THIS SHIT IS FUCKING WEIRD DAWG
Based on my own shitty windbg + that whack ass 2005 article
Based on my own shitty windbg + that whack ass 2005 article\
public void bruh<T>()) are added to the method table| Byte Offset | Data size (bytes) | Data Type | Property Name | Description |
|---|---|---|---|---|
| 0 | 0x0 | 4 | uint | m_dwFlags |
| 4 | 0x4 | 4 | uint | m_BaseSize |
| 8 | 0x8 | 2 | ushort | *m_wFlags2 |
| 10 | 0x0a | 2 | ushort | *m_wToken |
| 12 | 0x0c | 2 | ushort | *m_wNumVirtuals |
| 14 | 0x0e | 2 | ushort | *m_wNumInterfaces |
| 16 | 0x10 | 8 | IntPtr | m_pParentMethodTable |
| 24 | 0x18 | 8 | IntPtr | m_pLoaderModule |
| 32 | 0x20 | 8 | IntPtr | *m_pWriteableData |
| 40 | 0x28 | 8 | IntPtr | m_pEEClass |
| 48 | 0x30 | 8 | IntPtr | ??? |
| 56 | 0x38 | 8 | IntPtr | *m_pInterfaceMap |
| 64 | 0x40 | 8 | IntPtr | ??? |
| 72 | 0x48 | 8 | IntPtr | ??? |
| 80 | 0x50 | 8 | IntPtr | ??? |
| 88 | 0x58 | 8 | IntPtr | ??? |
| 96 | 0x60 | 8 | IntPtr | ??? |
Okay it seems that the Method Description has an absolute pointer to the Method Table Entry at an 8 byte offset. So I’m guessing that when i do something like
MethodInfo t = typeof(dll).GetMethod(nameof(dll.Gate), BindingFlags.Static | BindingFlags.Public)
That is returning me the Method Description. Because the MethodInfo object has the capability to return a function pointer to its method, and the Method Description contains a pointer to the
.load C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\sos.dll