RtlImageDirectoryEntryToData

[guga]

I´m making a serie of functions analog to ntdll PE Functions that are found inside ntdll.dll, imagehlp.dll and dbghelp.dll.
RosAsm syntax. More functions at rosasm board. Feel free to port it to masm or fasm etc

Code Select Expand

;;
    RtlImageDirectoryEntryToData
   
    Obtains access to image-specific data.
    This function locates a Directory Entry within the image header and returns either the virtual address or seek address of the
    data the Directory describes.
   
    This function has been superseded by the RtlImageDirectoryEntryToDataEx function.
    Use RtlImageDirectoryEntryToDataEx to retrieve the section header.

Parameters:
    BaseAddress [in]: A pointer to the base address of the image. THe 'MZ' signature.
    MappedAsImage [in]: If this parameter is TRUE, the file is mapped by the system as an image. If the flag is FALSE, the file is mapped as a data file by the MapViewOfFile function.
    DirectoryEntry [in]: The index number of the desired directory entry. This parameter can be one of the following values.

                        Equate Name                             Value   Meaning
                        IMAGE_DIRECTORY_ENTRY_ARCHITECTURE      7       Architecture-specific data
                        IMAGE_DIRECTORY_ENTRY_BASERELOC         5       Base relocation table
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT      11      Bound import directory
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR    14      COM descriptor table
                        IMAGE_DIRECTORY_ENTRY_DEBUG             6       Debug directory
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT      13      Delay import table
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION         3       Exception directory
                        IMAGE_DIRECTORY_ENTRY_EXPORT            0       Export directory
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR         8       The relative virtual address of global pointer
                        IMAGE_DIRECTORY_ENTRY_IAT               12      Import address table
                        IMAGE_DIRECTORY_ENTRY_IMPORT            1       Import directory
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG       10      Load configuration directory
                        IMAGE_DIRECTORY_ENTRY_RESOURCE          2       Resource directory
                        IMAGE_DIRECTORY_ENTRY_SECURITY          4       Security directory
                        IMAGE_DIRECTORY_ENTRY_TLS               9       Thread local storage directory

    Size [out]: A pointer to a variable that receives the size of the data for the directory entry, in bytes.

Return value:
    If the function succeeds, the return value is a pointer to the directory entry's data.
    If the function fails, the return value is NULL. To retrieve extended error information, call GetLastError.

Remarks:
    The ImageDirectoryEntryToData function is used to obtain access to image-specific data.
    All DbgHelp functions, such as this one, are single threaded. Therefore, calls from more than one thread to this function
    will likely result in unexpected behavior or memory corruption. To avoid this, you must synchronize all concurrent calls
    from more than one thread to this function.

    This function have the same functionality as the one existant inside ntdll and the function ImageDirectoryEntryToData from Dbghelp.dll

    Example:
   
        call RtlImageDirectoryEntryToData D@pFileData, &FALSE, &IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, LoaderSize


Bibliography:
    http://msdn.microsoft.com/en-us/library/windows/desktop/ms680149(v=vs.85).aspx
    http://www.wasm.ru/forum/viewtopic.php?id=28082

Author:
Gustavo Trigueiros (aka: Beyond2000! or Guga)

;;

Proc RtlImageDirectoryEntryToData:
    Arguments @BaseAddress, @MappedAsImage, @Directory, @pSize
    Uses ebx

    mov ebx D@BaseAddress
    Test_If bl 1
        and ebx 0-02
        mov D@MappedAsImage 0
    Test_End
    call RtlpImageNtHeader ebx
    On eax = 0, ExitP
    If W$eax+PeHeader.OptionalHeader.MagicDis = &IMAGE_NT_OPTIONAL_HDR32_MAGIC
        call RtlpImageDirectoryEntryToData32 ebx, D@MappedAsImage, D@Directory, D@pSize, eax
    Else_If W$eax+PeHeader.OptionalHeader.MagicDis = &IMAGE_NT_OPTIONAL_HDR64_MAGIC
        call RtlpImageDirectoryEntryToData64 ebx, D@MappedAsImage, D@Directory, D@pSize, eax
    Else
        xor eax eax
    End_If

EndP