Ejemplo n.º 1
0
        internal ImageImportDll(MappedImage mappedImage, ImageImportDescriptor* descriptor)
        {
            _mappedImage = mappedImage;
            _descriptor = descriptor;

            if (_descriptor->OriginalFirstThunk != 0)
                _lookupTable = _mappedImage.RvaToVa(_descriptor->OriginalFirstThunk);
            else
                _lookupTable = _mappedImage.RvaToVa(_descriptor->FirstThunk);

            if (_lookupTable != null)
            {
                int i = 0;

                if (_mappedImage.Magic == Win32.Pe32Magic)
                {
                    while (((int*)_lookupTable)[i] != 0)
                        i++;
                }
                else if (_mappedImage.Magic == Win32.Pe32PlusMagic)
                {
                    while (((long*)_lookupTable)[i] != 0)
                        i++;
                }

                _count = i;
            }
        }
Ejemplo n.º 2
0
        internal ImageImports(MappedImage mappedImage)
        {
            _mappedImage = mappedImage;
            _descriptorTable = mappedImage.GetImportDirectory();

            // Do a quick scan.
            if (_descriptorTable != null)
            {
                int i = 0;

                while (_descriptorTable[i].OriginalFirstThunk != 0 || _descriptorTable[i].FirstThunk != 0)
                    i++;

                _count = i;
                _dlls = new ImageImportDll[i];
            }
        }
Ejemplo n.º 3
0
        private static Patched <TFunction> ApplyPatch <TFunction>(
            ProcessModule module,
            string importedModule,
            string importedName,
            ThunkPredicate isCorrectFunction,
            Func <TFunction, TFunction> buildReplacementFunction)
            where TFunction : class
        {
            AssertDelegate <TFunction>("TFunction");

            module.NotNull("module");
            importedModule.NotEmpty("importedModule");
            isCorrectFunction.NotNull("isCorrectFunction");
            buildReplacementFunction.NotNull("buildReplacementFunction");

            ImageImportDescriptor *descriptors = module.GetImportDescriptors();
            ImageImportDescriptor *descriptor  = module.FindImportedModule(descriptors, importedModule);
            ImageThunkData *       thunk       = module.FindImportedFunction(descriptor, isCorrectFunction);
            MemoryBasicInformation thunkMemory = GetMemoryInformation(thunk);

            MakeWritable(thunkMemory);

            try
            {
                TFunction originalFunction = GetDelegateForFunctionPointer <TFunction>(thunk->Function);

                if (originalFunction == null)
                {
                    throw new ArgumentException("Could not create a delegate for the original function to be patched.");
                }

                TFunction replacementFunction = buildReplacementFunction(originalFunction);
                thunk->Function = GetFunctionPointerForDelegate(replacementFunction);

                return(PatchedFunction.From(
                           importedModule,
                           importedName,
                           replacementFunction,
                           originalFunction));
            }
            finally
            {
                RestoreOriginalProtection(thunkMemory);
            }
        }
Ejemplo n.º 4
0
        internal ImageImports(MappedImage mappedImage)
        {
            _mappedImage     = mappedImage;
            _descriptorTable = mappedImage.GetImportDirectory();

            // Do a quick scan.
            if (_descriptorTable != null)
            {
                int i = 0;

                while (_descriptorTable[i].OriginalFirstThunk != 0 || _descriptorTable[i].FirstThunk != 0)
                {
                    i++;
                }

                _count = i;
                _dlls  = new ImageImportDll[i];
            }
        }
Ejemplo n.º 5
0
        private static ImageImportDescriptor *FindImportedModule(
            this ProcessModule module,
            ImageImportDescriptor *descriptors,
            string importedModuleName)
        {
            while (descriptors->Characteristics != 0)
            {
                sbyte *currentNamePtr = (sbyte *)descriptors->Name.AsPtr(module);
                string currentName    = new string(currentNamePtr);

                if (String.Equals(currentName, importedModuleName, StringComparison.OrdinalIgnoreCase))
                {
                    return(descriptors);
                }

                descriptors++;
            }

            throw new DllNotFoundException();
        }
Ejemplo n.º 6
0
        internal ImageImportDll(MappedImage mappedImage, ImageImportDescriptor *descriptor)
        {
            _mappedImage = mappedImage;
            _descriptor  = descriptor;

            if (_descriptor->OriginalFirstThunk != 0)
            {
                _lookupTable = _mappedImage.RvaToVa(_descriptor->OriginalFirstThunk);
            }
            else
            {
                _lookupTable = _mappedImage.RvaToVa(_descriptor->FirstThunk);
            }

            // Do a quick scan.
            if (_lookupTable != null)
            {
                int i = 0;

                if (_mappedImage.Magic == Win32.Pe32Magic)
                {
                    while (((int *)_lookupTable)[i] != 0)
                    {
                        i++;
                    }
                }
                else if (_mappedImage.Magic == Win32.Pe32PlusMagic)
                {
                    while (((long *)_lookupTable)[i] != 0)
                    {
                        i++;
                    }
                }

                _count = i;
            }
        }
Ejemplo n.º 7
0
        private static ImageThunkData *FindImportedFunction(
            this ProcessModule module,
            ImageImportDescriptor *descriptor,
            ThunkPredicate isCorrectFunction)
        {
            if (descriptor->FirstThunk == 0 ||
                descriptor->OriginalFirstThunk == 0)
            {
                throw new ArgumentException("The thunks in the specified descriptor were null.", "descriptor");
            }

            ImageThunkData *first    = (ImageThunkData *)descriptor->FirstThunk.AsPtr(module);
            ImageThunkData *original = (ImageThunkData *)descriptor->OriginalFirstThunk.AsPtr(module);

            for (; original->Function != IntPtr.Zero; original++, first++)
            {
                if (isCorrectFunction(module, original))
                {
                    return(first);
                }
            }

            throw new MissingMethodException();
        }