Ejemplo n.º 1
0
        internal PeHeaderReader(string filePath)
        {
            // Read in the DLL or EXE and get the timestamp
            using (var stream = new FileStream(filePath, FileMode.Open, FileAccess.Read))
            {
                var reader = new BinaryReader(stream);
                _dosHeader = FromBinaryReader <ImageDosHeader>(reader);

                // Add 4 bytes to the offset
                stream.Seek(_dosHeader.ELfanew, SeekOrigin.Begin);

                var ntHeadersSignature = reader.ReadUInt32();
                _fileHeader = FromBinaryReader <ImageFileHeader>(reader);
                if (Is32BitHeader)
                {
                    _optionalHeader32 = FromBinaryReader <ImageOptionalHeader32>(reader);
                }
                else
                {
                    _optionalHeader64 = FromBinaryReader <ImageOptionalHeader64>(reader);
                }

                _imageSectionHeaders = new ImageSectionHeader[_fileHeader.NumberOfSections];
                for (var headerNo = 0; headerNo < _imageSectionHeaders.Length; ++headerNo)
                {
                    _imageSectionHeaders[headerNo] = FromBinaryReader <ImageSectionHeader>(reader);
                }
            }
        }
Ejemplo n.º 2
0
 private static void InitializeFileHeader(ImageFileHeader fileHeader)
 {
     fileHeader.Machine = ImageMachineType.I386;
     fileHeader.SizeOfOptionalHeader = 0xE0;
     fileHeader.Characteristics      = ImageCharacteristics.Image | ImageCharacteristics.LineNumsStripped |
                                       ImageCharacteristics.LocalSymsStripped | ImageCharacteristics.Machine32Bit;
 }
Ejemplo n.º 3
0
 private static void InitializeFileHeader(ImageFileHeader fileHeader)
 {
     fileHeader.Machine = ImageMachineType.I386;
     fileHeader.SizeOfOptionalHeader = 0xE0;
     fileHeader.Characteristics = ImageCharacteristics.Image | ImageCharacteristics.LineNumsStripped |
                                  ImageCharacteristics.LocalSymsStripped | ImageCharacteristics.Machine32Bit;
 }
Ejemplo n.º 4
0
        private static unsafe float[][] ReadImagesFile(string imageFile)
        {
            float[][] images;
            using (BinaryReader reader = new BinaryReader(new FileStream(imageFile, FileMode.Open, FileAccess.Read)))
            {
                var buffer = reader.ReadBytes(sizeof(ImageFileHeader));
                fixed(byte *pBuffer = buffer)
                {
                    ImageFileHeader imageFileHeader = *(ImageFileHeader *)pBuffer;

                    images = new float[imageFileHeader.NbImages][];

                    for (int i = 0; i < imageFileHeader.NbImages; i++)
                    {
                        var imageBuffer = reader.ReadBytes(imageFileHeader.Witdth * imageFileHeader.Heigh);
                        var floatArray  = new float[imageBuffer.Length];
                        for (int j = 0; j < floatArray.Length; j++)
                        {
                            floatArray[j] = imageBuffer[j] / 255.0f;
                        }
                        images[i] = floatArray;
                    }
                }
            }
            return(images);
        }
Ejemplo n.º 5
0
        internal static ImageNtHeaders FromReadingContext(ReadingContext context)
        {
            var reader = context.Reader;

            return(new ImageNtHeaders
            {
                StartOffset = reader.Position,
                Signature = reader.ReadUInt32(),
                FileHeader = ImageFileHeader.FromReadingContext(context),
                OptionalHeader = ImageOptionalHeader.FromReadingContext(context),
            });
        }
Ejemplo n.º 6
0
        /// <summary>
        /// Setup internal data based on given input read from native image.
        /// </summary>
        bool IBinaryConverter <ImageFileHeader> .Convert(ref ImageFileHeader s, uint startOffset, uint size)
        {
            MachineType          = (MachineType)s.Machine;
            DataSectionCount     = s.NumberOfSections;
            CreationTime         = new DateTime(1970, 1, 1).AddSeconds(s.TimeDateStamp);
            SymbolTableAddress   = s.PointerToSymbolTable;
            SizeOfOptionalHeader = s.SizeOfOptionalHeader;
            SymbolCount          = s.NumberOfSymbols;
            Characteristics      = (Characteristics)s.Characteristics;

            UpdateFileInfo("Object", startOffset, size);
            return(true);
        }
Ejemplo n.º 7
0
        public XPeParser(String path)
        {
            f = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read);
            BinaryReader br = new BinaryReader(f);

            /* Check the main signature */
            ushort dosSig = br.ReadUInt16();

            if (dosSig != IMAGE_DOS_SIGNATURE)
            {
                throw new Exception("Invalid DOS Signature for the executable!");
            }

            /* Seek to the PE header */
            br.BaseStream.Seek(0x3C, SeekOrigin.Begin);
            uint peOffset = br.ReadUInt32();

            /* Check the PE signature */
            br.BaseStream.Seek(peOffset, SeekOrigin.Begin);

            uint peSign = br.ReadUInt32();

            if (peSign != IMAGE_NT_SIGNATURE)
            {
                throw new Exception("Invalid PE Signature for the executable!");
            }

            /* Read the rest of PE header, then check some fields */
            imHdr = new ImageFileHeader(br);

            /* Specific machine value to indicate Xbox 360 */
            if (imHdr.Machine != 0x1F2)
            {
                throw new Exception("The PE is valid but it's not an Xbox 360 executable.");
            }

            /*
             * The strange thing is that imHdr.Characteristics is set to 0x102
             * (usually), indicating a 32bit architecture, while the Xenon is 64-bit.
             * Microsoft likes to mess with their own specifications...
             */
            optHdr = new OptionalHeader(br);

            sectHdrs = new SectionHeader[imHdr.NumberOfSections];
            for (int i = 0; i < imHdr.NumberOfSections; i++)
            {
                sectHdrs[i] = new SectionHeader(br);
            }

            FileName = path;
        }
Ejemplo n.º 8
0
        public void ImageFileHeaderConstructorWorks_Test()
        {
            var fileHeader = new ImageFileHeader(new BufferFile(RawStructures.RawFileHeader), 2);

            Assert.Equal(MachineType.Amd64, fileHeader.Machine);
            Assert.Equal("AMD64", fileHeader.MachineResolved);
            Assert.Equal((ushort)0x3322, fileHeader.NumberOfSections);
            Assert.Equal((uint)0x77665544, fileHeader.TimeDateStamp);
            Assert.Equal(0xbbaa9988, fileHeader.PointerToSymbolTable);
            Assert.Equal(0xffeeddcc, fileHeader.NumberOfSymbols);
            Assert.Equal((ushort)0x2211, fileHeader.SizeOfOptionalHeader);
            Assert.True(fileHeader.Characteristics.HasFlag(FileCharacteristicsType.Dll));
            Assert.Contains("Dll", fileHeader.CharacteristicsResolved);
        }
Ejemplo n.º 9
0
        public XPeParser(String path)
        {
            f = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read);
            BinaryReader br = new BinaryReader(f);

            /* Check the main signature */
            ushort dosSig = br.ReadUInt16();
            if (dosSig != IMAGE_DOS_SIGNATURE)
                throw new Exception("Invalid DOS Signature for the executable!");

            /* Seek to the PE header */
            br.BaseStream.Seek(0x3C, SeekOrigin.Begin);
            uint peOffset = br.ReadUInt32();

            /* Check the PE signature */
            br.BaseStream.Seek(peOffset, SeekOrigin.Begin);

            uint peSign = br.ReadUInt32();
            if (peSign != IMAGE_NT_SIGNATURE)
                throw new Exception("Invalid PE Signature for the executable!");

            /* Read the rest of PE header, then check some fields */
            imHdr = new ImageFileHeader(br);

            /* Specific machine value to indicate Xbox 360 */
            if (imHdr.Machine != 0x1F2)
                throw new Exception("The PE is valid but it's not an Xbox 360 executable.");

            /*
             * The strange thing is that imHdr.Characteristics is set to 0x102
             * (usually), indicating a 32bit architecture, while the Xenon is 64-bit.
             * Microsoft likes to mess with their own specifications...
             */
            optHdr = new OptionalHeader(br);

            sectHdrs = new SectionHeader[imHdr.NumberOfSections];
            for (int i = 0; i < imHdr.NumberOfSections; i++)
                sectHdrs[i] = new SectionHeader(br);

            FileName = path;
        }
Ejemplo n.º 10
0
            private List <SectionHeader> ReadSections()
            {
                List <SectionHeader> sections = new List <SectionHeader>();

                if (!IsValid)
                {
                    return(sections);
                }

                ImageFileHeader header = Header;

                if (header == null)
                {
                    return(sections);
                }

                SeekTo(ImageDataDirectoryOffset);

                // Sanity check, there's a null row at the end of the data directory table
                ulong?zero = Read <ulong>();

                if (zero != 0)
                {
                    return(sections);
                }

                for (int i = 0; i < header.NumberOfSections; i++)
                {
                    IMAGE_SECTION_HEADER?sectionHdr = Read <IMAGE_SECTION_HEADER>();
                    if (sectionHdr.HasValue)
                    {
                        sections.Add(new SectionHeader(sectionHdr.Value));
                    }
                }

                return(sections);
            }
Ejemplo n.º 11
0
 public ImageFileHeaderTreeNode(HexDocument doc, ImageFileHeader fileHeader)
     : base((ulong)fileHeader.StartOffset, (ulong)fileHeader.EndOffset - 1)
 {
     this.imageFileHeaderVM = new ImageFileHeaderVM(this, doc, StartOffset);
 }
Ejemplo n.º 12
0
 public ImageFileHeaderNode(HexBuffer buffer, ImageFileHeader fileHeader)
     : base(HexSpan.FromBounds((ulong)fileHeader.StartOffset, (ulong)fileHeader.EndOffset))
 {
     imageFileHeaderVM = new ImageFileHeaderVM(this, buffer, Span.Start);
 }
Ejemplo n.º 13
0
 public ImageNtHeaders64(uint signature, ImageFileHeader fileHeader, ImageOptionalHeader64 optionalHeader)
 {
     Signature      = signature;
     FileHeader     = fileHeader;
     OptionalHeader = optionalHeader;
 }