// Token: 0x06000016 RID: 22 RVA: 0x0000300C File Offset: 0x0000120C
private bool ProcessSections(IntPtr baseAddress, IntPtr remoteAddress)
{
PIMAGE_NT_HEADERS32 ntHeader = this.GetNtHeader(baseAddress);
if (ntHeader == null)
{
return(false);
}
PIMAGE_SECTION_HEADER pimage_SECTION_HEADER = (PIMAGE_SECTION_HEADER)(ntHeader.Address + 24 + (int)ntHeader.Value.FileHeader.SizeOfOptionalHeader);
for (ushort num = 0; num < ntHeader.Value.FileHeader.NumberOfSections; num += 1)
{
if (!Helpers._stricmp(".reloc".ToCharArray(), pimage_SECTION_HEADER[(uint)num].Name))
{
DataSectionFlags characteristics = pimage_SECTION_HEADER[(uint)num].Characteristics;
if (characteristics.HasFlag(DataSectionFlags.MemoryRead) || characteristics.HasFlag((DataSectionFlags)2147483648U) || characteristics.HasFlag(DataSectionFlags.MemoryExecute))
{
uint sectionProtection = this.GetSectionProtection(pimage_SECTION_HEADER[(uint)num].Characteristics);
this.ProcessSection(pimage_SECTION_HEADER[(uint)num].Name, baseAddress, remoteAddress, (ulong)pimage_SECTION_HEADER[(uint)num].PointerToRawData, (ulong)pimage_SECTION_HEADER[(uint)num].VirtualAddress, (ulong)pimage_SECTION_HEADER[(uint)num].SizeOfRawData, (ulong)pimage_SECTION_HEADER[(uint)num].VirtualSize, sectionProtection);
}
}
}
return(true);
}
// Token: 0x0600001A RID: 26 RVA: 0x000033A0 File Offset: 0x000015A0
private IntPtr LoadImageToMemory(IntPtr baseAddress)
{
PIMAGE_NT_HEADERS32 ntHeader = this.GetNtHeader(baseAddress);
if (ntHeader == null)
{
return(IntPtr.Zero);
}
if (ntHeader.Value.FileHeader.NumberOfSections == 0)
{
return(IntPtr.Zero);
}
uint num = uint.MaxValue;
uint num2 = 0U;
PIMAGE_SECTION_HEADER pimage_SECTION_HEADER = (PIMAGE_SECTION_HEADER)(ntHeader.Address + 24 + (int)ntHeader.Value.FileHeader.SizeOfOptionalHeader);
for (uint num3 = 0U; num3 < (uint)ntHeader.Value.FileHeader.NumberOfSections; num3 += 1U)
{
if (pimage_SECTION_HEADER[num3].VirtualSize != 0U)
{
if (pimage_SECTION_HEADER[num3].VirtualAddress < num)
{
num = pimage_SECTION_HEADER[num3].VirtualAddress;
}
if (pimage_SECTION_HEADER[num3].VirtualAddress + pimage_SECTION_HEADER[num3].VirtualSize > num2)
{
num2 = pimage_SECTION_HEADER[num3].VirtualAddress + pimage_SECTION_HEADER[num3].VirtualSize;
}
}
}
uint size = num2 - num;
if (ntHeader.Value.OptionalHeader.ImageBase % 4096U != 0U)
{
return(IntPtr.Zero);
}
if (ntHeader.Value.OptionalHeader.DelayImportDescriptor.Size > 0U)
{
return(IntPtr.Zero);
}
IntPtr intPtr = this.RemoteAllocateMemory(size);
if (intPtr == IntPtr.Zero)
{
return(IntPtr.Zero);
}
if (!this.ProcessImportTable(baseAddress))
{
return(IntPtr.Zero);
}
if (!this.ProcessDelayedImportTable(baseAddress, intPtr))
{
return(IntPtr.Zero);
}
if (!this.ProcessRelocations(baseAddress, intPtr))
{
return(IntPtr.Zero);
}
if (!this.ProcessSections(baseAddress, intPtr))
{
return(IntPtr.Zero);
}
if (!this.ProcessTlsEntries(baseAddress, intPtr))
{
return(IntPtr.Zero);
}
if (ntHeader.Value.OptionalHeader.AddressOfEntryPoint > 0U)
{
int entrypoint = intPtr.ToInt32() + (int)ntHeader.Value.OptionalHeader.AddressOfEntryPoint;
if (!this.CallEntryPoint(intPtr, (uint)entrypoint, this.AsyncInjection))
{
return(IntPtr.Zero);
}
}
return(intPtr);
}
