public bool Init() { if (vtFuncs.Count == 0) { return(false); } Native.MEMORY_BASIC_INFORMATION memInfo = new Native.MEMORY_BASIC_INFORMATION(); if (Native.VirtualQuery(vtFuncs[0], ref memInfo, ( uint )Marshal.SizeOf(memInfo)) == 0) { return(false); } baseAddr = ( uint )memInfo.AllocationBase.ToInt32(); Native.IMAGE_DOS_HEADER dos = PtrToStruct <Native.IMAGE_DOS_HEADER>(memInfo.AllocationBase); if (dos.e_magic != Native.IMAGE_DOS_SIGNATURE) { return(false); } Native.IMAGE_NT_HEADERS pe = PtrToStruct <Native.IMAGE_NT_HEADERS>(new IntPtr(baseAddr + dos.e_lfanew)); if (pe.Signature != Native.IMAGE_NT_SIGNATURE) { return(false); } baseLen = pe.OptionalHeader.SizeOfImage; return(true); }
public unsafe bool Init(IntPtr address) { Native.MEMORY_BASIC_INFORMATION memInfo = new Native.MEMORY_BASIC_INFORMATION(); if (Native.VirtualQuery(address, ref memInfo, ( uint )Marshal.SizeOf(memInfo)) == 0) { return(false); } baseAddr = ( uint )memInfo.AllocationBase.ToInt32(); Native.IMAGE_DOS_HEADER dos = PtrToStruct <Native.IMAGE_DOS_HEADER>(memInfo.AllocationBase); if (dos.e_magic != Native.IMAGE_DOS_SIGNATURE) { return(false); } Native.IMAGE_NT_HEADERS pe = PtrToStruct <Native.IMAGE_NT_HEADERS>(new IntPtr(baseAddr + dos.e_lfanew)); if (pe.Signature != Native.IMAGE_NT_SIGNATURE) { return(false); } baseLen = pe.OptionalHeader.SizeOfImage; try { int *vtable = ( int * )*(( int * )vtObject.ToInt32()); for (int i = 0; ; ++i) { if (vtable[i] < baseAddr || vtable[i] > (baseAddr + baseLen)) { break; } if (vtable[i] == 0) { break; } vtFuncs.Add(new IntPtr(vtable[i])); } } catch { return(false); } return(true); }