|
|
BLACKBONE_API | NtLdr (class Process &proc) |
| |
| BLACKBONE_API bool | Init () |
| | Initialize some loader stuff More...
|
| |
| BLACKBONE_API bool | CreateNTReference (HMODULE hMod, size_t ImageSize, const std::wstring &DllBasePath, size_t entryPoint, LdrRefFlags flags=Ldr_All) |
| | Add module to some loader structures (LdrpHashTable, LdrpModuleIndex( win8 only ), InMemoryOrderModuleList( win7 only )) More...
|
| |
| BLACKBONE_API bool | AddStaticTLSEntry (void *pModule, IMAGE_TLS_DIRECTORY *pTls) |
| | Create thread static TLS array More...
|
| |
| BLACKBONE_API bool | InsertInvertedFunctionTable (void *ModuleBase, size_t ImageSize, bool &safeseh) |
| | Create module record in LdrpInvertedFunctionTable Used to create fake SAFESEH entries More...
|
| |
| BLACKBONE_API bool | Unlink (ptr_t baseAddress, const std::wstring &name, eModType type) |
| | Unlink module from Ntdll loader More...
|
| |
|
BLACKBONE_API size_t | LdrpInvertedFunctionTable () const |
| |
|
BLACKBONE_API size_t | LdrKernel32PatchAddress () const |
| |
|
BLACKBONE_API size_t | APC64PatchAddress () const |
| |
| bool blackbone::NtLdr::AddStaticTLSEntry |
( |
void * |
pModule, |
|
|
IMAGE_TLS_DIRECTORY * |
pTls |
|
) |
| |
Create thread static TLS array
- Parameters
-
| pModule | Module base address |
| pTls | TLS directory of target image |
- Returns
- true on success
| bool blackbone::NtLdr::CreateNTReference |
( |
HMODULE |
hMod, |
|
|
size_t |
ImageSize, |
|
|
const std::wstring & |
DllBasePath, |
|
|
size_t |
entryPoint, |
|
|
LdrRefFlags |
flags = Ldr_All |
|
) |
| |
Add module to some loader structures (LdrpHashTable, LdrpModuleIndex( win8 only ), InMemoryOrderModuleList( win7 only ))
- Parameters
-
| hMod | Module base address |
| ImageSize | Size of image |
| DllBasePath | Full-qualified image path |
| entryPoint | Entry point RVA |
| flags | Type of references to create |
- Returns
- true on success
| bool blackbone::NtLdr::Init |
( |
| ) |
|
Initialize some loader stuff
- Returns
| bool blackbone::NtLdr::InsertInvertedFunctionTable |
( |
void * |
ModuleBase, |
|
|
size_t |
ImageSize, |
|
|
bool & |
safeseh |
|
) |
| |
Create module record in LdrpInvertedFunctionTable Used to create fake SAFESEH entries
- Parameters
-
| ModuleBase | Module base address |
| ImageSize | Size of image |
| safeseh | Is set into true, if image has SAFESEH handlers |
- Returns
- true on success
| bool blackbone::NtLdr::Unlink |
( |
ptr_t |
baseAddress, |
|
|
const std::wstring & |
name, |
|
|
eModType |
type |
|
) |
| |
Unlink module from Ntdll loader
- Parameters
-
| baseAddress | Module base address |
| type | 32 or 64 bit. |
- Returns
- true on success
The documentation for this class was generated from the following files:
- C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/ManualMap/Native/NtLoader.h
- C:/Users/Ton/Documents/Visual Studio 2013/Projects/BlackBone/src/BlackBone/ManualMap/Native/NtLoader.cpp
1.8.8 
