C# (CSharp) ManualMapInjection.Injection Helpers._stricmp примеры использования

Пример #1

Файл: ManualMapInjector.cs Проект: davids-code/AimwareLoader

        private bool ProcessSections(IntPtr baseAddress, IntPtr remoteAddress)
        {
            var imageNtHeaders = GetNtHeader(baseAddress);

            if (imageNtHeaders == null)
            {
                return(false);
            }

            // skip PE header

            var imageSectionHeader = (PIMAGE_SECTION_HEADER)(imageNtHeaders.Address + /*OptionalHeader*/ 24 + imageNtHeaders.Value.FileHeader.SizeOfOptionalHeader);

            for (ushort i = 0; i < imageNtHeaders.Value.FileHeader.NumberOfSections; i++)
            {
                if (Helpers._stricmp(".reloc".ToCharArray(), imageSectionHeader[i].Name))
                {
                    continue;
                }

                var characteristics = imageSectionHeader[i].Characteristics;

                if (characteristics.HasFlag(DataSectionFlags.MemoryRead) || characteristics.HasFlag(DataSectionFlags.MemoryWrite) || characteristics.HasFlag(DataSectionFlags.MemoryExecute))
                {
                    var protection = GetSectionProtection(imageSectionHeader[i].Characteristics);
                    ProcessSection(imageSectionHeader[i].Name, baseAddress, remoteAddress, imageSectionHeader[i].PointerToRawData,
                                   imageSectionHeader[i].VirtualAddress, imageSectionHeader[i].SizeOfRawData, imageSectionHeader[i].VirtualSize, protection);
                }
            }

            return(true);
        }

Пример #2

Файл: ManualMapInjector.cs Проект: ulehvh/bam

        // Token: 0x06000016 RID: 22 RVA: 0x0000300C File Offset: 0x0000120C
        private bool ProcessSections(IntPtr baseAddress, IntPtr remoteAddress)
        {
            PIMAGE_NT_HEADERS32 ntHeader = this.GetNtHeader(baseAddress);

            if (ntHeader == null)
            {
                return(false);
            }
            PIMAGE_SECTION_HEADER pimage_SECTION_HEADER = (PIMAGE_SECTION_HEADER)(ntHeader.Address + 24 + (int)ntHeader.Value.FileHeader.SizeOfOptionalHeader);

            for (ushort num = 0; num < ntHeader.Value.FileHeader.NumberOfSections; num += 1)
            {
                if (!Helpers._stricmp(".reloc".ToCharArray(), pimage_SECTION_HEADER[(uint)num].Name))
                {
                    DataSectionFlags characteristics = pimage_SECTION_HEADER[(uint)num].Characteristics;
                    if (characteristics.HasFlag(DataSectionFlags.MemoryRead) || characteristics.HasFlag((DataSectionFlags)2147483648U) || characteristics.HasFlag(DataSectionFlags.MemoryExecute))
                    {
                        uint sectionProtection = this.GetSectionProtection(pimage_SECTION_HEADER[(uint)num].Characteristics);
                        this.ProcessSection(pimage_SECTION_HEADER[(uint)num].Name, baseAddress, remoteAddress, (ulong)pimage_SECTION_HEADER[(uint)num].PointerToRawData, (ulong)pimage_SECTION_HEADER[(uint)num].VirtualAddress, (ulong)pimage_SECTION_HEADER[(uint)num].SizeOfRawData, (ulong)pimage_SECTION_HEADER[(uint)num].VirtualSize, sectionProtection);
                    }
                }
            }
            return(true);
        }