From 793965d3c2816fc1b672c9173b3b831d82cdec33 Mon Sep 17 00:00:00 2001
From: boris <wzn@moneybot.cc>
Date: Wed, 5 Dec 2018 14:25:59 +1300
Subject: server

---
 loader/server/manual_map.cpp | 42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

(limited to 'loader/server/manual_map.cpp')

diff --git a/loader/server/manual_map.cpp b/loader/server/manual_map.cpp
index 8198c3e..9e7dad7 100644
--- a/loader/server/manual_map.cpp
+++ b/loader/server/manual_map.cpp
@@ -42,6 +42,7 @@ namespace remote_code {
 		0xC3															//		retn
 	};
 
+	// reminder client must pass these to the server at some point..
 	struct shellcode_args_t {
 		uint32_t m_virtual_protect;		// 0xDEADBEEF
 		uint32_t m_cheat_entrypoint;	// 0xDEADF00D
@@ -108,10 +109,6 @@ namespace inject {
 		pe_file.read((char*)m_file.data(), pe_size);
 
 		pe_file.close();
-
-		//remote_code::shellcode_args_t args;
-		//args = { 0x11111111, 0x22222222, 0x33333333, 0x44444444, 0x55555555 };
-		//remote_code::make_code(&args);
 	}
 
 	bool c_pe_file::valid() {
@@ -175,6 +172,43 @@ namespace inject {
 		IMAGE_IMPORT_DESCRIPTOR* import_dir;
 		IMAGE_IMPORT_BY_NAME* import_table;
 
+		import_dir = reinterpret_cast<decltype(import_dir)>(m_pe.data() 
+			+ nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);
+
+		while (import_dir->Characteristics) {
+			orig_first_thunk = reinterpret_cast<decltype(orig_first_thunk)>(m_pe.data() + import_dir->OriginalFirstThunk);
+			first_thunk = reinterpret_cast<decltype(first_thunk)>(m_pe.data() + import_dir->FirstThunk);
+
+			// functions are imported by the fnv hash of func name
+			while (orig_first_thunk->u1.AddressOfData) {
+				// ordinals are homo
+				if (orig_first_thunk->u1.Ordinal & IMAGE_ORDINAL_FLAG) {
+					const uint16_t ordinal = orig_first_thunk->u1.Ordinal & 0xFFFF;
+					for (auto &it : m_exports) {
+						if (it.m_ordinal == ordinal)
+							first_thunk->u1.Function = it.m_address;
+					}
+				}
+				else {
+					import_table = reinterpret_cast<decltype(import_table)>(m_pe.data() + orig_first_thunk->u1.AddressOfData);
+
+					// look up export by hash
+					const auto hash = hash::fnv1a(import_table->Name);
+					for (auto &it : m_exports) {
+						if (it.m_hash == hash)
+							first_thunk->u1.Function = it.m_address;
+					}
+				}
+
+				// advance
+				orig_first_thunk++;
+				first_thunk++;
+			}
+
+			// advance
+			import_dir++;
+		}
+
 		return true;
 	}
 
-- 
cgit v1.2.3