77 lines
1.7 KiB
C++
77 lines
1.7 KiB
C++
#ifndef _REMOTEPS_INTERCEPT_HPP_
|
|
#define _REMOTEPS_INTERCEPT_HPP_
|
|
#ifndef _COMMON_WINDOWS_HPP_
|
|
#include <common/windows.hpp>
|
|
#endif
|
|
#ifndef _COMMON_VERSIONINFO_HPP_
|
|
#include <common/version.hpp>
|
|
#endif
|
|
#ifndef _COMMON_BLOCK_HPP_
|
|
#include <common/block.hpp>
|
|
#endif
|
|
#ifndef _COMMON_QUICKSORT_HPP_
|
|
#include <common/qsort.hpp>
|
|
#endif
|
|
#ifndef _COMMON_BINARYSEARCH_HPP_
|
|
#include <common/binsrch.hpp>
|
|
#endif
|
|
#ifndef _COMMON_ARRAY_HPP_
|
|
#include <common/array.hpp>
|
|
#endif
|
|
#ifndef _IMAGE_PUREIMPORT_HPP_
|
|
#include <image/pureimp.hpp>
|
|
#endif
|
|
|
|
template <class T>
|
|
class BinaryTree;
|
|
|
|
class Intercept : public Array<PureImport>
|
|
{
|
|
public:
|
|
Intercept(void);
|
|
~Intercept();
|
|
WORD performIntercept(Array<PureImport> &pureImports,DWORD baseAddress);
|
|
private:
|
|
void loadImportDescriptors(Array<PureImport> &pureImports);
|
|
void loadImportModuleNames(void);
|
|
void moduleEntryPoints(void);
|
|
void resolveImportNames(Array<PureImport> &pureImport);
|
|
WORD importEntryPoint(PureImport &pureImport);
|
|
DWORD baseAddress(void)const;
|
|
WORD isWIN95Thunk(DWORD baseAddress);
|
|
|
|
void loadImportModuleNamesEx(void);
|
|
void loadImportModuleNames(Block<String> &importModuleNames,DWORD baseAddress);
|
|
BOOL isInModuleNames(const String &strModuleName,Block<String> &strModuleNames);
|
|
void entryPoints(BinaryTree<PureImport> &pureImports,DWORD baseAddress);
|
|
|
|
DWORD mBaseAddress;
|
|
Block<String> mImportModuleNames;
|
|
WinVersionInfo mVersionInfo;
|
|
};
|
|
|
|
inline
|
|
Intercept::Intercept(void)
|
|
{
|
|
}
|
|
|
|
inline
|
|
Intercept::~Intercept()
|
|
{
|
|
}
|
|
|
|
inline
|
|
DWORD Intercept::baseAddress(void)const
|
|
{
|
|
return mBaseAddress;
|
|
}
|
|
|
|
inline
|
|
WORD Intercept::isWIN95Thunk(DWORD baseAddress)
|
|
{
|
|
if(*((BYTE*)baseAddress)==0x68&&*(((BYTE*)baseAddress)+5)==0xE9)return TRUE;
|
|
return FALSE;
|
|
}
|
|
#endif
|
|
|