Go to the source code of this file.
|
| NTSTATUS | BBInitLdrData (IN PKLDR_DATA_TABLE_ENTRY pThisModule) |
| | Initialize loader stuff More...
|
| |
| PKLDR_DATA_TABLE_ENTRY | BBGetSystemModule (IN PUNICODE_STRING pName, IN PVOID pAddress) |
| | Get address of a system module Either 'pName' or 'pAddress' is required to perform search More...
|
| |
| PVOID | BBGetUserModuleBase (IN PEPROCESS pProcess, IN PUNICODE_STRING ModuleName, IN BOOLEAN isWow64) |
| | Get module base address by name More...
|
| |
| PVOID | BBGetModuleExport (IN PVOID pBase, IN PCCHAR name_ord) |
| | Get exported function address More...
|
| |
| NTSTATUS | BBResolveReferences (IN PVOID pImageBase) |
| | Resolve module references and fill the IAT More...
|
| |
| NTSTATUS | BBMMapDriver (IN PUNICODE_STRING pPath) |
| | Manually map driver into system space More...
|
| |
| PIMAGE_BASE_RELOCATION | LdrProcessRelocationBlockLongLong (IN ULONG_PTR VA, IN ULONG SizeOfBlock, IN PUSHORT NextOffset, IN LONGLONG Diff) |
| |
| NTSTATUS | LdrRelocateImage (IN PVOID NewBase, IN NTSTATUS Success, IN NTSTATUS Conflict, IN NTSTATUS Invalid) |
| |
| NTSTATUS | LdrRelocateImageWithBias (IN PVOID NewBase, IN LONGLONG AdditionalBias, IN NTSTATUS Success, IN NTSTATUS Conflict, IN NTSTATUS Invalid) |
| |
| PIMAGE_BASE_RELOCATION | LdrProcessRelocationBlock (IN ULONG_PTR VA, IN ULONG SizeOfBlock, IN PUSHORT NextOffset, IN LONG_PTR Diff) |
| |
| PVOID BBGetModuleExport |
( |
IN PVOID |
pBase, |
|
|
IN PCCHAR |
name_ord |
|
) |
| |
Get exported function address
- Parameters
-
| pBase | Module base |
| name_ord | Function name or ordinal |
- Returns
- Found address, NULL if not found
Get address of a system module Either 'pName' or 'pAddress' is required to perform search
- Parameters
-
| pName | Base name of the image (e.g. hal.dll) |
| pAddress | Address inside module |
- Returns
- Found loader entry. NULL if nothing found
| PVOID BBGetUserModuleBase |
( |
IN PEPROCESS |
pProcess, |
|
|
IN PUNICODE_STRING |
ModuleName, |
|
|
IN BOOLEAN |
isWow64 |
|
) |
| |
Get module base address by name
- Parameters
-
| pProcess | Target process |
| ModuleName | Nodule name to search for |
| isWow64 | If TRUE - search in 32-bit PEB |
- Returns
- Found address, NULL if not found
Initialize loader stuff
- Parameters
-
| pThisModule | Any valid system module |
- Returns
- Status code
| NTSTATUS BBMMapDriver |
( |
IN PUNICODE_STRING |
pPath | ) |
|
Manually map driver into system space
- Parameters
-
| pPath | Fully qualified native path to the driver |
- Returns
- Status code
| NTSTATUS BBResolveReferences |
( |
IN PVOID |
pImageBase | ) |
|
Resolve module references and fill the IAT
- Parameters
-
| pImageBase | Image base to be processed |
- Returns
- Status code
| PIMAGE_BASE_RELOCATION LdrProcessRelocationBlock |
( |
IN ULONG_PTR |
VA, |
|
|
IN ULONG |
SizeOfBlock, |
|
|
IN PUSHORT |
NextOffset, |
|
|
IN LONG_PTR |
Diff |
|
) |
| |
| PIMAGE_BASE_RELOCATION LdrProcessRelocationBlockLongLong |
( |
IN ULONG_PTR |
VA, |
|
|
IN ULONG |
SizeOfBlock, |
|
|
IN PUSHORT |
NextOffset, |
|
|
IN LONGLONG |
Diff |
|
) |
| |
1.8.8 
