blob: 7397c7d895cec61793f594ab0ac12bf45398e3d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
#include <RemoteCode/RemoteProcess.hpp>
namespace RemoteCode {
// RemoteModule implementation
RemoteModule::RemoteModule(HANDLE Module, RemoteProcess &Process) :
m_Module(Module) {
// Read information about module.
MODULEINFO ModuleInfo{};
if(!K32GetModuleInformation(Process, (HMODULE)Module, &ModuleInfo, sizeof ModuleInfo))
return;
// Read module data.
m_ModuleData.reserve(ModuleInfo.SizeOfImage);
Process.Read(ModuleInfo.lpBaseOfDll, m_ModuleData.data(), m_ModuleData.size());
}
uintptr_t RemoteModule::Scan(ByteArray &Data) {
if(m_ModuleData.empty())
return uintptr_t{};
// We have a valid file (?)
uint8_t *Buffer = m_ModuleData.data();
if(!Buffer || *(uint16_t *)Buffer != IMAGE_DOS_SIGNATURE)
return uintptr_t{};
// Read PE information.
IMAGE_DOS_HEADER *DosHeader = (IMAGE_DOS_HEADER *)Buffer;
IMAGE_NT_HEADERS *NtHeaders = (IMAGE_NT_HEADERS *)(Buffer + DosHeader->e_lfanew);
if(NtHeaders->Signature != IMAGE_NT_SIGNATURE)
return uintptr_t{};
// Find signature.
ByteArray::iterator Iterator = std::search(
m_ModuleData.begin(),
m_ModuleData.end(),
Data.begin(),
Data.end()
);
return (uintptr_t)std::distance(m_ModuleData.begin(), Iterator);
}
// RemoteProcess implementation
}
|
