1
0
Fork 0

DBG: added mod.headerva expression function

This commit is contained in:
Duncan Ogilvie 2018-05-09 17:39:36 +02:00
parent 87c3238de8
commit 2665df4eb3
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
5 changed files with 15 additions and 0 deletions

View File

@ -66,6 +66,7 @@ void ExpressionFunctions::Init()
RegisterEasy("mod.main,mod.mainbase", dbgdebuggedbase);
RegisterEasy("mod.rva", modrva);
RegisterEasy("mod.offset,mod.fileoffset", valvatofileoffset);
RegisterEasy("mod.headerva", modheaderva);
//Process information
RegisterEasy("peb,PEB", peb);

View File

@ -51,6 +51,16 @@ namespace Exprfunc
return base ? addr - base : 0;
}
duint modheaderva(duint addr)
{
SHARED_ACQUIRE(LockModules);
auto info = ModInfoFromAddr(addr);
if(info)
return (addr - info->base) + info->headerImageBase;
else
return 0;
}
static duint selstart(int hWindow)
{
SELECTIONDATA selection;

View File

@ -11,6 +11,7 @@ namespace Exprfunc
duint modsystem(duint addr);
duint moduser(duint addr);
duint modrva(duint addr);
duint modheaderva(duint addr);
duint disasmsel();
duint dumpsel();

View File

@ -567,6 +567,8 @@ void GetModuleInfo(MODINFO & Info, ULONG_PTR FileMapVA)
// OEP can't start at the PE header/offset 0 -- except if module is an EXE.
Info.entry = moduleOEP + Info.base;
Info.headerImageBase = HEADER_FIELD(Info.headers, ImageBase);
if(!moduleOEP)
{
// If this wasn't an exe, invalidate the entry point

View File

@ -77,6 +77,7 @@ struct MODINFO
duint size = 0; // Module size
duint hash = 0; // Full module name hash
duint entry = 0; // Entry point
duint headerImageBase = 0; // ImageBase field in OptionalHeader
char name[MAX_MODULE_SIZE]; // Module name (without extension)
char extension[MAX_MODULE_SIZE]; // File extension (including the dot)