ホーム › System.Diagnostics.Debug › RtlAddFunctionTable
RtlAddFunctionTable
関数動的コード用のx64例外処理関数テーブルを登録する。
シグネチャ
// KERNEL32.dll
#include <windows.h>
BOOLEAN RtlAddFunctionTable(
IMAGE_RUNTIME_FUNCTION_ENTRY* FunctionTable,
DWORD EntryCount,
ULONGLONG BaseAddress
);パラメーター
| 名前 | 型 | 方向 |
|---|---|---|
| FunctionTable | IMAGE_RUNTIME_FUNCTION_ENTRY* | in |
| EntryCount | DWORD | in |
| BaseAddress | ULONGLONG | in |
戻り値の型: BOOLEAN
各言語での呼び出し定義
// KERNEL32.dll
#include <windows.h>
BOOLEAN RtlAddFunctionTable(
IMAGE_RUNTIME_FUNCTION_ENTRY* FunctionTable,
DWORD EntryCount,
ULONGLONG BaseAddress
);[DllImport("KERNEL32.dll", ExactSpelling = true)]
static extern byte RtlAddFunctionTable(
IntPtr FunctionTable, // IMAGE_RUNTIME_FUNCTION_ENTRY*
uint EntryCount, // DWORD
ulong BaseAddress // ULONGLONG
);<DllImport("KERNEL32.dll", ExactSpelling:=True)>
Public Shared Function RtlAddFunctionTable(
FunctionTable As IntPtr, ' IMAGE_RUNTIME_FUNCTION_ENTRY*
EntryCount As UInteger, ' DWORD
BaseAddress As ULong ' ULONGLONG
) As Byte
End Function' FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY*
' EntryCount : DWORD
' BaseAddress : ULONGLONG
Declare PtrSafe Function RtlAddFunctionTable Lib "kernel32" ( _
ByVal FunctionTable As LongPtr, _
ByVal EntryCount As Long, _
ByVal BaseAddress As LongLong) As Byte
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。import ctypes
from ctypes import wintypes
RtlAddFunctionTable = ctypes.windll.kernel32.RtlAddFunctionTable
RtlAddFunctionTable.restype = ctypes.c_byte
RtlAddFunctionTable.argtypes = [
ctypes.c_void_p, # FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY*
wintypes.DWORD, # EntryCount : DWORD
ctypes.c_ulonglong, # BaseAddress : ULONGLONG
]require 'fiddle'
require 'fiddle/import'
lib = Fiddle.dlopen('KERNEL32.dll')
RtlAddFunctionTable = Fiddle::Function.new(
lib['RtlAddFunctionTable'],
[
Fiddle::TYPE_VOIDP, # FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY*
-Fiddle::TYPE_INT, # EntryCount : DWORD
-Fiddle::TYPE_LONG_LONG, # BaseAddress : ULONGLONG
],
Fiddle::TYPE_CHAR)#[link(name = "kernel32")]
extern "system" {
fn RtlAddFunctionTable(
FunctionTable: *mut IMAGE_RUNTIME_FUNCTION_ENTRY, // IMAGE_RUNTIME_FUNCTION_ENTRY*
EntryCount: u32, // DWORD
BaseAddress: u64 // ULONGLONG
) -> u8;
}
// crates: windows-sys provides ready-made bindings for this API.$sig = @"
[DllImport("KERNEL32.dll")]
public static extern byte RtlAddFunctionTable(IntPtr FunctionTable, uint EntryCount, ulong BaseAddress);
"@
$api = Add-Type -MemberDefinition $sig -Name 'KERNEL32_RtlAddFunctionTable' -Namespace Win32 -PassThru
# $api::RtlAddFunctionTable(FunctionTable, EntryCount, BaseAddress)#uselib "KERNEL32.dll"
#func global RtlAddFunctionTable "RtlAddFunctionTable" sptr, sptr, sptr
; RtlAddFunctionTable varptr(FunctionTable), EntryCount, BaseAddress ; 戻り値は stat
; FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "sptr"
; EntryCount : DWORD -> "sptr"
; BaseAddress : ULONGLONG -> "sptr"
; ※HSP3.7は int64 引数(64bit値渡し)に非対応です。
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。出力引数:
#uselib "KERNEL32.dll" #cfunc global RtlAddFunctionTable "RtlAddFunctionTable" var, int, int64 ; res = RtlAddFunctionTable(FunctionTable, EntryCount, BaseAddress) ; FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "var" ; EntryCount : DWORD -> "int" ; BaseAddress : ULONGLONG -> "int64" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。 ; ※int64 引数の DLL 値渡しは x64 ランタイム(hsp3_64)のみ対応(x86 は未対応)。#uselib "KERNEL32.dll" #cfunc global RtlAddFunctionTable "RtlAddFunctionTable" sptr, int, int64 ; res = RtlAddFunctionTable(varptr(FunctionTable), EntryCount, BaseAddress) ; FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "sptr" ; EntryCount : DWORD -> "int" ; BaseAddress : ULONGLONG -> "int64" ; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。 ; ※int64 引数の DLL 値渡しは x64 ランタイム(hsp3_64)のみ対応(x86 は未対応)。
出力引数:
; BOOLEAN RtlAddFunctionTable(IMAGE_RUNTIME_FUNCTION_ENTRY* FunctionTable, DWORD EntryCount, ULONGLONG BaseAddress) #uselib "KERNEL32.dll" #cfunc global RtlAddFunctionTable "RtlAddFunctionTable" var, int, int64 ; res = RtlAddFunctionTable(FunctionTable, EntryCount, BaseAddress) ; FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "var" ; EntryCount : DWORD -> "int" ; BaseAddress : ULONGLONG -> "int64" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; BOOLEAN RtlAddFunctionTable(IMAGE_RUNTIME_FUNCTION_ENTRY* FunctionTable, DWORD EntryCount, ULONGLONG BaseAddress) #uselib "KERNEL32.dll" #cfunc global RtlAddFunctionTable "RtlAddFunctionTable" intptr, int, int64 ; res = RtlAddFunctionTable(varptr(FunctionTable), EntryCount, BaseAddress) ; FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "intptr" ; EntryCount : DWORD -> "int" ; BaseAddress : ULONGLONG -> "int64" ; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。
import (
"golang.org/x/sys/windows"
"unsafe"
)
var (
kernel32 = windows.NewLazySystemDLL("KERNEL32.dll")
procRtlAddFunctionTable = kernel32.NewProc("RtlAddFunctionTable")
)
// FunctionTable (IMAGE_RUNTIME_FUNCTION_ENTRY*), EntryCount (DWORD), BaseAddress (ULONGLONG)
r1, _, err := procRtlAddFunctionTable.Call(
uintptr(FunctionTable),
uintptr(EntryCount),
uintptr(BaseAddress),
)
_ = err // syscall.Errno (valid when the call sets last-error)
_ = r1 // BOOLEANfunction RtlAddFunctionTable(
FunctionTable: Pointer; // IMAGE_RUNTIME_FUNCTION_ENTRY*
EntryCount: DWORD; // DWORD
BaseAddress: UInt64 // ULONGLONG
): ByteBool; stdcall;
external 'KERNEL32.dll' name 'RtlAddFunctionTable';result := DllCall("KERNEL32\RtlAddFunctionTable"
, "Ptr", FunctionTable ; IMAGE_RUNTIME_FUNCTION_ENTRY*
, "UInt", EntryCount ; DWORD
, "Int64", BaseAddress ; ULONGLONG
, "Char") ; return: BOOLEAN●RtlAddFunctionTable(FunctionTable, EntryCount, BaseAddress) = DLL("KERNEL32.dll", "byte RtlAddFunctionTable(void*, dword, qword)")
# 呼び出し: RtlAddFunctionTable(FunctionTable, EntryCount, BaseAddress)
# FunctionTable : IMAGE_RUNTIME_FUNCTION_ENTRY* -> "void*"
# EntryCount : DWORD -> "dword"
# BaseAddress : ULONGLONG -> "qword"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。