public static async Task <Exports> GetAsync(PortableExecutableImage image)
{
var directory = await ExportDirectory.GetAsync(image).ConfigureAwait(false);
if (directory == null)
{
return(null);
}
var functionAddresses = await ExportTable.GetFunctionAddressTableAsync(image, directory).ConfigureAwait(false);
if (functionAddresses == null)
{
return(null);
}
var nameAddresses = await ExportTable.GetNameAddressTableAsync(image, directory).ConfigureAwait(false);
if (nameAddresses == null)
{
return(null);
}
var ordinals = await ExportTable.GetOrdinalTableAsync(image, directory).ConfigureAwait(false);
if (ordinals == null)
{
return(null);
}
return(await GetAsync(image, directory, functionAddresses, nameAddresses, ordinals).ConfigureAwait(false));
}
internal Exports(IEnumerable <Export> exports, ExportDirectory directory, ExportTable <uint> functionAddresses, ExportTable <uint> nameAddresses, ExportTable <ushort> ordinals)
{
_exports = exports.ToArray();
Directory = directory;
FunctionAddressTable = functionAddresses;
NameAddressTable = nameAddresses;
NameOrdinalsTable = ordinals;
Count = _exports.Length;
}
public static async Task <Exports> GetAsync(PortableExecutableImage image, ExportDirectory directory, ExportTable <uint> functionAddresses, ExportTable <uint> nameAddresses, ExportTable <ushort> ordinals)
{
var calc = image.GetCalculator();
var stream = image.GetStream();
var dataDirectory = image.NTHeaders.DataDirectories[DataDirectoryType.ExportTable];
var infos = new List <ExportInfo>();
var currentOrdinal = directory.Base;
foreach (var address in functionAddresses)
{
var info = new ExportInfo()
{
Address = address,
Ordinal = currentOrdinal
};
if (address >= dataDirectory.VirtualAddress && address <= (dataDirectory.VirtualAddress + dataDirectory.Size))
{
var offset = calc.RVAToOffset(address).ToInt64();
info.ForwardName = await GetStringAsync(stream, offset).ConfigureAwait(false);
}
infos.Add(info);
currentOrdinal++;
}
for (var i = 0; i < nameAddresses.Count; i++)
{
var nameAddress = nameAddresses[i];
var ordinal = ordinals[i];
var offset = calc.RVAToOffset(nameAddress).ToInt64();
var info = infos[ordinal];
info.NameAddress = nameAddress;
info.Name = await GetStringAsync(stream, offset);
}
var exports = new List <Export>(infos.Count);
foreach (var info in infos)
{
var export = new Export(info.Address, info.Name, info.Ordinal, info.ForwardName);
exports.Add(export);
}
var result = new Exports(exports.OrderBy(e => e.Ordinal), directory, functionAddresses, nameAddresses, ordinals);
return(result);
}
public static async Task <ExportTable <uint> > GetNameAddressTableAsync(PortableExecutableImage image, ExportDirectory directory = null)
{
if (directory == null)
{
directory = await ExportDirectory.GetAsync(image).ConfigureAwait(false);
}
var calc = image.GetCalculator();
var section = calc.RVAToSection(directory.AddressOfNames);
var fileOffset = calc.RVAToOffset(section, directory.AddressOfNames);
var imageBase = image.NTHeaders.OptionalHeader.ImageBase;
var size = directory.NumberOfNames * sizeof(uint);
var location = new Location(image, fileOffset, directory.AddressOfNames, imageBase + directory.AddressOfNames, size, size, section);
var stream = image.GetStream();
stream.Seek(fileOffset.ToInt64(), SeekOrigin.Begin);
var addresses = new uint[directory.NumberOfNames];
try
{
for (var i = 0; i < directory.NumberOfNames; i++)
{
addresses[i] = await stream.ReadUInt32Async().ConfigureAwait(false);
}
}
catch (Exception ex)
{
throw new PortableExecutableImageException(image, "Could not read address of name from stream.", ex);
}
var dataDirectory = image.NTHeaders.DataDirectories[DataDirectoryType.ExportTable];
var table = new ExportTable <uint>(image, dataDirectory, location, directory, addresses);
return(table);
}
public static Exports Get(PortableExecutableImage image, ExportDirectory directory, ExportTable <uint> functionAddresses, ExportTable <uint> nameAddresses, ExportTable <ushort> ordinals)
{
return(GetAsync(image, directory, functionAddresses, nameAddresses, ordinals).GetAwaiter().GetResult());
}
