From b2de31ca8b5029ad22d54cf9d6614bd1c3b61ce7 Mon Sep 17 00:00:00 2001 From: "csharp@chromium.org" Date: Wed, 12 Mar 2014 04:47:05 +0000 Subject: Use PEImage in ntdll_cache.cc Use the exported functions iterator in PEImage instead of writing our own. BUG= Review URL: https://codereview.chromium.org/192933003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@256424 0039d316-1c4b-4281-b951-d872f2087c98 --- chrome_elf/chrome_elf.gyp | 1 + chrome_elf/ntdll_cache.cc | 59 ++++++++++++++++++----------------------------- 2 files changed, 24 insertions(+), 36 deletions(-) (limited to 'chrome_elf') diff --git a/chrome_elf/chrome_elf.gyp b/chrome_elf/chrome_elf.gyp index 165507d..21ab568 100644 --- a/chrome_elf/chrome_elf.gyp +++ b/chrome_elf/chrome_elf.gyp @@ -124,6 +124,7 @@ ], 'dependencies': [ 'chrome_elf_common', + '../base/base.gyp:base_static', ], }, { diff --git a/chrome_elf/ntdll_cache.cc b/chrome_elf/ntdll_cache.cc index e550442..2f4dbdf 100644 --- a/chrome_elf/ntdll_cache.cc +++ b/chrome_elf/ntdll_cache.cc @@ -5,47 +5,34 @@ #include #include +#include "base/win/pe_image.h" #include "chrome_elf/ntdll_cache.h" FunctionLookupTable g_ntdll_lookup; +namespace { + +bool EnumExportsCallback(const base::win::PEImage& image, + DWORD ordinal, + DWORD hint, + LPCSTR name, + PVOID function_addr, + LPCSTR forward, + PVOID cookie) { + // Our lookup only cares about named functions that are in ntdll, so skip + // unnamed or forwarded exports. + if (name && function_addr) + g_ntdll_lookup[std::string(name)] = function_addr; + + return true; +} + +} // namespace + void InitCache() { HMODULE ntdll_handle = ::GetModuleHandle(L"ntdll.dll"); - // To find the Export Address Table address, we start from the DOS header. - // The module handle is actually the address of the header. - IMAGE_DOS_HEADER* dos_header = - reinterpret_cast(ntdll_handle); - // The e_lfanew is an offset from the DOS header to the NT header. It should - // never be 0. - IMAGE_NT_HEADERS* nt_headers = reinterpret_cast( - ntdll_handle + dos_header->e_lfanew / sizeof(uint32_t)); - // For modules that have an import address table, its offset from the - // DOS header is stored in the second data directory's VirtualAddress. - if (!nt_headers->OptionalHeader.DataDirectory[0].VirtualAddress) - return; - - BYTE* base_addr = reinterpret_cast(ntdll_handle); - - IMAGE_DATA_DIRECTORY* exports_data_dir = - &nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; - - IMAGE_EXPORT_DIRECTORY* exports = reinterpret_cast( - base_addr + exports_data_dir->VirtualAddress); - - WORD* ordinals = reinterpret_cast( - base_addr + exports->AddressOfNameOrdinals); - DWORD* names = reinterpret_cast( - base_addr + exports->AddressOfNames); - DWORD* funcs = reinterpret_cast( - base_addr + exports->AddressOfFunctions); - int num_entries = exports->NumberOfNames; - - for (int i = 0; i < num_entries; i++) { - char* name = reinterpret_cast(base_addr + names[i]); - WORD ord = ordinals[i]; - DWORD func = funcs[ord]; - FARPROC func_addr = reinterpret_cast(func + base_addr); - g_ntdll_lookup[std::string(name)] = func_addr; - } + base::win::PEImage ntdll_image(ntdll_handle); + + ntdll_image.EnumExports(EnumExportsCallback, NULL); } -- cgit v1.1