private static string[] GetExports(string ModuleFileName)
{
SafeFileHandle FileHandle = NativeMethods.CreateFile(
ModuleFileName,
NativeMethods.EFileAccess.GenericRead,
NativeMethods.EFileShare.Read,
IntPtr.Zero,
NativeMethods.ECreationDisposition.OpenExisting,
NativeMethods.EFileAttributes.Normal,
IntPtr.Zero
);
if (FileHandle.IsInvalid)
{
throw new Win32Exception();
}
try
{
SafeFileHandle ImageHandle = NativeMethods.CreateFileMapping(
FileHandle,
IntPtr.Zero,
NativeMethods.FileMapProtection.PageReadonly,
0,
0,
IntPtr.Zero
);
if (ImageHandle.IsInvalid)
{
throw new Win32Exception();
}
try
{
IntPtr ImagePointer = NativeMethods.MapViewOfFile(
ImageHandle,
NativeMethods.FileMapAccess.FileMapRead,
0,
0,
UIntPtr.Zero
);
if (ImagePointer == IntPtr.Zero)
{
throw new Win32Exception();
}
try
{
IntPtr HeaderPointer = NativeMethods.ImageNtHeader(ImagePointer);
if (HeaderPointer == IntPtr.Zero)
{
throw new Win32Exception();
}
NativeMethods.IMAGE_NT_HEADERS Header = (NativeMethods.IMAGE_NT_HEADERS)Marshal.PtrToStructure(
HeaderPointer,
typeof(NativeMethods.IMAGE_NT_HEADERS)
);
if (Header.Signature != 0x00004550) // "PE\0\0" as a DWORD
{
throw new Exception(ModuleFileName + " is not a valid PE file");
}
IntPtr ExportTablePointer = NativeMethods.ImageRvaToVa(
HeaderPointer,
ImagePointer,
Header.OptionalHeader.DataDirectory[0].VirtualAddress,
IntPtr.Zero
);
if (ExportTablePointer == IntPtr.Zero)
{
throw new Win32Exception();
}
NativeMethods.IMAGE_EXPORT_DIRECTORY ExportTable = (NativeMethods.IMAGE_EXPORT_DIRECTORY)Marshal.PtrToStructure(
ExportTablePointer,
typeof(NativeMethods.IMAGE_EXPORT_DIRECTORY)
);
IntPtr NamesPointer = NativeMethods.ImageRvaToVa(
HeaderPointer,
ImagePointer,
ExportTable.AddressOfNames,
IntPtr.Zero
);
if (NamesPointer == IntPtr.Zero)
{
throw new Win32Exception();
}
NamesPointer = NativeMethods.ImageRvaToVa(
HeaderPointer,
ImagePointer,
(UInt32)Marshal.ReadInt32(NamesPointer),
IntPtr.Zero
);
if (NamesPointer == IntPtr.Zero)
{
throw new Win32Exception();
}
string[] exports = new string[ExportTable.NumberOfNames];
for (int i = 0; i < exports.Length; i++)
{
exports[i] = Marshal.PtrToStringAnsi(NamesPointer);
NamesPointer += exports[i].Length + 1;
}
return(exports);
}
finally
{
if (!NativeMethods.UnmapViewOfFile(ImagePointer))
{
throw new Win32Exception();
}
}
}
finally
{
ImageHandle.Close();
}
}
finally
{
FileHandle.Close();
}
}
private static string[] GetExports(string ModuleFileName)
{
SafeFileHandle file = NativeMethods.CreateFile(ModuleFileName, NativeMethods.EFileAccess.GenericRead, NativeMethods.EFileShare.Read, IntPtr.Zero, NativeMethods.ECreationDisposition.OpenExisting, NativeMethods.EFileAttributes.Normal, IntPtr.Zero);
if (file.IsInvalid)
{
throw new Win32Exception();
}
try
{
SafeFileHandle fileMapping = NativeMethods.CreateFileMapping(file, IntPtr.Zero, NativeMethods.FileMapProtection.PageReadonly, 0U, 0U, IntPtr.Zero);
if (fileMapping.IsInvalid)
{
throw new Win32Exception();
}
try
{
IntPtr num1 = NativeMethods.MapViewOfFile(fileMapping, NativeMethods.FileMapAccess.FileMapRead, 0U, 0U, UIntPtr.Zero);
if (num1 == IntPtr.Zero)
{
throw new Win32Exception();
}
try
{
IntPtr num2 = NativeMethods.ImageNtHeader(num1);
if (num2 == IntPtr.Zero)
{
throw new Win32Exception();
}
NativeMethods.IMAGE_NT_HEADERS structure1 = (NativeMethods.IMAGE_NT_HEADERS)Marshal.PtrToStructure(num2, typeof(NativeMethods.IMAGE_NT_HEADERS));
if (structure1.Signature != 17744U)
{
throw new Exception(ModuleFileName + " is not a valid PE file");
}
IntPtr va1 = NativeMethods.ImageRvaToVa(num2, num1, structure1.OptionalHeader.DataDirectory[0].VirtualAddress, IntPtr.Zero);
if (va1 == IntPtr.Zero)
{
throw new Win32Exception();
}
NativeMethods.IMAGE_EXPORT_DIRECTORY structure2 = (NativeMethods.IMAGE_EXPORT_DIRECTORY)Marshal.PtrToStructure(va1, typeof(NativeMethods.IMAGE_EXPORT_DIRECTORY));
IntPtr va2 = NativeMethods.ImageRvaToVa(num2, num1, structure2.AddressOfNames, IntPtr.Zero);
if (va2 == IntPtr.Zero)
{
throw new Win32Exception();
}
IntPtr va3 = NativeMethods.ImageRvaToVa(num2, num1, (uint)Marshal.ReadInt32(va2), IntPtr.Zero);
if (va3 == IntPtr.Zero)
{
throw new Win32Exception();
}
string[] strArray = new string[(int)structure2.NumberOfNames];
for (int index = 0; index < strArray.Length; ++index)
{
strArray[index] = Marshal.PtrToStringAnsi(va3);
va3 += strArray[index].Length + 1;
}
return(strArray);
}
finally
{
if (!NativeMethods.UnmapViewOfFile(num1))
{
throw new Win32Exception();
}
}
}
finally
{
fileMapping.Close();
}
}
finally
{
file.Close();
}
}