public IntPtr FindEntry(IntPtr hProc)
{
Loader.PROCESS_BASIC_INFORMATION pROCESS_BASIC_INFORMATION = default(Loader.PROCESS_BASIC_INFORMATION);
uint num = 0u;
long v = (long)Loader.ZwQueryInformationProcess(hProc, 0, ref pROCESS_BASIC_INFORMATION, (uint)(IntPtr.Size * 6), ref num);
if (!this.nt_success(v))
{
throw new SystemException("[x] Failed to get process information!");
}
IntPtr lpBaseAddress = IntPtr.Zero;
byte[] array = new byte[IntPtr.Size];
if (IntPtr.Size == 4)
{
lpBaseAddress = (IntPtr)((int)pROCESS_BASIC_INFORMATION.PebAddress + 8);
}
else
{
lpBaseAddress = (IntPtr)((long)pROCESS_BASIC_INFORMATION.PebAddress + 16L);
}
IntPtr zero = IntPtr.Zero;
if (!Loader.ReadProcessMemory(hProc, lpBaseAddress, array, array.Length, out zero) || zero == IntPtr.Zero)
{
throw new SystemException("[x] Failed to read process memory!");
}
if (IntPtr.Size == 4)
{
lpBaseAddress = (IntPtr)BitConverter.ToInt32(array, 0);
}
else
{
lpBaseAddress = (IntPtr)BitConverter.ToInt64(array, 0);
}
this.pModBase_ = lpBaseAddress;
if (!Loader.ReadProcessMemory(hProc, lpBaseAddress, this.inner_, this.inner_.Length, out zero) || zero == IntPtr.Zero)
{
throw new SystemException("[x] Failed to read module start!");
}
return(this.GetEntryFromBuffer(this.inner_));
}
private static extern int ZwQueryInformationProcess(IntPtr hProcess, int procInformationClass, ref Loader.PROCESS_BASIC_INFORMATION procInformation, uint ProcInfoLen, ref uint retlen);
