fc9285ed2e
- Add ImageNtHeaders() (clone of RtlImageNtHeaderEx which doesn't exist on XP) to obtain PE headers given a VA - Add HEADER_FIELD() and THUNK_VAL() macros to module.h to allow accessing header fields independent of process and file bitness - Add IMAGE_NT_HEADERS pointer to MODINFO, since anything related to parsing PEs needs this struct - Read PE headers in GetModuleInfo(). Currently the headers are being parsed every time a TitanEngine helper function is called, the goal is to reduce this to once per module load - GetModuleInfo(): eliminate all TitanEngine calls now that we have the headers - Add RvaToVa() for SEC_COMMIT mappings. This can simultaneously serve as replacement for rva2offset helpers (pass base = 0). Preferably SEC_IMAGE should be used though as that way neither of these would be needed - ReadExportDirectory(): use RtlImageDirectoryEntryToData() to obtain a PIMAGE_EXPORT_DIRECTORY and its size in one go to eliminate TitanEngine helper calls and RVA to offset conversions - Answer burning questions re: Windows loader behaviour when parsing exports in comments - (Minor) fix '>= 0' comparison against unsigned as this will always evaluate to true - Add comment re: PDB search path order since it's wrong atm but I'm too scared of breaking something if I change this code myself |
||
|---|---|---|
| .. | ||
| bridge | ||
| dbg | ||
| exe | ||
| gui | ||
| launcher | ||
| zydis_wrapper | ||
| bug.ico | ||
| bug.png | ||
| bug32.ico | ||
| bug64.ico | ||
| bug_black.png | ||
| dbg_assert.h | ||
| dbg_types.h | ||
| x64dbg_translations.pro | ||
