Rust implementation of lazy_importer
Function prototype must be explicitly declared on the variable and this is by Rust design that Rust does not allow constants to be used where known type information is needed at compile time.
Since the implementation of the ri_fn macro takes func_type as an Expr type, this is treated as an expression that is resolved at runtime. However, types such as extern "system" fn(), which represents a function pointer, require known type information at compile time. Therefore, the type Expr, which is resolved at runtime, cannot be used directly as such a function type.
```rust
extern crate razyimportermacros;
fn main() { let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG = rifn!("NtGetCurrentProcessorNumber", rimod!("ntdll.dll")); let currentprocessornumber = unsafe { NtGetCurrentProcessorNumber() }; } ```
This output is generated by IDA 8.3 without symbols (and without gooMBA).
```rust
fn nt() -> u32 { let NtGetCurrentProcessorNumber: unsafe extern "system" fn() -> ULONG = rifn!("NtGetCurrentProcessorNumber", rimod!("ntdll.dll")); return unsafe { NtGetCurrentProcessorNumber() }; } ```
```cpp _int64 nt() { PPEBLDRDATA Ldr; // rcx unsigned _int64 Blink; // rdx LISTENTRY *pInLoadOrderModuleList; // rcx struct LISTENTRY *v3; // rax struct LISTENTRY *Flink; // r8 struct LISTENTRY *v5; // r9 int v6; // r10d unsigned _int8 v7; // si unsigned _int64 Blinkhigh; // rcx _int64 v9; // r8 _int64 v10; // r8 char *v11; // r9 _int64 v12; // r11 _int64 v13; // r10 _int64 v14; // r11 _int64 v15; // rbx _int64 v16; // rsi int v17; // edi _int64 v18; // rbx char v19; // r14 unsigned _int8 v20; // bp struct LISTENTRY *v21; // r9 struct LISTENTRY *v22; // r14 int v23; // r8d struct LISTENTRY *v24; // r11 struct LISTENTRY *v25; // r10 int v26; // esi unsigned _int8 v27; // bl struct _LISTENTRY *v28; // r11 _int64 v29; // rsi _int64 v30; // r10 _int64 v31; // rdi unsigned int *v32; // r10 _int64 v33; // r14 _int64 v34; // rbx char *v35; // r14 _int64 v36; // r12 _int64 v37; // r15 int v38; // ebp _int64 v39; // r12 unsigned _int8 v40; // r13 unsigned _int8 v41; // al unsigned _int8 *v42; // r8 unsigned _int8 *v43; // r9 int v44; // r10d unsigned _int8 v45; // al unsigned _int8 v46; // r10 unsigned _int8 v47; // al struct _LISTENTRY *v49; // [rsp+0h] [rbp-48h]
Ldr = NtCurrentPeb()->Ldr; Blink = (unsigned int64)Ldr->InLoadOrderModuleList.Blink; pInLoadOrderModuleList = &Ldr->InLoadOrderModuleList; v3 = 0i64; while ( 1 ) { pInLoadOrderModuleList = pInLoadOrderModuleList->Flink; if ( pInLoadOrderModuleList == (LISTENTRY *)Blink ) break; Flink = pInLoadOrderModuleList[6].Flink; v5 = (struct LISTENTRY )((char *)Flink + ((int64)p_InLoadOrderModuleList[5].Blink & 0xFFFE)); v6 = -2012046509; while ( Flink < v5 ) { v7 = LOBYTE(Flink->Flink) | 0x20; if ( (unsigned int8)(LOBYTE(Flink->Flink) - 65) >= 0x1Au ) v7 = (unsigned __int8)Flink->Flink; v6 = 16777619 * (v6 ^ v7); Flink = (struct _LIST_ENTRY *)((char *)Flink + 2); } if ( v6 == -825806291 ) { v3 = p_InLoadOrderModuleList[3].Flink; break; } } Blink_high = SHIDWORD(v3[3].Blink); v9 = *(unsigned int *)((char *)&v3[8].Blink + Blink_high); if ( *(_DWORD *)((char *)&v3[8].Blink + Blink_high) ) { Blink = (unsigned __int64)v3 + v9; v10 = *(unsigned int *)((char *)&v3[1].Blink + v9); v11 = 0i64; v12 = 0i64; while ( v12 != v10 ) { v13 = v12; v14 = (int64)v3 + *(unsigned int *)((char *)&v3->Flink + 4 * v12 + *(unsigned int *)(Blink + 32)); v15 = 0i64; do v16 = v15++; while ( *(_BYTE *)(v14 + v16) ); v17 = -2012046509; if ( v15 != 1 ) { v18 = 0i64; do { v19 = *(_BYTE *)(v14 + v18); if ( !v19 ) break; v20 = v19 | 0x20; if ( (unsigned int8)(v19 - 65) >= 0x1Au ) v20 = *(_BYTE *)(v14 + v18); v17 = 16777619 * (v20 ^ v17); ++v18; } while ( v16 != v18 ); } v12 = v13 + 1; if ( v17 == -478243695 ) { v11 = (char *)v3 + *(unsigned int *)((char *)&v3->Flink + 4 * *(unsigned __int16 *)((char *)&v3->Flink + 2 * (unsigned int)v13 + *(unsigned int *)(Blink + 36)) + *(unsigned int *)(Blink + 28)); if ( Blink >= (unsigned __int64)v11 ) return ((int64 (fastcall *)(unsigned __int64, unsigned __int64))v11)(Blink_high, Blink); Blink += *(unsigned int *)((char *)&v3[8].Blink + Blink_high + 4); if ( Blink <= (unsigned __int64)v11 ) return ((int64 (fastcall *)(unsigned __int64, unsigned __int64))v11)(Blink_high, Blink); Blink_high = (unsigned __int64)NtCurrentPeb()->Ldr; v21 = *(struct _LIST_ENTRY *)(Blinkhigh + 16); v22 = *(struct _LISTENTRY *)(Blink_high + 24); if ( v21 != v22 ) { v23 = -478243695; Blink = 0i64; v49 = *(struct _LIST_ENTRY *)(Blinkhigh + 24); while ( 1 ) { if ( !(DWORD)Blink ) goto LABEL67; v24 = v21[6].Flink; v25 = (struct _LISTENTRY )((char *)v24 + ((unsigned __int16)(LODWORD(v21[5].Blink) - 8) & 0xFFFE)); v26 = -2012046509; while ( v24 < v25 ) { v27 = LOBYTE(v24->Flink) | 0x20; if ( (unsigned __int8)(LOBYTE(v24->Flink) - 65) >= 0x1Au ) v27 = (unsigned __int8)v24->Flink; v26 = 16777619 * (v26 ^ v27); v24 = (struct _LIST_ENTRY *)((char *)v24 + 2); } if ( v26 == (_DWORD)Blink ) { LABEL_67: v28 = v21[3].Flink; v29 = SHIDWORD(v28[3].Blink); v30 = *(unsigned int *)((char *)&v28[8].Blink + v29); if ( *(_DWORD *)((char *)&v28[8].Blink + v29) ) { v31 = *(unsigned int *)((char *)&v28[1].Blink + v30); v32 = (unsigned int *)((char *)v28 + v30); v33 = 0i64; do { if ( v33 == v31 ) { v22 = v49; goto LABEL_62; } v34 = v33; v35 = (char *)v28 + *(unsigned int *)((char *)&v28->Flink + 4 * v33 + v32[8]); v36 = 0i64; do v37 = v36++; while ( v35[v37] ); v38 = -2012046509; if ( v36 != 1 ) { v39 = 0i64; do { v40 = v35[v39]; if ( !v40 ) break; Blink_high = v40; v41 = v40 | 0x20; if ( (unsigned __int8)(v40 - 65) >= 0x1Au ) v41 = v35[v39]; v38 = 16777619 * (v41 ^ v38); ++v39; } while ( v37 != v39 ); } v33 = v34 + 1; } while ( v38 != v23 ); Blink_high = (unsigned __int64)v28 + v32[7]; Blink = (unsigned __int64)v28 + v32[9]; v11 = (char *)v28 + *(unsigned int *)(Blink_high + 4i64 * *(unsigned __int16 *)(Blink + 2i64 * (unsigned int)v34)); if ( v32 >= (unsigned int *)v11 || (char *)v32 + *(unsigned int *)((char *)&v28[8].Blink + v29 + 4) <= v11 ) { return ((int64 (fastcall *)(_QWORD, _QWORD))v11)(Blink_high, Blink); } v42 = (unsigned __int8 *)(v11 + 1); v43 = (unsigned __int8 *)(v11 + 2); Blink = 2282920787i64; v22 = v49; while ( 1 ) { v44 = *(v42 - 1); if ( !(v42 - 1) ) goto LABEL60; if ( v44 == 46 ) break; Blinkhigh = (unsigned _int8)v44; v45 = v44 | 0x20; if ( (unsigned _int8)(v44 - 65) >= 0x1Au ) v45 = (v42 - 1); Blink = 16777619 * (v45 ^ (unsigned int)Blink); ++v42; ++v43; } v46 = *v42; if ( !v42 ) { LABEL60: v23 = -2012046509; goto LABEL61; } v23 = -2012046509; do { Blinkhigh = v46; v47 = v46 | 0x20; if ( (unsigned _int8)(v46 - 65) >= 0x1Au ) v47 = v46; v23 = 16777619 * (v23 ^ v47); v46 = *v43++; } while ( v46 ); LABEL61: v21 = NtCurrentPeb()->Ldr->InLoadOrderModuleList.Flink; } } LABEL62: v21 = v21->Flink; if ( v21 == v22 ) goto LABEL63; } } goto LABEL63; } } } else { LABEL63: v11 = 0i64; } return ((int64 (fastcall *)(QWORD, QWORD))v11)(Blinkhigh, Blink); } ```
Apache 2.0 - JustasMasiulis/lazy_importer