#pragma once #include "../Include/Winheaders.h" #include "../Include/Types.h" #include #include #include namespace blackbone { class NameResolve { using mapApiSchema = std::unordered_map>; public: enum eResolveFlag { Default = 0, // Full resolve ApiSchemaOnly = 1, // Resolve only Api schema dlls EnsureFullPath = 2, // Make sure resulting path is full-qualified NoSearch = 4, // Don't perform file search, only resolve name Wow64 = 8, // Redirect System32 files to SysWow64 }; public: BLACKBONE_API ~NameResolve() = default; BLACKBONE_API static NameResolve& Instance(); ///

/// Initialize api set map ///

/// BLACKBONE_API bool Initialize(); ///

/// Resolve image path. ///

/// Image to resolve /// Name of parent image. Used only when resolving import images /// Directory where source image is located /// Resolve flags /// Process. Used to search process executable directory /// Activation context /// Status BLACKBONE_API NTSTATUS ResolvePath( std::wstring& path, const std::wstring& baseName, const std::wstring& searchDir, eResolveFlag flags, class Process& proc, HANDLE actx = INVALID_HANDLE_VALUE ); ///

/// Try SxS redirection ///

/// Image path. /// Process. Used to search process executable directory /// Activation context /// BLACKBONE_API NTSTATUS ProbeSxSRedirect( std::wstring& path, class Process& proc, HANDLE actx = INVALID_HANDLE_VALUE ); private: // Ensure singleton NameResolve() = default; NameResolve( const NameResolve& ) = delete; NameResolve& operator =( const NameResolve& ) = delete; ///

/// Gets the process executable directory ///

/// Process ID /// Process executable directory std::wstring GetProcessDirectory( DWORD pid ); ///

/// OS dependent api set initialization ///

/// true on success template bool InitializeP(); private: mapApiSchema _apiSchema; // Api schema table }; }