/// <summary>
/// Returns the address of a module export symbol if found
/// </summary>
/// <param name="symbolName">symbol name (without the module name prepended)</param>
/// <param name="offset">symbol offset returned</param>
/// <returns>true if found</returns>
public bool TryGetExportSymbol(string symbolName, out ulong offset)
{
try
{
ImageExportDirectory exportDirectory = _exportDirectory.Value;
if (exportDirectory is not null)
{
for (int nameIndex = 0; nameIndex < exportDirectory.NumberOfNames; nameIndex++)
{
uint namePointerRVA = RelativeVirtualAddressReader.Read <uint>((ulong)(exportDirectory.AddressOfNames + (sizeof(uint) * nameIndex)));
if (namePointerRVA != 0)
{
string name = RelativeVirtualAddressReader.Read <string>(namePointerRVA);
if (name == symbolName)
{
ushort ordinalForNamedExport = RelativeVirtualAddressReader.Read <ushort>((ulong)(exportDirectory.AddressOfNameOrdinals + (sizeof(ushort) * nameIndex)));
offset = RelativeVirtualAddressReader.Read <uint>((ulong)(exportDirectory.AddressOfFunctions + (sizeof(uint) * ordinalForNamedExport)));
return(true);
}
}
}
}
}
catch (Exception ex) when(ex is InvalidVirtualAddressException || ex is BadInputFormatException)
{
}
offset = 0;
return(false);
}
private ImageExportDirectory ReadExportDirectory()
{
if (IsValid())
{
ImageDataDirectory exportTableDirectory = ImageDataDirectory[(int)ImageDirectoryEntry.Export];
if (exportTableDirectory is not null)
{
return(RelativeVirtualAddressReader.Read <ImageExportDirectory>(exportTableDirectory.VirtualAddress));
}
}
return(null);
}
private VsFixedFileInfo ReadVersionResource()
{
ImageResourceDataEntry dataEntry = GetResourceDataEntry(VersionResourceType, VersionResourceName, VersionResourceLanguage);
if (dataEntry != null)
{
VsVersionInfo info = RelativeVirtualAddressReader.Read <VsVersionInfo>(dataEntry.OffsetToData);
if (info.Value.Signature == VsFixedFileInfo.FixedFileInfoSignature)
{
return(info.Value);
}
}
return(null);
}
private ImageResourceDataEntry GetResourceDataEntry(uint type, uint name, uint language)
{
uint resourceSectionRva = ImageDataDirectory[(int)ImageDirectoryEntry.Resource].VirtualAddress;
ImageResourceDirectory resourceDirectory = RelativeVirtualAddressReader.Read <ImageResourceDirectory>(resourceSectionRva);
if (GetNextLevelResourceEntryRva(resourceDirectory, type, resourceSectionRva, out uint nameTableRva))
{
if (GetNextLevelResourceEntryRva(resourceDirectory, name, resourceSectionRva + nameTableRva, out uint langTableRva))
{
if (GetNextLevelResourceEntryRva(resourceDirectory, language, resourceSectionRva + langTableRva, out uint resourceDataEntryRva))
{
return(RelativeVirtualAddressReader.Read <ImageResourceDataEntry>(resourceSectionRva + resourceDataEntryRva));
}
}
}
return(null);
}
private bool GetNextLevelResourceEntryRva(ImageResourceDirectory resourceDirectory, uint id, uint rva, out uint nextLevelRva)
{
ushort numNameEntries = resourceDirectory.NumberOfNamedEntries;
ushort numIDEntries = resourceDirectory.NumberOfIdEntries;
uint directorySize = RelativeVirtualAddressReader.SizeOf <ImageResourceDirectory>();
uint entrySize = RelativeVirtualAddressReader.SizeOf <ImageResourceDirectoryEntry>();
for (ushort i = numNameEntries; i < numNameEntries + numIDEntries; i++)
{
ImageResourceDirectoryEntry entry = RelativeVirtualAddressReader.Read <ImageResourceDirectoryEntry>(rva + directorySize + (i * entrySize));
if (entry.Id == id)
{
nextLevelRva = entry.OffsetToData & 0x7FFFFFFF;
return(true);
}
}
nextLevelRva = 0;
return(false);
}
private IEnumerable <PEPerfMapRecord> ReadPerfMapV1Entries()
{
ImageDataDirectory imageDebugDirectory = ImageDataDirectory[(int)ImageDirectoryEntry.Debug];
uint count = imageDebugDirectory.Size / FileReader.SizeOf <ImageDebugDirectory>();
ImageDebugDirectory[] debugDirectories = RelativeVirtualAddressReader.ReadArray <ImageDebugDirectory>(imageDebugDirectory.VirtualAddress, count);
foreach (ImageDebugDirectory directory in debugDirectories)
{
if (directory.Type == ImageDebugType.PerfMap && directory.MajorVersion == 1 && directory.MinorVersion == 0)
{
ulong position = directory.AddressOfRawData;
PerfMapIdV1 perfmapEntryHeader = RelativeVirtualAddressReader.Read <PerfMapIdV1>(ref position);
if (perfmapEntryHeader.Magic == PerfMapIdV1.PerfMapEntryMagic)
{
string fileName = RelativeVirtualAddressReader.Read <string>(position);
yield return(new PEPerfMapRecord(fileName, perfmapEntryHeader.Signature, perfmapEntryHeader.Version));
}
}
}
}
private IEnumerable <PdbChecksum> ReadPdbChecksum()
{
ImageDataDirectory imageDebugDirectory = ImageDataDirectory[(int)ImageDirectoryEntry.Debug];
uint count = imageDebugDirectory.Size / FileReader.SizeOf <ImageDebugDirectory>();
ImageDebugDirectory[] debugDirectories = RelativeVirtualAddressReader.ReadArray <ImageDebugDirectory>(imageDebugDirectory.VirtualAddress, count);
foreach (ImageDebugDirectory directory in debugDirectories)
{
if (directory.Type == ImageDebugType.PdbChecksum)
{
uint sizeOfData = directory.SizeOfData;
ulong position = directory.AddressOfRawData;
string algorithmName = RelativeVirtualAddressReader.Read <string>(position);
var algorithmLength = (uint)algorithmName.Length;
uint length = sizeOfData - algorithmLength - 1; // -1 for null terminator
byte[] checksum = RelativeVirtualAddressReader.ReadArray <byte>(position + algorithmLength + 1 /* +1 for null terminator */, length);
yield return(new PdbChecksum(algorithmName, checksum));
}
}
}
private IEnumerable <PEPdbRecord> ReadPdbInfo()
{
ImageDataDirectory imageDebugDirectory = ImageDataDirectory[(int)ImageDirectoryEntry.Debug];
uint count = imageDebugDirectory.Size / FileReader.SizeOf <ImageDebugDirectory>();
ImageDebugDirectory[] debugDirectories = RelativeVirtualAddressReader.ReadArray <ImageDebugDirectory>(imageDebugDirectory.VirtualAddress, count);
foreach (ImageDebugDirectory directory in debugDirectories)
{
if (directory.Type == ImageDebugType.Codeview)
{
ulong position = directory.AddressOfRawData;
CvInfoPdb70 pdb = RelativeVirtualAddressReader.Read <CvInfoPdb70>(ref position);
if (pdb.CvSignature == CvInfoPdb70.PDB70CvSignature)
{
bool isPortablePDB = directory.MinorVersion == ImageDebugDirectory.PortablePDBMinorVersion;
string fileName = RelativeVirtualAddressReader.Read <string>(position);
yield return(new PEPdbRecord(isPortablePDB, fileName, new Guid(pdb.Signature), pdb.Age));
}
}
}
}
private PEPdbRecord ReadPdbInfo()
{
PEImageDataDirectory imageDebugDirectory = ImageDataDirectory[(int)PEDirectories.Debug];
uint count = imageDebugDirectory.Size / FileReader.SizeOf <ImageDebugDirectory>();
ImageDebugDirectory[] debugDirectories = RelativeVirtualAddressReader.ReadArray <ImageDebugDirectory>(imageDebugDirectory.VirtualAddress, count);
IEnumerable <ImageDebugDirectory> codeViewDirectories = debugDirectories.Where(d => d.Type == ImageDebugType.Codeview);
foreach (ImageDebugDirectory directory in codeViewDirectories)
{
ulong position = directory.AddressOfRawData;
CvInfoPdb70 pdb = RelativeVirtualAddressReader.Read <CvInfoPdb70>(ref position);
if (pdb.CvSignature != CvInfoPdb70.PDB70CvSignature)
{
continue;
}
string filename = RelativeVirtualAddressReader.Read <string>(position);
return(new PEPdbRecord(filename, new Guid(pdb.Signature), pdb.Age));
}
return(null);
}
