ImageNtHeaders* C# (CSharp) Exemples de code

Exemple #1

0

Afficher le fichier

Fichier : MappedImage.cs Projet : wumn290/processhacker-3

        private void MapAndLoad(FileHandle fileHandle, bool readOnly)
        {
            using (Section section = new Section(
                       fileHandle,
                       false,
                       readOnly ? MemoryProtection.ExecuteRead : MemoryProtection.ExecuteReadWrite
                       ))
            {
                _size   = (int)fileHandle.GetSize();
                _view   = section.MapView(_size);
                _memory = _view;

                byte *start = (byte *)_memory;

                if (start[0] != 'M' || start[1] != 'Z')
                {
                    throw new Exception("The file is not a valid executable image.");
                }

                _ntHeaders = this.GetNtHeaders();
                _sections  = (ImageSectionHeader *)((byte *)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader);
                _magic     = _ntHeaders->OptionalHeader.Magic;

                if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic)
                {
                    throw new Exception("The file is not a PE32 or PE32+ image.");
                }
            }
        }

Exemple #2

0

Afficher le fichier

        public static unsafe IntPtr GetExportedFunctionPointerForModule(long moduleBaseAddress, string importName)
        {
            ImageNtHeaders *    imageNtHeaders            = AnalyseModuleWin((IntPtr)moduleBaseAddress);
            ImageSectionHeader *pSech                     = ImageFirstSection(imageNtHeaders);
            ImageDataDirectory *imageDirectoryEntryExport = MelonUtils.IsGame32Bit() ? &imageNtHeaders->optionalHeader32.exportTable : &imageNtHeaders->optionalHeader64.exportTable;

            ImageExportDirectory *pExportDirectory = (ImageExportDirectory *)((long)moduleBaseAddress + imageDirectoryEntryExport->virtualAddress);

            //MelonLoader.MelonLogger.Msg("pExportDirectory at " + string.Format("{0:X}", (ulong)pExportDirectory - (ulong)moduleBaseAddress));
            for (uint i = 0; i < imageDirectoryEntryExport->size / sizeof(ImageExportDirectory); ++i)
            {
                ImageExportDirectory *pExportDirectoryI = pExportDirectory + i;
                //MelonLoader.MelonLogger.Msg("pExportDirectoryI->name: " + string.Format("{0:X}", pExportDirectoryI->name));
                if (pExportDirectoryI->name != 0)
                {
                    string imagename = Marshal.PtrToStringAnsi((IntPtr)((long)moduleBaseAddress + pExportDirectoryI->name));
                    //string imagename = CppUtils.CharArrayPtrToString((IntPtr)pExportDirectoryI->name);
                    //MelonLoader.MelonLogger.Msg("imagename: " + imagename);

                    /*
                     * if (imagename != "UnityPlayer.dll")
                     *  continue;
                     */


                    long baseNameOrdinalOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfNameOrdinals;
                    long baseFunctionOffset    = moduleBaseAddress + (int)pExportDirectoryI->addressOfFunctions;
                    long baseNameOffset        = moduleBaseAddress + (int)pExportDirectoryI->addressOfNames;

                    for (int j = 0; j < pExportDirectoryI->numberOfNames; ++j)
                    {
                        ushort ordinal             = *(ushort *)((long)baseNameOrdinalOffset + j * 2);
                        long   functionnameAddress = moduleBaseAddress + *(int *)(baseNameOffset + j * 4);
                        long   functionaddress     = moduleBaseAddress + *(int *)(baseFunctionOffset + ordinal * 4);
                        string importname          = Marshal.PtrToStringAnsi((IntPtr)functionnameAddress);
                        //MelonLoader.MelonLogger.Msg($"{imagename}::{importname} @ 0x{((ulong)functionaddress - (ulong)moduleBaseAddress):X} (0x{functionaddress:X} - 0x{moduleBaseAddress:X})");
                        if (importname == importName)
                        {
                            return((IntPtr)functionaddress);
                        }
                    }
                }
            }

            return(IntPtr.Zero);
        }

Exemple #3

0

Afficher le fichier

Fichier : MappedImage.cs Projet : zippy1981/ProcessHacker-v1x

        private ImageNtHeaders *GetNtHeaders()
        {
            int offset = *((int *)((byte *)this._memory + 0x3c));

            if (offset == 0)
            {
                throw new Exception("Invalid NT headers offset.");
            }
            if (offset >= 0x10000000 || offset >= _size)
            {
                throw new Exception("The NT headers offset is too large.");
            }

            ImageNtHeaders *ntHeaders = (ImageNtHeaders *)((byte *)this._memory + offset);

            return(ntHeaders);
        }

Exemple #4

0

Afficher le fichier

Fichier : MappedImage.cs Projet : wumn290/processhacker-3

        private void Load(void *memory)
        {
            _memory = memory;

            byte *start = (byte *)_memory;

            if (start[0] != 'M' || start[1] != 'Z')
            {
                throw new Exception("The file is not a valid executable image.");
            }

            _ntHeaders = this.GetNtHeaders();
            _sections  = (ImageSectionHeader *)((byte *)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader);
            _magic     = _ntHeaders->OptionalHeader.Magic;

            if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic)
            {
                throw new Exception("The file is not a PE32 or PE32+ image.");
            }
        }

Exemple #5

0

Afficher le fichier

 private static unsafe ImageSectionHeader *ImageFirstSection(ImageNtHeaders *ntheader)
 {
     return((ImageSectionHeader *)((ulong)ntheader + 24 + ntheader->fileHeader.sizeOfOptionalHeader));
 }

Exemple #6

0

Afficher le fichier

Fichier : MappedImage.cs Projet : andyvand/ProcessHacker

        private void MapAndLoad(FileHandle fileHandle, bool readOnly)
        {
            using (Section section = new Section(
                fileHandle,
                false,
                readOnly ? MemoryProtection.ExecuteRead : MemoryProtection.ExecuteReadWrite
                ))
            {
                _size = (int)fileHandle.GetSize();
                _view = section.MapView(_size);
                _memory = _view;

                byte* start = (byte*)_memory;

                if (start[0] != 'M' || start[1] != 'Z')
                    throw new Exception("The file is not a valid executable image.");

                _ntHeaders = this.GetNtHeaders();
                _sections = (ImageSectionHeader*)((byte*)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader);
                _magic = _ntHeaders->OptionalHeader.Magic;

                if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic)
                    throw new Exception("The file is not a PE32 or PE32+ image.");
            }
        }

Exemple #7

0

Afficher le fichier

Fichier : MappedImage.cs Projet : john-peterson/processhacker

        private void Load(void* memory)
        {
            _memory = memory;

            byte* start = (byte*)_memory;

            if (start[0] != 'M' || start[1] != 'Z')
                throw new Exception("The file is not a valid executable image.");

            _ntHeaders = this.GetNtHeaders();
            _sections = (ImageSectionHeader*)((byte*)&_ntHeaders->OptionalHeader + _ntHeaders->FileHeader.SizeOfOptionalHeader);
            _magic = _ntHeaders->OptionalHeader.Magic;

            if (_magic != Win32.Pe32Magic && _magic != Win32.Pe32PlusMagic)
                throw new Exception("The file is not a PE32 or PE32+ image.");
        }

C# (CSharp) ImageNtHeaders* Exemples