static unsigned long DLLINTERNAL_NOVIS va_to_mapaddr(void * mapview, IMAGE_SECTION_HEADER * sections, int num_sects, unsigned long vaddr) {
for(int i = 0; i < num_sects; i++)
if(vaddr >= sections[i].VirtualAddress && vaddr < sections[i].VirtualAddress + sections[i].SizeOfRawData)
return(rva_to_va(mapview, (vaddr - sections[i].VirtualAddress + sections[i].PointerToRawData)));
return(0);
}
// Checks module signatures and return ntheaders pointer for valid module
static IMAGE_NT_HEADERS * DLLINTERNAL_NOVIS get_ntheaders(void * mapview) {
union {
unsigned long mem;
IMAGE_DOS_HEADER * dos;
IMAGE_NT_HEADERS * pe;
} mem;
//Check if valid dos header
mem.mem = (unsigned long)mapview;
if(IsBadReadPtr(mem.dos, sizeof(*mem.dos)) || mem.dos->e_magic != IMAGE_DOS_SIGNATURE)
return(0);
//Get and check pe header
mem.mem = rva_to_va(mapview, mem.dos->e_lfanew);
if(IsBadReadPtr(mem.pe, sizeof(*mem.pe)) || mem.pe->Signature != IMAGE_NT_SIGNATURE)
return(0);
return(mem.pe);
}
static void mark_entry_points(pefile_t *pefile, disassembly_t *da)
{
disassembly_t *dptr;
DWORD dwOEP;
assert(pefile);
if (pefile->exports != NULL)
{
int i;
for (i = 0; i < pefile->exports->image_export_directory.NumberOfFunctions; i++)
{
if (pefile->exports->exports[i].export_address_type == EXPORT_ADDRESS_TYPE_RVA)
{
// find the instruction that matches and flag it.
for (dptr = da; dptr != NULL; dptr = dptr->next)
{
if (dptr->MemoryAddress == rva_to_va(pefile, pefile->exports->exports[i].rva.rva))
{
dptr->IsNotRelocatable = TRUE;
break;
}
}
}
}
}
dwOEP = pefile->image_nt_headers.OptionalHeader.AddressOfEntryPoint + pefile->image_nt_headers.OptionalHeader.ImageBase;
for (dptr = da; dptr != NULL ; dptr = dptr->next)
{
if (dptr->MemoryAddress == dwOEP)
{
dptr->IsNotRelocatable = TRUE;
break;
}
}
}
