diff options
Diffstat (limited to 'loader/server/manual_map.cpp')
| -rw-r--r-- | loader/server/manual_map.cpp | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/loader/server/manual_map.cpp b/loader/server/manual_map.cpp index 8198c3e..9e7dad7 100644 --- a/loader/server/manual_map.cpp +++ b/loader/server/manual_map.cpp @@ -42,6 +42,7 @@ namespace remote_code { 0xC3 // retn
};
+ // reminder client must pass these to the server at some point..
struct shellcode_args_t {
uint32_t m_virtual_protect; // 0xDEADBEEF
uint32_t m_cheat_entrypoint; // 0xDEADF00D
@@ -108,10 +109,6 @@ namespace inject { pe_file.read((char*)m_file.data(), pe_size);
pe_file.close();
-
- //remote_code::shellcode_args_t args;
- //args = { 0x11111111, 0x22222222, 0x33333333, 0x44444444, 0x55555555 };
- //remote_code::make_code(&args);
}
bool c_pe_file::valid() {
@@ -175,6 +172,43 @@ namespace inject { IMAGE_IMPORT_DESCRIPTOR* import_dir;
IMAGE_IMPORT_BY_NAME* import_table;
+ import_dir = reinterpret_cast<decltype(import_dir)>(m_pe.data()
+ + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
+
+ while (import_dir->Characteristics) {
+ orig_first_thunk = reinterpret_cast<decltype(orig_first_thunk)>(m_pe.data() + import_dir->OriginalFirstThunk);
+ first_thunk = reinterpret_cast<decltype(first_thunk)>(m_pe.data() + import_dir->FirstThunk);
+
+ // functions are imported by the fnv hash of func name
+ while (orig_first_thunk->u1.AddressOfData) {
+ // ordinals are homo
+ if (orig_first_thunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) {
+ const uint16_t ordinal = orig_first_thunk->u1.Ordinal & 0xFFFF;
+ for (auto &it : m_exports) {
+ if (it.m_ordinal == ordinal)
+ first_thunk->u1.Function = it.m_address;
+ }
+ }
+ else {
+ import_table = reinterpret_cast<decltype(import_table)>(m_pe.data() + orig_first_thunk->u1.AddressOfData);
+
+ // look up export by hash
+ const auto hash = hash::fnv1a(import_table->Name);
+ for (auto &it : m_exports) {
+ if (it.m_hash == hash)
+ first_thunk->u1.Function = it.m_address;
+ }
+ }
+
+ // advance
+ orig_first_thunk++;
+ first_thunk++;
+ }
+
+ // advance
+ import_dir++;
+ }
+
return true;
}
|