public CopiedProcessModule(Process process, IntPtr baseAddress, int size)
{
BaseAddress = baseAddress;
using (var memoryReader = new MemoryReader(process))
{
var copiedBytes = memoryReader.ReadMemory(baseAddress, size, out var bytesRead);
if (bytesRead != size)
{
throw new AccessViolationException("Could not copy entire module into memory.");
}
var reader = new ByteArrayReader(copiedBytes);
// DOS header.
var dosHeader = DosHeader.FromReader(reader);
reader.FileOffset = dosHeader.NextHeaderOffset;
uint signature = reader.ReadUInt32();
if (signature != 0x4550) //PE\0\0
{
throw new BadImageFormatException();
}
// Read NT headers.
var peFile = new PEFile(
dosHeader,
FileHeader.FromReader(reader),
OptionalHeader.FromReader(reader));
ImageFile = peFile;
// Section headers.
reader.FileOffset = peFile.OptionalHeader.FileOffset + peFile.FileHeader.SizeOfOptionalHeader;
for (int i = 0; i < peFile.FileHeader.NumberOfSections; i++)
{
var header = SectionHeader.FromReader(reader);
header.PointerToRawData = header.VirtualAddress;
header.SizeOfRawData = header.VirtualSize;
var contentsReader = reader.Fork(header.PointerToRawData, header.VirtualSize);
var contents = DataSegment.FromReader(contentsReader);
contents.UpdateOffsets(header.PointerToRawData, header.VirtualAddress);
peFile.Sections.Add(new PESection(header, new VirtualSegment(contents, header.VirtualSize)));
}
Image = PEImage.FromFile(peFile);
}
}
/// <summary>
/// Reads a PE file from the provided input stream.
/// </summary>
/// <param name="reader">The input stream to read from.</param>
/// <returns>The PE file that was read.</returns>
/// <exception cref="BadImageFormatException">Occurs when the file does not follow the PE file format.</exception>
public static PEFile FromReader(IBinaryStreamReader reader)
{
// DOS header.
var dosHeader = DosHeader.FromReader(reader);
reader.FileOffset = dosHeader.NextHeaderOffset;
uint signature = reader.ReadUInt32();
if (signature != ValidPESignature)
{
throw new BadImageFormatException();
}
// Read NT headers.
var peFile = new PEFile(
dosHeader,
FileHeader.FromReader(reader),
OptionalHeader.FromReader(reader));
// Section headers.
reader.FileOffset = peFile.OptionalHeader.FileOffset + peFile.FileHeader.SizeOfOptionalHeader;
for (int i = 0; i < peFile.FileHeader.NumberOfSections; i++)
{
var header = SectionHeader.FromReader(reader);
var contentsReader = reader.Fork(header.PointerToRawData, header.SizeOfRawData);
var contents = DataSegment.FromReader(contentsReader);
contents.UpdateOffsets(header.PointerToRawData, header.VirtualAddress);
peFile.Sections.Add(new PESection(header, new VirtualSegment(contents, header.VirtualSize)));
}
// Data between section headers and sections.
int extraSectionDataLength = (int)(peFile.OptionalHeader.SizeOfHeaders - reader.FileOffset);
if (extraSectionDataLength != 0)
{
peFile.ExtraSectionData = DataSegment.FromReader(reader, extraSectionDataLength);
}
return(peFile);
}
/// <summary>
/// Reads a PE file from an input stream.
/// </summary>
/// <param name="reader">The input stream.</param>
/// <param name="mode">Indicates how the input PE file is mapped.</param>
/// <exception cref="BadImageFormatException">Occurs when the input stream is malformed.</exception>
public SerializedPEFile(IBinaryStreamReader reader, PEMappingMode mode)
{
_reader = reader ?? throw new ArgumentNullException(nameof(reader));
MappingMode = mode;
// DOS header.
DosHeader = DosHeader.FromReader(reader);
reader.Offset = DosHeader.Offset + DosHeader.NextHeaderOffset;
uint signature = reader.ReadUInt32();
if (signature != ValidPESignature)
{
throw new BadImageFormatException();
}
// Read NT headers.
FileHeader = FileHeader.FromReader(reader);
OptionalHeader = OptionalHeader.FromReader(reader);
// Read section headers.
reader.Offset = OptionalHeader.Offset + FileHeader.SizeOfOptionalHeader;
_sectionHeaders = new List <SectionHeader>(FileHeader.NumberOfSections);
for (int i = 0; i < FileHeader.NumberOfSections; i++)
{
_sectionHeaders.Add(SectionHeader.FromReader(reader));
}
// Data between section headers and sections.
int extraSectionDataLength = (int)(DosHeader.Offset + OptionalHeader.SizeOfHeaders - reader.Offset);
if (extraSectionDataLength != 0)
{
ExtraSectionData = DataSegment.FromReader(reader, extraSectionDataLength);
}
}
