-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCryDumpModuleSectionWindow.cpp
100 lines (85 loc) · 3.46 KB
/
CryDumpModuleSectionWindow.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#include "CryDumpModuleSectionWindow.h"
#include "BackendGlobalDef.h"
#include "UIUtilities.h"
CryDumpModuleSectionWindow::CryDumpModuleSectionWindow(const int modListIndex, const Image& icon) : CryDialogTemplate(icon)
{
this->Title("Dump Section").Sizeable().SetRect(0, 0, 300, 200);
this->mDumpButton <<= THISBACK(DumpSelectedSection);
this->mCancelButton <<= THISBACK(CancelAndCloseDialog);
this->mSectionsList.CryAddColumn("Name");
this->mSectionsList.CryAddColumn("Address");
this->mSectionsList.CryAddColumn("Size");
*this
<< this->mSectionsList.HSizePos(5, 5).VSizePos(5, 35)
<< this->mSectionCount.LeftPos(5, 100).BottomPos(5, 25)
<< this->mCancelButton.SetLabel("Cancel").RightPos(5, 60).BottomPos(5, 25)
<< this->mDumpButton.SetLabel("Dump").RightPos(70, 60).BottomPos(5, 25)
;
// Retrieve information about the module that was passed into the form.
this->mModuleInfo = &(*mModuleManager)[modListIndex];
// Get the sections associated to the module.
Byte* moduleBuffer = new Byte[0x400];
CrySearchRoutines.CryReadMemoryRoutine(mMemoryScanner->GetHandle(), (void*)this->mModuleInfo->BaseAddress, moduleBuffer, 0x400, NULL);
#ifdef _WIN64
if (mMemoryScanner->IsX86Process())
{
const IMAGE_NT_HEADERS32* pNtHeaders = (IMAGE_NT_HEADERS32*)(moduleBuffer + ((IMAGE_DOS_HEADER*)moduleBuffer)->e_lfanew);
mPeInstance->GetImageSectionsList(IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections, this->imageSections);
}
else
{
const IMAGE_NT_HEADERS64* pNtHeaders = (IMAGE_NT_HEADERS64*)(moduleBuffer + ((IMAGE_DOS_HEADER*)moduleBuffer)->e_lfanew);
mPeInstance->GetImageSectionsList(IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections, this->imageSections);
}
#else
const IMAGE_NT_HEADERS32* pNtHeaders = (IMAGE_NT_HEADERS32*)(moduleBuffer + ((IMAGE_DOS_HEADER*)moduleBuffer)->e_lfanew);
mPeInstance->GetImageSectionsList(IMAGE_FIRST_SECTION(pNtHeaders), pNtHeaders->FileHeader.NumberOfSections, this->imageSections);
#endif
delete[] moduleBuffer;
const int count = this->imageSections.GetCount();
for (int i = 0; i < count; ++i)
{
const Win32PESectionInformation& cur = this->imageSections[i];
this->mSectionsList.Add(cur.SectionName, FormatInt64HexUpper((__int64)cur.BaseAddress), FormatInt64HexUpper((__int64)cur.SectionSize));
}
// Set the amount of sections in a label.
this->mSectionCount.SetLabel(Format("Total %i sections", this->imageSections.GetCount()));
}
CryDumpModuleSectionWindow::~CryDumpModuleSectionWindow()
{
}
void CryDumpModuleSectionWindow::DumpSelectedSection()
{
const int cursorRow = this->mSectionsList.GetCursor();
if (cursorRow >= 0 && cursorRow < this->mSectionsList.GetCount())
{
FileSel* fs = new FileSel();
fs->Types("Memory Dump files\t*.dmp");
if (fs->ExecuteSaveAs("Select dump location"))
{
const Win32PESectionInformation& sect = this->imageSections[cursorRow];
if (mPeInstance->DumpProcessSection(fs->Get(), this->mModuleInfo->BaseAddress + sect.BaseAddress, sect.RawSectionSize ? sect.RawSectionSize : sect.SectionSize))
{
PromptOK("Dump succeeded!");
}
else
{
Prompt("Fatal error", CtrlImg::error(), "Failed to dump the section. Either the memory failed to read of the file could not be created.", "OK");
}
delete fs;
this->Close();
}
else
{
delete fs;
}
}
else
{
Prompt("Input Error", CtrlImg::error(), "Please select a section to dump.", "OK");
}
}
void CryDumpModuleSectionWindow::CancelAndCloseDialog()
{
this->Close();
}