public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, System.IO.BinaryReader Reader)
{
var imps = new ImportSection();
return(imps);
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader hdr, BinaryReader r)
{
var entryInfo = Misc.FromBinaryReader <IMAGE_DEBUG_DIRECTORY>(r);
if (entryInfo.PointerToRawData == 0)
{
return(null);
}
r.BaseStream.Position = entryInfo.PointerToRawData;
if (entryInfo.Type == IMAGE_DEBUG_TYPE.CODEVIEW)
{
return new CodeViewDebugSection {
EntryInformation = entryInfo,
SectionHeader = hdr,
Data = CodeViewReader.Read(entryInfo, r),
}
}
;
return(new DebugSection {
SectionHeader = hdr, EntryInformation = entryInfo
});
}
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, BinaryReader r)
{
var cs = new ExportSection {
SectionHeader = Header
};
// Read Export directory table
var exportDirTbl = Misc.FromBinaryReader <ExportDirectoryTable>(r);
// Read export address table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.OrdinalTableRVA;
var exportAddressTable = new List <ExportOrdinalTableEntry>(exportDirTbl.AddressTableEntries);
for (int i = exportDirTbl.AddressTableEntries; i > 0; i--)
{
var u = r.ReadUInt32();
var u2 = r.ReadUInt32();
exportAddressTable.Add(new ExportOrdinalTableEntry
{
ExportRVA = u,
ForwarderRVA = u2
});
}
// Export Name Pointer Table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.NamePointerRVA;
var exportNamePointers = new List <uint>(exportDirTbl.NamePointerCount);
for (int i = exportDirTbl.NamePointerCount; i > 0; i--)
{
exportNamePointers.Add(r.ReadUInt32());
}
// Export Ordinal Table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.OrdinalTableRVA;
var symbolAddressLookup = new List <ushort>(exportDirTbl.AddressTableEntries);
// Export name table
var exportNames = new List <string>(exportDirTbl.NamePointerCount);
for (int i = exportDirTbl.NamePointerCount; i > 0; i--)
{
var sb = new StringBuilder();
char c;
while ((c = (char)r.ReadByte()) != '\0')
{
sb.Append(c);
}
exportNames.Add(sb.ToString());
}
return(cs);
}
public static CodeSection ReadSectionContents(PeHeader peHeader,PeSectionHeader sectionHeader,BinaryReader r, params ISectionHandler[] Handlers)
{
foreach (var handler in Handlers)
if (handler != null && handler.CanHandle(sectionHeader.Name))
{
r.BaseStream.Seek(sectionHeader.PointerToRawData,SeekOrigin.Begin);
return handler.Handle(peHeader,sectionHeader, r);
}
return null;
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, BinaryReader r)
{
var tls = new TlsSection { SectionHeader=Header,
Is64=!PeHeader.Is32BitHeader
};
if (tls.Is64)
tls.TlsDirectory64 = Misc.FromBinaryReader<IMAGE_TLS_DIRECTORY64>(r);
else
tls.TlsDirectory = Misc.FromBinaryReader<IMAGE_TLS_DIRECTORY32>(r);
return tls;
}
public static CodeSection ReadSectionContents(PeHeader peHeader, PeSectionHeader sectionHeader, BinaryReader r, params ISectionHandler[] Handlers)
{
foreach (var handler in Handlers)
{
if (handler != null && handler.CanHandle(sectionHeader.Name))
{
r.BaseStream.Seek(sectionHeader.PointerToRawData, SeekOrigin.Begin);
return(handler.Handle(peHeader, sectionHeader, r));
}
}
return(null);
}
public static CodeSection[] ReadSections(PeHeader peHeader, PeSectionHeader[] sectionHeaders, BinaryReader r, params ISectionHandler[] Handlers)
{
var l = new List<CodeSection>();
foreach (var secHdr in sectionHeaders)
{
var sec = ReadSectionContents(peHeader, secHdr, r, Handlers);
if (sec != null)
l.Add(sec);
}
return l.ToArray();
}
public static CodeSection[] ReadSections(PeHeader peHeader, PeSectionHeader[] sectionHeaders, BinaryReader r, params ISectionHandler[] Handlers)
{
var l = new List <CodeSection>();
foreach (var secHdr in sectionHeaders)
{
var sec = ReadSectionContents(peHeader, secHdr, r, Handlers);
if (sec != null)
{
l.Add(sec);
}
}
return(l.ToArray());
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader hdr, BinaryReader r)
{
var entryInfo = Misc.FromBinaryReader<IMAGE_DEBUG_DIRECTORY>(r);
if (entryInfo.PointerToRawData == 0)
return null;
r.BaseStream.Position = entryInfo.PointerToRawData;
if (entryInfo.Type == IMAGE_DEBUG_TYPE.CODEVIEW)
return new CodeViewDebugSection {
EntryInformation=entryInfo,
SectionHeader=hdr,
Data = CodeViewReader.Read(entryInfo,r),
};
return new DebugSection { SectionHeader=hdr, EntryInformation=entryInfo };
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, BinaryReader r)
{
var tls = new TlsSection {
SectionHeader = Header,
Is64 = !PeHeader.Is32BitHeader
};
if (tls.Is64)
{
tls.TlsDirectory64 = Misc.FromBinaryReader <IMAGE_TLS_DIRECTORY64>(r);
}
else
{
tls.TlsDirectory = Misc.FromBinaryReader <IMAGE_TLS_DIRECTORY32>(r);
}
return(tls);
}
public static PeHeader Read(BinaryReader reader)
{
var hdr = new PeHeader();
// Reset position to file start!
reader.BaseStream.Seek(0, SeekOrigin.Begin);
hdr.DosHeader = Misc.FromBinaryReader <IMAGE_DOS_HEADER>(reader);
// Add 4 bytes to the offset
reader.BaseStream.Seek(hdr.DosHeader.e_lfanew, SeekOrigin.Begin);
var ntHeadersSignature = reader.ReadUInt32();
hdr.FileHeader = Misc.FromBinaryReader <IMAGE_FILE_HEADER>(reader);
if (hdr.Is32BitHeader)
{
hdr.OptionalHeader32 = Misc.FromBinaryReader <IMAGE_OPTIONAL_HEADER32>(reader);
}
else
{
hdr.OptionalHeader64 = Misc.FromBinaryReader <IMAGE_OPTIONAL_HEADER64>(reader);
}
var dirDirectoryCount = hdr.Is32BitHeader?
hdr.OptionalHeader32.NumberOfRvaAndSizes:
hdr.OptionalHeader64.NumberOfRvaAndSizes;
if (dirDirectoryCount > 0)
{
var ddl = new List <IMAGE_DATA_DIRECTORY>((int)dirDirectoryCount);
for (int i = 0; i < dirDirectoryCount; i++)
{
ddl.Add(Misc.FromBinaryReader <IMAGE_DATA_DIRECTORY>(reader));
}
hdr.DataDirectories = ddl.ToArray();
}
return(hdr);
}
public static PeSectionHeader[] ReadSectionHeaders(PeHeader header, BinaryReader r)
{
var sectionHeaders = new List <PeSectionHeader>();
for (ushort i = 0; i < header.FileHeader.NumberOfSections; i++)
{
var sectionHeader = new PeSectionHeader();
sectionHeader.Name = Encoding.UTF8.GetString(r.ReadBytes(8)).TrimEnd('\0');
sectionHeader.VirtualSize = r.ReadUInt32();
sectionHeader.VirtualAddress = r.ReadUInt32();
sectionHeader.SizeOfRawData = r.ReadUInt32();
sectionHeader.PointerToRawData = r.ReadUInt32();
sectionHeader.PointerToRelocations = r.ReadUInt32();
sectionHeader.PointerToLinenumbers = r.ReadUInt32();
sectionHeader.NumberOfRelocations = r.ReadUInt16();
sectionHeader.NumberOfLinenumbers = r.ReadUInt16();
sectionHeader.Characteristics = r.ReadUInt32();
sectionHeaders.Add(sectionHeader);
}
return(sectionHeaders.ToArray());
}
public static PeSectionHeader[] ReadSectionHeaders(PeHeader header,BinaryReader r)
{
var sectionHeaders = new List<PeSectionHeader>();
for (ushort i = 0; i < header.FileHeader.NumberOfSections; i++)
{
var sectionHeader = new PeSectionHeader();
sectionHeader.Name= Encoding.UTF8.GetString(r.ReadBytes(8)).TrimEnd('\0');
sectionHeader.VirtualSize = r.ReadUInt32();
sectionHeader.VirtualAddress = r.ReadUInt32();
sectionHeader.SizeOfRawData = r.ReadUInt32();
sectionHeader.PointerToRawData = r.ReadUInt32();
sectionHeader.PointerToRelocations = r.ReadUInt32();
sectionHeader.PointerToLinenumbers = r.ReadUInt32();
sectionHeader.NumberOfRelocations = r.ReadUInt16();
sectionHeader.NumberOfLinenumbers = r.ReadUInt16();
sectionHeader.Characteristics = r.ReadUInt32();
sectionHeaders.Add(sectionHeader);
}
return sectionHeaders.ToArray();
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, System.IO.BinaryReader Reader)
{
var imps = new ImportSection();
return imps;
}
public CodeSection Handle(PeHeader PeHeader, PeSectionHeader Header, BinaryReader r)
{
var cs = new ExportSection { SectionHeader = Header };
// Read Export directory table
var exportDirTbl = Misc.FromBinaryReader<ExportDirectoryTable>(r);
// Read export address table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.OrdinalTableRVA;
var exportAddressTable = new List<ExportOrdinalTableEntry>(exportDirTbl.AddressTableEntries);
for (int i = exportDirTbl.AddressTableEntries; i > 0; i--)
{
var u = r.ReadUInt32();
var u2 = r.ReadUInt32();
exportAddressTable.Add(new ExportOrdinalTableEntry
{
ExportRVA = u,
ForwarderRVA = u2
});
}
// Export Name Pointer Table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.NamePointerRVA;
var exportNamePointers = new List<uint>(exportDirTbl.NamePointerCount);
for (int i = exportDirTbl.NamePointerCount; i > 0; i--)
exportNamePointers.Add(r.ReadUInt32());
// Export Ordinal Table
//r.BaseStream.Position = PeHeader.OptionalHeader32.ImageBase + exportDirTbl.OrdinalTableRVA;
var symbolAddressLookup = new List<ushort>(exportDirTbl.AddressTableEntries);
// Export name table
var exportNames = new List<string>(exportDirTbl.NamePointerCount);
for (int i = exportDirTbl.NamePointerCount; i > 0; i--)
{
var sb = new StringBuilder();
char c;
while ((c = (char)r.ReadByte()) != '\0')
sb.Append(c);
exportNames.Add(sb.ToString());
}
return cs;
}
public static PeHeader Read(BinaryReader reader)
{
var hdr = new PeHeader();
// Reset position to file start!
reader.BaseStream.Seek(0, SeekOrigin.Begin);
hdr.DosHeader = Misc.FromBinaryReader<IMAGE_DOS_HEADER>(reader);
// Add 4 bytes to the offset
reader.BaseStream.Seek(hdr.DosHeader.e_lfanew, SeekOrigin.Begin);
var ntHeadersSignature = reader.ReadUInt32();
hdr.FileHeader = Misc.FromBinaryReader<IMAGE_FILE_HEADER>(reader);
if (hdr.Is32BitHeader)
hdr.OptionalHeader32 = Misc.FromBinaryReader<IMAGE_OPTIONAL_HEADER32>(reader);
else
hdr.OptionalHeader64 = Misc.FromBinaryReader<IMAGE_OPTIONAL_HEADER64>(reader);
var dirDirectoryCount=hdr.Is32BitHeader?
hdr.OptionalHeader32.NumberOfRvaAndSizes:
hdr.OptionalHeader64.NumberOfRvaAndSizes;
if (dirDirectoryCount > 0)
{
var ddl = new List<IMAGE_DATA_DIRECTORY>((int)dirDirectoryCount);
for (int i = 0; i < dirDirectoryCount; i++)
ddl.Add(Misc.FromBinaryReader<IMAGE_DATA_DIRECTORY>(reader));
hdr.DataDirectories = ddl.ToArray();
}
return hdr;
}