/// <summary>
/// Create a new IMAGE_NT_HEADERS object.
/// </summary>
/// <param name="buff">A PE file as a byte array.</param>
/// <param name="offset">Raw offset of the NT header.</param>
public IMAGE_NT_HEADERS(byte[] buff, uint offset)
: base(buff, offset)
{
FileHeader = new IMAGE_FILE_HEADER(buff, offset + 0x4);
var is32Bit = FileHeader.Machine == (ushort)Constants.FileHeaderMachine.IMAGE_FILE_MACHINE_I386;
OptionalHeader = new IMAGE_OPTIONAL_HEADER(buff, offset + 0x18, !is32Bit);
}
public void ImageFileHeaderConstructorWorks_Test()
{
var fileHeader = new IMAGE_FILE_HEADER(RawStructures.RawFileHeader, 2);
Assert.AreEqual((ushort) 0x1100, fileHeader.Machine);
Assert.AreEqual((ushort) 0x3322, fileHeader.NumberOfSections);
Assert.AreEqual((uint) 0x77665544, fileHeader.TimeDateStamp);
Assert.AreEqual(0xbbaa9988, fileHeader.PointerToSymbolTable);
Assert.AreEqual(0xffeeddcc, fileHeader.NumberOfSymbols);
Assert.AreEqual((ushort) 0x2211, fileHeader.SizeOfOptionalHeader);
Assert.AreEqual((ushort) 0x4433, fileHeader.Characteristics);
}
/// <summary>
/// Create a new IMAGE_NT_HEADERS object.
/// </summary>
/// <param name="buff">A PE file as a byte array.</param>
/// <param name="offset">Raw offset of the NT header.</param>
/// <param name="is64Bit">Flag if the header is for a x64 application.</param>
public IMAGE_NT_HEADERS(byte[] buff, uint offset, bool is64Bit)
: base(buff, offset)
{
FileHeader = new IMAGE_FILE_HEADER(buff, offset + 0x4);
OptionalHeader = new IMAGE_OPTIONAL_HEADER(buff, offset + 0x18, is64Bit);
}
/// <summary>
/// Create a new IMAGE_NT_HEADERS object.
/// </summary>
/// <param name="buff">A PE file as a byte array.</param>
/// <param name="offset">Raw offset of the NT header.</param>
/// <param name="is64Bit">Flag if the header is for a x64 application.</param>
public IMAGE_NT_HEADERS(byte[] buff, uint offset, bool is64Bit)
: base(buff, offset)
{
FileHeader = new IMAGE_FILE_HEADER(buff, offset + 0x4);
OptionalHeader = new IMAGE_OPTIONAL_HEADER(buff, offset + 0x18, is64Bit);
}