本文整理汇总了C#中MyPEImage.ReadMethodTableRowTo方法的典型用法代码示例。如果您正苦于以下问题:C# MyPEImage.ReadMethodTableRowTo方法的具体用法?C# MyPEImage.ReadMethodTableRowTo怎么用?C# MyPEImage.ReadMethodTableRowTo使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类MyPEImage
的用法示例。
在下文中一共展示了MyPEImage.ReadMethodTableRowTo方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: Decrypt
public bool Decrypt(MyPEImage peImage, ref DumpedMethods dumpedMethods) {
dumpedMethods = new DumpedMethods();
bool decrypted = false;
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
peImage.Reader.Position = bodyOffset;
var mbHeader = MethodBodyParser.ParseMethodBody(peImage.Reader, out dm.code, out dm.extraSections);
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
if (dm.code.Length < 6 || dm.code[0] != 0x2A || dm.code[1] != 0x2A)
continue;
int seed = BitConverter.ToInt32(dm.code, 2);
Array.Copy(newCodeHeader, dm.code, newCodeHeader.Length);
if (seed == 0)
Decrypt(dm.code);
else
Decrypt(dm.code, seed);
dumpedMethods.Add(dm);
decrypted = true;
}
return decrypted;
}
示例2: Decrypt
//.........这里部分代码省略.........
PatchDwords(peImage, methodsDataReader, patchCount);
bool oldCode = !IsNewer45Decryption(encryptedResource.Method);
while (methodsDataReader.Position < methodsData.Length - 1) {
uint rva = methodsDataReader.ReadUInt32();
int size;
if (oldCode) {
methodsDataReader.ReadUInt32(); // token, unknown, or index
size = methodsDataReader.ReadInt32();
}
else
size = methodsDataReader.ReadInt32() * 4;
var newData = methodsDataReader.ReadBytes(size);
if (unpackedNativeFile)
peImage.DotNetSafeWriteOffset(rva, newData);
else
peImage.DotNetSafeWrite(rva, newData);
}
}
else {
// DNR 4.0+ (jitter is hooked)
var methodDef = peImage.MetaData.TablesStream.MethodTable;
var rvaToIndex = new Dictionary<uint, int>((int)methodDef.Rows);
uint offset = (uint)methodDef.StartOffset;
for (int i = 0; i < methodDef.Rows; i++) {
uint rva = peImage.OffsetReadUInt32(offset);
offset += methodDef.RowSize;
if (rva == 0)
continue;
if ((peImage.ReadByte(rva) & 3) == 2)
rva++;
else
rva += (uint)(4 * (peImage.ReadByte(rva + 1) >> 4));
rvaToIndex[rva] = i;
}
PatchDwords(peImage, methodsDataReader, patchCount);
int count = methodsDataReader.ReadInt32();
dumpedMethods = new DumpedMethods();
while (methodsDataReader.Position < methodsData.Length - 1) {
uint rva = methodsDataReader.ReadUInt32();
uint index = methodsDataReader.ReadUInt32();
bool isNativeCode = index >= 0x70000000;
int size = methodsDataReader.ReadInt32();
var methodData = methodsDataReader.ReadBytes(size);
int methodIndex;
if (!rvaToIndex.TryGetValue(rva, out methodIndex)) {
Logger.w("Could not find method having code RVA {0:X8}", rva);
continue;
}
uint methodToken = 0x06000001 + (uint)methodIndex;
if (isNativeCode) {
totalEncryptedNativeMethods++;
if (tokenToNativeCode != null)
tokenToNativeCode[methodToken] = methodData;
// Convert return true / false methods. The others are converted to
// throw 0xDEADCODE.
if (DeobUtils.IsCode(nativeLdci4, methodData)) {
uint val = BitConverter.ToUInt32(methodData, 4);
// ldc.i4 XXXXXXXXh / ret
methodData = new byte[] { 0x20, 0, 0, 0, 0, 0x2A };
methodData[1] = (byte)val;
methodData[2] = (byte)(val >> 8);
methodData[3] = (byte)(val >> 16);
methodData[4] = (byte)(val >> 24);
}
else if (DeobUtils.IsCode(nativeLdci4_0, methodData)) {
// ldc.i4.0 / ret
methodData = new byte[] { 0x16, 0x2A };
}
else {
tokenToNativeMethod[methodToken] = methodData;
// ldc.i4 0xDEADCODE / conv.u4 / throw
methodData = new byte[] { 0x20, 0xDE, 0xC0, 0xAD, 0xDE, 0x6D, 0x7A };
}
}
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, MDToken.ToRID(methodToken));
dm.code = methodData;
var codeReader = peImage.Reader;
codeReader.Position = peImage.RvaToOffset(dm.mdRVA);
byte[] code;
var mbHeader = MethodBodyParser.ParseMethodBody(codeReader, out code, out dm.extraSections);
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.Add(dm);
}
}
return true;
}
示例3: CreateDumpedMethods
DumpedMethods CreateDumpedMethods(MyPEImage peImage, byte[] fileData, byte[] methodsData) {
var dumpedMethods = new DumpedMethods();
var methodsDataReader = MemoryImageStream.Create(methodsData);
var fileDataReader = MemoryImageStream.Create(fileData);
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
byte b = peImage.OffsetReadByte(bodyOffset);
uint codeOffset;
if ((b & 3) == 2) {
if (b != 2)
continue; // not zero byte code size
dm.mhFlags = 2;
dm.mhMaxStack = 8;
dm.mhLocalVarSigTok = 0;
codeOffset = bodyOffset + 1;
}
else {
if (peImage.OffsetReadUInt32(bodyOffset + 4) != 0)
continue; // not zero byte code size
dm.mhFlags = peImage.OffsetReadUInt16(bodyOffset);
dm.mhMaxStack = peImage.OffsetReadUInt16(bodyOffset + 2);
dm.mhLocalVarSigTok = peImage.OffsetReadUInt32(bodyOffset + 8);
codeOffset = bodyOffset + (uint)(dm.mhFlags >> 12) * 4;
}
fileDataReader.Position = codeOffset;
if (!decrypter.Decrypt(fileDataReader, dm))
continue;
dumpedMethods.Add(dm);
}
return dumpedMethods;
}
示例4: Decrypt
DumpedMethods Decrypt(MyPEImage peImage, byte[] fileData, DecryptMethodData decrypter) {
var dumpedMethods = new DumpedMethods();
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
if (!IsEncryptedMethod(fileData, (int)bodyOffset))
continue;
int key = BitConverter.ToInt32(fileData, (int)bodyOffset + 6);
int mdOffs = BitConverter.ToInt32(fileData, (int)bodyOffset + 2) ^ key;
int len = BitConverter.ToInt32(fileData, (int)bodyOffset + 11) ^ ~key;
int methodDataOffset = mdOffs + 2;
uint[] methodData;
byte[] codeData;
decrypter.Decrypt(methodsData, methodDataOffset, (uint)key, len, out methodData, out codeData);
dm.mhFlags = 0x03;
int maxStack = (int)methodData[methodDataIndexes.maxStack];
dm.mhMaxStack = (ushort)maxStack;
dm.mhLocalVarSigTok = methodData[methodDataIndexes.localVarSigTok];
if (dm.mhLocalVarSigTok != 0 && (dm.mhLocalVarSigTok >> 24) != 0x11)
throw new ApplicationException("Invalid local var sig token");
int numExceptions = (int)methodData[methodDataIndexes.ehs];
uint options = methodData[methodDataIndexes.options];
int codeSize = (int)methodData[methodDataIndexes.codeSize];
var codeDataReader = MemoryImageStream.Create(codeData);
if (decrypter.IsCodeFollowedByExtraSections(options)) {
dm.code = codeDataReader.ReadBytes(codeSize);
dm.extraSections = ReadExceptionHandlers(codeDataReader, numExceptions);
}
else {
dm.extraSections = ReadExceptionHandlers(codeDataReader, numExceptions);
dm.code = codeDataReader.ReadBytes(codeSize);
}
if (codeDataReader.Position != codeDataReader.Length)
throw new ApplicationException("Invalid method data");
if (dm.extraSections != null)
dm.mhFlags |= 8;
dm.mhCodeSize = (uint)dm.code.Length;
// Figure out if the original method was tiny or not.
bool isTiny = dm.code.Length <= 0x3F &&
dm.mhLocalVarSigTok == 0 &&
dm.extraSections == null &&
dm.mhMaxStack == 8;
if (isTiny)
dm.mhFlags |= 0x10; // Set 'init locals'
dm.mhFlags |= (ushort)(options & 0x10); // copy 'init locals' bit
dumpedMethods.Add(dm);
}
return dumpedMethods;
}
示例5: Decrypt_v17_r73404
DumpedMethods Decrypt_v17_r73404(MyPEImage peImage, byte[] fileData) {
var dumpedMethods = new DumpedMethods();
var methodDef = peImage.MetaData.TablesStream.MethodTable;
for (uint rid = 1; rid <= methodDef.Rows; rid++) {
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
if (dm.mdRVA == 0)
continue;
uint bodyOffset = peImage.RvaToOffset(dm.mdRVA);
if (!IsEncryptedMethod(fileData, (int)bodyOffset))
continue;
int key = BitConverter.ToInt32(fileData, (int)bodyOffset + 6);
int mdOffs = BitConverter.ToInt32(fileData, (int)bodyOffset + 2) ^ key;
int len = BitConverter.ToInt32(fileData, (int)bodyOffset + 11) ^ ~key;
var codeData = DecryptMethodData_v17_r73404(methodsData, mdOffs + 2, (uint)key, len);
var reader = MemoryImageStream.Create(codeData);
var mbHeader = MethodBodyParser.ParseMethodBody(reader, out dm.code, out dm.extraSections);
if (reader.Position != reader.Length)
throw new ApplicationException("Invalid method data");
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.Add(dm);
}
return dumpedMethods;
}