public bool Init()
{
if (vtFuncs.Count == 0)
{
return(false);
}
Native.MEMORY_BASIC_INFORMATION memInfo = new Native.MEMORY_BASIC_INFORMATION();
if (Native.VirtualQuery(vtFuncs[0], ref memInfo, ( uint )Marshal.SizeOf(memInfo)) == 0)
{
return(false);
}
baseAddr = ( uint )memInfo.AllocationBase.ToInt32();
Native.IMAGE_DOS_HEADER dos = PtrToStruct <Native.IMAGE_DOS_HEADER>(memInfo.AllocationBase);
if (dos.e_magic != Native.IMAGE_DOS_SIGNATURE)
{
return(false);
}
Native.IMAGE_NT_HEADERS pe = PtrToStruct <Native.IMAGE_NT_HEADERS>(new IntPtr(baseAddr + dos.e_lfanew));
if (pe.Signature != Native.IMAGE_NT_SIGNATURE)
{
return(false);
}
baseLen = pe.OptionalHeader.SizeOfImage;
return(true);
}
public unsafe bool Init(IntPtr address)
{
Native.MEMORY_BASIC_INFORMATION memInfo = new Native.MEMORY_BASIC_INFORMATION();
if (Native.VirtualQuery(address, ref memInfo, ( uint )Marshal.SizeOf(memInfo)) == 0)
{
return(false);
}
baseAddr = ( uint )memInfo.AllocationBase.ToInt32();
Native.IMAGE_DOS_HEADER dos = PtrToStruct <Native.IMAGE_DOS_HEADER>(memInfo.AllocationBase);
if (dos.e_magic != Native.IMAGE_DOS_SIGNATURE)
{
return(false);
}
Native.IMAGE_NT_HEADERS pe = PtrToStruct <Native.IMAGE_NT_HEADERS>(new IntPtr(baseAddr + dos.e_lfanew));
if (pe.Signature != Native.IMAGE_NT_SIGNATURE)
{
return(false);
}
baseLen = pe.OptionalHeader.SizeOfImage;
try
{
int *vtable = ( int * )*(( int * )vtObject.ToInt32());
for (int i = 0; ; ++i)
{
if (vtable[i] < baseAddr || vtable[i] > (baseAddr + baseLen))
{
break;
}
if (vtable[i] == 0)
{
break;
}
vtFuncs.Add(new IntPtr(vtable[i]));
}
}
catch
{
return(false);
}
return(true);
}
