test pe reader upgrades

src/lib.rs

@@ -133,6 +133,12 @@ fn test_find_mtga() {
 
     let results = MonoReader::find_pid_by_name(&process_name);
 
+    for pid in results.iter() {
+        let mut mono_reader = MonoReader::new(pid.as_u32());
+
+        mono_reader.read_mono_root_domain();
+    }
+
     assert_eq!(results.is_some(), true);
 }
 

src/mono_reader.rs

@@ -39,7 +39,6 @@ impl MonoReader {
             .map(|(pid, _)| *pid)
     }
 
-
     #[cfg(target_os = "windows")]
     pub fn read_mono_root_domain(&mut self) -> usize {
         let mtga_process = match Process::with_pid(*&self.pid) {
@@ -63,7 +62,7 @@ impl MonoReader {
 
         // println!("mono-2.0-bdwgc.dll Base addr: {:?}", module.base_address());
 
-        let pe = PEReader::new(module.data().to_vec());
+        let pe = PEReader::new(&self, module.base_address() as usize);
         let mono_root_offset = pe.get_function_offset("mono_get_root_domain").unwrap();
 
         // println!(
@@ -78,9 +77,41 @@ impl MonoReader {
 
     #[cfg(target_os = "linux")]
     pub fn read_mono_root_domain(&mut self) -> usize {
-        self.mono_root_domain = 0 as usize;
+        // walk trough the memory of the process to find the mono root domain
+        // we use the PE header magic number (MZ) to find the mono library
 
-        self.mono_root_domain
+        let mut addr = 0 as usize;
+        let mut found = 0;
+        let mut managed = DataMember::<u16>::new(self.handle);
+
+        println!("Searching for mono library...");
+
+        let mut mono_root_domain = 0;
+
+        while found < 5 {
+            let val = unsafe {
+                managed.set_offset(vec![addr]);
+                match managed.read() {
+                    Ok(val) => val,
+                    Err(_e) => 0,
+                }
+            };
+
+            // MZ
+            if val == 0x5a4d {
+                let pe = PEReader::new(&self, addr);
+                let mono_root_offset = pe.get_function_offset("mono_get_root_domain").unwrap();
+                println!("mono_get_root_domain offset: {:?}", mono_root_offset);
+
+                mono_root_domain = addr + mono_root_offset as usize;
+
+                found += 1;
+            }
+            addr += 4096;
+        }
+
+        println!("Found mono library at: {:?}", mono_root_domain);
+        mono_root_domain
     }
 
     #[cfg(target_os = "macos")]

src/pe_reader.rs

@@ -1,8 +1,10 @@
 use core::fmt::Error;
-use std::convert::TryInto;
 
-pub struct PEReader {
-    raw_data: Vec<u8>,
+use crate::mono_reader::MonoReader;
+
+pub struct PEReader<'a> {
+    reader: &'a MonoReader,
+    address: usize,
 }
 
 const SIGNATURE: u32 = 0x3c;
@@ -13,26 +15,22 @@ const FUNCTION_ADDRESS_ARRAY_INDEX: u32 = 0x1c;
 const FUNCTION_NAME_ARRAY_INDEX: u32 = 0x20;
 const FUNCTION_ENTRY_SIZE: u32 = 4;
 
-impl PEReader {
-    pub fn new(data: Vec<u8>) -> Self {
-        PEReader { raw_data: data }
+impl<'a> PEReader<'a> {
+    pub fn new(reader: &'a MonoReader, address: usize) -> Self {
+        PEReader { reader, address }
     }
 
     fn parse_u32(&self, offset: usize) -> u32 {
-        match self.raw_data.get(offset..offset + 4) {
-            Some(slice) => u32::from_le_bytes(slice.try_into().unwrap()),
-            None => 0,
+        let mut bytes: [u8; 4] = [0, 0, 0, 0];
+        for i in 0..4 {
+            let val = self.reader.read_u8(self.address + offset + i);
+            bytes[i] = val;
         }
+        u32::from_le_bytes(bytes)
     }
 
     fn parse_ascii_string(&self, offset: usize) -> String {
-        let mut string = String::new();
-        let mut index = offset;
-        while self.raw_data[index] != 0 {
-            string.push(self.raw_data[index] as char);
-            index += 1;
-        }
-        string
+        self.reader.read_ascii_string(self.address + offset)
     }
 
     pub fn get_function_offset(&self, name: &str) -> Result<u32, Error> {