public StorageHeaderVM(HexBuffer buffer, HexPosition startOffset) {
FFlagsVM = new ByteFlagsHexField(buffer, Name, "fFlags", startOffset + 0);
FFlagsVM.Add(new BooleanHexBitField("ExtraData", 0));
PadVM = new ByteHexField(buffer, Name, "pad", startOffset + 1);
IStreamsVM = new UInt16HexField(buffer, Name, "iStreams", startOffset + 2);
hexFields = new HexField[] {
FFlagsVM,
PadVM,
IStreamsVM,
};
}
public StorageHeaderVM(HexBuffer buffer, DotNetMetadataHeaderData mdHeader)
: base(HexSpan.FromBounds(mdHeader.Flags.Data.Span.Start, mdHeader.StreamCount.Data.Span.End))
{
FFlagsVM = new ByteFlagsHexField(mdHeader.Flags);
FFlagsVM.Add(new BooleanHexBitField(mdHeader.ExtraData.Name, 0));
PadVM = new ByteHexField(mdHeader.Pad);
IStreamsVM = new UInt16HexField(mdHeader.StreamCount);
hexFields = new HexField[] {
FFlagsVM,
PadVM,
IStreamsVM,
};
}
protected ImageOptionalHeaderVM(HexBuffer buffer, PeOptionalHeaderData optionalHeader)
: base(optionalHeader.Span)
{
hexFields = null !;
MagicVM = new UInt16HexField(optionalHeader.Magic);
MajorLinkerVersionVM = new ByteHexField(optionalHeader.MajorLinkerVersion, true);
MinorLinkerVersionVM = new ByteHexField(optionalHeader.MinorLinkerVersion, true);
SizeOfCodeVM = new UInt32HexField(optionalHeader.SizeOfCode);
SizeOfInitializedDataVM = new UInt32HexField(optionalHeader.SizeOfInitializedData);
SizeOfUninitializedDataVM = new UInt32HexField(optionalHeader.SizeOfUninitializedData);
AddressOfEntryPointVM = new UInt32HexField(optionalHeader.AddressOfEntryPoint);
BaseOfCodeVM = new UInt32HexField(optionalHeader.BaseOfCode);
SectionAlignmentVM = new UInt32HexField(optionalHeader.SectionAlignment);
FileAlignmentVM = new UInt32HexField(optionalHeader.FileAlignment);
MajorOperatingSystemVersionVM = new UInt16HexField(optionalHeader.MajorOperatingSystemVersion, true);
MinorOperatingSystemVersionVM = new UInt16HexField(optionalHeader.MinorOperatingSystemVersion, true);
MajorImageVersionVM = new UInt16HexField(optionalHeader.MajorImageVersion, true);
MinorImageVersionVM = new UInt16HexField(optionalHeader.MinorImageVersion, true);
MajorSubsystemVersionVM = new UInt16HexField(optionalHeader.MajorSubsystemVersion, true);
MinorSubsystemVersionVM = new UInt16HexField(optionalHeader.MinorSubsystemVersion, true);
Win32VersionValueVM = new UInt32HexField(optionalHeader.Win32VersionValue, true);
SizeOfImageVM = new UInt32HexField(optionalHeader.SizeOfImage);
SizeOfHeadersVM = new UInt32HexField(optionalHeader.SizeOfHeaders);
CheckSumVM = new UInt32HexField(optionalHeader.CheckSum);
SubsystemVM = new UInt16FlagsHexField(optionalHeader.Subsystem);
SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
DllCharacteristicsVM = new UInt16FlagsHexField(optionalHeader.DllCharacteristics);
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
LoaderFlagsVM = new UInt32HexField(optionalHeader.LoaderFlags);
NumberOfRvaAndSizesVM = new UInt32HexField(optionalHeader.NumberOfRvaAndSizes);
DataDir0VM = Create(optionalHeader, 0, "Export");
DataDir1VM = Create(optionalHeader, 1, "Import");
DataDir2VM = Create(optionalHeader, 2, "Resource");
DataDir3VM = Create(optionalHeader, 3, "Exception");
DataDir4VM = Create(optionalHeader, 4, "Security");
DataDir5VM = Create(optionalHeader, 5, "Base Reloc");
DataDir6VM = Create(optionalHeader, 6, "Debug");
DataDir7VM = Create(optionalHeader, 7, "Architecture");
DataDir8VM = Create(optionalHeader, 8, "Global Ptr");
DataDir9VM = Create(optionalHeader, 9, "TLS");
DataDir10VM = Create(optionalHeader, 10, "Load Config");
DataDir11VM = Create(optionalHeader, 11, "Bound Import");
DataDir12VM = Create(optionalHeader, 12, "IAT");
DataDir13VM = Create(optionalHeader, 13, "Delay Import");
DataDir14VM = Create(optionalHeader, 14, ".NET");
DataDir15VM = Create(optionalHeader, 15, "Reserved15");
}
public TablesStreamVM(HexBuffer buffer, TablesStream tblStream) {
var startOffset = new HexPosition((ulong)tblStream.StartOffset);
M_ulReservedVM = new UInt32HexField(buffer, Name, "m_ulReserved", startOffset + 0);
M_majorVM = new ByteHexField(buffer, Name, "m_major", startOffset + 4, true);
M_minorVM = new ByteHexField(buffer, Name, "m_minor", startOffset + 5, true);
M_heapsVM = new ByteFlagsHexField(buffer, Name, "m_heaps", startOffset + 6);
M_heapsVM.Add(new BooleanHexBitField("BigStrings", 0));
M_heapsVM.Add(new BooleanHexBitField("BigGUID", 1));
M_heapsVM.Add(new BooleanHexBitField("BigBlob", 2));
M_heapsVM.Add(new BooleanHexBitField("Padding", 3));
M_heapsVM.Add(new BooleanHexBitField("Reserved", 4));
M_heapsVM.Add(new BooleanHexBitField("DeltaOnly", 5));
M_heapsVM.Add(new BooleanHexBitField("ExtraData", 6));
M_heapsVM.Add(new BooleanHexBitField("HasDelete", 7));
M_ridVM = new ByteHexField(buffer, Name, "m_rid", startOffset + 7);
M_maskvalidVM = new UInt64FlagsHexField(buffer, Name, "m_maskvalid", startOffset + 8);
AddTableFlags(M_maskvalidVM);
M_sortedVM = new UInt64FlagsHexField(buffer, Name, "m_sorted", startOffset + 0x10);
AddTableFlags(M_sortedVM);
var list = new List<HexField> {
M_ulReservedVM,
M_majorVM,
M_minorVM,
M_heapsVM,
M_ridVM,
M_maskvalidVM,
M_sortedVM,
};
rowsVM = new UInt32HexField[64];
ulong valid = tblStream.ValidMask;
var offs = startOffset + 0x18;
for (int i = 0; i < rowsVM.Length; i++) {
rowsVM[i] = new UInt32HexField(buffer, Name, string.Format("rows[{0:X2}]", i), offs);
if ((valid & 1) != 0) {
list.Add(rowsVM[i]);
offs += 4;
}
else
rowsVM[i].IsVisible = false;
valid >>= 1;
}
M_ulExtraVM = new UInt32HexField(buffer, Name, "m_ulExtra", offs);
M_ulExtraVM.IsVisible = tblStream.HasExtraData;
if (tblStream.HasExtraData)
list.Add(M_ulExtraVM);
Debug.Assert(offs == (ulong)tblStream.MDTables[0].StartOffset);
hexFields = list.ToArray();
}
protected ImageOptionalHeaderVM(HexBuffer buffer, HexPosition startOffset, HexPosition endOffset, ulong offs1, ulong offs2) {
MagicVM = new UInt16HexField(buffer, Name, "Magic", startOffset + 0);
MajorLinkerVersionVM = new ByteHexField(buffer, Name, "MajorLinkerVersion", startOffset + 2, true);
MinorLinkerVersionVM = new ByteHexField(buffer, Name, "MinorLinkerVersion", startOffset + 3, true);
SizeOfCodeVM = new UInt32HexField(buffer, Name, "SizeOfCode", startOffset + 4);
SizeOfInitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfInitializedData", startOffset + 8);
SizeOfUninitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfUninitializedData", startOffset + 0x0C);
AddressOfEntryPointVM = new UInt32HexField(buffer, Name, "AddressOfEntryPoint", startOffset + 0x10);
BaseOfCodeVM = new UInt32HexField(buffer, Name, "BaseOfCode", startOffset + 0x14);
SectionAlignmentVM = new UInt32HexField(buffer, Name, "SectionAlignment", startOffset + offs1 + 0);
FileAlignmentVM = new UInt32HexField(buffer, Name, "FileAlignment", startOffset + offs1 + 4);
MajorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
MinorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
MajorImageVersionVM = new UInt16HexField(buffer, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
MinorImageVersionVM = new UInt16HexField(buffer, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
MajorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
MinorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
Win32VersionValueVM = new UInt32HexField(buffer, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
SizeOfImageVM = new UInt32HexField(buffer, Name, "SizeOfImage", startOffset + offs1 + 0x18);
SizeOfHeadersVM = new UInt32HexField(buffer, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
CheckSumVM = new UInt32HexField(buffer, Name, "CheckSum", startOffset + offs1 + 0x20);
SubsystemVM = new UInt16FlagsHexField(buffer, Name, "Subsystem", startOffset + offs1 + 0x24);
SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
DllCharacteristicsVM = new UInt16FlagsHexField(buffer, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
LoaderFlagsVM = new UInt32HexField(buffer, Name, "LoaderFlags", startOffset + offs2 + 0);
NumberOfRvaAndSizesVM = new UInt32HexField(buffer, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);
ulong doffs = offs2 + 8;
DataDir0VM = new DataDirVM(buffer, Name, "Export", startOffset + doffs + 0);
DataDir1VM = new DataDirVM(buffer, Name, "Import", startOffset + doffs + 8);
DataDir2VM = new DataDirVM(buffer, Name, "Resource", startOffset + doffs + 0x10);
DataDir3VM = new DataDirVM(buffer, Name, "Exception", startOffset + doffs + 0x18);
DataDir4VM = new DataDirVM(buffer, Name, "Security", startOffset + doffs + 0x20);
DataDir5VM = new DataDirVM(buffer, Name, "Base Reloc", startOffset + doffs + 0x28);
DataDir6VM = new DataDirVM(buffer, Name, "Debug", startOffset + doffs + 0x30);
DataDir7VM = new DataDirVM(buffer, Name, "Architecture", startOffset + doffs + 0x38);
DataDir8VM = new DataDirVM(buffer, Name, "Global Ptr", startOffset + doffs + 0x40);
DataDir9VM = new DataDirVM(buffer, Name, "TLS", startOffset + doffs + 0x48);
DataDir10VM = new DataDirVM(buffer, Name, "Load Config", startOffset + doffs + 0x50);
DataDir11VM = new DataDirVM(buffer, Name, "Bound Import", startOffset + doffs + 0x58);
DataDir12VM = new DataDirVM(buffer, Name, "IAT", startOffset + doffs + 0x60);
DataDir13VM = new DataDirVM(buffer, Name, "Delay Import", startOffset + doffs + 0x68);
DataDir14VM = new DataDirVM(buffer, Name, ".NET", startOffset + doffs + 0x70);
DataDir15VM = new DataDirVM(buffer, Name, "Reserved15", startOffset + doffs + 0x78);
}
public TablesStreamVM(HexBuffer buffer, TablesHeap tablesHeap, MetadataTableVM[] metadataTables)
: base(tablesHeap.HeaderSpan)
{
Debug.Assert(metadataTables.Length == 0x40);
this.metadataTables = metadataTables;
Name = tablesHeap.Header.Name;
M_ulReservedVM = new UInt32HexField(tablesHeap.Header.Reserved);
M_majorVM = new ByteHexField(tablesHeap.Header.MajorVersion, true);
M_minorVM = new ByteHexField(tablesHeap.Header.MinorVersion, true);
M_heapsVM = new ByteFlagsHexField(tablesHeap.Header.Flags);
M_heapsVM.Add(new BooleanHexBitField("BigStrings", 0));
M_heapsVM.Add(new BooleanHexBitField("BigGUID", 1));
M_heapsVM.Add(new BooleanHexBitField("BigBlob", 2));
M_heapsVM.Add(new BooleanHexBitField("Padding", 3));
M_heapsVM.Add(new BooleanHexBitField("Reserved", 4));
M_heapsVM.Add(new BooleanHexBitField("DeltaOnly", 5));
M_heapsVM.Add(new BooleanHexBitField("ExtraData", 6));
M_heapsVM.Add(new BooleanHexBitField("HasDelete", 7));
M_ridVM = new ByteHexField(tablesHeap.Header.Log2Rid);
M_maskvalidVM = new UInt64FlagsHexField(tablesHeap.Header.ValidMask);
AddTableFlags(M_maskvalidVM);
M_sortedVM = new UInt64FlagsHexField(tablesHeap.Header.SortedMask);
AddTableFlags(M_sortedVM);
var list = new List <HexField> {
M_ulReservedVM,
M_majorVM,
M_minorVM,
M_heapsVM,
M_ridVM,
M_maskvalidVM,
M_sortedVM,
};
rowsVM = new UInt32HexField[64];
ulong valid = tablesHeap.ValidMask;
for (int i = 0, rowIndex = 0; i < rowsVM.Length; i++)
{
UInt32HexField field;
if ((valid & 1) != 0 && rowIndex < tablesHeap.Header.Rows.Data.FieldCount)
{
var row = tablesHeap.Header.Rows.Data[rowIndex++].Data;
field = new UInt32HexField(row, tablesHeap.Header.Rows.Name + "[" + i.ToString("X2") + "]");
list.Add(field);
}
else
{
field = UInt32HexField.TryCreate(null);
}
rowsVM[i] = field;
valid >>= 1;
}
M_ulExtraVM = UInt32HexField.TryCreate(tablesHeap.Header.ExtraData);
M_ulExtraVM.IsVisible = tablesHeap.Header.HasExtraData;
if (tablesHeap.Header.HasExtraData)
{
list.Add(M_ulExtraVM);
}
hexFields = list.ToArray();
}