RUNTIME_FUNCTION[] PareseExceptionDirectory(byte[] buff, UInt32 offset, UInt32 size, IMAGE_SECTION_HEADER[] sh)
{
var sizeOfRuntimeFunction = 0xC;
var rf = new RUNTIME_FUNCTION[size / sizeOfRuntimeFunction];
for (int i = 0; i < rf.Count(); i++)
{
rf[i] = new RUNTIME_FUNCTION(buff, (UInt32)(offset + i * sizeOfRuntimeFunction));
}
return(rf);
}
public UNWIND_INFO GetUnwindInfo(RUNTIME_FUNCTION runtimeFunction)
{
UInt32 uwAddress = 0x00;
// Check if the last bit is set in the UnwindInfo. If so, it is a chained
// information.
if ((runtimeFunction.UnwindInfo & 0x1) == 0x1)
{
uwAddress = runtimeFunction.UnwindInfo & 0xFFFE;
}
else
{
uwAddress = runtimeFunction.UnwindInfo;
}
var uw = new UNWIND_INFO(_buff, Utility.RVAtoFileMapping(uwAddress, ImageSectionHeaders));
return(uw);
}
