C# (CSharp) SharpBlock WinAPI.GetFinalPathNameByHandleの例

プログラミング言語: C# (CSharp)

名前空間/パッケージ名: SharpBlock

クラス/型: WinAPI

メソッド/関数: GetFinalPathNameByHandle

hotexamples.comのコード掲載数: 1

C# (CSharp) SharpBlock WinAPI.GetFinalPathNameByHandle - 1件のコード例が見つかりました。すべてオープンソースプロジェクトから抽出されたC# (CSharp)のSharpBlock.WinAPI.GetFinalPathNameByHandleの実例で、最も評価が高いものを厳選しています。コード例の評価を行っていただくことで、より質の高いコード例が表示されるようになります。

よく使われるメソッド

表示非表示

ContinueDebugEvent(4)

GetExitCodeProcess(4)

GetProcAddress(4)

LoadLibrary(4)

WaitForDebugEvent(4)

DuplicateHandle(3)

WriteProcessMemory(3)

GetStdHandle(2)

CreateFileMapping(1)

GetFileSizeEx(1)

GetFinalPathNameByHandle(1)

InitializeProcThreadAttributeList(1)

MapViewOfFile(1)

OpenProcess(1)

コード例 #1

ファイルを表示

        static string PatchEntryPointIfNeeded(IntPtr moduleHandle, IntPtr imageBase, IntPtr hProcess)
        {
            long          fileSize;
            StringBuilder dllPath = new StringBuilder(1024);

            if (!WinAPI.GetFileSizeEx(moduleHandle, out fileSize) || fileSize == 0)
            {
                return(null);
            }

            IntPtr handle = WinAPI.CreateFileMapping(moduleHandle, IntPtr.Zero,
                                                     WinAPI.FileMapProtection.PageReadonly | WinAPI.FileMapProtection.SectionImage, 0, 0, null);

            if (handle == IntPtr.Zero)
            {
                return(null);
            }

            IntPtr mem = WinAPI.MapViewOfFile(handle, WinAPI.FileMapAccess.FileMapRead, 0, 0, UIntPtr.Zero);

            if (mem == IntPtr.Zero)
            {
                return(null);
            }

            if (WinAPI.GetFinalPathNameByHandle(moduleHandle, dllPath, (uint)dllPath.Capacity, 0) == 0)
            {
                return(null);
            }

            dllPath = dllPath.Replace("\\\\?\\", "");

            PE.IMAGE_DOS_HEADER  dosHeader  = (PE.IMAGE_DOS_HEADER)Marshal.PtrToStructure(mem, typeof(PE.IMAGE_DOS_HEADER));
            PE.IMAGE_FILE_HEADER fileHeader = (PE.IMAGE_FILE_HEADER)Marshal.PtrToStructure(new IntPtr(mem.ToInt64() + dosHeader.e_lfanew), typeof(PE.IMAGE_FILE_HEADER));

            UInt16 IMAGE_FILE_32BIT_MACHINE = 0x0100;
            IntPtr entryPoint;

            if ((fileHeader.Characteristics & IMAGE_FILE_32BIT_MACHINE) == IMAGE_FILE_32BIT_MACHINE)
            {
                PE.IMAGE_OPTIONAL_HEADER32 optionalHeader = (PE.IMAGE_OPTIONAL_HEADER32)Marshal.PtrToStructure
                                                                (new IntPtr(mem.ToInt64() + dosHeader.e_lfanew + Marshal.SizeOf(typeof(PE.IMAGE_FILE_HEADER))), typeof(PE.IMAGE_OPTIONAL_HEADER32));

                entryPoint = new IntPtr(optionalHeader.AddressOfEntryPoint + imageBase.ToInt32());
            }
            else
            {
                PE.IMAGE_OPTIONAL_HEADER64 optionalHeader = (PE.IMAGE_OPTIONAL_HEADER64)Marshal.PtrToStructure
                                                                (new IntPtr(mem.ToInt64() + dosHeader.e_lfanew + Marshal.SizeOf(typeof(PE.IMAGE_FILE_HEADER))), typeof(PE.IMAGE_OPTIONAL_HEADER64));

                entryPoint = new IntPtr(optionalHeader.AddressOfEntryPoint + imageBase.ToInt64());
            }

            if (ShouldBlockDLL(dllPath.ToString()))
            {
                Console.WriteLine($"[+] Blocked DLL {dllPath}");

                byte[] retIns = new byte[1] {
                    0xC3
                };
                IntPtr bytesWritten;

                Console.WriteLine("[+] Patching DLL Entry Point at 0x{0:x}", entryPoint.ToInt64());

                if (WinAPI.WriteProcessMemory(hProcess, entryPoint, retIns, 1, out bytesWritten))
                {
                    Console.WriteLine("[+] Successfully patched DLL Entry Point");
                }
                else
                {
                    Console.WriteLine("[!] Failed patched DLL Entry Point");
                }
            }

            return(dllPath.ToString());
        }