mirror of https://github.com/x64dbg/TitanEngine
rewrote GetPE32SectionNumberFromVA
This commit is contained in:
parent
3c8b51aa52
commit
c6744a2602
|
|
@ -4,88 +4,72 @@
|
||||||
|
|
||||||
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert)
|
__declspec(dllexport) long TITCALL GetPE32SectionNumberFromVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert)
|
||||||
{
|
{
|
||||||
|
if(!FileMapVA)
|
||||||
|
return -2;
|
||||||
|
|
||||||
PIMAGE_DOS_HEADER DOSHeader;
|
PIMAGE_DOS_HEADER DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
||||||
PIMAGE_NT_HEADERS32 PEHeader32;
|
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
||||||
PIMAGE_NT_HEADERS64 PEHeader64;
|
|
||||||
PIMAGE_SECTION_HEADER PESections;
|
|
||||||
ULONG_PTR FoundInSection = -1;
|
|
||||||
DWORD SectionNumber = 0;
|
|
||||||
DWORD ConvertAddress = 0;
|
|
||||||
BOOL FileIs64;
|
|
||||||
|
|
||||||
if(FileMapVA != NULL)
|
|
||||||
{
|
{
|
||||||
DOSHeader = (PIMAGE_DOS_HEADER)FileMapVA;
|
PIMAGE_NT_HEADERS32 PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
if(EngineValidateHeader(FileMapVA, NULL, NULL, DOSHeader, true))
|
PIMAGE_NT_HEADERS64 PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
||||||
|
BOOL FileIs64;
|
||||||
|
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
||||||
|
FileIs64 = false;
|
||||||
|
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
||||||
|
FileIs64 = true;
|
||||||
|
else
|
||||||
|
return -2;
|
||||||
|
|
||||||
|
if(!FileIs64) //x86
|
||||||
{
|
{
|
||||||
PEHeader32 = (PIMAGE_NT_HEADERS32)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
__try
|
||||||
PEHeader64 = (PIMAGE_NT_HEADERS64)((ULONG_PTR)DOSHeader + DOSHeader->e_lfanew);
|
|
||||||
if(PEHeader32->OptionalHeader.Magic == 0x10B)
|
|
||||||
{
|
{
|
||||||
FileIs64 = false;
|
ULONG_PTR ConvertAddress = AddressToConvert - PEHeader32->OptionalHeader.ImageBase;
|
||||||
}
|
PIMAGE_SECTION_HEADER PESections = IMAGE_FIRST_SECTION(PEHeader32);
|
||||||
else if(PEHeader32->OptionalHeader.Magic == 0x20B)
|
DWORD SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
||||||
{
|
DWORD FoundInSection = -1;
|
||||||
FileIs64 = true;
|
while(SectionNumber > 0)
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return(-2);
|
|
||||||
}
|
|
||||||
if(!FileIs64)
|
|
||||||
{
|
|
||||||
__try
|
|
||||||
{
|
{
|
||||||
ConvertAddress = (DWORD)((DWORD)AddressToConvert - PEHeader32->OptionalHeader.ImageBase);
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader32 + PEHeader32->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
|
||||||
SectionNumber = PEHeader32->FileHeader.NumberOfSections;
|
|
||||||
while(SectionNumber > 0)
|
|
||||||
{
|
{
|
||||||
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
FoundInSection = PEHeader32->FileHeader.NumberOfSections - SectionNumber;
|
||||||
{
|
|
||||||
FoundInSection = PEHeader32->FileHeader.NumberOfSections - SectionNumber;
|
|
||||||
}
|
|
||||||
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
|
||||||
SectionNumber--;
|
|
||||||
}
|
}
|
||||||
return((DWORD)FoundInSection);
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
}
|
SectionNumber--;
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
return(-2);
|
|
||||||
}
|
}
|
||||||
|
return FoundInSection;
|
||||||
}
|
}
|
||||||
else
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
{
|
{
|
||||||
__try
|
return -2;
|
||||||
{
|
|
||||||
ConvertAddress = (DWORD)(AddressToConvert - PEHeader64->OptionalHeader.ImageBase);
|
|
||||||
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PEHeader64 + PEHeader64->FileHeader.SizeOfOptionalHeader + sizeof(IMAGE_FILE_HEADER) + 4);
|
|
||||||
SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
|
||||||
while(SectionNumber > 0)
|
|
||||||
{
|
|
||||||
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
|
||||||
{
|
|
||||||
FoundInSection = PEHeader64->FileHeader.NumberOfSections - SectionNumber;
|
|
||||||
}
|
|
||||||
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
|
||||||
SectionNumber--;
|
|
||||||
}
|
|
||||||
return((DWORD)FoundInSection);
|
|
||||||
}
|
|
||||||
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
||||||
{
|
|
||||||
return(-2);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else //x64
|
||||||
{
|
{
|
||||||
return(-2);
|
__try
|
||||||
|
{
|
||||||
|
ULONG_PTR ConvertAddress = AddressToConvert - PEHeader64->OptionalHeader.ImageBase;
|
||||||
|
PIMAGE_SECTION_HEADER PESections = IMAGE_FIRST_SECTION(PEHeader64);
|
||||||
|
DWORD SectionNumber = PEHeader64->FileHeader.NumberOfSections;
|
||||||
|
DWORD FoundInSection = -1;
|
||||||
|
while(SectionNumber > 0)
|
||||||
|
{
|
||||||
|
if(PESections->VirtualAddress <= ConvertAddress && ConvertAddress < PESections->VirtualAddress + PESections->Misc.VirtualSize)
|
||||||
|
{
|
||||||
|
FoundInSection = PEHeader64->FileHeader.NumberOfSections - SectionNumber;
|
||||||
|
}
|
||||||
|
PESections = (PIMAGE_SECTION_HEADER)((ULONG_PTR)PESections + IMAGE_SIZEOF_SECTION_HEADER);
|
||||||
|
SectionNumber--;
|
||||||
|
}
|
||||||
|
return FoundInSection;
|
||||||
|
}
|
||||||
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
||||||
|
{
|
||||||
|
return -2;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return(-2);
|
return -2;
|
||||||
}
|
}
|
||||||
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
__declspec(dllexport) ULONG_PTR TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue