// Token: 0x06000013 RID: 19 RVA: 0x00002D48 File Offset: 0x00000F48
private bool ProcessRelocations(IntPtr baseAddress, IntPtr remoteAddress)
{
PIMAGE_NT_HEADERS32 ntHeader = this.GetNtHeader(baseAddress);
if (ntHeader == null)
{
return(false);
}
if ((ntHeader.Value.FileHeader.Characteristics & 1) > 0)
{
return(true);
}
uint imageBaseDelta = (uint)((long)remoteAddress.ToInt32() - (long)((ulong)ntHeader.Value.OptionalHeader.ImageBase));
uint size = ntHeader.Value.OptionalHeader.BaseRelocationTable.Size;
if (size > 0U)
{
PIMAGE_BASE_RELOCATION pimage_BASE_RELOCATION = (PIMAGE_BASE_RELOCATION)this.RvaToPointer(ntHeader.Value.OptionalHeader.BaseRelocationTable.VirtualAddress, baseAddress);
if (pimage_BASE_RELOCATION == null)
{
return(false);
}
PBYTE pbyte = (PBYTE)pimage_BASE_RELOCATION.Address + (int)size;
while (pimage_BASE_RELOCATION.Address.ToInt64() < pbyte.Address.ToInt64())
{
PBYTE relocationBase = (PBYTE)this.RvaToPointer(pimage_BASE_RELOCATION.Value.VirtualAddress, baseAddress);
uint num = pimage_BASE_RELOCATION.Value.SizeOfBlock - 8U >> 1;
PWORD pword = (PWORD)(pimage_BASE_RELOCATION + 1).Address;
uint num2 = 0U;
while (num2 < num)
{
this.ProcessRelocation(imageBaseDelta, pword.Value, relocationBase);
num2 += 1U;
pword = ++pword;
}
pimage_BASE_RELOCATION = (PIMAGE_BASE_RELOCATION)pword.Address;
}
}
return(true);
}
// Token: 0x0600000F RID: 15 RVA: 0x00002478 File Offset: 0x00000678
private IntPtr GetDependencyProcAddressA(IntPtr moduleBase, PCHAR procName)
{
IntPtr intPtr = IntPtr.Zero;
IMAGE_DOS_HEADER image_DOS_HEADER;
UIntPtr uintPtr;
Imports.ReadProcessMemory <IMAGE_DOS_HEADER>(this._hProcess, moduleBase, out image_DOS_HEADER, out uintPtr);
if (!image_DOS_HEADER.isValid)
{
return(IntPtr.Zero);
}
IMAGE_NT_HEADERS32 image_NT_HEADERS;
Imports.ReadProcessMemory <IMAGE_NT_HEADERS32>(this._hProcess, moduleBase + image_DOS_HEADER.e_lfanew, out image_NT_HEADERS, out uintPtr);
if (!image_NT_HEADERS.isValid)
{
return(IntPtr.Zero);
}
uint virtualAddress = image_NT_HEADERS.OptionalHeader.ExportTable.VirtualAddress;
if (virtualAddress > 0U)
{
uint size = image_NT_HEADERS.OptionalHeader.ExportTable.Size;
PIMAGE_EXPORT_DIRECTORY pimage_EXPORT_DIRECTORY = (PIMAGE_EXPORT_DIRECTORY)this.AllocateMemory(size);
Imports.ReadProcessMemory(this._hProcess, moduleBase + (int)virtualAddress, pimage_EXPORT_DIRECTORY.Address, (int)size, out uintPtr);
PWORD pword = (PWORD)(pimage_EXPORT_DIRECTORY.Address + (int)pimage_EXPORT_DIRECTORY.Value.AddressOfNameOrdinals - (int)virtualAddress);
PDWORD pdword = (PDWORD)(pimage_EXPORT_DIRECTORY.Address + (int)pimage_EXPORT_DIRECTORY.Value.AddressOfNames - (int)virtualAddress);
PDWORD pdword2 = (PDWORD)(pimage_EXPORT_DIRECTORY.Address + (int)pimage_EXPORT_DIRECTORY.Value.AddressOfFunctions - (int)virtualAddress);
uint num = 0U;
while (num < pimage_EXPORT_DIRECTORY.Value.NumberOfFunctions)
{
PCHAR pchar = null;
ushort num2;
if (new PDWORD(procName.Address).Value <= 65535U)
{
num2 = (ushort)num;
}
else
{
if (new PDWORD(procName.Address).Value <= 65535U || num >= pimage_EXPORT_DIRECTORY.Value.NumberOfNames)
{
return(IntPtr.Zero);
}
pchar = (PCHAR) new IntPtr((long)((ulong)pdword[num] + (ulong)((long)pimage_EXPORT_DIRECTORY.Address.ToInt32()) - (ulong)virtualAddress));
num2 = pword[num];
}
if ((new PDWORD(procName.Address).Value <= 65535U && new PDWORD(procName.Address).Value == (uint)num2 + pimage_EXPORT_DIRECTORY.Value.Base) || (new PDWORD(procName.Address).Value > 65535U && pchar.ToString() == procName.ToString()))
{
intPtr = moduleBase + (int)pdword2[(uint)num2];
if (intPtr.ToInt64() < (moduleBase + (int)virtualAddress).ToInt64() || intPtr.ToInt64() > (moduleBase + (int)virtualAddress + (int)size).ToInt64())
{
break;
}
byte[] array = new byte[255];
Imports.ReadProcessMemory(this._hProcess, intPtr, array, out uintPtr);
string text = Helpers.ToStringAnsi(array);
string text2 = text.Substring(0, text.IndexOf(".")) + ".dll";
string text3 = text.Substring(text.IndexOf(".") + 1);
IntPtr remoteModuleHandleA = this.GetRemoteModuleHandleA(text2);
if (remoteModuleHandleA == IntPtr.Zero)
{
this.InjectDependency(text2);
}
if (text3.StartsWith("#"))
{
intPtr = this.GetDependencyProcAddressA(remoteModuleHandleA, new PCHAR(text3) + 1);
break;
}
intPtr = this.GetDependencyProcAddressA(remoteModuleHandleA, new PCHAR(text3));
break;
}
else
{
num += 1U;
}
}
Imports.VirtualFree(pimage_EXPORT_DIRECTORY.Address, 0, Imports.FreeType.Release);
}
return(intPtr);
}
