NTSTATUS PhInitializeMappedArchive(
_Out_ PPH_MAPPED_ARCHIVE MappedArchive,
_In_ PVOID ViewBase,
_In_ SIZE_T Size
)
{
NTSTATUS status;
PCHAR start;
start = (PCHAR)ViewBase;
memset(MappedArchive, 0, sizeof(PH_MAPPED_ARCHIVE));
MappedArchive->ViewBase = ViewBase;
MappedArchive->Size = Size;
__try
{
// Verify the file signature.
PhpMappedArchiveProbe(MappedArchive, start, IMAGE_ARCHIVE_START_SIZE);
if (memcmp(start, IMAGE_ARCHIVE_START, IMAGE_ARCHIVE_START_SIZE) != 0)
PhRaiseStatus(STATUS_INVALID_IMAGE_FORMAT);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return GetExceptionCode();
}
// Get the members.
// Note: the names are checked.
// First linker member
status = PhpGetMappedArchiveMemberFromHeader(
MappedArchive,
(PIMAGE_ARCHIVE_MEMBER_HEADER)(start + IMAGE_ARCHIVE_START_SIZE),
&MappedArchive->FirstLinkerMember
);
if (!NT_SUCCESS(status))
return status;
if (MappedArchive->FirstLinkerMember.Type != LinkerArchiveMemberType)
return STATUS_INVALID_PARAMETER;
MappedArchive->FirstStandardMember = &MappedArchive->FirstLinkerMember;
// Second linker member
status = PhGetNextMappedArchiveMember(
&MappedArchive->FirstLinkerMember,
&MappedArchive->SecondLinkerMember
);
if (!NT_SUCCESS(status))
return status;
if (MappedArchive->SecondLinkerMember.Type != LinkerArchiveMemberType)
return STATUS_INVALID_PARAMETER;
// Longnames member
// This member doesn't seem to be mandatory, contrary to the specification.
// So we'll check if it's actually a longnames member, and if not, ignore it.
status = PhGetNextMappedArchiveMember(
&MappedArchive->SecondLinkerMember,
&MappedArchive->LongnamesMember
);
if (
NT_SUCCESS(status) &&
MappedArchive->LongnamesMember.Type == LongnamesArchiveMemberType
)
{
MappedArchive->HasLongnamesMember = TRUE;
MappedArchive->LastStandardMember = &MappedArchive->LongnamesMember;
}
else
{
MappedArchive->LastStandardMember = &MappedArchive->SecondLinkerMember;
}
return STATUS_SUCCESS;
}
INT_PTR CALLBACK PvpLibExportsDlgProc(
__in HWND hwndDlg,
__in UINT uMsg,
__in WPARAM wParam,
__in LPARAM lParam
)
{
switch (uMsg)
{
case WM_INITDIALOG:
{
ULONG fallbackColumns[] = { 0, 1, 2, 3 };
HWND lvHandle;
PH_MAPPED_ARCHIVE_MEMBER member;
PH_MAPPED_ARCHIVE_IMPORT_ENTRY importEntry;
PhCenterWindow(GetParent(hwndDlg), NULL);
lvHandle = GetDlgItem(hwndDlg, IDC_LIST);
PhSetListViewStyle(lvHandle, FALSE, TRUE);
PhSetControlTheme(lvHandle, L"explorer");
PhAddListViewColumn(lvHandle, 0, 0, 0, LVCFMT_LEFT, 60, L"DLL");
PhAddListViewColumn(lvHandle, 1, 1, 1, LVCFMT_LEFT, 200, L"Name");
PhAddListViewColumn(lvHandle, 2, 2, 2, LVCFMT_LEFT, 40, L"Ordinal/Hint");
PhAddListViewColumn(lvHandle, 3, 3, 3, LVCFMT_LEFT, 40, L"Type");
PhAddListViewColumn(lvHandle, 4, 4, 4, LVCFMT_LEFT, 60, L"Name Type");
PhSetExtendedListView(lvHandle);
ExtendedListView_AddFallbackColumns(lvHandle, 4, fallbackColumns);
member = *PvMappedArchive.LastStandardMember;
while (NT_SUCCESS(PhGetNextMappedArchiveMember(&member, &member)))
{
if (NT_SUCCESS(PhGetMappedArchiveImportEntry(&member, &importEntry)))
{
INT lvItemIndex;
PPH_STRING name;
WCHAR number[PH_INT32_STR_LEN_1];
PWSTR type;
name = PhCreateStringFromAnsi(importEntry.DllName);
lvItemIndex = PhAddListViewItem(lvHandle, MAXINT, name->Buffer, NULL);
PhDereferenceObject(name);
name = PhCreateStringFromAnsi(importEntry.Name);
PhSetListViewSubItem(lvHandle, lvItemIndex, 1, name->Buffer);
PhDereferenceObject(name);
// Ordinal is unioned with NameHint, so this works both ways.
PhPrintUInt32(number, importEntry.Ordinal);
PhSetListViewSubItem(lvHandle, lvItemIndex, 2, number);
switch (importEntry.Type)
{
case IMPORT_OBJECT_CODE:
type = L"Code";
break;
case IMPORT_OBJECT_DATA:
type = L"Data";
break;
case IMPORT_OBJECT_CONST:
type = L"Const";
break;
default:
type = L"Unknown";
break;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 3, type);
switch (importEntry.NameType)
{
case IMPORT_OBJECT_ORDINAL:
type = L"Ordinal";
break;
case IMPORT_OBJECT_NAME:
type = L"Name";
break;
case IMPORT_OBJECT_NAME_NO_PREFIX:
type = L"Name, No Prefix";
break;
case IMPORT_OBJECT_NAME_UNDECORATE:
type = L"Name, Undecorate";
break;
default:
type = L"Unknown";
break;
}
PhSetListViewSubItem(lvHandle, lvItemIndex, 4, type);
}
}
ExtendedListView_SortItems(lvHandle);
}
break;
case WM_NOTIFY:
{
PvHandleListViewNotifyForCopy(lParam, GetDlgItem(hwndDlg, IDC_LIST));
}
break;
}
return FALSE;
}
