private void PopulateConfigStruct() { string path = Path.GetDirectoryName(ModulePath); string name = Path.GetFileName(ModulePath); bool dll = true; if (Path.GetExtension(ModulePath) != ".dll" && Path.GetExtension(ModulePath) != ".DLL") { dll = false; } var MaLRet = ErcCore.MapAndLoad(name, path, out loadedImage, dll, true); var modPtr = ErcCore.ImageLoad(name, path); if (ModuleMachineType == MachineType.I386) { IMAGE_LOAD_CONFIG_DIRECTORY32 ImageConfigDir = new IMAGE_LOAD_CONFIG_DIRECTORY32(); var check = ErcCore.GetImageConfigInformation32(ref loadedImage, ref ImageConfigDir); } else if (ModuleMachineType == MachineType.x64) { IMAGE_LOAD_CONFIG_DIRECTORY64 ImageConfigDir = new IMAGE_LOAD_CONFIG_DIRECTORY64(); var check = ErcCore.GetImageConfigInformation64(ref loadedImage, ref ImageConfigDir); } }
internal LoadConfiguration(PEParser pefile, ref IMAGE_LOAD_CONFIG_DIRECTORY64 config64) { _config64 = config64; _parser = pefile; }
private LoadConfigurationDirectory(PortableExecutableImage image, DataDirectory dataDirectory, Location location, IMAGE_LOAD_CONFIG_DIRECTORY64 directory) : base(image, dataDirectory, location) { Size = directory.Size; TimeDateStamp = directory.TimeDateStamp; MajorVersion = directory.MajorVersion; MinorVersion = directory.MinorVersion; GlobalFlagsClear = directory.GlobalFlagsClear; GlobalFlagsSet = directory.GlobalFlagsSet; CriticalSectionDefaultTimeout = directory.CriticalSectionDefaultTimeout; DeCommitFreeBlockThreshold = directory.DeCommitFreeBlockThreshold; DeCommitTotalFreeThreshold = directory.DeCommitFreeBlockThreshold; LockPrefixTable = directory.LockPrefixTable; MaximumAllocationSize = directory.MaximumAllocationSize; VirtualMemoryThreshold = directory.VirtualMemoryThreshold; ProcessAffinityMask = directory.ProcessAffinityMask; ProcessHeapFlags = directory.ProcessHeapFlags; CSDVersion = directory.CSDVersion; DependentLoadFlags = directory.DependentLoadFlags; EditList = directory.EditList; SecurityCookie = directory.SecurityCookie; SEHandlerTable = directory.SEHandlerTable; SEHandlerCount = directory.SEHandlerCount; GuardCFCheckFunctionPointer = directory.GuardCFCheckFunctionPointer; GuardCFDispatchFunctionPointer = directory.GuardCFDispatchFunctionPointer; GuardCFFunctionTable = directory.GuardCFFunctionTable; GuardCFFunctionCount = directory.GuardCFFunctionCount; GuardFlags = directory.GuardFlags; //CodeIntegrity; GuardAddressTakenIatEntryTable = directory.GuardAddressTakenIatEntryTable; GuardAddressTakenIatEntryCount = directory.GuardAddressTakenIatEntryCount; GuardLongJumpTargetTable = directory.GuardLongJumpTargetTable; GuardLongJumpTargetCount = directory.GuardLongJumpTargetCount; DynamicValueRelocTable = directory.DynamicValueRelocTable; CHPEMetadataPointer = directory.CHPEMetadataPointer; GuardRFFailureRoutine = directory.GuardRFFailureRoutine; GuardRFFailureRoutineFunctionPointer = directory.GuardRFFailureRoutineFunctionPointer; DynamicValueRelocTableOffset = directory.DynamicValueRelocTableOffset; DynamicValueRelocTableSection = directory.DynamicValueRelocTableSection; Reserved2 = directory.Reserved2; GuardRFVerifyStackPointerFunctionPointer = directory.GuardRFVerifyStackPointerFunctionPointer; HotPatchTableOffset = directory.HotPatchTableOffset; Reserved3 = directory.Reserved3; EnclaveConfigurationPointer = directory.EnclaveConfigurationPointer; VolatileMetadataPointer = directory.VolatileMetadataPointer; _codeIntegrity = new LoadConfigurationCodeIntegrity(this, directory.CodeIntegrity); }