GumAddress gum_module_find_export_by_name (const gchar * module_name, const gchar * symbol_name) { if (module_name == NULL) { GumFindExportContext ctx; ctx.symbol_name = symbol_name; ctx.result = 0; gum_process_enumerate_modules (gum_store_address_if_module_has_export, &ctx); return ctx.result; } else { HMODULE module; module = get_module_handle_utf8 (module_name); if (module == NULL) return 0; return GUM_ADDRESS (GetProcAddress (module, symbol_name)); } }
GumHeapApiList * gum_process_find_heap_apis (void) { GumHeapApiList * list; list = gum_heap_api_list_new (); gum_process_enumerate_modules (gum_collect_heap_api_if_crt_module, list); return list; }
static GumCodeDeflectorDispatcher * gum_code_deflector_dispatcher_new (const GumAddressSpec * caller, gpointer return_address, gpointer dedicated_target) { #if defined (HAVE_DARWIN) || (defined (HAVE_LINUX) && GLIB_SIZEOF_VOID_P == 4) GumCodeDeflectorDispatcher * dispatcher; GumProbeRangeForCodeCaveContext probe_ctx; GumInsertDeflectorContext insert_ctx; probe_ctx.caller = caller; probe_ctx.cave.base_address = 0; probe_ctx.cave.size = 0; gum_process_enumerate_modules (gum_probe_module_for_code_cave, &probe_ctx); if (probe_ctx.cave.base_address == 0) return NULL; dispatcher = g_slice_new0 (GumCodeDeflectorDispatcher); dispatcher->address = GSIZE_TO_POINTER (probe_ctx.cave.base_address); dispatcher->original_data = g_memdup (dispatcher->address, probe_ctx.cave.size); dispatcher->original_size = probe_ctx.cave.size; if (dedicated_target == NULL) { gsize thunk_size; GumMemoryRange range; thunk_size = gum_query_page_size (); dispatcher->thunk = gum_memory_allocate (NULL, thunk_size, thunk_size, GUM_PAGE_RW); dispatcher->thunk_size = thunk_size; gum_memory_patch_code (dispatcher->thunk, GUM_MAX_CODE_DEFLECTOR_THUNK_SIZE, (GumMemoryPatchApplyFunc) gum_write_thunk, dispatcher); range.base_address = GUM_ADDRESS (dispatcher->thunk); range.size = thunk_size; gum_cloak_add_range (&range); } insert_ctx.pc = GUM_ADDRESS (dispatcher->address); insert_ctx.max_size = dispatcher->original_size; insert_ctx.return_address = return_address; insert_ctx.dedicated_target = dedicated_target; insert_ctx.dispatcher = dispatcher; gum_memory_patch_code (dispatcher->address, dispatcher->original_size, (GumMemoryPatchApplyFunc) gum_insert_deflector, &insert_ctx); return dispatcher; #else (void) gum_insert_deflector; (void) gum_write_thunk; (void) gum_probe_module_for_code_cave; return NULL; #endif }
static void gum_allocator_probe_apply_default_suppressions (GumAllocatorProbe * self) { GumInterceptor * interceptor = self->priv->interceptor; GArray * ignored; guint i; G_LOCK (_gum_allocator_probe_ignored_functions); if (_gum_allocator_probe_ignored_functions == NULL) { static const gchar * internal_function_name[] = { "g_quark_new", "instance_real_class_set", "instance_real_class_remove", "gst_object_set_name_default" }; ignored = g_array_new (FALSE, FALSE, sizeof (gpointer)); for (i = 0; i != G_N_ELEMENTS (internal_function_name); i++) { GArray * addrs = gum_find_functions_named (internal_function_name[i]); if (addrs->len != 0) g_array_append_vals (ignored, addrs->data, addrs->len); g_array_free (addrs, TRUE); } gum_process_enumerate_modules ( gum_allocator_probe_add_suppression_addresses_if_glib, ignored); _gum_allocator_probe_ignored_functions = ignored; } else { ignored = _gum_allocator_probe_ignored_functions; } G_UNLOCK (_gum_allocator_probe_ignored_functions); gum_interceptor_begin_transaction (interceptor); for (i = 0; i != ignored->len; i++) gum_allocator_probe_suppress (self, g_array_index (ignored, gpointer, i)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_quark_from_string)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_quark_from_static_string)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_signal_connect_data)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_signal_handlers_destroy)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_type_register_static)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_type_add_interface_static)); gum_allocator_probe_suppress (self, GUM_FUNCPTR_TO_POINTER (g_param_spec_pool_insert)); gum_interceptor_end_transaction (interceptor); }