C# (CSharp) DkmNativeModuleInstance.FindExportName Beispiele

Beispiel #1

        public static ulong GetExportedStaticVariableAddress(this DkmNativeModuleInstance moduleInstance, string name)
        {
            var addr = moduleInstance.FindExportName(name, false);

            if (addr == null)
            {
                Debug.Fail("Couldn't find dllexport variable " + name + " in module " + moduleInstance.Name);
                throw new ArgumentException();
            }
            return(moduleInstance.BaseAddress + addr.RVA);
        }

Beispiel #2

        public static DkmNativeInstructionAddress GetExportedFunctionAddress(this DkmNativeModuleInstance moduleInstance, string name)
        {
            var addr = moduleInstance.FindExportName(name, true);

            if (addr == null)
            {
                Debug.Fail("Couldn't find dllexport function " + name + " in module " + moduleInstance.Name);
                throw new ArgumentException();
            }
            return(addr);
        }

Beispiel #3

        internal static ulong FindVariableAddress(DkmNativeModuleInstance nativeModuleInstance, string variableName)
        {
            var address = nativeModuleInstance.FindExportName(variableName, IgnoreDataExports: false);

            if (address != null)
            {
                LocalComponent.log.Debug($"Found helper library '{variableName}' variable at 0x{address.CPUInstructionPart.InstructionPointer:x}");

                return(address.CPUInstructionPart.InstructionPointer);
            }

            LocalComponent.log.Warning($"Failed to find helper library '{variableName}' variable");

            return(0);
        }

Beispiel #4

Datei: AutoAttachToChildHandler.cs Projekt: mbbill/vs-chromium

    private void HookCreateProcess(DkmNativeModuleInstance module, string export, StackFrameAnalyzer frameAnalyzer) {
      try {
        FunctionTracer tracer = new FunctionTracer(
            module.FindExportName(export, true), frameAnalyzer);
        tracer.OnFunctionEntered += createProcessTracer_OnFunctionEntered;
        tracer.OnFunctionExited += createProcessTracer_OnFunctionExited;
        tracer.Enable();

        _functionTracers.Add(tracer);
      } catch (DkmException) {
        // For some reason, sandboxed processes act strangely (e.g. FindExportName throws an
        // exception with E_FAIL.  It's not clear why this happens, but these processes can't
        // create child processes anyway, so just handle this failure gracefully.
        return;
      }
    }

Beispiel #5

        private void HookCreateProcess(DkmNativeModuleInstance module, string export, StackFrameAnalyzer frameAnalyzer)
        {
            try {
                FunctionTracer tracer = new FunctionTracer(
                    module.FindExportName(export, true), frameAnalyzer);
                tracer.OnFunctionEntered += createProcessTracer_OnFunctionEntered;
                tracer.OnFunctionExited  += createProcessTracer_OnFunctionExited;
                tracer.Enable();

                _functionTracers.Add(tracer);
            } catch (DkmException) {
                // For some reason, sandboxed processes act strangely (e.g. FindExportName throws an
                // exception with E_FAIL.  It's not clear why this happens, but these processes can't
                // create child processes anyway, so just handle this failure gracefully.
                return;
            }
        }