private void ParseDelayImports(bool is_64bit)
{
try
{
IntPtr imports = Win32NativeMethods.ImageDirectoryEntryToData(handle, MappedAsImage,
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, out int size);
if (imports == IntPtr.Zero)
{
return;
}
SafeHGlobalBuffer buffer = new SafeHGlobalBuffer(imports, size, false);
ulong ofs = 0;
ImageDelayImportDescriptor import_desc = buffer.Read <ImageDelayImportDescriptor>(ofs);
while (import_desc.szName != 0)
{
_imports.Add(ParseSingleImport(import_desc.szName, import_desc.pINT, import_desc.pIAT, is_64bit, true));
ofs += (ulong)Marshal.SizeOf(typeof(ImageDelayImportDescriptor));
import_desc = buffer.Read <ImageDelayImportDescriptor>(ofs);
}
}
catch
{
}
}
/// <summary>
/// Parse a library's delayed import information.
/// </summary>
/// <returns>A dictionary containing the location of import information keyed against the IAT address.</returns>
public IDictionary <IntPtr, IntPtr> ParseDelayedImports()
{
if (_delayed_imports != null)
{
return(new ReadOnlyDictionary <IntPtr, IntPtr>(_delayed_imports));
}
_delayed_imports = new Dictionary <IntPtr, IntPtr>();
IntPtr delayed_imports = Win32NativeMethods.ImageDirectoryEntryToData(handle, true, IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT, out int size);
if (delayed_imports == IntPtr.Zero)
{
return(new ReadOnlyDictionary <IntPtr, IntPtr>(_delayed_imports));
}
int i = 0;
int desc_size = Marshal.SizeOf(typeof(ImageDelayImportDescriptor));
// Should really only do up to sizeof image delay import desc
while (i <= (size - desc_size))
{
ImageDelayImportDescriptor desc = (ImageDelayImportDescriptor)Marshal.PtrToStructure(delayed_imports, typeof(ImageDelayImportDescriptor));
if (desc.szName == 0)
{
break;
}
ParseDelayedImport(_delayed_imports, desc);
delayed_imports += desc_size;
size -= desc_size;
}
return(new ReadOnlyDictionary <IntPtr, IntPtr>(_delayed_imports));
}
private void ParseDelayedImport(Dictionary <IntPtr, IntPtr> imports, ImageDelayImportDescriptor desc)
{
if (desc.pIAT == 0 || desc.pINT == 0)
{
return;
}
string name = Marshal.PtrToStringAnsi(RvaToVA(desc.szName));
IntPtr IAT = RvaToVA(desc.pIAT);
IntPtr INT = RvaToVA(desc.pINT);
try
{
using (SafeLoadLibraryHandle lib = LoadLibrary(name))
{
IntPtr import_name_rva = Marshal.ReadIntPtr(INT);
while (import_name_rva != IntPtr.Zero)
{
IntPtr import;
// Ordinal
if (import_name_rva.ToInt64() < 0)
{
import = lib.GetProcAddress(new IntPtr(import_name_rva.ToInt64() & 0xFFFF));
}
else
{
IntPtr import_ofs = RvaToVA(import_name_rva.ToInt64() + 2);
string import_name = Marshal.PtrToStringAnsi(import_ofs);
import = lib.GetProcAddress(import_name);
}
if (import != IntPtr.Zero)
{
imports[IAT] = import;
}
INT += IntPtr.Size;
IAT += IntPtr.Size;
import_name_rva = Marshal.ReadIntPtr(INT);
}
}
}
catch (Win32Exception)
{
}
}
