emu_env_w32.c File Reference

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "emu/emu.h"
#include "emu/emu_cpu.h"
#include "emu/emu_memory.h"
#include "emu/emu_hashtable.h"
#include "emu/environment/emu_env.h"
#include "emu/environment/emu_profile.h"
#include "emu/environment/win32/emu_env_w32.h"
#include "emu/environment/win32/emu_env_w32_dll.h"
#include "emu/environment/win32/emu_env_w32_dll_export.h"
#include "emu/environment/win32/env_w32_dll_export_hooks.h"
#include "emu/emu_log.h"
Include dependency graph for emu_env_w32.c:

Functions

struct emu_env_w32emu_env_w32_new (struct emu *e)
void emu_env_w32_free (struct emu_env_w32 *env)
int32_t emu_env_w32_load_dll (struct emu_env_w32 *env, char *dllname)
struct emu_env_hook * emu_env_w32_eip_check (struct emu_env *env)
int32_t emu_env_w32_export_hook (struct emu_env *env, const char *exportname, uint32_t(*fnhook)(struct emu_env *env, struct emu_env_hook *hook,...), void *userdata)

Variables

const char kernel32_dll_7c800000 []
const char kernel32_dll_7c801000 []
const char ws2_32_71a10000 []
const char ws2_32_71a11000 []
const char msvcrt_77be0000 []
const char msvcrt_77C28970 []
const char urlmon_7DF20000 []
const char urlmon_7DF21000 []
struct
emu_env_w32_known_dll_segment 		kernel32_segments []
struct
emu_env_w32_known_dll_segment 		ws2_32_segments []
struct
emu_env_w32_known_dll_segment 		msvcrt_segments []
struct
emu_env_w32_known_dll_segment 		urlmon_segments []
struct emu_env_w32_known_dll known_dlls []

Function Documentation

struct emu_env_hook* emu_env_w32_eip_check ( struct emu_env *  env  )  [read]

Check if eip is within a loaded dll,

  • call the dll's export function
Parameters:
env the env
Returns:
on success: pointer to the dll_export on failure: NULL

References emu_env_w32_dll::baseaddr, emu_cpu_eip_get(), emu_cpu_get(), emu_hashtable_search(), emu_env_w32_dll::exports_by_fnptr, logDebug, and emu_hashtable_item::value.

Referenced by emu_shellcode_run_and_track().

Here is the call graph for this function:

int32_t emu_env_w32_export_hook ( struct emu_env *  env,
const char *  exportname,
uint32_t(*)(struct emu_env *env, struct emu_env_hook *hook,...)  fnhook,
void *  userdata 
)

Hook an dll export from a dll

Parameters:
env the env
exportname the exportname, f.e. "socket"
fnhook pointer to the hook function
Returns:
on success: 0 on failure: -1

References emu_hashtable_search(), and emu_hashtable_item::value.

Here is the call graph for this function:

void emu_env_w32_free ( struct emu_env_w32 env  ) 

Free the emu_env_w32, free all dlls etc

Parameters:
env the env to free

References emu_env_w32_dll_free(), and emu_env_w32::loaded_dlls.

Here is the call graph for this function:

int32_t emu_env_w32_load_dll ( struct emu_env_w32 env,
char *  dllname 
)

References emu_env_w32_known_dll_segment::address, emu_env_w32_dll::baseaddr, emu_env_w32_known_dll::baseaddress, emu_env_w32_dll::dllname, emu_env_w32_known_dll::dllname, emu_env_w32::emu, emu_env_w32_dll_exports_copy(), emu_env_w32_dll_new(), emu_memory_get(), emu_memory_write_block(), emu_env_w32_known_dll::imagesize, emu_env_w32_dll::imagesize, emu_env_w32::loaded_dlls, logDebug, emu_env_w32_known_dll::memory_segments, and emu_env_w32_known_dll_segment::segment_size.

Referenced by emu_env_w32_new(), and env_w32_hook_LoadLibrayA().

Here is the call graph for this function:

struct emu_env_w32* emu_env_w32_new ( struct emu e  )  [read]

Create a new emu_env_w32 environment

Parameters:
e the emulation to create the w32 process environment in
Returns:
on success: pointer to the emu_env_w32 create on failure: NULL

References emu_env_w32_known_dll::baseaddress, emu_env_w32_known_dll::dllname, emu_env_w32::emu, emu_env_w32_load_dll(), emu_memory_get(), emu_memory_segment_get(), emu_memory_segment_select(), emu_memory_write_block(), emu_memory_write_dword(), and s_fs.

Here is the call graph for this function:

Variable Documentation

const char kernel32_dll_7c800000
const char kernel32_dll_7c801000
struct emu_env_w32_known_dll_segment kernel32_segments[]
Initial value:
 
{
        {
                .address = 0x7c800000,
                .segment = kernel32_dll_7c800000,
                .segment_size = 641,
        },
        {
                .address = 0x7c801000,
                .segment = kernel32_dll_7c801000,
                .segment_size = 32625,
        },
        { 0, NULL, 0 }
}
struct emu_env_w32_known_dll known_dlls[]
const char msvcrt_77be0000
const char msvcrt_77C28970
struct emu_env_w32_known_dll_segment msvcrt_segments[]
Initial value:
 
{
        {
                .address = 0x77be0000,
                .segment = msvcrt_77be0000,
                .segment_size = 5634,
        },
        {
                .address = 0x77C28970,
                .segment = msvcrt_77C28970,
                .segment_size = 17328,
        },
        { 0, NULL, 0 }
}
const char urlmon_7DF20000
const char urlmon_7DF21000
struct emu_env_w32_known_dll_segment urlmon_segments[]
Initial value:
 
{
        {
                .address = 0x7DF20000,
                .segment = urlmon_7DF20000,
                .segment_size = 786,
        },
        {
                .address = 0x7DF21000,
                .segment = urlmon_7DF21000,
                .segment_size = 6144,
        },
        { 0, NULL, 0 }
}
const char ws2_32_71a10000
const char ws2_32_71a11000
struct emu_env_w32_known_dll_segment ws2_32_segments[]
Initial value:
 
{
        {
                .address = 0x71a10000,
                .segment = ws2_32_71a10000,
                .segment_size = 786,
        },
        {
                .address = 0x71a11000,
                .segment = ws2_32_71a11000,
                .segment_size = 5634,
        },
        { 0, NULL, 0 }
}
Generated on Sun Jan 9 16:49:34 2011 for libemu by  doxygen 1.6.1