search

CasualX / pelite

Lightweight, memory-safe, zero-allocation library for reading and navigating PE binaries.
MIT License
280 stars 42 forks source link

Missing exports in kernel32.dll #277

Closed lexika979 closed 4 months ago

lexika979 commented 4 months ago

Hello, first of all, thank you for providing this library. It's been of great use for me lately. Unfortunately, i've seem to run into a issue, where when iterating the exported functions of kernel32.dll (32bit), some exported functions seem to be missing.

These seem to be: HeapAlloc HeapReAlloc InitializeSListHead SleepConditionVariableSRW WakeAllConditionVariable AcquireSRWLockExclusive ReleaseSRWLockExclusive

Here is how I iterate the exports:

                            pe.exports()?
                                .by()?
                                .iter_names()
                                .filter_map(|result| match result {
                                    (Ok(name), Ok(export)) => export
                                        .symbol()
                                        .map(|symbol| (name.to_string(), base + symbol as u64)),
                                    _ => None,
                                })
                                .collect::<HashMap<_, _>>()

Am I doing something wrong?

CasualX commented 4 months ago

Exported symbols can be forwarded to another dll. Here with .symbol() you only get symbols implemented by kernel32.dll itself.

https://docs.rs/pelite/latest/pelite/pe32/exports/enum.Export.html#variant.Forward

Here's the link to the mentioned blog post: https://devblogs.microsoft.com/oldnewthing/20060719-24/?p=30473

lexika979 commented 4 months ago

Ah I see, didn't think about that - Thank you for the quick response!