private unsafe static void dumpImportTable(Log log, RemotePtr <byte> mbase, IMAGE.DATA_DIRECTORY dir)
{
if (dir.VirtualAddress == 0)
{
return;
}
log.WriteLine("============================================================");
log.WriteLine(" IMPORT TABLE ");
log.WriteLine("============================================================");
RemotePtr <IMAGE.IMPORT_DESCRIPTOR> pDesc
= (mbase + dir.VirtualAddress).Reinterpret <IMAGE.IMPORT_DESCRIPTOR>();
RemotePtr <IMAGE.IMPORT_DESCRIPTOR> pDescM
= pDesc.Advance((System.IntPtr)dir.Size);
while (pDesc < pDescM)
{
IMAGE.IMPORT_DESCRIPTOR desc = (pDesc++)[0];
log.WriteVar("Importing from", (mbase + (int)desc.pstrName).ReadAnsiString());
log.WriteVar("ForwarderChain", desc.ForwarderChain);
log.WriteVar("TimeDateStamp", desc.TimeDateStamp);
log.WriteVar("FirstThunk", "0x" + desc.FirstThunk.ToString("X8"));
log.WriteVar("OriginalFirstThunk", "0x" + desc.OriginalFirstThunk.ToString("X8"));
if (desc.FirstThunk == 0)
{
continue;
}
RemotePtr <IMAGE.THUNK_DATA32> pIAT = (mbase + (int)desc.FirstThunk).Reinterpret <IMAGE.THUNK_DATA32>();
RemotePtr <IMAGE.THUNK_DATA32> pINT = (mbase + (int)desc.OriginalFirstThunk).Reinterpret <IMAGE.THUNK_DATA32>();
while (true)
{
IMAGE.THUNK_DATA32 iat_item = pIAT++.Value;
IMAGE.THUNK_DATA32 int_item = pINT++.Value;
if (iat_item.Function == 0)
{
break;
}
string name;
if (int_item.IsSnapByOrdinal)
{
name = "#" + int_item.OrdinalValue.ToString();
}
else
{
const int OffsetName = 2; // IMAGE_IMPORT_BY_NAME.Name メンバのオフセット
name = (mbase + int_item.AddressOfData + OffsetName).ReadAnsiString();
if (name[0] == '?')
{
name = DbgHelp.UnDecorateSymbolName(name, DbgHelp.UNDNAME.COMPLETE);
}
}
log.WriteLine("dllimport {0} \t@ 0x{1:X8}", name, iat_item.Function);
}
log.WriteLine("------------------------------------------------------------");
}
}
public static string Demangle(string Symbol)
{
//IntPtr CurProc = Process.GetCurrentProcess().Handle;
StringBuilder SB = new StringBuilder(4069);
//DbgHelp.SymInitialize(CurProc, null, false);
DbgHelp.UnDecorateSymbolName(Symbol, SB, SB.Capacity, UndnameFlags.UNDNAME_COMPLETE);
//DbgHelp.SymCleanup(CurProc);
return(SB.ToString().Trim());
}
public ImportFunction this[int index] {
get{
if (index < 0 || funccount <= index)
{
throw new System.ArgumentOutOfRangeException("index");
}
const int OffsetName = 2; // IMAGE_IMPORT_BY_NAME.Name メンバのオフセット
RemotePtr <FPtr> ppfn;
string name;
if (!pIAT32.IsNull)
{
// 対象が PE32 の場合
ppfn = (pIAT32 + index).Reinterpret <FPtr>();
// ■↑■ 64bit から 32bit の中の FPtr を触ると×
IMAGE.THUNK_DATA32 int32 = pINT32[index];
if (int32.IsSnapByOrdinal)
{
return(new ImportFunction(int32.OrdinalValue, ppfn));
}
else
{
name = (module.mbase + int32.AddressOfData + OffsetName).ReadAnsiString();
}
}
else
{
// 対象が PE32+ の場合
ppfn = (pIAT64 + index).Reinterpret <FPtr>();
IMAGE.THUNK_DATA64 int64 = pINT64[index];
if (int64.IsSnapByOrdinal)
{
return(new ImportFunction(int64.OrdinalValue, ppfn));
}
else
{
name = (module.mbase + int64.AddressOfData + OffsetName).ReadAnsiString();
}
}
// 名前によるインポートの場合
if (name == null)
{
name = "<FAILED TO GET NAME>";
}
else if (name.Length > 1 && name[0] == '?')
{
name = DbgHelp.UnDecorateSymbolName(name, DbgHelp.UNDNAME.COMPLETE);
}
return(new ImportFunction(name, ppfn));
}
}
