forked from hasherezade/tiny_tracer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ProcessInfo.h
73 lines (57 loc) · 1.5 KB
/
ProcessInfo.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#pragma once
#include "pin.H"
#include <map>
#include "ModuleInfo.h"
class ProcessInfo
{
public:
ProcessInfo()
: m_myPid(0), isInit(false)
{
}
bool init(std::string app)
{
if (isInit) {
return false; // already initialized
}
m_AnalysedApp = app;
m_myPid = 0; //UNKNOWN
isInit = true;
myModuleBase = UNKNOWN_ADDR;
return true;
}
bool addModule(IMG Image);
const s_module* getSecByAddr(ADDRINT Address)
{
return get_by_addr(Address, m_Sections);
}
bool isMyAddress(ADDRINT Address)
{
if (Address == UNKNOWN_ADDR) {
return false;
}
IMG myImg = IMG_FindByAddress(myModuleBase);
IMG otherImg = IMG_FindByAddress(Address);
if (!IMG_Valid(myImg) || !IMG_Valid(otherImg)) {
return false;
}
if (IMG_LoadOffset(myImg) == IMG_LoadOffset(otherImg)) {
return true;
}
return false;
}
/**
Saves the transition between sections witing the target module.
\param Rva : current RVA witin the target module
\return : true if the section changed, false otherwise
*/
const bool updateTracedModuleSection(ADDRINT Rva);
bool isMyImg(IMG Image) const;
protected:
void addModuleSections(IMG Image, ADDRINT ImageBase);
std::map<ADDRINT, s_module> m_Sections;
ADDRINT myModuleBase;
std::string m_AnalysedApp;
INT m_myPid;
bool isInit;
};