!os_using_app_state(get_thread_private_dcontext()));
#ifdef CLIENT_INTERFACE
if (!INTERNAL_OPTION(privlib_privheap))
return false;
#endif
/* either default heap, or one whose creation we intercepted */
return (
#ifdef CLIENT_INTERFACE
/* check both current and private: should be same, but
* handle case where didn't swap
*/
heap == get_private_peb()->ProcessHeap ||
#endif
heap == get_peb(NT_CURRENT_PROCESS)->ProcessHeap ||
is_dynamo_address((byte*)heap));
}
void hide_module_from_peb(HMODULE module_handle)
{
LDR_MODULE *mod; PEB *peb = (PEB *)get_peb();
for (mod = (LDR_MODULE *) peb->LoaderData->InLoadOrderModuleList.Flink;
mod->BaseAddress != NULL;
mod = (LDR_MODULE *) mod->InLoadOrderModuleList.Flink) {
if(mod->BaseAddress == module_handle) {
CUT_LIST(mod->InLoadOrderModuleList);
CUT_LIST(mod->InInitializationOrderModuleList);
CUT_LIST(mod->InMemoryOrderModuleList);
// TODO test whether this list is really used as a linked list
// like InLoadOrderModuleList etc
CUT_LIST(mod->HashTableEntry);
memset(mod, 0, sizeof(LDR_MODULE));
break;
}
}
}
