Z
zweigs schwangerschaft nochmal wieder
Guest
How can I get address of any procedure in my project? SEE korbaSzael/u-dze-a file gra/Biblioteki.cs or gra/bin/gebug/gra.exe -> Main window->Menu->Pomoc->Biblioteki
I need to correct export address for each entry in export table because it gives me RVA address that i need to transform into memory address before i would be able to call it remotely from other process and from other programing language than Visual Studio.
I used delegates, Func<> or Action<> like below but it returns address which
is outside of my loaded into memory program so it is also no use in fixing export tables.
void static myProc(){}
Delegate myDelegate = new Action(myProc);
// GCHandle gch = GCHandle.Alloc(myDelegate);// for nonstatic procedures
IntPtr ptr = Marshal.GetFunctionPointerForDelegate(myDelegate);
How can I get memory address from export table which lies inside my app loaded into memory?
AND second issue is that Visual Studio fails to set import address table and export address table for *.DLL files. SEE gra/DLL and load it into process by clicking ładuj bibliotekę button on form Biblioteki and than choose file gra/dll.dll. Then select dll.dll in upper combobox to view its details and export and import addresses. SEE that Visual Studio failed to set address tables. HOW can i make Visual Studio to fill export and import tables for DLL?
There is code below:
DataTable tableExports = null;
private void bExports_Click(object sender, EventArgs e)
{
tableExports = new DataTable();
tableExports.Columns.Add("export name", typeof(string));
tableExports.Columns.Add("address", typeof(cAddress));
tableExports.Columns.Add("size", typeof(cSize));
IntPtr pHandle = OpenProcess(0x1F0FFF, true, (comboBox2.SelectedItem as cbProcess).id);
ulong baseOfDll;
bool status;
status = SymInitialize(pHandle, null, false);
baseOfDll = SymLoadModuleEx(pHandle, IntPtr.Zero, (comboBox1.SelectedItem as cbModule).file, null, 0, 0, IntPtr.Zero, 0);
if (baseOfDll != 0 && SymEnumerateSymbols64(pHandle, baseOfDll, EnumSyms, IntPtr.Zero) != false)
{
dataGridView1.DataSource = tableExports;
(dataGridView1.DataSource as DataTable).DefaultView.Sort = "export name";
}
SymCleanup(pHandle);
CloseHandle(pHandle);
}
public bool EnumSyms(string name, ulong address, uint givenSize, IntPtr context)
{
tableExports.Rows.Add(name,new cAddress{address = address}, new cSize { size = givenSize });
return true;
}
Above returns RVA (relative virtual address) for each entry in export table for both DLL and EXE files. But it loads module, gets RVAs and unloads module. Since I get my module base address from:
Process[] processTable = Process.GetProcesses();
baseAddress = processTable[myProcess].Modules[myModule].BaseAddress;
So, since I have both RVA for each procedure for any module and base memory address for that module,
all I need to do is to calculate VA (real memory address where the procedure is physically). I know
that there must be some recalculation:
some value must be subtracted from RVA and then base memory address added to it...
HOW TO GET that value (which I must subtract) since it should lie somewhere in file header
of module and I can read that file contents because I know its base address?????????
Continue reading...
I need to correct export address for each entry in export table because it gives me RVA address that i need to transform into memory address before i would be able to call it remotely from other process and from other programing language than Visual Studio.
I used delegates, Func<> or Action<> like below but it returns address which
is outside of my loaded into memory program so it is also no use in fixing export tables.
void static myProc(){}
Delegate myDelegate = new Action(myProc);
// GCHandle gch = GCHandle.Alloc(myDelegate);// for nonstatic procedures
IntPtr ptr = Marshal.GetFunctionPointerForDelegate(myDelegate);
How can I get memory address from export table which lies inside my app loaded into memory?
AND second issue is that Visual Studio fails to set import address table and export address table for *.DLL files. SEE gra/DLL and load it into process by clicking ładuj bibliotekę button on form Biblioteki and than choose file gra/dll.dll. Then select dll.dll in upper combobox to view its details and export and import addresses. SEE that Visual Studio failed to set address tables. HOW can i make Visual Studio to fill export and import tables for DLL?
There is code below:
DataTable tableExports = null;
private void bExports_Click(object sender, EventArgs e)
{
tableExports = new DataTable();
tableExports.Columns.Add("export name", typeof(string));
tableExports.Columns.Add("address", typeof(cAddress));
tableExports.Columns.Add("size", typeof(cSize));
IntPtr pHandle = OpenProcess(0x1F0FFF, true, (comboBox2.SelectedItem as cbProcess).id);
ulong baseOfDll;
bool status;
status = SymInitialize(pHandle, null, false);
baseOfDll = SymLoadModuleEx(pHandle, IntPtr.Zero, (comboBox1.SelectedItem as cbModule).file, null, 0, 0, IntPtr.Zero, 0);
if (baseOfDll != 0 && SymEnumerateSymbols64(pHandle, baseOfDll, EnumSyms, IntPtr.Zero) != false)
{
dataGridView1.DataSource = tableExports;
(dataGridView1.DataSource as DataTable).DefaultView.Sort = "export name";
}
SymCleanup(pHandle);
CloseHandle(pHandle);
}
public bool EnumSyms(string name, ulong address, uint givenSize, IntPtr context)
{
tableExports.Rows.Add(name,new cAddress{address = address}, new cSize { size = givenSize });
return true;
}
Above returns RVA (relative virtual address) for each entry in export table for both DLL and EXE files. But it loads module, gets RVAs and unloads module. Since I get my module base address from:
Process[] processTable = Process.GetProcesses();
baseAddress = processTable[myProcess].Modules[myModule].BaseAddress;
So, since I have both RVA for each procedure for any module and base memory address for that module,
all I need to do is to calculate VA (real memory address where the procedure is physically). I know
that there must be some recalculation:
some value must be subtracted from RVA and then base memory address added to it...
HOW TO GET that value (which I must subtract) since it should lie somewhere in file header
of module and I can read that file contents because I know its base address?????????
Continue reading...