internal void ReadFatMethod()
        {
            peImage.SetOffset(Offset.FromRva(rva, peImage.ParentAssembly).FileOffset);

            fatsig      = BitConverter.ToInt16(peImage.ReadBytes(2), 0);
            maxstack    = BitConverter.ToInt16(peImage.ReadBytes(2), 0);
            codesize    = BitConverter.ToUInt32(peImage.ReadBytes(4), 0);
            localvarsig = BitConverter.ToUInt32(peImage.ReadBytes(4), 0);
        }
        /// <summary>
        /// Replaces an instruction with a new instruction.
        /// </summary>
        /// <param name="targetInstruction">The instruction to replace.</param>
        /// <param name="newInstruction">The new instruction.</param>
        /// <param name="overwriteWhenLarger">A boolean indicating whenever the new instruction is larger, it should overwrite the following instructions.</param>
        public void Replace(x86Instruction targetInstruction, x86Instruction newInstruction, bool overwriteWhenLarger)
        {
            int targetOffset = (int)targetInstruction.Offset.FileOffset;

            if (!overwriteWhenLarger && targetInstruction.Size < newInstruction.Size)
            {
                throw new ArgumentException("The size of the new instruction is bigger than the target instruction.", "newInstruction");
            }

            newInstruction.Offset = targetInstruction.Offset;

            int NopsToAdd = CalculateSpaceNeeded(targetInstruction, newInstruction) - newInstruction.Size;

            byte[] NOPS = new byte[NopsToAdd];

            for (int i = 0; i < NopsToAdd; i++)
            {
                NOPS[i] = 0x90;
            }

            image.SetOffset(targetOffset);
            image.Writer.Write(newInstruction.OpCode.opcodebytes);
            if (newInstruction.operandbytes != null)
            {
                image.Writer.Write(newInstruction.operandbytes);
            }
            image.Writer.Write(NOPS);
        }
Beispiel #3
0
        public void Replace(MSILInstruction targetInstruction, MSILInstruction newInstruction, bool overwriteWhenLarger, bool suppressInvalidReferences)
        {
            int targetOffset = (int)(_bodyOffset + targetInstruction.Offset);

            if (!overwriteWhenLarger && targetInstruction.Size < newInstruction.Size)
            {
                throw new ArgumentException("The size of the new instruction is bigger than the target instruction.", "newInstruction");
            }

            newInstruction.Offset = targetInstruction.Offset;
            GenerateOperandBytes(newInstruction);

            if (!suppressInvalidReferences && newInstruction.Operand is MetaDataMember)
            {
                if (!ValidateReference(newInstruction.Operand as MetaDataMember))
                {
                    throw new ArgumentException(newInstruction.Operand.ToString() + " does not match with the metadata member provided in the target assembly", "newInstruction");
                }
            }

            int totalSize = CalculateSpaceNeeded(targetInstruction, newInstruction);
            int NopsToAdd = totalSize - newInstruction.Size;

            byte[] NOPS = new byte[NopsToAdd];

            _image.SetOffset(targetOffset);
            _image.Writer.Write(newInstruction.OpCode.Bytes);
            if (newInstruction.OperandBytes != null)
            {
                _image.Writer.Write(newInstruction.OperandBytes);
            }

            _image.Writer.Write(NOPS);
        }
Beispiel #4
0
 internal NETMethodReader(PeImage peImage, MethodBody methodbody)
 {
     tokenResolver = new MetaDataTokenResolver(peImage.ParentAssembly._netHeader);
     this.peImage = peImage;
     this.rva = methodbody.Method.RVA;
     this.methodbody = methodbody;
     peImage.SetOffset(Offset.FromRva(rva, peImage.ParentAssembly).FileOffset);
     rawoffset = (uint)peImage.Stream.Position;
     signature = peImage.Reader.ReadByte();
 }
 internal NETMethodReader(PeImage peImage, MethodBody methodbody)
 {
     tokenResolver   = new MetaDataTokenResolver(peImage.ParentAssembly._netHeader);
     this.peImage    = peImage;
     this.rva        = methodbody.Method.RVA;
     this.methodbody = methodbody;
     peImage.SetOffset(Offset.FromRva(rva, peImage.ParentAssembly).FileOffset);
     rawoffset = (uint)peImage.Stream.Position;
     signature = peImage.Reader.ReadByte();
 }
        private void LoadExports()
        {
            // TODO: Unnamed exports (detect exports with only an ordinal).

            string        libraryname   = header.assembly.path.Substring(header.assembly.path.LastIndexOf('\\') + 1);
            DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export];

            if (exportdatadir.targetOffset.FileOffset == 0)
            {
                return;
            }

            image.SetOffset(exportdatadir.TargetOffset.FileOffset);

            exportDirectory = image.ReadStructure <Structures.IMAGE_EXPORT_DIRECTORY>();

            OffsetConverter offsetConverter           = new OffsetConverter(exportdatadir.Section);
            uint            functionoffset            = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions);
            uint            functionnameoffset        = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames);
            uint            functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals);

            for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++)
            {
                image.SetOffset(functionoffset);
                uint functionRVA = image.Reader.ReadUInt32();
                image.SetOffset(functionnameoffset);
                uint functionNameRVA = image.Reader.ReadUInt32();
                image.SetOffset(functionnameordinaloffset);
                uint functionNameOrdinal = image.Reader.ReadUInt32();

                string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA));

                exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base)));

                functionoffset            += 4;
                functionnameoffset        += 4;
                functionnameordinaloffset += 4;
            }
        }
 /// <summary>
 /// Reads the data as a stream with a specified buffer size.
 /// </summary>
 /// <param name="buffersize">The buffer size to be used to read the data.</param>
 /// <returns></returns>
 public Stream GetStream(int buffersize)
 {
     image.SetOffset(targetOffset);
     return(image.ReadStream((int)Size, buffersize));
 }