Package vmm

Interface IVmmModule

public interface IVmmModule
Interface representing a module (loaded dll).
Author:
Ulf Frisk - pcileech@frizk.net

  • Method Details

    • getProcess

      IVmmProcess getProcess()
      Retrieve the process object of this module object.
      Returns:

    • getName

      String getName()
      Retrieve the module name.
      Returns:

    • getNameFull

      String getNameFull()
      Retrieve the full/long module name.
      Returns:

    • getVaBase

      long getVaBase()
      Retrieve the module base address.
      Returns:

    • getVaEntry

      long getVaEntry()
      Retieve the module entry point address.
      Returns:

    • getSize

      int getSize()
      Retrieve the size of the module (in virtual memory).
      Returns:

    • getSizeFile

      int getSizeFile()
      Retrieve the file size (raw size) of the module.
      Returns:

    • isWow64

      boolean isWow64()
      Check whether the module is a WoW64 module or not (32-bit module in 64-bit os).
      Returns:

    • getCountSection

      int getCountSection()
      Retrieve the module section count.
      Returns:

    • getCountEAT

      int getCountEAT()
      Retrieve the export address table (EAT) count.
      Returns:

    • getCountIAT

      int getCountIAT()
      Retrieve the import address table (IAT) count.
      Returns:

    • getProcAddress

      long getProcAddress(String szFunctionName)
      Retrieve the function address of the specified function.
      Parameters:
      szFunctionName -
      Returns:

    • getPdb

      IVmmPdb getPdb()
      Retrieve pdb debug symbols for the specific module.
      Returns:

    • getExDebugInfo

      Vmm_ModuleExDebugInfo getExDebugInfo()
      Retrieve debug directory information. The debug directory info requires that the module has been initialized with isExtendedInfo but may still fail if memory is unreadable - in which case null is returned.
      Returns:

    • getExVersionInfo

      Vmm_ModuleExVersionInfo getExVersionInfo()
      Retrieve PE version info. The PE version info requires that the module has been initialized with isExtendedInfo but may still fail if memory is unreadable - in which case null is returned.
      Returns:

    • mapDataDirectory

      List<VmmMap_ModuleDataDirectory> mapDataDirectory()
      Retrieve the data directories.
      Returns:

    • mapExport

      List<VmmMap_ModuleExport> mapExport()
      Retrieve exported symbols from the export address table (EAT).
      Returns:

    • mapImport

      List<VmmMap_ModuleImport> mapImport()
      Retrieve imported symbols from the import address table (IAT).
      Returns:

    • mapSection

      List<VmmMap_ModuleSection> mapSection()
      Retrieve module sections.
      Returns: