void OutputString(LPCWSTR string, DWORD len) { HANDLE hStdOut = GetStdHandle(STD_OUTPUT_HANDLE); DWORD written; WriteConsoleW(hStdOut, string, len, &written, NULL); } void ListModulesInInitOrder() { TextStream buf(g_vsnwPrintF); TextStream format(g_vsnwPrintF, 32); PPEB peb = GetPEB(); const LIST_ENTRY& links = peb->LoaderData->InInitializationOrderModuleList; PLDR_MODULE pMod = (PLDR_MODULE)(((char*)links.Flink) - offsetof(LDR_MODULE, InInitializationOrderModuleList)); //PLDR_MODULE pMod = (PLDR_MODULE)links.Flink; PLDR_MODULE pHead = pMod; buf.Format(L"In Init Order:\n"); while(pMod) { if(pMod->BaseAddress) { format.Clear(); format.Format(L"%%.%ds", min(pMod->FullDllName.Length, lstrlen(pMod->FullDllName.Buffer))); buf.Format(format.Text(), pMod->FullDllName.Buffer); buf.Format(L" Address: %p\n", pMod->BaseAddress); buf.Format(L"Base Name: %s\n", pMod->BaseDllName.Buffer); } if(pMod->InInitializationOrderModuleList.Flink) { pMod = reinterpret_cast(((char*)pMod->InInitializationOrderModuleList.Flink) - offsetof(LDR_MODULE, InInitializationOrderModuleList)); } else { pMod = NULL; } if(pMod == pHead) { pMod = NULL; } } buf.Format(L"\n\n"); OutputString(buf.Text(), buf.Size()); } void ListModulesInMemOrder() { TextStream buf(g_vsnwPrintF); TextStream format(g_vsnwPrintF, 32); PPEB peb = GetPEB(); const LIST_ENTRY& links = peb->LoaderData->InMemoryOrderModuleList; PLDR_MODULE pMod = (PLDR_MODULE)(((char*)links.Flink) - offsetof(LDR_MODULE, InMemoryOrderModuleList)); //PLDR_MODULE pMod = (PLDR_MODULE)links.Flink; PLDR_MODULE pHead = pMod; buf.Format(L"In Memory Order:\n"); while(pMod) { if(pMod->BaseAddress) { format.Clear(); format.Format(L"%%.%ds", min(pMod->FullDllName.Length, lstrlen(pMod->FullDllName.Buffer))); buf.Format(format.Text(), pMod->FullDllName.Buffer); buf.Format(L" Address: %p\n", pMod->BaseAddress); buf.Format(L"Base Name: %s, pMod Address: %p\n", pMod->BaseDllName.Buffer, pMod); } if(pMod->InMemoryOrderModuleList.Flink) { pMod = reinterpret_cast(((char*)pMod->InMemoryOrderModuleList.Flink) - offsetof(LDR_MODULE, InMemoryOrderModuleList)); } else { pMod = NULL; } if(pMod == pHead) { pMod = NULL; } } buf.Format(L"\n\n"); OutputString(buf.Text(), buf.Size()); } void ListModulesInLoadOrder() { TextStream buf(g_vsnwPrintF); TextStream format(g_vsnwPrintF, 32); PLDR_MODULE pMod = GetFirstLoadedModule(); buf.Format(L"In Load Order:\n"); PLDR_MODULE pHead = pMod; while(pMod) { if(pMod->BaseAddress) { format.Clear(); format.Format(L"%%.%ds", min(pMod->FullDllName.Length, lstrlen(pMod->FullDllName.Buffer))); buf.Format(format.Text(), pMod->FullDllName.Buffer); buf.Format(L" Address: %p\n", pMod->BaseAddress); buf.Format(L"Base Name: %s\n", pMod->BaseDllName.Buffer); } pMod = reinterpret_cast(pMod->InLoadOrderModuleList.Flink); // the module list is a circular linked list so stop looping // if we've got back to the beginning if(pMod == pHead) { pMod = NULL; } } buf.Format(L"\n\n"); OutputString(buf.Text(), buf.Size()); } void SwapEntries(PLDR_MODULE pMod1, PLDR_MODULE pMod2) { DWORD ldrEntrySize = 0; DWORD version = GetVersion(); BYTE major = LOBYTE(LOWORD(version)); BYTE minor = HIBYTE(LOWORD(version)); switch(major) { case 5: { ldrEntrySize = (minor == 0) ? sizeof(LDR_MODULE_2000) : sizeof(LDR_MODULE_XP_2003); } break; case 6: { ldrEntrySize = (minor == 0) ? sizeof(LDR_MODULE_VISTA) : sizeof(LDR_MODULE_7); } break; } // bail out if unknown version if(ldrEntrySize == 0) { return; } // don't swap the link entries ldrEntrySize -= offsetof(LDR_MODULE, BaseAddress); // use biggest version as the stack buffer LDR_MODULE_7 temp; PLDR_MODULE pTemp = (PLDR_MODULE)&temp; SwapModulePaths(pMod1, pMod2); //SwapLinkEntries(pMod1, pMod2); memcopy(&(pTemp->BaseAddress), &(pMod1->BaseAddress), ldrEntrySize); memcopy(&(pMod1->BaseAddress), &(pMod2->BaseAddress), ldrEntrySize); memcopy(&(pMod2->BaseAddress), &(pTemp->BaseAddress), ldrEntrySize); } void SwapLinkEntries(PLDR_MODULE pOriginal, PLDR_MODULE pOther) { LIST_ENTRY temp = pOriginal->InInitializationOrderModuleList; pOriginal->InInitializationOrderModuleList = pOther->InInitializationOrderModuleList; pOther->InInitializationOrderModuleList = temp; temp = pOriginal->InLoadOrderModuleList; pOriginal->InLoadOrderModuleList = pOther->InLoadOrderModuleList; pOther->InLoadOrderModuleList = temp; temp = pOriginal->InMemoryOrderModuleList; pOriginal->InMemoryOrderModuleList = pOther->InMemoryOrderModuleList; pOther->InMemoryOrderModuleList = temp; } // swaps the set of links specified by linkPtr // in pOriginal and pInsert loader entries void SwapLinks(PLDR_MODULE pOriginal, PLDR_MODULE pInsert, LIST_ENTRY (LDR_MODULE::* linkPtr)) { PLIST_ENTRY origLinks = &(pOriginal->*linkPtr); PLIST_ENTRY insertLinks = &(pInsert->*linkPtr); PLIST_ENTRY origForward = origLinks->Flink; PLIST_ENTRY origBackward = origLinks->Blink; PLIST_ENTRY insertForward = insertLinks->Flink; PLIST_ENTRY insertBackward = insertLinks->Blink; if(origBackward) { origBackward->Flink = insertLinks; } insertLinks->Blink = origBackward; if(insertForward) { insertForward->Blink = origLinks; } origLinks->Flink = insertForward; if(origForward) { origForward->Blink = insertLinks; } insertLinks->Flink = origForward; if(insertBackward) { insertBackward->Flink = origLinks; } origLinks->Blink = insertBackward; }