53 lines
1.1 KiB
C++
53 lines
1.1 KiB
C++
#ifndef _APISPY_INTERCEPT_HPP_
|
|
#define _APISPY_INTERCEPT_HPP_
|
|
#include <common/windows.hpp>
|
|
#include <common/block.hpp>
|
|
#include <common/pvector.hpp>
|
|
#include <common/qsort.hpp>
|
|
#include <common/binsrch.hpp>
|
|
#include <image/pureimp.hpp>
|
|
|
|
class Intercept : public PureVector<PureImport>
|
|
{
|
|
public:
|
|
Intercept(void);
|
|
~Intercept();
|
|
WORD performIntercept(PureVector<PureImport> &pureImports,DWORD baseAddress);
|
|
private:
|
|
void loadImportDescriptors(PureVector<PureImport> &pureImports);
|
|
void loadImportModuleNames(void);
|
|
void moduleEntryPoints(void);
|
|
void resolveImportNames(PureVector<PureImport> &pureImport);
|
|
WORD importEntryPoint(PureImport &pureImport);
|
|
DWORD baseAddress(void)const;
|
|
WORD isWIN95Thunk(DWORD baseAddress);
|
|
|
|
DWORD mBaseAddress;
|
|
Block<String> mImportModuleNames;
|
|
};
|
|
|
|
inline
|
|
Intercept::Intercept(void)
|
|
{
|
|
}
|
|
|
|
inline
|
|
Intercept::~Intercept()
|
|
{
|
|
}
|
|
|
|
inline
|
|
DWORD Intercept::baseAddress(void)const
|
|
{
|
|
return mBaseAddress;
|
|
}
|
|
|
|
inline
|
|
WORD Intercept::isWIN95Thunk(DWORD baseAddress)
|
|
{
|
|
if(*((BYTE*)baseAddress)==0x68&&*(((BYTE*)baseAddress)+5)==0xE9)return TRUE;
|
|
return FALSE;
|
|
}
|
|
#endif
|
|
|