internal static IntPtr GetFunctionAddressInternal(IntPtr processHandle, IntPtr moduleHandle, string functionName)
{
IMAGE_EXPORT_DIRECTORY ied;
uint[] nameOffsets;
string name;
ushort ordinal;
uint addressOffset;
if (!GetExportTableInfo(processHandle, moduleHandle, out ied, out nameOffsets))
{
return(IntPtr.Zero);
}
for (uint i = 0; i < ied.NumberOfNames; i++)
{
if (!NativeProcess.ReadStringInternal(processHandle, (IntPtr)((byte *)moduleHandle + nameOffsets[i]), out name, false, Encoding.ASCII))
{
continue;
}
if (name == functionName)
{
if (!NativeProcess.ReadUInt16Internal(processHandle, (IntPtr)((byte *)moduleHandle + ied.AddressOfNameOrdinals + i * 2), out ordinal))
{
continue;
}
if (!NativeProcess.ReadUInt32Internal(processHandle, (IntPtr)((byte *)moduleHandle + ied.AddressOfFunctions + ordinal * 4), out addressOffset))
{
continue;
}
return((IntPtr)((byte *)moduleHandle + addressOffset));
}
}
return(IntPtr.Zero);
}
internal static void *GetFunctionAddressInternal(void *processHandle, void *moduleHandle, string functionName)
{
IMAGE_EXPORT_DIRECTORY ied;
uint[] nameOffsets;
string name;
ushort ordinal;
uint addressOffset;
if (!SafeGetExportTableInfo((IntPtr)processHandle, (IntPtr)moduleHandle, out ied, out nameOffsets))
{
return(null);
}
for (uint i = 0; i < ied.NumberOfNames; i++)
{
if (!NativeProcess.ReadStringInternal(processHandle, (byte *)moduleHandle + nameOffsets[i], out name, false, Encoding.ASCII) || name != functionName)
{
continue;
}
if (!NativeProcess.ReadUInt16Internal(processHandle, (byte *)moduleHandle + ied.AddressOfNameOrdinals + i * 2, out ordinal))
{
continue;
}
if (!NativeProcess.ReadUInt32Internal(processHandle, (byte *)moduleHandle + ied.AddressOfFunctions + ordinal * 4, out addressOffset))
{
continue;
}
return((byte *)moduleHandle + addressOffset);
}
return(null);
}
internal static ExportFunctionInfo[] GetFunctionInfosInternal(IntPtr processHandle, IntPtr moduleHandle)
{
IMAGE_EXPORT_DIRECTORY ied;
uint[] nameOffsets;
string functionName;
ushort ordinal;
uint addressOffset;
List <ExportFunctionInfo> exportFunctionInfoList;
if (!GetExportTableInfo(processHandle, moduleHandle, out ied, out nameOffsets))
{
return(null);
}
exportFunctionInfoList = new List <ExportFunctionInfo>(nameOffsets.Length);
for (uint i = 0; i < ied.NumberOfNames; i++)
{
if (!NativeProcess.ReadStringInternal(processHandle, (IntPtr)((byte *)moduleHandle + nameOffsets[i]), out functionName, false, Encoding.ASCII))
{
continue;
}
if (!NativeProcess.ReadUInt16Internal(processHandle, (IntPtr)((byte *)moduleHandle + ied.AddressOfNameOrdinals + i * 2), out ordinal))
{
continue;
}
if (!NativeProcess.ReadUInt32Internal(processHandle, (IntPtr)((byte *)moduleHandle + ied.AddressOfFunctions + ordinal * 4), out addressOffset))
{
continue;
}
exportFunctionInfoList.Add(new ExportFunctionInfo((IntPtr)((byte *)moduleHandle + addressOffset), functionName, ordinal));
}
return(exportFunctionInfoList.ToArray());
}
private static bool SafeGetExportFunctionInfo(IntPtr processHandle, IntPtr moduleHandle, IMAGE_EXPORT_DIRECTORY ied, uint[] nameOffsets, uint i, out ExportFunctionInfo functionInfo)
{
functionInfo = ExportFunctionInfo.Empty;
if (!NativeProcess.ReadStringInternal((void *)processHandle, (byte *)moduleHandle + nameOffsets[i], out string functionName, false, Encoding.ASCII))
{
return(false);
}
if (!NativeProcess.ReadUInt16Internal((void *)processHandle, (byte *)moduleHandle + ied.AddressOfNameOrdinals + (i * 2), out ushort ordinal))
{
return(false);
}
if (!NativeProcess.ReadUInt32Internal((void *)processHandle, (byte *)moduleHandle + ied.AddressOfFunctions + (ordinal * 4), out uint addressOffset))
{
return(false);
}
functionInfo = new ExportFunctionInfo((byte *)moduleHandle + addressOffset, functionName, ordinal);
return(true);
}