Esempi in C++ (Cpp) per GetEnclosingSectionHeader

Linguaggio di programmazione: C++ (Cpp)

Metodo/funzione: GetEnclosingSectionHeader

Esempi su hotexamples.com: 6

GetEnclosingSectionHeader in C++ (Cpp): 6 esempi trovati. Questi sono i migliori esempi reali in C++ (Cpp) per GetEnclosingSectionHeader, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

File: PEFile.cpp Progetto: tobz/dawnoflight

LPVOID CPEFile::GetPtrFromRVA(DWORD rva) const
{
  PIMAGE_SECTION_HEADER pSectionHdr;
  INT delta;

  pSectionHdr = GetEnclosingSectionHeader(rva);
  if ( !pSectionHdr )
    return 0;

  delta = (INT)(pSectionHdr->VirtualAddress-pSectionHdr->PointerToRawData);
  return (PVOID) (((LPBYTE)m_pBase) + rva - delta);
}

Esempio n. 2

Mostra file

File: mapping.cpp Progetto: MartinJK/SAMPHiddenDLLInjection

//   This function is also Pietrek's
LPVOID GetPtrFromRVA( DWORD rva, IMAGE_NT_HEADERS *pNTHeader, PBYTE imageBase )
{
   PIMAGE_SECTION_HEADER pSectionHdr;
   INT delta;
     
   pSectionHdr = GetEnclosingSectionHeader( rva, pNTHeader );
   if ( !pSectionHdr )
      return 0;

   delta = (INT)(pSectionHdr->VirtualAddress-pSectionHdr->PointerToRawData);
   return (PVOID) ( imageBase + rva - delta );
}

Esempio n. 3

Mostra file

File: manualmap.cpp Progetto: MeeSong/injector

// Matt Pietrek's function
LPVOID GetPtrFromRVA(DWORD_PTR rva, PIMAGE_NT_HEADERS pNTHeader, PBYTE imageBase)
{
	PIMAGE_SECTION_HEADER section;
	LONG_PTR delta;

	section = GetEnclosingSectionHeader(rva, pNTHeader);
	if(!section)
	{
		return 0;
	}

	delta = (LONG_PTR)( section->VirtualAddress - section->PointerToRawData );
	return (LPVOID)( imageBase + rva - delta );
}

Esempio n. 4

Mostra file

File: patcher.cpp Progetto: andreiw/oldwin-dll-wrappers

template <class T> LPVOID
GetPtrFromRVA(DWORD rva, T* pNTHeader,
	      PBYTE imageBase)
{
  int delta;
  PIMAGE_SECTION_HEADER pSectionHdr;

  pSectionHdr = GetEnclosingSectionHeader(rva, pNTHeader);
  if (!pSectionHdr) {
    return 0;
  }

  delta = (int) (pSectionHdr->VirtualAddress - pSectionHdr->PointerToRawData);
  return (PVOID) (imageBase + rva - delta);
}

Esempio n. 5

Mostra file

File: execute.cpp Progetto: bradgearon/ConEmu

LPVOID GetPtrFromRVA(DWORD rva, IMAGE_MAPPING* pImg)
{
	if (!pImg || !pImg->ptrBegin || !pImg->pHdr)
	{
		_ASSERTE(pImg!=NULL && pImg->ptrBegin!=NULL && pImg->pHdr!=NULL);
		return NULL;
	}

	PIMAGE_SECTION_HEADER pSectionHdr;
	INT delta;
	pSectionHdr = GetEnclosingSectionHeader(rva, pImg);

	if (!pSectionHdr)
		return NULL;

	delta = (INT)(pSectionHdr->VirtualAddress - pSectionHdr->PointerToRawData);
	return (LPVOID)(pImg->ptrBegin + rva - delta);
}

Esempio n. 6

Mostra file

File: Scan.cpp Progetto: shishir993/dasm

//
// ** Mostly from Matt Pietrek's PEDUMP.exe **
//
BOOL DumpExports(DWORD dwFileBase, IMAGE_NT_HEADERS *pNTHeader, IMAGE_DATA_DIRECTORY *pDataDir_Exp)
{
    ASSERT(pNTHeader != NULL && pDataDir_Exp != NULL);

    IMAGE_EXPORT_DIRECTORY *pExportDir = NULL;
    PIMAGE_SECTION_HEADER pExportsSecHeader = NULL;

    DWORD dwExportsBeginRVA = 0;
    DWORD dwExportsEndRVA = 0;

    INT delta = 0;
    PSTR filename;
    PDWORD functions;
    PWORD ordinals;
    PSTR *name;

    char szTimestampStr[STRLEN_CTIME];

    if (pDataDir_Exp->VirtualAddress == 0 || pDataDir_Exp->Size == 0)
    {
        wprintf_s(L"DumpExports(): No Exports Found\n");
        return FALSE;
    }

    dwExportsBeginRVA = pDataDir_Exp->VirtualAddress;
    dwExportsEndRVA = pDataDir_Exp->VirtualAddress + pDataDir_Exp->Size;

    pExportsSecHeader = GetEnclosingSectionHeader(dwExportsBeginRVA, pNTHeader);

    delta = (INT)(pExportsSecHeader->VirtualAddress - pExportsSecHeader->PointerToRawData);

    pExportDir = (PIMAGE_EXPORT_DIRECTORY)(dwFileBase + (DWORD)(dwExportsBeginRVA - delta));

    filename = (PSTR)(pExportDir->Name - delta + dwFileBase);
    printf("Exports table:\n\n");
    printf("  Name:            %s\n", filename);
    printf("  Characteristics: %08X\n", pExportDir->Characteristics);
    printf("  TimeDateStamp:   %08X -> ", pExportDir->TimeDateStamp);
    if (ctime_s(szTimestampStr, _countof(szTimestampStr), (time_t*)&pExportDir->TimeDateStamp) == 0)
    {
        // Buffer returned from ctime_s() will have \n\0 at the end when successful
        wprintf_s(L"%S", szTimestampStr);
    }
    else
    {
        wprintf_s(L"\n");
    }

    printf("  Version:         %u.%02u\n", pExportDir->MajorVersion, pExportDir->MinorVersion);
    printf("  Ordinal base:    %08X\n", pExportDir->Base);
    printf("  # of functions:  %08X\n", pExportDir->NumberOfFunctions);
    printf("  # of Names:      %08X\n", pExportDir->NumberOfNames);

    functions = (PDWORD)((DWORD)pExportDir->AddressOfFunctions - delta + dwFileBase);
    ordinals = (PWORD)((DWORD)pExportDir->AddressOfNameOrdinals - delta + dwFileBase);
    name = (PSTR*)((DWORD)pExportDir->AddressOfNames - delta + dwFileBase);

    printf("\n  Entry Pt  Ordn  Name\n");
    for (DWORD i = 0; i < pExportDir->NumberOfFunctions; i++)
    {
        DWORD entryPointRVA = functions[i];
        DWORD j;

        if (entryPointRVA == 0)
        {
            // Skip over gaps in exported function ordinals (the entrypoint is 0 for these functions)
            continue;
        }

        printf("  %08X  %4u", entryPointRVA, i + pExportDir->Base);

        // See if this function has an associated name exported for it.
        for (j = 0; j < pExportDir->NumberOfNames; j++)
        {
            if (ordinals[j] == i)
            {
                printf("  %s", name[j] - delta + dwFileBase);
            }
        }

        // Is it a forwarder?  If so, the entry point RVA is inside the
        // .edata section, and is an RVA to the DllName.EntryPointName
        if ((entryPointRVA >= dwExportsBeginRVA) && (entryPointRVA <= dwExportsEndRVA))
        {
            printf(" (forwarder -> %s)", (char*)(entryPointRVA - delta + dwFileBase));
        }

        printf("\n");
    }

    return TRUE;

}// DumpExports()