private void MapAndLoad(FileHandle fileHandle, bool readOnly) { using (Section section = new Section( fileHandle, false, readOnly ? MemoryProtection.ExecuteRead : MemoryProtection.ExecuteReadWrite )) { _size = (int)fileHandle.GetSize(); _view = section.MapView(_size); _memory = _view; byte *start = (byte *)_memory; if (start[0] != 'M' || start[1] != 'Z') { throw new Exception("The file is not a valid executable image."); } _ntHeaders = this.GetNtHeaders(); _sections = (ImageSectionHeader *)((byte *)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader); _magic = _ntHeaders->OptionalHeader.Magic; if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic) { throw new Exception("The file is not a PE32 or PE32+ image."); } } }
public static unsafe IntPtr GetExportedFunctionPointerForModule(long moduleBaseAddress, string importName) { ImageNtHeaders * imageNtHeaders = AnalyseModuleWin((IntPtr)moduleBaseAddress); ImageSectionHeader *pSech = ImageFirstSection(imageNtHeaders); ImageDataDirectory *imageDirectoryEntryExport = MelonUtils.IsGame32Bit() ? &imageNtHeaders->optionalHeader32.exportTable : &imageNtHeaders->optionalHeader64.exportTable; ImageExportDirectory *pExportDirectory = (ImageExportDirectory *)((long)moduleBaseAddress + imageDirectoryEntryExport->virtualAddress); //MelonLoader.MelonLogger.Msg("pExportDirectory at " + string.Format("{0:X}", (ulong)pExportDirectory - (ulong)moduleBaseAddress)); for (uint i = 0; i < imageDirectoryEntryExport->size / sizeof(ImageExportDirectory); ++i) { ImageExportDirectory *pExportDirectoryI = pExportDirectory + i; //MelonLoader.MelonLogger.Msg("pExportDirectoryI->name: " + string.Format("{0:X}", pExportDirectoryI->name)); if (pExportDirectoryI->name != 0) { string imagename = Marshal.PtrToStringAnsi((IntPtr)((long)moduleBaseAddress + pExportDirectoryI->name)); //string imagename = CppUtils.CharArrayPtrToString((IntPtr)pExportDirectoryI->name); //MelonLoader.MelonLogger.Msg("imagename: " + imagename); /* * if (imagename != "UnityPlayer.dll") * continue; */ long baseNameOrdinalOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfNameOrdinals; long baseFunctionOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfFunctions; long baseNameOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfNames; for (int j = 0; j < pExportDirectoryI->numberOfNames; ++j) { ushort ordinal = *(ushort *)((long)baseNameOrdinalOffset + j * 2); long functionnameAddress = moduleBaseAddress + *(int *)(baseNameOffset + j * 4); long functionaddress = moduleBaseAddress + *(int *)(baseFunctionOffset + ordinal * 4); string importname = Marshal.PtrToStringAnsi((IntPtr)functionnameAddress); //MelonLoader.MelonLogger.Msg($"{imagename}::{importname} @ 0x{((ulong)functionaddress - (ulong)moduleBaseAddress):X} (0x{functionaddress:X} - 0x{moduleBaseAddress:X})"); if (importname == importName) { return((IntPtr)functionaddress); } } } } return(IntPtr.Zero); }
private ImageNtHeaders *GetNtHeaders() { int offset = *((int *)((byte *)this._memory + 0x3c)); if (offset == 0) { throw new Exception("Invalid NT headers offset."); } if (offset >= 0x10000000 || offset >= _size) { throw new Exception("The NT headers offset is too large."); } ImageNtHeaders *ntHeaders = (ImageNtHeaders *)((byte *)this._memory + offset); return(ntHeaders); }
private void Load(void *memory) { _memory = memory; byte *start = (byte *)_memory; if (start[0] != 'M' || start[1] != 'Z') { throw new Exception("The file is not a valid executable image."); } _ntHeaders = this.GetNtHeaders(); _sections = (ImageSectionHeader *)((byte *)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader); _magic = _ntHeaders->OptionalHeader.Magic; if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic) { throw new Exception("The file is not a PE32 or PE32+ image."); } }
private static unsafe ImageSectionHeader *ImageFirstSection(ImageNtHeaders *ntheader) { return((ImageSectionHeader *)((ulong)ntheader + 24 + ntheader->fileHeader.sizeOfOptionalHeader)); }
private void MapAndLoad(FileHandle fileHandle, bool readOnly) { using (Section section = new Section( fileHandle, false, readOnly ? MemoryProtection.ExecuteRead : MemoryProtection.ExecuteReadWrite )) { _size = (int)fileHandle.GetSize(); _view = section.MapView(_size); _memory = _view; byte* start = (byte*)_memory; if (start[0] != 'M' || start[1] != 'Z') throw new Exception("The file is not a valid executable image."); _ntHeaders = this.GetNtHeaders(); _sections = (ImageSectionHeader*)((byte*)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader); _magic = _ntHeaders->OptionalHeader.Magic; if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic) throw new Exception("The file is not a PE32 or PE32+ image."); } }
private void Load(void* memory) { _memory = memory; byte* start = (byte*)_memory; if (start[0] != 'M' || start[1] != 'Z') throw new Exception("The file is not a valid executable image."); _ntHeaders = this.GetNtHeaders(); _sections = (ImageSectionHeader*)((byte*)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader); _magic = _ntHeaders->OptionalHeader.Magic; if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic) throw new Exception("The file is not a PE32 or PE32+ image."); }