GumAddress
gum_module_find_export_by_name (const gchar * module_name,
const gchar * symbol_name)
{
if (module_name == NULL)
{
GumFindExportContext ctx;
ctx.symbol_name = symbol_name;
ctx.result = 0;
gum_process_enumerate_modules (gum_store_address_if_module_has_export,
&ctx);
return ctx.result;
}
else
{
HMODULE module;
module = get_module_handle_utf8 (module_name);
if (module == NULL)
return 0;
return GUM_ADDRESS (GetProcAddress (module, symbol_name));
}
}
GumHeapApiList *
gum_process_find_heap_apis (void)
{
GumHeapApiList * list;
list = gum_heap_api_list_new ();
gum_process_enumerate_modules (gum_collect_heap_api_if_crt_module, list);
return list;
}
static GumCodeDeflectorDispatcher *
gum_code_deflector_dispatcher_new (const GumAddressSpec * caller,
gpointer return_address,
gpointer dedicated_target)
{
#if defined (HAVE_DARWIN) || (defined (HAVE_LINUX) && GLIB_SIZEOF_VOID_P == 4)
GumCodeDeflectorDispatcher * dispatcher;
GumProbeRangeForCodeCaveContext probe_ctx;
GumInsertDeflectorContext insert_ctx;
probe_ctx.caller = caller;
probe_ctx.cave.base_address = 0;
probe_ctx.cave.size = 0;
gum_process_enumerate_modules (gum_probe_module_for_code_cave, &probe_ctx);
if (probe_ctx.cave.base_address == 0)
return NULL;
dispatcher = g_slice_new0 (GumCodeDeflectorDispatcher);
dispatcher->address = GSIZE_TO_POINTER (probe_ctx.cave.base_address);
dispatcher->original_data = g_memdup (dispatcher->address,
probe_ctx.cave.size);
dispatcher->original_size = probe_ctx.cave.size;
if (dedicated_target == NULL)
{
gsize thunk_size;
GumMemoryRange range;
thunk_size = gum_query_page_size ();
dispatcher->thunk =
gum_memory_allocate (NULL, thunk_size, thunk_size, GUM_PAGE_RW);
dispatcher->thunk_size = thunk_size;
gum_memory_patch_code (dispatcher->thunk, GUM_MAX_CODE_DEFLECTOR_THUNK_SIZE,
(GumMemoryPatchApplyFunc) gum_write_thunk, dispatcher);
range.base_address = GUM_ADDRESS (dispatcher->thunk);
range.size = thunk_size;
gum_cloak_add_range (&range);
}
insert_ctx.pc = GUM_ADDRESS (dispatcher->address);
insert_ctx.max_size = dispatcher->original_size;
insert_ctx.return_address = return_address;
insert_ctx.dedicated_target = dedicated_target;
insert_ctx.dispatcher = dispatcher;
gum_memory_patch_code (dispatcher->address, dispatcher->original_size,
(GumMemoryPatchApplyFunc) gum_insert_deflector, &insert_ctx);
return dispatcher;
#else
(void) gum_insert_deflector;
(void) gum_write_thunk;
(void) gum_probe_module_for_code_cave;
return NULL;
#endif
}
static void
gum_allocator_probe_apply_default_suppressions (GumAllocatorProbe * self)
{
GumInterceptor * interceptor = self->priv->interceptor;
GArray * ignored;
guint i;
G_LOCK (_gum_allocator_probe_ignored_functions);
if (_gum_allocator_probe_ignored_functions == NULL)
{
static const gchar * internal_function_name[] = {
"g_quark_new",
"instance_real_class_set",
"instance_real_class_remove",
"gst_object_set_name_default"
};
ignored = g_array_new (FALSE, FALSE, sizeof (gpointer));
for (i = 0; i != G_N_ELEMENTS (internal_function_name); i++)
{
GArray * addrs = gum_find_functions_named (internal_function_name[i]);
if (addrs->len != 0)
g_array_append_vals (ignored, addrs->data, addrs->len);
g_array_free (addrs, TRUE);
}
gum_process_enumerate_modules (
gum_allocator_probe_add_suppression_addresses_if_glib, ignored);
_gum_allocator_probe_ignored_functions = ignored;
}
else
{
ignored = _gum_allocator_probe_ignored_functions;
}
G_UNLOCK (_gum_allocator_probe_ignored_functions);
gum_interceptor_begin_transaction (interceptor);
for (i = 0; i != ignored->len; i++)
gum_allocator_probe_suppress (self, g_array_index (ignored, gpointer, i));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_quark_from_string));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_quark_from_static_string));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_signal_connect_data));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_signal_handlers_destroy));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_type_register_static));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_type_add_interface_static));
gum_allocator_probe_suppress (self,
GUM_FUNCPTR_TO_POINTER (g_param_spec_pool_insert));
gum_interceptor_end_transaction (interceptor);
}
