public static PEDataDirectory Parse(BinaryReader reader)
{
PEDataDirectory dir = new PEDataDirectory();
dir.VirtualAddress = reader.ReadUInt32();
dir.Size = reader.ReadUInt32();
return(dir);
}
public void WritePortableExecutable(BinaryWriter writer)
{
writer.BaseStream.Seek(0, SeekOrigin.Begin);
m_dosHeader.Write(writer);
writer.Write(m_dosStubBytes);
m_coffHeader.Write(writer);
m_peHeaderOffset = (uint)writer.BaseStream.Position;
m_peHeader.Write(writer);
for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
{
m_sectionHeaders[i].Write(writer);
}
writer.Write(m_filler);
for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
{
writer.Write(m_sections[i]);
}
writer.Write(m_remainingBytes);
// Write Import Directory:
PEDataDirectory importDirectoryEntry = m_peHeader.DataDirectories[(int)DataDirectoryName.Import];
if (importDirectoryEntry.VirtualAddress > 0)
{
uint importDirectoryFileOffset = GetOffsetFromRVA(importDirectoryEntry.VirtualAddress);
writer.Seek((int)importDirectoryFileOffset, SeekOrigin.Begin);
m_importDirectory.Write(writer);
}
// Update PE checksum:
writer.Seek(0, SeekOrigin.Begin);
byte[] fileBytes = new byte[writer.BaseStream.Length];
writer.BaseStream.Read(fileBytes, 0, (int)writer.BaseStream.Length);
uint checksumOffset = m_peHeaderOffset + PEHeader.ChecksumRelativeAddress;
uint checksum = PortableExecutableUtils.CalculcateChecksum(fileBytes, checksumOffset);
writer.Seek((int)checksumOffset, SeekOrigin.Begin);
writer.Write(checksum);
writer.Flush();
}
public void Parse(BinaryReader reader)
{
m_dosHeader = DosHeader.Parse(reader);
int dosStubSize = (int)(m_dosHeader.CoffHeaderOffset - reader.BaseStream.Position);
m_dosStubBytes = reader.ReadBytes(dosStubSize);
m_coffHeader = CoffHeader.Parse(reader);
m_peHeaderOffset = (uint)reader.BaseStream.Position;
m_peHeader = PEHeader.Parse(reader);
for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
{
m_sectionHeaders.Add(PESectionHeader.Parse(reader));
}
int fillerSize = (int)(m_sectionHeaders[0].PointerToRawData - reader.BaseStream.Position);
m_filler = reader.ReadBytes(fillerSize);
for (int i = 0; i < m_coffHeader.NumberOfSections; i++)
{
byte[] sectionBytes = reader.ReadBytes((int)m_sectionHeaders[i].SizeOfRawData);
m_sections.Add(sectionBytes);
}
int remainingByteCount = (int)(reader.BaseStream.Length - reader.BaseStream.Position);
m_remainingBytes = reader.ReadBytes(remainingByteCount);
// file ends here
// Parse Import Directory:
PEDataDirectory importDirectoryEntry = m_peHeader.DataDirectories[(int)DataDirectoryName.Import];
if (importDirectoryEntry.VirtualAddress > 0)
{
uint importDirectoryFileOffset = GetOffsetFromRVA(importDirectoryEntry.VirtualAddress);
reader.BaseStream.Seek(importDirectoryFileOffset, SeekOrigin.Begin);
m_importDirectory = ImportDirectory.Parse(reader);
}
}
public static PEHeader Parse(BinaryReader reader)
{
PEHeaderType signature = (PEHeaderType)reader.ReadUInt16();
if (!Enum.IsDefined(typeof(PEHeaderType), signature))
{
throw new Exception("Invalid PE header signature");
}
PEHeader header = new PEHeader();
header.Type = signature;
header.LinkerVersion = new Version(reader.ReadByte(), reader.ReadByte());
header.SizeOfCode = reader.ReadUInt32();
header.SizeOfInitializedData = reader.ReadUInt32();
header.SizeOfUninitializedData = reader.ReadUInt32();
header.AddressOfEntryPoint = reader.ReadUInt32();
header.BaseOfCode = reader.ReadUInt32();
if (signature == PEHeaderType.PE64)
{
header.ImageBase = reader.ReadUInt64();
}
else
{
header.BaseOfData = reader.ReadUInt32();
header.ImageBase = reader.ReadUInt32();
}
header.SectionAlignment = reader.ReadUInt32();
header.FileAlignment = reader.ReadUInt32();
header.OperatingSystemVersion = new Version(reader.ReadUInt16(), reader.ReadUInt16());
header.ImageVersion = new Version(reader.ReadUInt16(), reader.ReadUInt16());
header.SubsystemVersion = new Version(reader.ReadUInt16(), reader.ReadUInt16());
header.Win32VersionValue = reader.ReadUInt32();
header.SizeOfImage = reader.ReadUInt32();
header.SizeOfHeaders = reader.ReadUInt32();
header.Checksum = reader.ReadUInt32();
header.Subsystem = (PESubsystem)reader.ReadUInt16();
header.DllCharacteristics = (PEDllCharacteristics)reader.ReadUInt16();
if (signature == PEHeaderType.PE64)
{
header.SizeOfStackReserve = reader.ReadUInt64();
header.SizeOfStackCommit = reader.ReadUInt64();
header.SizeOfHeapReserve = reader.ReadUInt64();
header.SizeOfHeapCommit = reader.ReadUInt64();
}
else
{
header.SizeOfStackReserve = reader.ReadUInt32();
header.SizeOfStackCommit = reader.ReadUInt32();
header.SizeOfHeapReserve = reader.ReadUInt32();
header.SizeOfHeapCommit = reader.ReadUInt32();
}
header.LoaderFlags = reader.ReadUInt32();
header.DataDirectories = new PEDataDirectory[reader.ReadUInt32()];
for (int i = 0; i < header.DataDirectories.Length; i++)
{
header.DataDirectories[i] = PEDataDirectory.Parse(reader);
}
return(header);
}
