Restructured code (2/4)

KN4CK3R · KN4CK3R · commit bbf580a16d2e · 2020-05-05T12:07:52.000+02:00
diff --git a/NativeCore/Windows/EnumerateRemoteSectionsAndModules.cpp b/NativeCore/Windows/EnumerateRemoteSectionsAndModules.cpp
@@ -3,6 +3,7 @@
 #include <tlhelp32.h>
 #include <vector>
 #include <algorithm>
+#include <functional>
 
 #include "NativeCore.hpp"
 
@@ -41,24 +42,25 @@ static DWORD GetRemotePeb(HANDLE process, PPEB* ppeb)
 	return ERROR_SUCCESS;
 }
 
-template <typename Proc>
-static DWORD EnumerateRemoteModulesNative(HANDLE process, Proc proc)
+using InternalEnumerateRemoteModulesCallback = std::function<void(EnumerateRemoteModuleData&)>;
+
+static bool EnumerateRemoteModulesNative(HANDLE process, const InternalEnumerateRemoteModulesCallback& callback)
 {
 	PPEB ppeb;
 	const auto error = GetRemotePeb(process, &ppeb);
 	if (error != ERROR_SUCCESS)
-		return error;
+		return false;
 	
 	PPEB_LDR_DATA ldr;
 	auto success = ReadRemoteMemory(process, &ppeb->Ldr, &ldr, 0, sizeof(ldr));
 	if (!success)
-		return ERROR_READ_FAULT; // we seem to swallow the error anyways, might aswell give a distinctive one back
+		return false;
 
 	const auto list_head = &ldr->InMemoryOrderModuleList; // remote address
 	PLIST_ENTRY list_current; // remote address
 	success = ReadRemoteMemory(process, &list_head->Flink, &list_current, 0, sizeof(list_current));
 	if (!success)
-		return ERROR_READ_FAULT;
+		return false;
 	
 	while (list_current != list_head)
 	{
@@ -67,33 +69,34 @@ static DWORD EnumerateRemoteModulesNative(HANDLE process, Proc proc)
 		LDR_DATA_TABLE_ENTRY mod;
 		success = ReadRemoteMemory(process, CONTAINING_RECORD(list_current, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks), &mod, 0, sizeof(mod));
 		if (!success)
-			return ERROR_SUCCESS; // return success here to prevent running the other one
+			break;
 
 		EnumerateRemoteModuleData data = {};
 		data.BaseAddress = mod.DllBase;
 		data.Size = *(ULONG*)&mod.Reserved2[1]; // instead of undocced member could read ImageSize from headers
 		const auto path_len = std::min(sizeof(RC_UnicodeChar) * (PATH_MAXIMUM_LENGTH - 1), size_t(mod.FullDllName.Length));
 		success = ReadRemoteMemory(process, mod.FullDllName.Buffer, data.Path, 0, int(path_len));
 		if (!success)
-			return ERROR_SUCCESS; // return success here to prevent running the other one
+			break;
 		
 		// UNICODE_STRING is not guaranteed to be null terminated
 		data.Path[path_len / 2] = 0;
 		
-		proc(&data);
+		callback(data);
 		
 		list_current = mod.InMemoryOrderLinks.Flink;
 	}
 	
-	return ERROR_SUCCESS;
+	return true;
 }
 
-template <typename Proc>
-static DWORD EnumerateRemoteModulesWinapi(HANDLE process, Proc proc)
+bool EnumerateRemoteModulesWinapi(HANDLE process, const InternalEnumerateRemoteModulesCallback& callback)
 {
 	const auto handle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetProcessId(process));
 	if (handle == INVALID_HANDLE_VALUE)
-		return GetLastError();
+	{
+		return false;
+	}
 	
 	MODULEENTRY32W me32 = {};
 	me32.dwSize = sizeof(MODULEENTRY32W);
@@ -106,13 +109,13 @@ static DWORD EnumerateRemoteModulesWinapi(HANDLE process, Proc proc)
 			data.Size = me32.modBaseSize;
 			std::memcpy(data.Path, me32.szExePath, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));
 
-			proc(&data);
+			callback(data);
 		} while (Module32NextW(handle, &me32));
 	}
 
 	CloseHandle(handle);
 
-	return ERROR_SUCCESS;
+	return true;
 }
 
 void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, EnumerateRemoteSectionsCallback callbackSection, EnumerateRemoteModulesCallback callbackModule)
@@ -165,42 +168,42 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate
 		address = reinterpret_cast<size_t>(memInfo.BaseAddress) + memInfo.RegionSize;
 	}
 
-	const auto moduleEnumerator = [&](EnumerateRemoteModuleData* data)
+	const auto moduleEnumerator = [&](EnumerateRemoteModuleData& data)
 	{
 		if (callbackModule != nullptr)
 		{
-			callbackModule(data);
+			callbackModule(&data);
 		}
 
 		if (callbackSection != nullptr)
 		{
-			auto it = std::lower_bound(std::begin(sections), std::end(sections), static_cast<LPVOID>(data->BaseAddress), [&sections](const auto& lhs, const LPVOID& rhs)
+			auto it = std::lower_bound(std::begin(sections), std::end(sections), static_cast<LPVOID>(data.BaseAddress), [&sections](const auto& lhs, const LPVOID& rhs)
 			{
 				return lhs.BaseAddress < rhs;
 			});
 
 			IMAGE_DOS_HEADER imageDosHeader = {};
 			IMAGE_NT_HEADERS imageNtHeaders = {};
 
-			if (!ReadRemoteMemory(process, data->BaseAddress, &imageDosHeader, 0, sizeof(IMAGE_DOS_HEADER))
-				|| !ReadRemoteMemory(process, PUCHAR(data->BaseAddress) + imageDosHeader.e_lfanew, &imageNtHeaders, 0, sizeof(IMAGE_NT_HEADERS)))
+			if (!ReadRemoteMemory(process, data.BaseAddress, &imageDosHeader, 0, sizeof(IMAGE_DOS_HEADER))
+				|| !ReadRemoteMemory(process, PUCHAR(data.BaseAddress) + imageDosHeader.e_lfanew, &imageNtHeaders, 0, sizeof(IMAGE_NT_HEADERS)))
 			{
 				return;
 			}
 
 			std::vector<IMAGE_SECTION_HEADER> sectionHeaders(imageNtHeaders.FileHeader.NumberOfSections);
-			ReadRemoteMemory(process, PUCHAR(data->BaseAddress) + imageDosHeader.e_lfanew + sizeof(IMAGE_NT_HEADERS), sectionHeaders.data(), 0, imageNtHeaders.FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER));
+			ReadRemoteMemory(process, PUCHAR(data.BaseAddress) + imageDosHeader.e_lfanew + sizeof(IMAGE_NT_HEADERS), sectionHeaders.data(), 0, imageNtHeaders.FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER));
 			for (auto&& sectionHeader : sectionHeaders)
 			{
-				const auto sectionAddress = reinterpret_cast<size_t>(data->BaseAddress) + sectionHeader.VirtualAddress;
+				const auto sectionAddress = reinterpret_cast<size_t>(data.BaseAddress) + sectionHeader.VirtualAddress;
 
 				for (; it != std::end(sections); ++it)
 				{
 					auto&& section = *it;
 					
 					if (sectionAddress >= reinterpret_cast<size_t>(section.BaseAddress) 
 						&& sectionAddress < reinterpret_cast<size_t>(section.BaseAddress) + static_cast<size_t>(section.Size)
-						&& sectionHeader.VirtualAddress + sectionHeader.Misc.VirtualSize <= data->Size)
+						&& sectionHeader.VirtualAddress + sectionHeader.Misc.VirtualSize <= data.Size)
 					{
 						if ((sectionHeader.Characteristics & IMAGE_SCN_CNT_CODE) == IMAGE_SCN_CNT_CODE)
 						{
@@ -222,7 +225,7 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate
 						{
 							std::memset(section.Name, 0, sizeof(section.Name));
 						}
-						std::memcpy(section.ModulePath, data->Path, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));
+						std::memcpy(section.ModulePath, data.Path, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));
 
 						break;
 					}
@@ -231,7 +234,7 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate
 		}
 	};
 	
-	if (EnumerateRemoteModulesNative(process, moduleEnumerator) != ERROR_SUCCESS)
+	if (!EnumerateRemoteModulesNative(process, moduleEnumerator))
 	{
 		EnumerateRemoteModulesWinapi(process, moduleEnumerator);
 	}

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`#include <tlhelp32.h>`
`4`	`4`	`#include <vector>`
`5`	`5`	`#include <algorithm>`
	`6`	`+#include <functional>`
`6`	`7`
`7`	`8`	`#include "NativeCore.hpp"`
`8`	`9`
`@@ -41,24 +42,25 @@ static DWORD GetRemotePeb(HANDLE process, PPEB* ppeb)`
`41`	`42`	`return ERROR_SUCCESS;`
`42`	`43`	`}`
`43`	`44`
`44`		`-template <typename Proc>`
`45`		`-static DWORD EnumerateRemoteModulesNative(HANDLE process, Proc proc)`
	`45`	`+using InternalEnumerateRemoteModulesCallback = std::function<void(EnumerateRemoteModuleData&)>;`
	`46`	`+`
	`47`	`+static bool EnumerateRemoteModulesNative(HANDLE process, const InternalEnumerateRemoteModulesCallback& callback)`
`46`	`48`	`{`
`47`	`49`	`PPEB ppeb;`
`48`	`50`	`const auto error = GetRemotePeb(process, &ppeb);`
`49`	`51`	`if (error != ERROR_SUCCESS)`
`50`		`- return error;`
	`52`	`+ return false;`
`51`	`53`
`52`	`54`	`PPEB_LDR_DATA ldr;`
`53`	`55`	`auto success = ReadRemoteMemory(process, &ppeb->Ldr, &ldr, 0, sizeof(ldr));`
`54`	`56`	`if (!success)`
`55`		`- return ERROR_READ_FAULT; // we seem to swallow the error anyways, might aswell give a distinctive one back`
	`57`	`+ return false;`
`56`	`58`
`57`	`59`	`const auto list_head = &ldr->InMemoryOrderModuleList; // remote address`
`58`	`60`	`PLIST_ENTRY list_current; // remote address`
`59`	`61`	`success = ReadRemoteMemory(process, &list_head->Flink, &list_current, 0, sizeof(list_current));`
`60`	`62`	`if (!success)`
`61`		`- return ERROR_READ_FAULT;`
	`63`	`+ return false;`
`62`	`64`
`63`	`65`	`while (list_current != list_head)`
`64`	`66`	`{`
`@@ -67,33 +69,34 @@ static DWORD EnumerateRemoteModulesNative(HANDLE process, Proc proc)`
`67`	`69`	`LDR_DATA_TABLE_ENTRY mod;`
`68`	`70`	`success = ReadRemoteMemory(process, CONTAINING_RECORD(list_current, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks), &mod, 0, sizeof(mod));`
`69`	`71`	`if (!success)`
`70`		`- return ERROR_SUCCESS; // return success here to prevent running the other one`
	`72`	`+ break;`
`71`	`73`
`72`	`74`	`EnumerateRemoteModuleData data = {};`
`73`	`75`	`data.BaseAddress = mod.DllBase;`
`74`	`76`	`data.Size = (ULONG)&mod.Reserved2[1]; // instead of undocced member could read ImageSize from headers`
`75`	`77`	`const auto path_len = std::min(sizeof(RC_UnicodeChar) * (PATH_MAXIMUM_LENGTH - 1), size_t(mod.FullDllName.Length));`
`76`	`78`	`success = ReadRemoteMemory(process, mod.FullDllName.Buffer, data.Path, 0, int(path_len));`
`77`	`79`	`if (!success)`
`78`		`- return ERROR_SUCCESS; // return success here to prevent running the other one`
	`80`	`+ break;`
`79`	`81`
`80`	`82`	`// UNICODE_STRING is not guaranteed to be null terminated`
`81`	`83`	`data.Path[path_len / 2] = 0;`
`82`	`84`
`83`		`- proc(&data);`
	`85`	`+ callback(data);`
`84`	`86`
`85`	`87`	`list_current = mod.InMemoryOrderLinks.Flink;`
`86`	`88`	`}`
`87`	`89`
`88`		`- return ERROR_SUCCESS;`
	`90`	`+ return true;`
`89`	`91`	`}`
`90`	`92`
`91`		`-template <typename Proc>`
`92`		`-static DWORD EnumerateRemoteModulesWinapi(HANDLE process, Proc proc)`
	`93`	`+bool EnumerateRemoteModulesWinapi(HANDLE process, const InternalEnumerateRemoteModulesCallback& callback)`
`93`	`94`	`{`
`94`	`95`	`const auto handle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetProcessId(process));`
`95`	`96`	`if (handle == INVALID_HANDLE_VALUE)`
`96`		`- return GetLastError();`
	`97`	`+ {`
	`98`	`+ return false;`
	`99`	`+ }`
`97`	`100`
`98`	`101`	`MODULEENTRY32W me32 = {};`
`99`	`102`	`me32.dwSize = sizeof(MODULEENTRY32W);`
`@@ -106,13 +109,13 @@ static DWORD EnumerateRemoteModulesWinapi(HANDLE process, Proc proc)`
`106`	`109`	`data.Size = me32.modBaseSize;`
`107`	`110`	`std::memcpy(data.Path, me32.szExePath, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));`
`108`	`111`
`109`		`- proc(&data);`
	`112`	`+ callback(data);`
`110`	`113`	`} while (Module32NextW(handle, &me32));`
`111`	`114`	`}`
`112`	`115`
`113`	`116`	`CloseHandle(handle);`
`114`	`117`
`115`		`- return ERROR_SUCCESS;`
	`118`	`+ return true;`
`116`	`119`	`}`
`117`	`120`
`118`	`121`	`void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, EnumerateRemoteSectionsCallback callbackSection, EnumerateRemoteModulesCallback callbackModule)`
`@@ -165,42 +168,42 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate`
`165`	`168`	`address = reinterpret_cast<size_t>(memInfo.BaseAddress) + memInfo.RegionSize;`
`166`	`169`	`}`
`167`	`170`
`168`		`- const auto moduleEnumerator = [&](EnumerateRemoteModuleData* data)`
	`171`	`+ const auto moduleEnumerator = [&](EnumerateRemoteModuleData& data)`
`169`	`172`	`{`
`170`	`173`	`if (callbackModule != nullptr)`
`171`	`174`	`{`
`172`		`- callbackModule(data);`
	`175`	`+ callbackModule(&data);`
`173`	`176`	`}`
`174`	`177`
`175`	`178`	`if (callbackSection != nullptr)`
`176`	`179`	`{`
`177`		`- auto it = std::lower_bound(std::begin(sections), std::end(sections), static_cast<LPVOID>(data->BaseAddress), [&sections](const auto& lhs, const LPVOID& rhs)`
	`180`	`+ auto it = std::lower_bound(std::begin(sections), std::end(sections), static_cast<LPVOID>(data.BaseAddress), [&sections](const auto& lhs, const LPVOID& rhs)`
`178`	`181`	`{`
`179`	`182`	`return lhs.BaseAddress < rhs;`
`180`	`183`	`});`
`181`	`184`
`182`	`185`	`IMAGE_DOS_HEADER imageDosHeader = {};`
`183`	`186`	`IMAGE_NT_HEADERS imageNtHeaders = {};`
`184`	`187`
`185`		`- if (!ReadRemoteMemory(process, data->BaseAddress, &imageDosHeader, 0, sizeof(IMAGE_DOS_HEADER))`
`186`		`- \|\| !ReadRemoteMemory(process, PUCHAR(data->BaseAddress) + imageDosHeader.e_lfanew, &imageNtHeaders, 0, sizeof(IMAGE_NT_HEADERS)))`
	`188`	`+ if (!ReadRemoteMemory(process, data.BaseAddress, &imageDosHeader, 0, sizeof(IMAGE_DOS_HEADER))`
	`189`	`+ \|\| !ReadRemoteMemory(process, PUCHAR(data.BaseAddress) + imageDosHeader.e_lfanew, &imageNtHeaders, 0, sizeof(IMAGE_NT_HEADERS)))`
`187`	`190`	`{`
`188`	`191`	`return;`
`189`	`192`	`}`
`190`	`193`
`191`	`194`	`std::vector<IMAGE_SECTION_HEADER> sectionHeaders(imageNtHeaders.FileHeader.NumberOfSections);`
`192`		`- ReadRemoteMemory(process, PUCHAR(data->BaseAddress) + imageDosHeader.e_lfanew + sizeof(IMAGE_NT_HEADERS), sectionHeaders.data(), 0, imageNtHeaders.FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER));`
	`195`	`+ ReadRemoteMemory(process, PUCHAR(data.BaseAddress) + imageDosHeader.e_lfanew + sizeof(IMAGE_NT_HEADERS), sectionHeaders.data(), 0, imageNtHeaders.FileHeader.NumberOfSections * sizeof(IMAGE_SECTION_HEADER));`
`193`	`196`	`for (auto&& sectionHeader : sectionHeaders)`
`194`	`197`	`{`
`195`		`- const auto sectionAddress = reinterpret_cast<size_t>(data->BaseAddress) + sectionHeader.VirtualAddress;`
	`198`	`+ const auto sectionAddress = reinterpret_cast<size_t>(data.BaseAddress) + sectionHeader.VirtualAddress;`
`196`	`199`
`197`	`200`	`for (; it != std::end(sections); ++it)`
`198`	`201`	`{`
`199`	`202`	`auto&& section = *it;`
`200`	`203`
`201`	`204`	`if (sectionAddress >= reinterpret_cast<size_t>(section.BaseAddress)`
`202`	`205`	`&& sectionAddress < reinterpret_cast<size_t>(section.BaseAddress) + static_cast<size_t>(section.Size)`
`203`		`- && sectionHeader.VirtualAddress + sectionHeader.Misc.VirtualSize <= data->Size)`
	`206`	`+ && sectionHeader.VirtualAddress + sectionHeader.Misc.VirtualSize <= data.Size)`
`204`	`207`	`{`
`205`	`208`	`if ((sectionHeader.Characteristics & IMAGE_SCN_CNT_CODE) == IMAGE_SCN_CNT_CODE)`
`206`	`209`	`{`
`@@ -222,7 +225,7 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate`
`222`	`225`	`{`
`223`	`226`	`std::memset(section.Name, 0, sizeof(section.Name));`
`224`	`227`	`}`
`225`		`- std::memcpy(section.ModulePath, data->Path, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));`
	`228`	`+ std::memcpy(section.ModulePath, data.Path, std::min(MAX_PATH, PATH_MAXIMUM_LENGTH));`
`226`	`229`
`227`	`230`	`break;`
`228`	`231`	`}`
`@@ -231,7 +234,7 @@ void RC_CallConv EnumerateRemoteSectionsAndModules(RC_Pointer process, Enumerate`
`231`	`234`	`}`
`232`	`235`	`};`
`233`	`236`
`234`		`- if (EnumerateRemoteModulesNative(process, moduleEnumerator) != ERROR_SUCCESS)`
	`237`	`+ if (!EnumerateRemoteModulesNative(process, moduleEnumerator))`
`235`	`238`	`{`
`236`	`239`	`EnumerateRemoteModulesWinapi(process, moduleEnumerator);`
`237`	`240`	`}`