1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
/*************************************************************************/
/* Copyright (c) 2015 dx, http://kaimi.ru */
/* */
/* Permission is hereby granted, free of charge, to any person */
/* obtaining a copy of this software and associated documentation */
/* files (the "Software"), to deal in the Software without */
/* restriction, including without limitation the rights to use, */
/* copy, modify, merge, publish, distribute, sublicense, and/or */
/* sell copies of the Software, and to permit persons to whom the */
/* Software is furnished to do so, subject to the following conditions: */
/* The above copyright notice and this permission notice shall be */
/* included in all copies or substantial portions of the Software. */
/* */
/* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, */
/* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF */
/* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.*/
/* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY */
/* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, */
/* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE */
/* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */
/*************************************************************************/
#pragma once
#include <vector>
#include <string>
#include "pe_structures.h"
#include "pe_base.h"
#include "pe_directory.h"
namespace pe_bliss
{
//Class representing exported function
class exported_function
{
public:
//Default constructor
exported_function();
//Returns ordinal of function (actually, ordinal = hint + ordinal base)
uint16_t get_ordinal() const;
//Returns RVA of function
uint32_t get_rva() const;
//Returns true if function has name and name ordinal
bool has_name() const;
//Returns name of function
const std::string& get_name() const;
//Returns name ordinal of function
uint16_t get_name_ordinal() const;
//Returns true if function is forwarded to other library
bool is_forwarded() const;
//Returns the name of forwarded function
const std::string& get_forwarded_name() const;
public: //Setters do not change everything inside image, they are used by PE class
//You can also use them to rebuild export directory
//Sets ordinal of function
void set_ordinal(uint16_t ordinal);
//Sets RVA of function
void set_rva(uint32_t rva);
//Sets name of function (or clears it, if empty name is passed)
void set_name(const std::string& name);
//Sets name ordinal
void set_name_ordinal(uint16_t name_ordinal);
//Sets forwarded function name (or clears it, if empty name is passed)
void set_forwarded_name(const std::string& name);
private:
uint16_t ordinal_; //Function ordinal
uint32_t rva_; //Function RVA
std::string name_; //Function name
bool has_name_; //true == function has name
uint16_t name_ordinal_; //Function name ordinal
bool forward_; //true == function is forwarded
std::string forward_name_; //Name of forwarded function
};
//Class representing export information
class export_info
{
public:
//Default constructor
export_info();
//Returns characteristics
uint32_t get_characteristics() const;
//Returns timestamp
uint32_t get_timestamp() const;
//Returns major version
uint16_t get_major_version() const;
//Returns minor version
uint16_t get_minor_version() const;
//Returns DLL name
const std::string& get_name() const;
//Returns ordinal base
uint32_t get_ordinal_base() const;
//Returns number of functions
uint32_t get_number_of_functions() const;
//Returns number of function names
uint32_t get_number_of_names() const;
//Returns RVA of function address table
uint32_t get_rva_of_functions() const;
//Returns RVA of function name address table
uint32_t get_rva_of_names() const;
//Returns RVA of name ordinals table
uint32_t get_rva_of_name_ordinals() const;
public: //Setters do not change everything inside image, they are used by PE class
//You can also use them to rebuild export directory using rebuild_exports
//Sets characteristics
void set_characteristics(uint32_t characteristics);
//Sets timestamp
void set_timestamp(uint32_t timestamp);
//Sets major version
void set_major_version(uint16_t major_version);
//Sets minor version
void set_minor_version(uint16_t minor_version);
//Sets DLL name
void set_name(const std::string& name);
//Sets ordinal base
void set_ordinal_base(uint32_t ordinal_base);
//Sets number of functions
void set_number_of_functions(uint32_t number_of_functions);
//Sets number of function names
void set_number_of_names(uint32_t number_of_names);
//Sets RVA of function address table
void set_rva_of_functions(uint32_t rva_of_functions);
//Sets RVA of function name address table
void set_rva_of_names(uint32_t rva_of_names);
//Sets RVA of name ordinals table
void set_rva_of_name_ordinals(uint32_t rva_of_name_ordinals);
private:
uint32_t characteristics_;
uint32_t timestamp_;
uint16_t major_version_;
uint16_t minor_version_;
std::string name_;
uint32_t ordinal_base_;
uint32_t number_of_functions_;
uint32_t number_of_names_;
uint32_t address_of_functions_;
uint32_t address_of_names_;
uint32_t address_of_name_ordinals_;
};
//Exported functions list typedef
typedef std::vector<exported_function> exported_functions_list;
//Returns array of exported functions
const exported_functions_list get_exported_functions(const pe_base& pe);
//Returns array of exported functions and information about export
const exported_functions_list get_exported_functions(const pe_base& pe, export_info& info);
//Helper export functions
//Returns pair: <ordinal base for supplied functions; maximum ordinal value for supplied functions>
const std::pair<uint16_t, uint16_t> get_export_ordinal_limits(const exported_functions_list& exports);
//Checks if exported function name already exists
bool exported_name_exists(const std::string& function_name, const exported_functions_list& exports);
//Checks if exported function ordinal already exists
bool exported_ordinal_exists(uint16_t ordinal, const exported_functions_list& exports);
//Export directory rebuilder
//info - export information
//exported_functions_list - list of exported functions
//exports_section - section where export directory will be placed (must be attached to PE image)
//offset_from_section_start - offset from exports_section raw data start
//save_to_pe_headers - if true, new export directory information will be saved to PE image headers
//auto_strip_last_section - if true and exports are placed in the last section, it will be automatically stripped
//number_of_functions and number_of_names parameters don't matter in "info" when rebuilding, they're calculated independently
//characteristics, major_version, minor_version, timestamp and name are the only used members of "info" structure
//Returns new export directory information
//exported_functions_list is copied intentionally to be sorted by ordinal values later
//Name ordinals in exported function don't matter, they will be recalculated
const image_directory rebuild_exports(pe_base& pe, const export_info& info, exported_functions_list exports, section& exports_section, uint32_t offset_from_section_start = 0, bool save_to_pe_header = true, bool auto_strip_last_section = true);
}
|