35 lines
1.1 KiB
C
35 lines
1.1 KiB
C
|
#include <stdint.h>
|
||
|
|
|
||
|
|
#include <pe.h>
|
||
|
|
|
||
|
|
void pe_find_section(HMODULE module, const char *section, MEMORY_BASIC_INFORMATION *buf) {
|
||
|
|
char *cModule = (char*)module;
|
||
|
|
|
||
|
|
IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER*)module;
|
||
|
|
IMAGE_NT_HEADERS64* ntHeaders = (IMAGE_NT_HEADERS64*)(cModule + dosHeader->e_lfanew);
|
||
|
|
|
||
|
|
uint16_t sectionCount = ntHeaders->FileHeader.NumberOfSections;
|
||
|
|
IMAGE_SECTION_HEADER* sectionHeader = (IMAGE_SECTION_HEADER*)(ntHeaders + 1);
|
||
|
|
|
||
|
|
void* targetAddress = 0x0;
|
||
|
|
for (uint16_t i = 0; i < sectionCount; i++) {
|
||
|
|
if (strncmp((char*)sectionHeader->Name, section, 8) == 0) {
|
||
|
|
targetAddress = (void*)(cModule + sectionHeader->VirtualAddress);
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
|
||
|
|
sectionHeader++;
|
||
|
|
}
|
||
|
|
|
||
|
|
VirtualQuery(targetAddress, buf, sizeof(MEMORY_BASIC_INFORMATION));
|
||
|
|
}
|
||
|
|
|
||
|
|
void *pe_find_entry_point(HMODULE module) {
|
||
|
|
char *cModule = (char*)module;
|
||
|
|
|
||
|
|
IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER*)module;
|
||
|
|
IMAGE_NT_HEADERS64* ntHeaders = (IMAGE_NT_HEADERS64*)(cModule + dosHeader->e_lfanew);
|
||
|
|
|
||
|
|
return cModule + ntHeaders->OptionalHeader.AddressOfEntryPoint;
|
||
|
|
}
|