public static unsafe Dictionary <string, UInt32> DumpSymbolsFromFile64(byte *pBin) { Dictionary <string, UInt32> ExportTable = new Dictionary <string, UInt32>(); NTHeaders64 *ntHeaders = GetNtHeaders64(pBin); ImageExportDirectory *exportDir = (ImageExportDirectory *)(pBin + RVAtoOffset64(ntHeaders->optnHeader.exportTable.VirtualAddress, ntHeaders, pBin)); if (ntHeaders->optnHeader.numberOfRvaAndSizes <= 0) { throw new ArgumentException("Error, This file has no exports."); } for (UInt32 i = 0; i < exportDir->NumberOfNames; i++) { UInt32 offset = (UInt32)RVAtoOffset64((*(UInt32 *)(pBin + RVAtoOffset64(exportDir->AddressOfFunctions, ntHeaders, pBin) + (i * sizeof(UInt32)))), ntHeaders, pBin); UInt32 nameOffset = (UInt32)RVAtoOffset64((UInt32)exportDir->AddressOfNames, ntHeaders, pBin) + (i * sizeof(UInt32)); string methodName = Marshal.PtrToStringAnsi((IntPtr) (pBin + RVAtoOffset64((*(UInt32 *)(pBin + nameOffset)), ntHeaders, pBin))); ExportTable.Add(methodName, offset); } return(ExportTable); }
internal ImageExports(MappedImage mappedImage) { _mappedImage = mappedImage; _dataDirectory = mappedImage.GetDataEntry(ImageDataEntry.Export); _exportDirectory = mappedImage.GetExportDirectory(); if (_exportDirectory != null) { _addressTable = (int*)mappedImage.RvaToVa(_exportDirectory->AddressOfFunctions); _namePointerTable = (int*)mappedImage.RvaToVa(_exportDirectory->AddressOfNames); _ordinalTable = (short*)mappedImage.RvaToVa(_exportDirectory->AddressOfNameOrdinals); } }
public static unsafe List <ImportInfo> DumpImportsFromFile32(byte *pBin) { List <ImportInfo> importInfo = new List <ImportInfo>(); NTHeaders32 *ntHeaders = GetNtHeaders32(pBin); ImageExportDirectory *exportDir = (ImageExportDirectory *)(pBin + RVAtoOffset32(ntHeaders->optnHeader.importTable.VirtualAddress, ntHeaders, pBin)); return(importInfo); }
internal ImageExports(MappedImage mappedImage) { _mappedImage = mappedImage; _dataDirectory = mappedImage.GetDataEntry(ImageDataEntry.Export); _exportDirectory = mappedImage.GetExportDirectory(); if (_exportDirectory != null) { _addressTable = (int *)mappedImage.RvaToVa(_exportDirectory->AddressOfFunctions); _namePointerTable = (int *)mappedImage.RvaToVa(_exportDirectory->AddressOfNames); _ordinalTable = (short *)mappedImage.RvaToVa(_exportDirectory->AddressOfNameOrdinals); } }
public static unsafe List <ExportInfo> DumpExportsFromFile32(byte *pBin) { List <ExportInfo> exportInfo = new List <ExportInfo>(); NTHeaders32 *ntHeaders = GetNtHeaders32(pBin); if (ntHeaders->optnHeader.exportTable.Size == 0) { // WARN return(exportInfo); } ImageExportDirectory *exportDir = (ImageExportDirectory *)(pBin + RVAtoOffset32(ntHeaders->optnHeader.exportTable.VirtualAddress, ntHeaders, pBin)); if (ntHeaders->optnHeader.numberOfRvaAndSizes <= 0) { throw new ArgumentException("Error, This file has no exports."); } for (UInt32 i = 0; i < exportDir->NumberOfNames; i++) { // Offset of Address UInt32 Rva = (*(UInt32 *)(pBin + RVAtoOffset32(exportDir->AddressOfFunctions, ntHeaders, pBin) + (i * sizeof(UInt32)))); UInt32 Offset = (UInt32)RVAtoOffset32(Rva, ntHeaders, pBin); UInt32 nameOffset = (UInt32)RVAtoOffset32((UInt32)exportDir->AddressOfNames, ntHeaders, pBin) + (i * sizeof(UInt32)); string methodName = Marshal.PtrToStringAnsi((IntPtr) (pBin + RVAtoOffset32((*(UInt32 *)(pBin + nameOffset)), ntHeaders, pBin))); UInt32 OridnalOffset = (UInt16)(RVAtoOffset32((UInt32)(exportDir->AddressOfNameOrdinals), ntHeaders, pBin) + (i * sizeof(UInt16))); UInt32 Hint = (*(UInt16 *)(pBin + OridnalOffset)); UInt32 Ordinal = Hint + exportDir->Base; ExportInfo ef; ef.RVA = Rva; ef.Offset = Offset; ef.NameOffset = nameOffset; ef.Name = methodName; ef.OrdinalOffset = OridnalOffset; ef.Hint = Hint; ef.Ordinal = Ordinal; exportInfo.Add(ef); } return(exportInfo); }
public static unsafe IntPtr GetExportedFunctionPointerForModule(long moduleBaseAddress, string importName) { ImageNtHeaders * imageNtHeaders = AnalyseModuleWin((IntPtr)moduleBaseAddress); ImageSectionHeader *pSech = ImageFirstSection(imageNtHeaders); ImageDataDirectory *imageDirectoryEntryExport = MelonUtils.IsGame32Bit() ? &imageNtHeaders->optionalHeader32.exportTable : &imageNtHeaders->optionalHeader64.exportTable; ImageExportDirectory *pExportDirectory = (ImageExportDirectory *)((long)moduleBaseAddress + imageDirectoryEntryExport->virtualAddress); //MelonLoader.MelonLogger.Msg("pExportDirectory at " + string.Format("{0:X}", (ulong)pExportDirectory - (ulong)moduleBaseAddress)); for (uint i = 0; i < imageDirectoryEntryExport->size / sizeof(ImageExportDirectory); ++i) { ImageExportDirectory *pExportDirectoryI = pExportDirectory + i; //MelonLoader.MelonLogger.Msg("pExportDirectoryI->name: " + string.Format("{0:X}", pExportDirectoryI->name)); if (pExportDirectoryI->name != 0) { string imagename = Marshal.PtrToStringAnsi((IntPtr)((long)moduleBaseAddress + pExportDirectoryI->name)); //string imagename = CppUtils.CharArrayPtrToString((IntPtr)pExportDirectoryI->name); //MelonLoader.MelonLogger.Msg("imagename: " + imagename); /* * if (imagename != "UnityPlayer.dll") * continue; */ long baseNameOrdinalOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfNameOrdinals; long baseFunctionOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfFunctions; long baseNameOffset = moduleBaseAddress + (int)pExportDirectoryI->addressOfNames; for (int j = 0; j < pExportDirectoryI->numberOfNames; ++j) { ushort ordinal = *(ushort *)((long)baseNameOrdinalOffset + j * 2); long functionnameAddress = moduleBaseAddress + *(int *)(baseNameOffset + j * 4); long functionaddress = moduleBaseAddress + *(int *)(baseFunctionOffset + ordinal * 4); string importname = Marshal.PtrToStringAnsi((IntPtr)functionnameAddress); //MelonLoader.MelonLogger.Msg($"{imagename}::{importname} @ 0x{((ulong)functionaddress - (ulong)moduleBaseAddress):X} (0x{functionaddress:X} - 0x{moduleBaseAddress:X})"); if (importname == importName) { return((IntPtr)functionaddress); } } } } return(IntPtr.Zero); }