|
BlackBone
Windows memory hacking library
|
Public Types | |
|
typedef std::unordered_map < std::pair< std::wstring, eModType >, ModuleData > | mapModules |
Public Member Functions | |
| BLACKBONE_API | ProcessModules (class Process &proc) |
| BLACKBONE_API const ModuleData * | GetModule (const std::wstring &name, eModSeachType search=LdrList, eModType type=mt_default) |
| Get module by name More... | |
| BLACKBONE_API const ModuleData * | GetModule (std::wstring &name, eModSeachType search=LdrList, eModType type=mt_default, const wchar_t *baseModule=L"") |
| Get module by name More... | |
| BLACKBONE_API const ModuleData * | GetModule (module_t modBase, eModSeachType search=LdrList, eModType type=mt_default) |
| Get module by base address More... | |
| BLACKBONE_API const ModuleData * | GetMainModule () |
| Get process main module More... | |
| BLACKBONE_API const ProcessModules::mapModules & | GetAllModules (eModSeachType search=LdrList) |
| Enumerate all process modules More... | |
| BLACKBONE_API void | GetManualModules (ProcessModules::mapModules &mods) |
| Get list of manually mapped modules More... | |
| BLACKBONE_API exportData | GetExport (const ModuleData *hMod, const char *name_ord, const wchar_t *baseModule=L"") |
| Get export address. Forwarded exports will be automatically resolved if forward module is present More... | |
| BLACKBONE_API const ModuleData * | Inject (const std::wstring &path) |
| Inject image into target process More... | |
| BLACKBONE_API bool | Unload (const ModuleData *hMod) |
| Unload specific module from target process. Can't be used to unload manually mapped modules More... | |
| BLACKBONE_API bool | Unlink (const ModuleData *mod) |
| Unlink module from most loader structures More... | |
| BLACKBONE_API const ModuleData * | AddManualModule (const std::wstring &FilePath, module_t base, size_t size, eModType mt) |
| Store manually mapped module in module list More... | |
| BLACKBONE_API void | RemoveManualModule (const std::wstring &filename, eModType mt) |
| Remove module from module list More... | |
| BLACKBONE_API bool | ValidateModule (module_t base) |
| Ensure module is a valid PE image More... | |
| BLACKBONE_API void | reset () |
| Reset local data More... | |
| const ModuleData * blackbone::ProcessModules::AddManualModule | ( | const std::wstring & | FilePath, |
| module_t | base, | ||
| size_t | size, | ||
| eModType | mt | ||
| ) |
Store manually mapped module in module list
| FilePath | Full qualified module path |
| base | Base address |
| size | Module size |
| mt | Module type. 32 bit or 64 bit |
| const ProcessModules::mapModules & blackbone::ProcessModules::GetAllModules | ( | eModSeachType | search = LdrList | ) |
Enumerate all process modules
| search | Search method |
| exportData blackbone::ProcessModules::GetExport | ( | const ModuleData * | hMod, |
| const char * | name_ord, | ||
| const wchar_t * | baseModule = L"" |
||
| ) |
Get export address. Forwarded exports will be automatically resolved if forward module is present
| hMod | Module to search in |
| name_ord | Function name or ordinal |
| baseModule | Import module name. Only used to resolve ApiSchema during manual map. |
Invalid module
| const ModuleData * blackbone::ProcessModules::GetMainModule | ( | ) |
Get process main module
| void blackbone::ProcessModules::GetManualModules | ( | ProcessModules::mapModules & | mods | ) |
Get list of manually mapped modules
| mods | List of modules |
| const ModuleData * blackbone::ProcessModules::GetModule | ( | const std::wstring & | name, |
| eModSeachType | search = LdrList, |
||
| eModType | type = mt_default |
||
| ) |
Get module by name
| name | Module name |
| type | Module type. 32 bit or 64 bit |
| search | Saerch type. |
| const ModuleData * blackbone::ProcessModules::GetModule | ( | std::wstring & | name, |
| eModSeachType | search = LdrList, |
||
| eModType | type = mt_default, |
||
| const wchar_t * | baseModule = L"" |
||
| ) |
Get module by name
| name | TModule name. |
| type | Module type. 32 bit or 64 bit |
| baseModule | Import module name. Used only to resolve ApiSchema during manual map |
| const ModuleData * blackbone::ProcessModules::GetModule | ( | module_t | modBase, |
| eModSeachType | search = LdrList, |
||
| eModType | type = mt_default |
||
| ) |
Get module by base address
| modBase | Module base address |
| type | Module type. 32 bit or 64 bit |
| search | Saerch type. |
| const ModuleData * blackbone::ProcessModules::Inject | ( | const std::wstring & | path | ) |
Inject image into target process
| path | Full-qualified image path |
| void blackbone::ProcessModules::RemoveManualModule | ( | const std::wstring & | filename, |
| eModType | mt | ||
| ) |
Remove module from module list
| filename | Module file name |
| mt | Module type. 32 bit or 64 bit |
| void blackbone::ProcessModules::reset | ( | ) |
Reset local data
| bool blackbone::ProcessModules::Unlink | ( | const ModuleData * | mod | ) |
Unlink module from most loader structures
| mod | Module to unlink |
| bool blackbone::ProcessModules::Unload | ( | const ModuleData * | hMod | ) |
Unload specific module from target process. Can't be used to unload manually mapped modules
| hMod | Module to unload |
| bool blackbone::ProcessModules::ValidateModule | ( | module_t | base | ) |
Ensure module is a valid PE image
| base | Module base address |
1.8.8 
