Page Menu
Home
desp's stash
Search
Configure Global Search
Log In
Files
F575237
FunctionExport.cpp
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Subscribers
None
FunctionExport.cpp
View Options
#include
<windows.h>
#include
"PeParser.h"
#include
"ProcessAccessHelp.h"
#include
"Scylla.h"
#include
"Architecture.h"
BOOL
DumpProcessW
(
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
);
BOOL
WINAPI
ScyllaDumpCurrentProcessW
(
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
);
BOOL
WINAPI
ScyllaDumpCurrentProcessA
(
const
char
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
char
*
fileResult
);
BOOL
WINAPI
ScyllaDumpProcessW
(
DWORD_PTR
pid
,
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
);
BOOL
WINAPI
ScyllaDumpProcessA
(
DWORD_PTR
pid
,
const
char
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
char
*
fileResult
);
BOOL
WINAPI
ScyllaRebuildFileW
(
const
WCHAR
*
fileToRebuild
,
BOOL
removeDosStub
,
BOOL
updatePeHeaderChecksum
,
BOOL
createBackup
);
BOOL
WINAPI
ScyllaRebuildFileA
(
const
char
*
fileToRebuild
,
BOOL
removeDosStub
,
BOOL
updatePeHeaderChecksum
,
BOOL
createBackup
);
WCHAR
*
WINAPI
ScyllaVersionInformationW
();
char
*
WINAPI
ScyllaVersionInformationA
();
DWORD
WINAPI
ScyllaVersionInformationDword
();
WCHAR
*
WINAPI
ScyllaVersionInformationW
()
{
return
APPNAME
L
" "
ARCHITECTURE
L
" "
APPVERSION
;
}
char
*
WINAPI
ScyllaVersionInformationA
()
{
return
APPNAME_S
" "
ARCHITECTURE_S
" "
APPVERSION_S
;
}
DWORD
WINAPI
ScyllaVersionInformationDword
()
{
return
APPVERSIONDWORD
;
}
BOOL
DumpProcessW
(
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
)
{
PeParser
*
peFile
=
0
;
if
(
fileToDump
)
{
peFile
=
new
PeParser
(
fileToDump
,
true
);
}
else
{
peFile
=
new
PeParser
(
imagebase
,
true
);
}
return
peFile
->
dumpProcess
(
imagebase
,
entrypoint
,
fileResult
);
}
BOOL
WINAPI
ScyllaRebuildFileW
(
const
WCHAR
*
fileToRebuild
,
BOOL
removeDosStub
,
BOOL
updatePeHeaderChecksum
,
BOOL
createBackup
)
{
if
(
createBackup
)
{
if
(
!
ProcessAccessHelp
::
createBackupFile
(
fileToRebuild
))
{
return
FALSE
;
}
}
PeParser
peFile
(
fileToRebuild
,
true
);
if
(
peFile
.
readPeSectionsFromFile
())
{
peFile
.
setDefaultFileAlignment
();
if
(
removeDosStub
)
{
peFile
.
removeDosStub
();
}
peFile
.
alignAllSectionHeaders
();
peFile
.
fixPeHeader
();
if
(
peFile
.
savePeFileToDisk
(
fileToRebuild
))
{
if
(
updatePeHeaderChecksum
)
{
PeParser
::
updatePeHeaderChecksum
(
fileToRebuild
,
(
DWORD
)
ProcessAccessHelp
::
getFileSize
(
fileToRebuild
));
}
return
TRUE
;
}
}
return
FALSE
;
}
BOOL
WINAPI
ScyllaRebuildFileA
(
const
char
*
fileToRebuild
,
BOOL
removeDosStub
,
BOOL
updatePeHeaderChecksum
,
BOOL
createBackup
)
{
WCHAR
fileToRebuildW
[
MAX_PATH
];
if
(
MultiByteToWideChar
(
CP_ACP
,
0
,
fileToRebuild
,
-
1
,
fileToRebuildW
,
_countof
(
fileToRebuildW
))
==
0
)
{
return
FALSE
;
}
return
ScyllaRebuildFileW
(
fileToRebuildW
,
removeDosStub
,
updatePeHeaderChecksum
,
createBackup
);
}
BOOL
WINAPI
ScyllaDumpCurrentProcessW
(
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
)
{
ProcessAccessHelp
::
setCurrentProcessAsTarget
();
return
DumpProcessW
(
fileToDump
,
imagebase
,
entrypoint
,
fileResult
);
}
BOOL
WINAPI
ScyllaDumpProcessW
(
DWORD_PTR
pid
,
const
WCHAR
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
WCHAR
*
fileResult
)
{
if
(
ProcessAccessHelp
::
openProcessHandle
((
DWORD
)
pid
))
{
return
DumpProcessW
(
fileToDump
,
imagebase
,
entrypoint
,
fileResult
);
}
else
{
return
FALSE
;
}
}
BOOL
WINAPI
ScyllaDumpCurrentProcessA
(
const
char
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
char
*
fileResult
)
{
WCHAR
fileToDumpW
[
MAX_PATH
];
WCHAR
fileResultW
[
MAX_PATH
];
if
(
fileResult
==
0
)
{
return
FALSE
;
}
if
(
MultiByteToWideChar
(
CP_ACP
,
0
,
fileResult
,
-
1
,
fileResultW
,
_countof
(
fileResultW
))
==
0
)
{
return
FALSE
;
}
if
(
fileToDump
!=
0
)
{
if
(
MultiByteToWideChar
(
CP_ACP
,
0
,
fileToDump
,
-
1
,
fileToDumpW
,
_countof
(
fileToDumpW
))
==
0
)
{
return
FALSE
;
}
return
ScyllaDumpCurrentProcessW
(
fileToDumpW
,
imagebase
,
entrypoint
,
fileResultW
);
}
else
{
return
ScyllaDumpCurrentProcessW
(
0
,
imagebase
,
entrypoint
,
fileResultW
);
}
}
BOOL
WINAPI
ScyllaDumpProcessA
(
DWORD_PTR
pid
,
const
char
*
fileToDump
,
DWORD_PTR
imagebase
,
DWORD_PTR
entrypoint
,
const
char
*
fileResult
)
{
WCHAR
fileToDumpW
[
MAX_PATH
];
WCHAR
fileResultW
[
MAX_PATH
];
if
(
fileResult
==
0
)
{
return
FALSE
;
}
if
(
MultiByteToWideChar
(
CP_ACP
,
0
,
fileResult
,
-
1
,
fileResultW
,
_countof
(
fileResultW
))
==
0
)
{
return
FALSE
;
}
if
(
fileToDump
!=
0
)
{
if
(
MultiByteToWideChar
(
CP_ACP
,
0
,
fileToDump
,
-
1
,
fileToDumpW
,
_countof
(
fileToDumpW
))
==
0
)
{
return
FALSE
;
}
return
ScyllaDumpProcessW
(
pid
,
fileToDumpW
,
imagebase
,
entrypoint
,
fileResultW
);
}
else
{
return
ScyllaDumpProcessW
(
pid
,
0
,
imagebase
,
entrypoint
,
fileResultW
);
}
}
File Metadata
Details
Attached
Mime Type
text/x-c
Expires
Tue, Mar 3, 11:03 PM (1 d, 4 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
c4/13/a1055cf32f16161a4018e68990b3
Attached To
rSCY Scylla
Event Timeline
Log In to Comment