Rust implementation of lazy_importer
Function prototype must be explicitly declared on the variable and this is by Rust design that Rust does not allow constants to be used where known type information is needed at compile time.
Since the implementation of the ri_fn macro takes func_type as an Expr type, this is treated as an expression that is resolved at runtime. However, types such as extern "system" fn(), which represents a function pointer, require known type information at compile time. Therefore, the type Expr, which is resolved at runtime, cannot be used directly as such a function type.
```rust
extern crate razyimportermacros;
fn main() { let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG = rifnm!("NtGetCurrentProcessorNumber", rimod!("ntdll.dll")); println!("NtGetCurrentProcessorNumber={}", unsafe { NtGetCurrentProcessorNumber() }); let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG = rifn!("NtGetCurrentProcessorNumber"); println!("NtGetCurrentProcessorNumber={}", unsafe { NtGetCurrentProcessorNumber() }); } ```
This output is generated by IDA 8.3 without symbols (and without gooMBA).
```rust
fn nt() -> u32 { let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG = ri_fn!("NtGetCurrentProcessorNumber"); return unsafe { NtGetCurrentProcessorNumber() }; } ```
```cpp _int64 nt() { PPEBLDRDATA Ldr; // rcx struct _LISTENTRY Flink; // r9 struct _LIST_ENTRY *Blink; // r14 int v3; // r8d int v4; // edx struct _LIST_ENTRY *v5; // r11 struct _LIST_ENTRY *v6; // r10 int v7; // esi unsigned __int8 v8; // bl struct _LIST_ENTRY *v9; // r11 __int64 Blink_high; // rsi __int64 v11; // r10 __int64 v12; // rdi unsigned int *v13; // r10 __int64 v14; // r14 __int64 v15; // rbx char *v16; // r14 __int64 v17; // r12 __int64 v18; // r15 int v19; // ebp __int64 v20; // r12 char v21; // r13 unsigned __int8 v22; // al __int64 (v23)(void); // r9 unsigned _int8 *v24; // r8 unsigned _int8 *v25; // r9 int v26; // r10d unsigned _int8 v27; // al unsigned _int8 v28; // r10 unsigned __int8 v29; // al
Ldr = NtCurrentPeb()->Ldr; Flink = Ldr->InLoadOrderModuleList.Flink; Blink = Ldr->InLoadOrderModuleList.Blink; if ( Flink != Blink ) { v3 = -490794436; v4 = 0; do { if ( !v4 ) goto LABEL44; v5 = Flink[6].Flink; v6 = (struct _LISTENTRY )((char *)v5 + ((unsigned int16)(LODWORD(Flink[5].Blink) - 8) & 0xFFFE)); v7 = -1246732848; while ( v5 < v6 ) { v8 = LOBYTE(v5->Flink) | 0x20; if ( (unsigned __int8)(LOBYTE(v5->Flink) - 65) >= 0x1Au ) v8 = (unsigned __int8)v5->Flink; v7 = 16777619 * (v7 ^ v8); v5 = (struct _LIST_ENTRY *)((char *)v5 + 2); } if ( v7 == v4 ) { LABEL_44: v9 = Flink[3].Flink; Blink_high = SHIDWORD(v9[3].Blink); v11 = *(unsigned int *)((char *)&v9[8].Blink + Blink_high); if ( *(_DWORD *)((char *)&v9[8].Blink + Blink_high) ) { v12 = *(unsigned int *)((char *)&v9[1].Blink + v11); v13 = (unsigned int *)((char *)v9 + v11); v14 = 0i64; do { if ( v14 == v12 ) { Blink = Ldr->InLoadOrderModuleList.Blink; goto LABEL_39; } v15 = v14; v16 = (char *)v9 + *(unsigned int *)((char *)&v9->Flink + 4 * v14 + v13[8]); v17 = 0i64; do v18 = v17++; while ( v16[v18] ); v19 = -1246732848; if ( v17 != 1 ) { v20 = 0i64; do { v21 = v16[v20]; if ( !v21 ) break; v22 = v21 | 0x20; if ( (unsigned __int8)(v21 - 65) >= 0x1Au ) v22 = v16[v20]; v19 = 16777619 * (v22 ^ v19); ++v20; } while ( v18 != v20 ); } v14 = v15 + 1; } while ( v19 != v3 ); v23 = (int64 ()(void))((char )v9 + *(unsigned int *)((char *)&v9->Flink + 4 * *(unsigned __int16 *)((char *)&v9->Flink + 2 * (unsigned int)v15 + v13[9]) + v13[7])); if ( v13 >= (unsigned int *)v23 || (char *)v13 + *(unsigned int *)((char *)&v9[8].Blink + Blink_high + 4) <= (char *)v23 ) { return v23(); } v24 = (unsigned __int8 *)v23 + 1; v25 = (unsigned __int8 *)v23 + 2; v4 = -1246732848; Blink = Ldr->InLoadOrderModuleList.Blink; while ( 1 ) { v26 = *(v24 - 1); if ( !(v24 - 1) ) goto LABEL37; if ( v26 == 46 ) break; v27 = v26 | 0x20; if ( (unsigned _int8)(v26 - 65) >= 0x1Au ) v27 = (v24 - 1); v4 = 16777619 * (v27 ^ v4); ++v24; ++v25; } v28 = *v24; if ( !v24 ) { LABEL37: v3 = -1246732848; goto LABEL38; } v3 = -1246732848; do { v29 = v28 | 0x20; if ( (unsigned _int8)(v28 - 65) >= 0x1Au ) v29 = v28; v3 = 16777619 * (v3 ^ v29); v28 = *v25++; } while ( v28 ); LABEL38: Flink = NtCurrentPeb()->Ldr->InLoadOrderModuleList.Flink; } } LABEL_39: Flink = Flink->Flink; } while ( Flink != Blink ); } v23 = 0i64; return v23(); } ```
Apache 2.0 - JustasMasiulis/lazy_importer