public void PEHeader()
{
var peh = new PEHeader();
peh.Machine = Machine.I386;
peh.Characteristics = ImageCharacteristics.Bit32Machine;
Assert.AreEqual("I386 Bit32Machine Sections[0]", peh.ToString());
}
public PEHeaderModel(PEHeader peHeader, DosHeaderModel dosHeaderModel)
: base("PE header")
{
this.peHeader = peHeader;
this.Address = dosHeaderModel.lfanew;
this.Length = PEHeader.Size;
BindAddressToDosHeaderlfanew(dosHeaderModel);
}
static void WritePEHeader(PEHeader peHeader, BinaryStreamWriter writer)
{
writer.WriteUInt32((uint)PESignature.PE00);
writer.WriteUInt16((ushort)peHeader.Machine);
writer.WriteUInt16(peHeader.NumberOfSections);
double timestampDouble = (peHeader.Timestamp - TimestampEpochUTC).TotalSeconds;
uint timestampNum = checked((uint)timestampDouble);
if (timestampDouble - timestampNum > 0.5)
timestampNum++;
writer.WriteUInt32(timestampNum);
writer.WriteUInt32(peHeader.PointerToSymbolTable);
writer.WriteUInt32(peHeader.NumberOfSymbols);
writer.WriteUInt16(peHeader.SizeOfOptionalHeader);
writer.WriteUInt16((ushort)peHeader.Characteristics);
}
static void AssertPEHeader(PEHeader header, Machine machine, ushort expectedNumberOfSections, DateTime timestampOffset, bool isExe)
{
Assert.AreEqual(machine, header.Machine, "machine");
Assert.AreEqual(expectedNumberOfSections, header.NumberOfSections, "number of sections");
Assert.IsTrue(Math.Abs((timestampOffset - header.Timestamp).TotalHours) < 2, "PE timestamp is " + header.Timestamp +", off by " + ((timestampOffset - header.Timestamp).TotalHours).ToString("0") + " hours.");
Assert.AreEqual((uint)0, header.PointerToSymbolTable, "pointer to symbol table");
Assert.AreEqual((uint)0, header.NumberOfSymbols, "number of symbols");
uint expectedSizeOfOptionalHeader = machine == Machine.I386 ?
(uint)224 :
(uint)240;
Assert.AreEqual(expectedSizeOfOptionalHeader, header.SizeOfOptionalHeader);
ImageCharacteristics expectedCharacteristics = machine == Machine.I386 ?
ImageCharacteristics.ExecutableImage | ImageCharacteristics.Bit32Machine | (isExe ? 0 : ImageCharacteristics.Dll) :
ImageCharacteristics.ExecutableImage | ImageCharacteristics.LargeAddressAware | (isExe ? 0 : ImageCharacteristics.Dll);
Assert.AreEqual(expectedCharacteristics, header.Characteristics, "characteristics");
}
