Exemplos de PEToolkit.PE.Structures.MetaData STORAGE_STREAM_HEADER em C# (CSharp)

Exemplo n.º 1

Arquivo: formViewStorageStream.cs Projeto: PavilionVI/PEToolkit

 public formViewStorageStream(PEInfomation pe, STORAGE_STREAM_HEADER targetStream)
 {
     InitializeComponent();
     this.Text += string.Format(" ({0})", new string(targetStream.rcName).Replace("\0", ""));
     try
     {
         rtbStorageData.Text = Encoding.UTF8.GetString(pe.ReadStorageStream(targetStream)).Replace("\0", "");//temp
     }
     catch
     {
         rtbStorageData.Text = "Failed.";
     }
 }

Exemplo n.º 2

Arquivo: NetStorageListViewItem.cs Projeto: PavilionVI/PEToolkit

 public NetStorageListViewItem(STORAGE_STREAM_HEADER _h) : base(new string(_h.rcName))
 {
     Header = _h;
     SubItems.Add(string.Format("0x{0:x2}", Header.iOffset));
     SubItems.Add(string.Format("0x{0:x2}", Header.iSize));
 }

Exemplo n.º 3

Arquivo: PEInfomation.cs Projeto: PavilionVI/PEToolkit

        public byte[] ReadStorageStream(STORAGE_STREAM_HEADER storageStream)
        {
            if (!IsNet)
                return null;
            try
            {
                byte[] stream = new byte[storageStream.iSize];

                if (IsProcess)
                {
                    uint protection = 0;
                    
                    IntPtr handle = GetProcessHandle();
                    IntPtr address = new IntPtr(ModuleBaseAddress.ToInt32() + NetStructures.COR20Header.MetaDataRva + storageStream.iOffset);

                    NativeMethods.VirtualProtectEx(handle, address, stream.Length, 0x10, out protection);
                    bool success = NativeMethods.ReadProcessMemory(handle, address, stream, stream.Length, 0);
                    NativeMethods.VirtualProtectEx(handle, address, stream.Length, protection, out protection);

                    CloseProcessHandle();
                    if (!success)
                        throw new Exception("Failed to read.");
                }
                else
                {
                    Buffer.BlockCopy(DataBytes, NetStructures.NetOffsets.MetaDataRawAddress + (int)storageStream.iOffset, stream, 0, stream.Length);
                }
                return stream;
            }
            catch
            {
                return null;
            }
        }