private static bool SafeGetExportTableInfo(IntPtr processHandle, IntPtr moduleHandle, out IMAGE_EXPORT_DIRECTORY ied, out uint[] nameOffsets)
{
ied = default;
nameOffsets = Array2.Empty <uint>();
if (!NativeProcess.ReadUInt32Internal((void *)processHandle, (byte *)moduleHandle + 0x3C, out uint ntHeaderOffset))
{
return(false);
}
if (!NativeProcess.Is64BitProcessInternal((void *)processHandle, out bool is64Bit))
{
return(false);
}
uint iedRVA;
if (is64Bit)
{
if (!NativeProcess.ReadUInt32Internal((void *)processHandle, (byte *)moduleHandle + ntHeaderOffset + 0x88, out iedRVA))
{
return(false);
}
}
else
{
if (!NativeProcess.ReadUInt32Internal((void *)processHandle, (byte *)moduleHandle + ntHeaderOffset + 0x78, out iedRVA))
{
return(false);
}
}
fixed(void *p = &ied)
{
if (!NativeProcess.ReadInternal((void *)processHandle, (byte *)moduleHandle + iedRVA, p, IMAGE_EXPORT_DIRECTORY.UnmanagedSize))
{
return(false);
}
}
if (ied.NumberOfNames == 0)
{
return(true);
}
nameOffsets = new uint[ied.NumberOfNames];
fixed(void *p = nameOffsets)
{
if (!NativeProcess.ReadInternal((void *)processHandle, (byte *)moduleHandle + ied.AddressOfNames, p, ied.NumberOfNames * 4))
{
return(false);
}
}
return(true);
}
