diff --git a/src/dbg/expressionfunctions.cpp b/src/dbg/expressionfunctions.cpp index f68de263..6d5599c1 100644 --- a/src/dbg/expressionfunctions.cpp +++ b/src/dbg/expressionfunctions.cpp @@ -67,6 +67,7 @@ void ExpressionFunctions::Init() RegisterEasy("mod.rva", modrva); RegisterEasy("mod.offset,mod.fileoffset", valvatofileoffset); RegisterEasy("mod.headerva", modheaderva); + RegisterEasy("mod.isexport", modisexport); //Process information RegisterEasy("peb,PEB", peb); diff --git a/src/dbg/exprfunc.cpp b/src/dbg/exprfunc.cpp index 45b42cf8..20828610 100644 --- a/src/dbg/exprfunc.cpp +++ b/src/dbg/exprfunc.cpp @@ -61,6 +61,18 @@ namespace Exprfunc return 0; } + duint modisexport(duint addr) + { + SHARED_ACQUIRE(LockModules); + auto info = ModInfoFromAddr(addr); + if(info) + { + duint rva = addr - info->base; + return info->findExport(rva) ? 1 : 0; + } + return 0; + } + static duint selstart(int hWindow) { SELECTIONDATA selection; diff --git a/src/dbg/exprfunc.h b/src/dbg/exprfunc.h index ff1b2333..cc5847c3 100644 --- a/src/dbg/exprfunc.h +++ b/src/dbg/exprfunc.h @@ -12,6 +12,7 @@ namespace Exprfunc duint moduser(duint addr); duint modrva(duint addr); duint modheaderva(duint addr); + duint modisexport(duint addr); duint disasmsel(); duint dumpsel(); diff --git a/src/dbg/module.cpp b/src/dbg/module.cpp index f4b3a843..ee379e47 100644 --- a/src/dbg/module.cpp +++ b/src/dbg/module.cpp @@ -679,7 +679,7 @@ void GetModuleInfo(MODINFO & Info, ULONG_PTR FileMapVA) Info.entrySymbol.name = "OptionalHeader.AddressOfEntryPoint"; Info.entrySymbol.forwarded = false; Info.entrySymbol.ordinal = 0; - Info.entrySymbol.rva = moduleOEP; + Info.entrySymbol.rva = (DWORD)moduleOEP; // Enumerate all PE sections WORD sectionCount = Info.headers->FileHeader.NumberOfSections; @@ -1267,6 +1267,21 @@ void MODINFO::unmapFile() StaticFileUnloadW(StringUtils::Utf8ToUtf16(path).c_str(), false, fileHandle, loadedSize, fileMap, fileMapVA); } +const MODEXPORT* MODINFO::findExport(duint rva) const +{ + if(exports.size()) + { + auto found = std::lower_bound(exportsByRva.begin(), exportsByRva.end(), rva, [this](size_t index, duint rva) + { + return exports.at(index).rva < rva; + }); + found = found != exportsByRva.end() && rva >= exports.at(*found).rva ? found : exportsByRva.end(); + if(found != exportsByRva.end()) + return &exports[*found]; + } + return nullptr; +} + void MODIMPORT::convertToGuiSymbol(duint base, SYMBOLINFO* info) const { info->addr = base + iatRva; diff --git a/src/dbg/module.h b/src/dbg/module.h index e55e9f65..b7b5e2d3 100644 --- a/src/dbg/module.h +++ b/src/dbg/module.h @@ -132,6 +132,7 @@ struct MODINFO bool loadSymbols(); void unloadSymbols(); void unmapFile(); + const MODEXPORT* findExport(duint rva) const; }; bool ModLoad(duint Base, duint Size, const char* FullPath); diff --git a/src/dbg/symcache.cpp b/src/dbg/symcache.cpp index 4915522c..b03a89db 100644 --- a/src/dbg/symcache.cpp +++ b/src/dbg/symcache.cpp @@ -29,20 +29,14 @@ bool SymbolFromAddressExact(duint address, SymbolInfo & symInfo) } // search in module exports - if(modInfo->exports.size()) { - auto found = std::lower_bound(modInfo->exportsByRva.begin(), modInfo->exportsByRva.end(), rva, [&modInfo](size_t index, duint rva) + auto modExport = modInfo->findExport(rva); + if(modExport) { - return modInfo->exports.at(index).rva < rva; - }); - found = found != modInfo->exportsByRva.end() && rva >= modInfo->exports.at(*found).rva ? found : modInfo->exportsByRva.end(); - if(found != modInfo->exportsByRva.end()) - { - auto & modExport = modInfo->exports.at(*found); - symInfo.rva = modExport.rva; + symInfo.rva = modExport->rva; symInfo.size = 0; symInfo.disp = 0; - symInfo.decoratedName = modExport.name; + symInfo.decoratedName = modExport->name; symInfo.publicSymbol = true; return true; }