#define WIN32_LEAN_AND_MEAN #include #include #include "apiset.h" // http://blog.airesoft.co.uk/code/apiset.h void ParseV2StyleApiSet(PVOID pData) { API_SET_NAMESPACE_ARRAY_V2* pNSHeader = (API_SET_NAMESPACE_ARRAY_V2*)pData; ULONG numEntries = pNSHeader->Count; for(ULONG i = 0; i < numEntries; ++i) { PAPI_SET_NAMESPACE_ENTRY_V2 pArrEntry = &pNSHeader->Array[i]; PWSTR pNSName = (PWSTR)RVA_TO_ADDR(pNSHeader, pArrEntry->NameOffset); wprintf(L"Found Namespace entry for %.*s\n", pArrEntry->NameLength / sizeof(*pNSName), pNSName); PAPI_SET_VALUE_ARRAY_V2 pNSArrData = (PAPI_SET_VALUE_ARRAY_V2)RVA_TO_ADDR(pNSHeader, pArrEntry->DataOffset); ULONG nsEntryCount = pNSArrData->Count; for(ULONG j = 0; j < nsEntryCount; ++j) { PAPI_SET_VALUE_ENTRY_V2 pNSEntry = &pNSArrData->Array[j]; wprintf(L"\tEntry %lu\n", j + 1); if(pNSEntry->NameLength != 0) { PWSTR pNSEntryName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->NameOffset); wprintf(L"\t\tImporting Module: %.*s\n", pNSEntry->NameLength / sizeof(*pNSEntryName), pNSEntryName); } PWSTR pNSValueName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->ValueOffset); wprintf(L"\t\tHost: %.*s\n", pNSEntry->ValueLength / sizeof(*pNSValueName), pNSValueName); } wprintf(L"\n"); } } void ParseV4StyleApiSet(PVOID pData) { PCAPI_SET_NAMESPACE_ARRAY_V4 pNSHeader = (PCAPI_SET_NAMESPACE_ARRAY_V4)pData; ULONG numEntries = pNSHeader->Count; for(ULONG i = 0; i < numEntries; ++i) { PCAPI_SET_NAMESPACE_ENTRY_V4 pArrEntry = &pNSHeader->Array[i]; PWSTR pNSName = (PWSTR)RVA_TO_ADDR(pNSHeader, pArrEntry->NameOffset); wprintf(L"Found Namespace entry for %.*s\n", pArrEntry->NameLength / sizeof(*pNSName), pNSName); PAPI_SET_VALUE_ARRAY_V4 pNSArrData = (PAPI_SET_VALUE_ARRAY_V4)RVA_TO_ADDR(pNSHeader, pArrEntry->DataOffset); ULONG nsEntryCount = pNSArrData->Count; for(ULONG j = 0; j < nsEntryCount; ++j) { PAPI_SET_VALUE_ENTRY_V4 pNSEntry = &pNSArrData->Array[j]; wprintf(L"\tEntry %lu\n", j + 1); if(pNSEntry->NameOffset != 0) { PWSTR pNSEntryName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->NameOffset); wprintf(L"\t\tImporting Module: %.*s\n", pNSEntry->NameLength / sizeof(*pNSEntryName), pNSEntryName); } PWSTR pNSValueName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->ValueOffset); wprintf(L"\t\tHost: %.*s\n", pNSEntry->ValueLength / sizeof(*pNSValueName), pNSValueName); } putwchar(L'\n'); } } void ParseV6StyleApiSet(PVOID pData) { PCAPI_SET_NAMESPACE_ARRAY_V6 pNSHeader = (PCAPI_SET_NAMESPACE_ARRAY_V6)pData; ULONG numEntries = pNSHeader->Count; PCAPI_SET_NAMESPACE_ENTRY_V6 pArrEntry = (PCAPI_SET_NAMESPACE_ENTRY_V6)RVA_TO_ADDR(pNSHeader, pNSHeader->NamespaceEntryOffset); for(ULONG i = 0; i < numEntries; ++i) { PWSTR pNSName = (PWSTR)RVA_TO_ADDR(pNSHeader, pArrEntry->NameOffset); wprintf(L"Found Namespace entry for %.*s\n", pArrEntry->NameLength / sizeof(*pNSName), pNSName); PCAPI_SET_VALUE_ENTRY_V6 pNSEntry = (PCAPI_SET_VALUE_ENTRY_V6)RVA_TO_ADDR(pNSHeader, pArrEntry->DataOffset); ULONG nsEntryCount = pArrEntry->Count; for(ULONG j = 0; j < nsEntryCount; ++j) { wprintf(L"\tEntry %lu\n", j + 1); if(pNSEntry->NameOffset != 0) { PWSTR pNSEntryName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->NameOffset); wprintf(L"\t\tImporting Module: %.*s\n", pNSEntry->NameLength / sizeof(*pNSEntryName), pNSEntryName); } PWSTR pNSValueName = (PWSTR)RVA_TO_ADDR(pNSHeader, pNSEntry->ValueOffset); wprintf(L"\t\tHost: %.*s\n", pNSEntry->ValueLength / sizeof(*pNSValueName), pNSValueName); ++pNSEntry; } putwchar(L'\n'); ++pArrEntry; } } int __cdecl main(int argc, char** argv) { HMODULE hMod = LoadLibraryEx(L"t:\\apisetschema-10.dll", NULL, LOAD_LIBRARY_AS_DATAFILE); BYTE* pBaseAddr = (BYTE*)(((ULONG_PTR)hMod) & ~3); PIMAGE_NT_HEADERS pHeaders = ImageNtHeader(pBaseAddr); DWORD sizeOfOptHeader = pHeaders->FileHeader.SizeOfOptionalHeader; WORD numSections = pHeaders->FileHeader.NumberOfSections; BYTE* pHeaderIter = (BYTE*)pHeaders; pHeaderIter += sizeof(pHeaders->Signature) + sizeof(pHeaders->FileHeader) + sizeOfOptHeader; IMAGE_SECTION_HEADER* pIsh = (IMAGE_SECTION_HEADER*)pHeaderIter; for(WORD i = 0; i < numSections; ++i) { if(strncmp((const char*)pIsh->Name, API_SET_SECTION_NAME, 7) == 0) { break; } } ULONG sizeOfData = pIsh->SizeOfRawData; BYTE* pStartOfData = pBaseAddr + pIsh->PointerToRawData; ULONG ver = *(ULONG*)pStartOfData; if(ver <= 2) { ParseV2StyleApiSet(pStartOfData); } else if(ver <= 4) { ParseV4StyleApiSet(pStartOfData); } else if(ver <= 6) { ParseV6StyleApiSet(pStartOfData); } FreeLibrary(hMod); return 0; }