Coder Social home page Coder Social logo

razy_importer's Introduction

FOSSA Status crates.io crates.io

FOSSA Status

razy_importer

Rust implementation of lazy_importer

Usage

Function prototype must be explicitly declared on the variable and this is by Rust design that Rust does not allow constants to be used where known type information is needed at compile time.

Since the implementation of the ri_fn macro takes func_type as an Expr type, this is treated as an expression that is resolved at runtime. However, types such as extern "system" fn(), which represents a function pointer, require known type information at compile time. Therefore, the type Expr, which is resolved at runtime, cannot be used directly as such a function type.

#[macro_use]
extern crate razy_importer_macros;

fn main() {
    let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG =
        ri_fn_m!("NtGetCurrentProcessorNumber", ri_mod!("ntdll.dll"));
    println!("NtGetCurrentProcessorNumber={}", unsafe { NtGetCurrentProcessorNumber() });
    let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG =
        ri_fn!("NtGetCurrentProcessorNumber");
    println!("NtGetCurrentProcessorNumber={}", unsafe { NtGetCurrentProcessorNumber() });
}

Conversion Output

This output is generated by IDA 8.3 without symbols (and without gooMBA).

#[inline(never)]
#[no_mangle]
#[export_name = "nt"]
fn nt() -> u32 {
    let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG =
        ri_fn!("NtGetCurrentProcessorNumber");
    return unsafe { NtGetCurrentProcessorNumber() };
}
__int64 nt()
{
  PPEB_LDR_DATA Ldr; // rcx
  struct _LIST_ENTRY *Flink; // r9
  struct _LIST_ENTRY *Blink; // r14
  int v3; // r8d
  int v4; // edx
  struct _LIST_ENTRY *v5; // r11
  struct _LIST_ENTRY *v6; // r10
  int v7; // esi
  unsigned __int8 v8; // bl
  struct _LIST_ENTRY *v9; // r11
  __int64 Blink_high; // rsi
  __int64 v11; // r10
  __int64 v12; // rdi
  unsigned int *v13; // r10
  __int64 v14; // r14
  __int64 v15; // rbx
  char *v16; // r14
  __int64 v17; // r12
  __int64 v18; // r15
  int v19; // ebp
  __int64 v20; // r12
  char v21; // r13
  unsigned __int8 v22; // al
  __int64 (*v23)(void); // r9
  unsigned __int8 *v24; // r8
  unsigned __int8 *v25; // r9
  int v26; // r10d
  unsigned __int8 v27; // al
  unsigned __int8 v28; // r10
  unsigned __int8 v29; // al

  Ldr = NtCurrentPeb()->Ldr;
  Flink = Ldr->InLoadOrderModuleList.Flink;
  Blink = Ldr->InLoadOrderModuleList.Blink;
  if ( Flink != Blink )
  {
    v3 = -490794436;
    v4 = 0;
    do
    {
      if ( !v4 )
        goto LABEL_44;
      v5 = Flink[6].Flink;
      v6 = (struct _LIST_ENTRY *)((char *)v5 + ((unsigned __int16)(LODWORD(Flink[5].Blink) - 8) & 0xFFFE));
      v7 = -1246732848;
      while ( v5 < v6 )
      {
        v8 = LOBYTE(v5->Flink) | 0x20;
        if ( (unsigned __int8)(LOBYTE(v5->Flink) - 65) >= 0x1Au )
          v8 = (unsigned __int8)v5->Flink;
        v7 = 16777619 * (v7 ^ v8);
        v5 = (struct _LIST_ENTRY *)((char *)v5 + 2);
      }
      if ( v7 == v4 )
      {
LABEL_44:
        v9 = Flink[3].Flink;
        Blink_high = SHIDWORD(v9[3].Blink);
        v11 = *(unsigned int *)((char *)&v9[8].Blink + Blink_high);
        if ( *(_DWORD *)((char *)&v9[8].Blink + Blink_high) )
        {
          v12 = *(unsigned int *)((char *)&v9[1].Blink + v11);
          v13 = (unsigned int *)((char *)v9 + v11);
          v14 = 0i64;
          do
          {
            if ( v14 == v12 )
            {
              Blink = Ldr->InLoadOrderModuleList.Blink;
              goto LABEL_39;
            }
            v15 = v14;
            v16 = (char *)v9 + *(unsigned int *)((char *)&v9->Flink + 4 * v14 + v13[8]);
            v17 = 0i64;
            do
              v18 = v17++;
            while ( v16[v18] );
            v19 = -1246732848;
            if ( v17 != 1 )
            {
              v20 = 0i64;
              do
              {
                v21 = v16[v20];
                if ( !v21 )
                  break;
                v22 = v21 | 0x20;
                if ( (unsigned __int8)(v21 - 65) >= 0x1Au )
                  v22 = v16[v20];
                v19 = 16777619 * (v22 ^ v19);
                ++v20;
              }
              while ( v18 != v20 );
            }
            v14 = v15 + 1;
          }
          while ( v19 != v3 );
          v23 = (__int64 (*)(void))((char *)v9
                                  + *(unsigned int *)((char *)&v9->Flink
                                                    + 4
                                                    * *(unsigned __int16 *)((char *)&v9->Flink
                                                                          + 2 * (unsigned int)v15
                                                                          + v13[9])
                                                    + v13[7]));
          if ( v13 >= (unsigned int *)v23
            || (char *)v13 + *(unsigned int *)((char *)&v9[8].Blink + Blink_high + 4) <= (char *)v23 )
          {
            return v23();
          }
          v24 = (unsigned __int8 *)v23 + 1;
          v25 = (unsigned __int8 *)v23 + 2;
          v4 = -1246732848;
          Blink = Ldr->InLoadOrderModuleList.Blink;
          while ( 1 )
          {
            v26 = *(v24 - 1);
            if ( !*(v24 - 1) )
              goto LABEL_37;
            if ( v26 == 46 )
              break;
            v27 = v26 | 0x20;
            if ( (unsigned __int8)(v26 - 65) >= 0x1Au )
              v27 = *(v24 - 1);
            v4 = 16777619 * (v27 ^ v4);
            ++v24;
            ++v25;
          }
          v28 = *v24;
          if ( !*v24 )
          {
LABEL_37:
            v3 = -1246732848;
            goto LABEL_38;
          }
          v3 = -1246732848;
          do
          {
            v29 = v28 | 0x20;
            if ( (unsigned __int8)(v28 - 65) >= 0x1Au )
              v29 = v28;
            v3 = 16777619 * (v3 ^ v29);
            v28 = *v25++;
          }
          while ( v28 );
LABEL_38:
          Flink = NtCurrentPeb()->Ldr->InLoadOrderModuleList.Flink;
        }
      }
LABEL_39:
      Flink = Flink->Flink;
    }
    while ( Flink != Blink );
  }
  v23 = 0i64;
  return v23();
}

License

LICENSE - Apache 2.0

Credit

Apache 2.0 - JustasMasiulis/lazy_importer

razy_importer's People

Contributors

kkent030315 avatar

Stargazers

突突兔 avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.