blackbone::MMap Class Reference

Manual image mapper More...

#include <MMap.h>

Inheritance diagram for blackbone::MMap:

Public Member Functions
BLACKBONE_API	MMap (class Process &proc)
BLACKBONE_API const ModuleData *	MapImage (const std::wstring &path, eLoadFlags flags=NoFlags, LdrCallback ldrCallback=nullptr, void *ldrContext=nullptr)
	Manually map PE image into underlying target process More...
BLACKBONE_API const ModuleData *	MapImage (void *buffer, size_t size, bool asImage=false, eLoadFlags flags=NoFlags, LdrCallback ldrCallback=nullptr, void *ldrContext=nullptr)
	Manually map PE image into underlying target process More...
BLACKBONE_API bool	UnmapAllModules ()
	Unmap all manually mapped modules More...
BLACKBONE_API void	Cleanup ()
	Remove any traces from remote process More...
BLACKBONE_API void	reset ()
	Reset local data More...

Additional Inherited Members
Static Public Attributes inherited from blackbone::MExcept
static BLACKBONE_API void *	g_pImageBase = nullptr
static BLACKBONE_API size_t	g_imageSize = 0
Protected Member Functions inherited from blackbone::MExcept
BLACKBONE_API	MExcept (class Process &proc)
BLACKBONE_API NTSTATUS	CreateVEH (size_t pTargetBase, size_t imageSize, eModType mt=mt_default)
	Inject VEH wrapper into process Used to enable execution of SEH handlers out of image More...
BLACKBONE_API NTSTATUS	RemoveVEH ()
	Removes VEH from target process More...

Detailed Description

Manual image mapper

Member Function Documentation

void blackbone::MMap::Cleanup

(

)

Remove any traces from remote process

Returns

const ModuleData * blackbone::MMap::MapImage	(	const std::wstring &	path,
		eLoadFlags	flags = NoFlags,
		LdrCallback	ldrCallback = nullptr,
		void *	ldrContext = nullptr
	)

Manually map PE image into underlying target process

Parameters

path	Image path
flags	Image mapping flags
ldrCallback	Loader callback. Triggers for each mapped module
ldrContext	User-supplied Loader callback context

Returns

Mapped image info

const ModuleData * blackbone::MMap::MapImage	(	void *	buffer,
		size_t	size,
		bool	asImage = false,
		eLoadFlags	flags = NoFlags,
		LdrCallback	ldrCallback = nullptr,
		void *	ldrContext = nullptr
	)

Manually map PE image into underlying target process

Parameters

buffer	Image data buffer
size	Buffer size.
asImage	If set to true - buffer has image memory layout
flags	Image mapping flags
ldrCallback	Loader callback. Triggers for each mapped module
ldrContext	User-supplied Loader callback context

Returns

Mapped image info

BLACKBONE_API void blackbone::MMap::reset ( )

inline

Reset local data

bool blackbone::MMap::UnmapAllModules

(

)

Unmap all manually mapped modules

Returns

true on success

---

The documentation for this class was generated from the following files:

• C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/ManualMap/MMap.h
• C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/ManualMap/MMap.cpp