-
Notifications
You must be signed in to change notification settings - Fork 0
/
mstl_peb.hpp
82 lines (61 loc) · 1.75 KB
/
mstl_peb.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#pragma once
#include "mstl_module.hpp"
class PEB : public Address, public Singleton<PEB> {
protected:
std::vector<Module> m_modules;
public:
// c/dtor
~PEB() {}
PEB() :
Address{util::get_peb()},
m_modules{} {
// basically an init
update();
}
// empty and refill module vector
__forceinline void update() {
_PEB *peb = as<_PEB*>();
LIST_ENTRY *le = peb->Ldr->InLoadOrderModuleList.Flink;
// check that the image loader is even valid
if (le == nullptr)
return;
m_modules.clear();
while (le != &peb->Ldr->InLoadOrderModuleList && le != nullptr) {
m_modules.push_back(
Module(CONTAINING_RECORD(le, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks))
);
le = le->Flink;
}
}
// try 2 get module
__forceinline bool get_module(const hash_t module_hash, Module& out) {
auto needle = std::find_if(
m_modules.begin(),
m_modules.end(),
[ & ](const Module& it) {
return it.get_hash() == module_hash;
});
if (needle >= m_modules.end()) {
return false;
}
out = *needle;
return true;
}
// small helper methods
__forceinline Address get_base(const hash_t module_hash) {
Address ret{};
Module out;
if (!get_module(module_hash, out))
return ret;
ret = out.as();
return ret;
}
__forceinline size_t get_size(const hash_t module_hash) {
size_t ret{};
Module out;
if (!get_module(module_hash, out))
return ret;
ret = out.get_img_size();
return ret;
}
};