/
dump.dart
71 lines (54 loc) · 1.78 KB
/
dump.dart
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
// Copyright (c) 2020, the Dart project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
// Retrieves the exported symbols from kernel32
import 'dart:ffi';
import 'dart:io' show exit;
import 'package:ffi/ffi.dart';
import 'package:win32/win32.dart';
extension SymbolInfoHelper on Pointer<SYMBOL_INFO> {
int get virtAddress => ref.Address;
String get name => cast<Uint8>().elementAt(84).cast<Utf16>().toDartString();
}
final _exportedSymbols = <String, int>{};
int _enumSymbolProc(Pointer<SYMBOL_INFO> pSymInfo, int size, Pointer ctx) {
if (pSymInfo.ref.Flags & SYMFLAG_EXPORT == SYMFLAG_EXPORT) {
_exportedSymbols[pSymInfo.name] = pSymInfo.virtAddress;
}
return TRUE;
}
Map<String, int> getExports(String module) {
_exportedSymbols.clear();
final hProcess = GetCurrentProcess();
final status = SymInitialize(hProcess, nullptr, FALSE);
if (status == FALSE) {
print('SymInitialize failed.');
exit(1);
}
final modulePtr = module.toNativeUtf16();
final baseOfDll =
SymLoadModuleEx(hProcess, NULL, modulePtr, nullptr, 0, 0, nullptr, 0);
if (baseOfDll == 0) {
print('SymLoadModuleEx failed.');
SymCleanup(hProcess);
exit(1);
}
final mask = '*'.toNativeUtf16();
if (SymEnumSymbols(
hProcess,
baseOfDll,
mask,
Pointer.fromFunction<SymEnumSymbolsProc>(_enumSymbolProc, 0),
nullptr) ==
FALSE) {
print('SymEnumSymbols failed.');
}
SymCleanup(hProcess);
free(modulePtr);
free(mask);
return _exportedSymbols;
}
void main() {
getExports(r'c:\windows\system32\kernel32.dll')
.forEach((name, address) => print('[${address.toHexString(32)}] $name'));
}