BOOL CR_ModuleEx::_PrepareForDisAsm32() { if (!IsModuleLoaded() || !Is32Bit()) return FALSE; _CreateInfo32(); if (Info32()->Entrances().size()) { return TRUE; } // register entrances auto RVA = RVAOfEntryPoint(); CR_Addr32 va = VA32FromRVA(RVA); Info32()->Entrances().emplace(va); { auto codefunc = make_shared<CR_CodeFunc32>(); codefunc->Addr() = va; codefunc->Name() = "EntryPoint"; codefunc->StackArgSizeRange().Set(0); codefunc->FuncFlags() |= cr_FF_CDECL; Info32()->MapAddrToCodeFunc().emplace(va, codefunc); MapRVAToFuncName().emplace(RVA, codefunc->Name()); MapFuncNameToRVA().emplace(codefunc->Name(), RVA); } // exporting functions are entrances for (auto& e_symbol : ExportSymbols()) { va = VA32FromRVA(e_symbol.dwRVA); if (!AddressInCode32(va)) { continue; } Info32()->Entrances().emplace(va); MapRVAToFuncName().emplace(e_symbol.dwRVA, e_symbol.pszName); MapFuncNameToRVA().emplace(e_symbol.pszName, e_symbol.dwRVA); } return TRUE; } // CR_ModuleEx::_PrepareForDisAsm32
void CR_Module::DumpExportSymbols() { PIMAGE_EXPORT_DIRECTORY pDir = ExportDirectory(); if (pDir == NULL) return; //DWORD dwNumberOfNames = pDir->NumberOfNames; //DWORD dwAddressOfFunctions = pDir->AddressOfFunctions; //DWORD dwAddressOfNames = pDir->AddressOfNames; //DWORD dwAddressOfOrdinals = pDir->AddressOfNameOrdinals; //LPDWORD pEAT = (LPDWORD)GetData(dwAddressOfFunctions); //LPDWORD pENPT = (LPDWORD)GetData(dwAddressOfNames); //LPWORD pOT = (LPWORD)GetData(dwAddressOfOrdinals); printf("\n### EXPORTS ###\n"); printf(" Characteristics: 0x%08lX\n", pDir->Characteristics); printf(" TimeDateStamp: 0x%08lX (%s)\n", pDir->TimeDateStamp, CrGetTimeStampString(pDir->TimeDateStamp)); printf(" Version: %u.%u\n", pDir->MajorVersion, pDir->MinorVersion); printf(" Name: 0x%08lX (%s)\n", pDir->Name, reinterpret_cast<char *>(GetData(pDir->Name))); printf(" Base: 0x%08lX (%lu)\n", pDir->Base, pDir->Base); printf(" NumberOfFunctions: 0x%08lX (%lu)\n", pDir->NumberOfFunctions, pDir->NumberOfFunctions); printf(" NumberOfNames: 0x%08lX (%lu)\n", pDir->NumberOfNames, pDir->NumberOfNames); printf(" AddressOfFunctions: 0x%08lX\n", pDir->AddressOfFunctions); printf(" AddressOfNames: 0x%08lX\n", pDir->AddressOfNames); printf(" AddressOfNameOrdinals: 0x%08lX\n", pDir->AddressOfNameOrdinals); printf(" \n"); printf(" %-50s %-5s ; %-8s %-8s\n", "FUNCTION NAME", "ORDI.", "RVA", "VA"); for (DWORD i = 0; i < ExportSymbols().size(); ++i) { CR_ExportSymbol& symbol = ExportSymbols()[i]; if (symbol.dwRVA) { if (Is64Bit()) { CR_Addr64 va = VA64FromRVA(symbol.dwRVA); if (symbol.pszName) printf(" %-50s @%-4lu ; %08lX %08lX%08lX\n", symbol.pszName, symbol.dwOrdinal, symbol.dwRVA, HILONG(va), LOLONG(va)); else printf(" %-50s @%-4lu ; %08lX %08lX%08lX\n", "(No Name)", symbol.dwOrdinal, symbol.dwRVA, HILONG(va), LOLONG(va)); } else if (Is32Bit()) { CR_Addr32 va = VA32FromRVA(symbol.dwRVA); if (symbol.pszName) printf(" %-50s @%-4lu ; %08lX %08lX\n", symbol.pszName, symbol.dwOrdinal, symbol.dwRVA, va); else printf(" %-50s @%-4lu ; %08lX %08lX\n", "(No Name)", symbol.dwOrdinal, symbol.dwRVA, va); } } else { if (symbol.pszName) printf(" %-50s @%-4lu ; (forwarded to %s)\n", "(No Name)", symbol.dwOrdinal, symbol.pszForwarded); else printf(" %-50s @%-4lu ; (forwarded to %s)\n", "(No Name)", symbol.dwOrdinal, symbol.pszForwarded); } } printf("\n\n"); }