BlackBone
Windows memory hacking library
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros
Loader.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "Imports.h"
4 #include "NativeStructs.h"
5 
11 NTSTATUS BBInitLdrData( IN PKLDR_DATA_TABLE_ENTRY pThisModule );
12 
20 PKLDR_DATA_TABLE_ENTRY BBGetSystemModule( IN PUNICODE_STRING pName, IN PVOID pAddress );
21 
29 PVOID BBGetUserModuleBase( IN PEPROCESS pProcess, IN PUNICODE_STRING ModuleName, IN BOOLEAN isWow64 );
30 
37 PVOID BBGetModuleExport( IN PVOID pBase, IN PCCHAR name_ord );
38 
44 NTSTATUS BBResolveReferences( IN PVOID pImageBase );
45 
51 NTSTATUS BBMMapDriver( IN PUNICODE_STRING pPath );
52 
53 PIMAGE_BASE_RELOCATION
54 LdrProcessRelocationBlockLongLong(
55  IN ULONG_PTR VA,
56  IN ULONG SizeOfBlock,
57  IN PUSHORT NextOffset,
58  IN LONGLONG Diff
59  );
60 
61 NTSTATUS
62 LdrRelocateImage (
63  IN PVOID NewBase,
64  IN NTSTATUS Success,
65  IN NTSTATUS Conflict,
66  IN NTSTATUS Invalid
67  );
68 
69 NTSTATUS
70 LdrRelocateImageWithBias(
71  IN PVOID NewBase,
72  IN LONGLONG AdditionalBias,
73  IN NTSTATUS Success,
74  IN NTSTATUS Conflict,
75  IN NTSTATUS Invalid
76  );
77 
78 PIMAGE_BASE_RELOCATION
79 LdrProcessRelocationBlock(
80  IN ULONG_PTR VA,
81  IN ULONG SizeOfBlock,
82  IN PUSHORT NextOffset,
83  IN LONG_PTR Diff
84  );
85 
86 PIMAGE_BASE_RELOCATION
87 LdrProcessRelocationBlockLongLong(
88  IN ULONG_PTR VA,
89  IN ULONG SizeOfBlock,
90  IN PUSHORT NextOffset,
91  IN LONGLONG Diff
92  );
LdrProcessRelocationBlockLongLong
PIMAGE_BASE_RELOCATION LdrProcessRelocationBlockLongLong(IN ULONG_PTR VA, IN ULONG SizeOfBlock, IN PUSHORT NextOffset, IN LONGLONG Diff)
Definition: ldrreloc.c:221
NTSTATUS
typedef NTSTATUS(NTAPI *fnNtCreateThreadEx)(OUT PHANDLE hThread
BBMMapDriver
NTSTATUS BBMMapDriver(IN PUNICODE_STRING pPath)
Manually map driver into system space
Definition: Loader.c:459
LdrProcessRelocationBlock
PIMAGE_BASE_RELOCATION LdrProcessRelocationBlock(IN ULONG_PTR VA, IN ULONG SizeOfBlock, IN PUSHORT NextOffset, IN LONG_PTR Diff)
Definition: ldrreloc.c:205
BBResolveReferences
NTSTATUS BBResolveReferences(IN PVOID pImageBase)
Resolve module references and fill the IAT
Definition: Loader.c:255
PIMAGE_BASE_RELOCATION
IMAGE_BASE_RELOCATION UNALIGNED * PIMAGE_BASE_RELOCATION
Definition: PEStructs.h:325
BBGetUserModuleBase
PVOID BBGetUserModuleBase(IN PEPROCESS pProcess, IN PUNICODE_STRING ModuleName, IN BOOLEAN isWow64)
Get module base address by name
Definition: Loader.c:98
NativeStructs.h
BBInitLdrData
NTSTATUS BBInitLdrData(IN PKLDR_DATA_TABLE_ENTRY pThisModule)
Initialize loader stuff
Definition: Loader.c:23
BBGetSystemModule
PKLDR_DATA_TABLE_ENTRY BBGetSystemModule(IN PUNICODE_STRING pName, IN PVOID pAddress)
Get address of a system module Either 'pName' or 'pAddress' is required to perform search ...
Definition: Loader.c:65
LdrRelocateImage
NTSTATUS LdrRelocateImage(IN PVOID NewBase, IN NTSTATUS Success, IN NTSTATUS Conflict, IN NTSTATUS Invalid)
LdrRelocateImageWithBias
NTSTATUS LdrRelocateImageWithBias(IN PVOID NewBase, IN LONGLONG AdditionalBias, IN NTSTATUS Success, IN NTSTATUS Conflict, IN NTSTATUS Invalid)
_KLDR_DATA_TABLE_ENTRY
Definition: NativeStructs.h:461
Imports.h
BBGetModuleExport
PVOID BBGetModuleExport(IN PVOID pBase, IN PCCHAR name_ord)
Get exported function address
Definition: Loader.c:162