Beispiel #1
0
 public OptionalHeaderInfo(
     IMZResult mzHeader,
     ISectionsResult sections,
     byte majorLinkerVersion,
     byte minorLinkerVersion,
     ushort majorOperatingSystemVersion,
     ushort minorOperatingSystemVersion,
     ushort majorSubSystemVersion,
     ushort minorSubSystemVersion,
     ushort majorImageVersion,
     ushort minorImageVersion,
     uint fileAlignment,
     uint sectionAlignment,
     Subsystem subsystem,
     DllCharacteristics dllCharacteristics,
     uint stackSizeReserve,
     uint stackSizeCommit,
     uint heapSizeReserve,
     uint heapSizeCommit,
     ulong imageBase
     )
 {
     MZHeader                    = mzHeader;
     Sections                    = sections;
     MajorLinkerVersion          = majorLinkerVersion;
     MinorLinkerVersion          = minorLinkerVersion;
     MajorOperatingSystemVersion = majorOperatingSystemVersion;
     MinorOperatingSystemVersion = minorOperatingSystemVersion;
     MajorSubSystemVersion       = majorSubSystemVersion;
     MinorSubSystemVersion       = minorSubSystemVersion;
     MajorImageVersion           = majorImageVersion;
     MinorImageVersion           = minorImageVersion;
     FileAlignment               = fileAlignment;
     SectionAlignment            = sectionAlignment;
     Subsystem                   = subsystem;
     DllCharacteristics          = dllCharacteristics;
     StackSizeReserve            = stackSizeReserve;
     StackSizeCommit             = stackSizeCommit;
     HeapSizeReserve             = heapSizeReserve;
     HeapSizeCommit              = heapSizeCommit;
     ImageBase                   = imageBase;
 }
Beispiel #2
0
        private static IPEInfo MakePEHeaderInfo(IExecutableInfo exeInfo, IOptionalHeaderResult optHeaderResult, ISectionsResult sectionsResult)
        {
            var characteristics = Characteristics.ExecutableImage | Characteristics.LargeAddressAware;

            if (!optHeaderResult.HasDebugInfo)
            {
                characteristics |= Characteristics.DebugStripped;
            }
            if (!optHeaderResult.HasRelocationInfo)
            {
                characteristics |= Characteristics.RelocsStripped;
            }
            if (!exeInfo.MayRunFromNetwork)
            {
                characteristics |= Characteristics.NetRunFromSwap;
            }
            if (!exeInfo.MayRunFromRemoveableDrive)
            {
                characteristics |= Characteristics.RemovableRunFromSwap;
            }
            return(new PEHeaderInfo(characteristics, Machine.Amd64, DateTime.Now, (ushort)sectionsResult.SectionHeaders.Count));
        }
Beispiel #3
0
        private static IOptionalHeaderInfo MakeOptionalHeaderInfo(IExecutableInfo exeInfo, IMZResult mzResult, ISectionsResult sectionsResult)
        {
            var dllCharacteristics = DllCharacteristics.NxCompatible |                   // DEP aware
                                     DllCharacteristics.NoIsolation |                    // Do not look for the manifest in rsrc / directory (todo)
                                     DllCharacteristics.HighEntropyVirtualAddressSpace | // ASLR enabled for 64-bit range
                                     DllCharacteristics.DynamicBase |                    // May load image on any address - only does so if relocs are not stripped
                                     DllCharacteristics.NoSeh |                          //todo: SEH not implemented
                                     DllCharacteristics.NoBind;                          //todo: research

            return(new OptionalHeaderInfo(
                       mzResult,
                       sectionsResult,
                       exeInfo.MajorLinkerVersion,
                       exeInfo.MinorLinkerVersion,
                       exeInfo.MajorOperatingSystemVersion,
                       exeInfo.MinorOperatingSystemVersion,
                       exeInfo.MajorSubSystemVersion,
                       exeInfo.MinorSubSystemVersion,
                       exeInfo.MajorImageVersion,
                       exeInfo.MinorImageVersion,
                       exeInfo.FileAlignment,
                       exeInfo.SectionAlignment,
                       exeInfo.Subsystem,
                       dllCharacteristics,
                       exeInfo.StackSizeReserve,
                       exeInfo.StackSizeCommit,
                       exeInfo.HeapSizeReserve,
                       exeInfo.HeapSizeCommit,
                       exeInfo.ImageBase
                       ));
        }