public void Analyze(BinaryAnalyzerContext context)
{
PEHeader peHeader = context.PE.PEHeaders.PEHeader;
DllCharacteristics dllCharacteristics = peHeader.DllCharacteristics;
CoffHeader coffHeader = context.PE.PEHeaders.CoffHeader;
Characteristics characteristics = coffHeader.Characteristics;
bool highEntropyVA = ((int)dllCharacteristics & 0x0020 /*IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA*/) == 0x0020;
// /LARGEADDRESSAWARE is necessary for HIGH_ENTROPY_VA to have effect
bool largeAddressAware = (characteristics & Characteristics.LargeAddressAware /*IMAGE_FILE_LARGE_ADDRESS_AWARE*/) == Characteristics.LargeAddressAware;
if (!highEntropyVA && !largeAddressAware)
{
// '{0}' does not declare itself as high entropy ASLR compatible. High entropy allows
// Address Space Layout Randomization to be more effective in mitigating memory
// corruption vulnerabilities. To resolve this issue, configure your tool chain to
// mark the program high entropy compatible; e.g. by supplying /HIGHENTROPYVA as well
// as /LARGEADDRESSAWARE to the C or C++ linker command line.
context.Logger.Log(MessageKind.Fail, context,
RuleUtilities.BuildMessage(context,
RulesResources.EnableHighEntropyVirtualAddresses_NeitherHighEntropyVANorLargeAddressAware_FAIL));
return;
}
if (!highEntropyVA)
{
// '{0}' does not declare itself as high entropy ASLR compatible. High entropy allows
// Address Space Layout Randomization to be more effective in mitigating memory
// corruption vulnerabilities. To resolve this issue, configure your tool chain to
// mark the program high entropy compatible; e.g. by supplying /HIGHENTROPYVA to the
// C or C++ linker command line. (This image was determined to have been properly
// compiled as /LARGEADDRESSAWARE.)
context.Logger.Log(MessageKind.Fail, context,
RuleUtilities.BuildMessage(context,
RulesResources.EnableHighEntropyVirtualAddresses_NoHighEntropyVA_FAIL));
return;
}
if (!largeAddressAware)
{
// '{0}' does not declare itself as high entropy ASLR compatible. High entropy allows
// Address Space Layout Randomization to be more effective in mitigating memory
// corruption vulnerabilities. To resolve this issue, configure your tool chain to
// mark the program high entropy compatible by supplying /LARGEADDRESSAWARE to the C
// or C++ linker command line. (This image was determined to have been properly
// compiled as /HIGHENTROPYVA.)
context.Logger.Log(MessageKind.Fail, context,
RuleUtilities.BuildMessage(context,
RulesResources.EnableHighEntropyVirtualAddresses_NoLargeAddressAware_FAIL));
return;
}
//'{0}' is high entropy ASLR compatible.
context.Logger.Log(MessageKind.Pass, context,
RuleUtilities.BuildMessage(context,
RulesResources.EnableHighEntropyVirtualAddresses_Pass));
}
public PEBuilder()
{
_is32Bits = true;
_machine = MachineType.I386;
_characteristics = ImageCharacteristics.EXECUTABLE_IMAGE | ImageCharacteristics.MACHINE_32BIT;
_imageBase = 0x400000;
_sectionAlignment = 0x2000;
_fileAlignment = 0x200;
_subsystem = SubsystemType.WINDOWS_CUI;
_dllCharacteristics =
DllCharacteristics.DYNAMIC_BASE |
DllCharacteristics.NX_COMPAT |
DllCharacteristics.NO_SEH;
_sizeOfStackReserve = 0x100000;
_sizeOfStackCommit = 0x1000;
_sizeOfHeapReserve = 0x100000;
_sizeOfHeapCommit = 0x1000;
_majorLinkerVersion = 8;
_minorLinkerVersion = 0;
_majorOperatingSystemVersion = 4;
_minorOperatingSystemVersion = 0;
_majorSubsystemVersion = 4;
_minorSubsystemVersion = 0;
_timeDateStamp = DateTime.Now;
_directories = new DataDirectory[PEConstants.NumberOfRvaAndSizes];
_tasks = new BuildTaskCollection(this);
_sections = new BuildSectionCollection(this);
_fixups = new BuildFixupCollection(this);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="reader">PE file reader pointing to the start of this section</param>
/// <param name="totalSize">Total size of this optional header (from the file header)</param>
/// <param name="verify">Verify section</param>
/// <exception cref="BadImageFormatException">Thrown if verification fails</exception>
public ImageOptionalHeader32(IImageStream reader, uint totalSize, bool verify)
{
if (totalSize < 0x60)
{
throw new BadImageFormatException("Invalid optional header size");
}
if (verify && reader.Position + totalSize > reader.Length)
{
throw new BadImageFormatException("Invalid optional header size");
}
SetStartOffset(reader);
this.magic = reader.ReadUInt16();
this.majorLinkerVersion = reader.ReadByte();
this.minorLinkerVersion = reader.ReadByte();
this.sizeOfCode = reader.ReadUInt32();
this.sizeOfInitializedData = reader.ReadUInt32();
this.sizeOfUninitializedData = reader.ReadUInt32();
this.addressOfEntryPoint = (RVA)reader.ReadUInt32();
this.baseOfCode = (RVA)reader.ReadUInt32();
this.baseOfData = (RVA)reader.ReadUInt32();
this.imageBase = reader.ReadUInt32();
this.sectionAlignment = reader.ReadUInt32();
this.fileAlignment = reader.ReadUInt32();
this.majorOperatingSystemVersion = reader.ReadUInt16();
this.minorOperatingSystemVersion = reader.ReadUInt16();
this.majorImageVersion = reader.ReadUInt16();
this.minorImageVersion = reader.ReadUInt16();
this.majorSubsystemVersion = reader.ReadUInt16();
this.minorSubsystemVersion = reader.ReadUInt16();
this.win32VersionValue = reader.ReadUInt32();
this.sizeOfImage = reader.ReadUInt32();
this.sizeOfHeaders = reader.ReadUInt32();
this.checkSum = reader.ReadUInt32();
this.subsystem = (Subsystem)reader.ReadUInt16();
this.dllCharacteristics = (DllCharacteristics)reader.ReadUInt16();
this.sizeOfStackReserve = reader.ReadUInt32();
this.sizeOfStackCommit = reader.ReadUInt32();
this.sizeOfHeapReserve = reader.ReadUInt32();
this.sizeOfHeapCommit = reader.ReadUInt32();
this.loaderFlags = reader.ReadUInt32();
this.numberOfRvaAndSizes = reader.ReadUInt32();
for (int i = 0; i < dataDirectories.Length; i++)
{
uint len = (uint)(reader.Position - startOffset);
if (len + 8 <= totalSize)
{
dataDirectories[i] = new ImageDataDirectory(reader, verify);
}
else
{
dataDirectories[i] = new ImageDataDirectory();
}
}
reader.Position = (long)startOffset + totalSize;
SetEndoffset(reader);
}
void SetFlagValue(DllCharacteristics flag, bool value)
{
if (value)
{
DllCharacteristics |= flag;
}
else
{
DllCharacteristics &= ~flag;
}
}
/// <summary>
/// Creates PE header builder.
/// </summary>
/// <exception cref="ArgumentOutOfRangeException">
/// <paramref name="fileAlignment"/> is not power of 2 between 512 and 64K, or
/// <paramref name="sectionAlignment"/> not power of 2 or it's less than <paramref name="fileAlignment"/>.
/// </exception>
public PEHeaderBuilder(
Machine machine = 0,
int sectionAlignment = 0x2000,
int fileAlignment = 0x200,
ulong imageBase = 0x00400000,
byte majorLinkerVersion = 0x30, // (what is ref.emit using?)
byte minorLinkerVersion = 0,
ushort majorOperatingSystemVersion = 4,
ushort minorOperatingSystemVersion = 0,
ushort majorImageVersion = 0,
ushort minorImageVersion = 0,
ushort majorSubsystemVersion = 4,
ushort minorSubsystemVersion = 0,
Subsystem subsystem = Subsystem.WindowsCui,
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible | DllCharacteristics.NoSeh | DllCharacteristics.TerminalServerAware,
Characteristics imageCharacteristics = Characteristics.Dll,
ulong sizeOfStackReserve = 0x00100000,
ulong sizeOfStackCommit = 0x1000,
ulong sizeOfHeapReserve = 0x00100000,
ulong sizeOfHeapCommit = 0x1000)
{
if (fileAlignment < 512 || fileAlignment > 64 * 1024 || BitArithmetic.CountBits(fileAlignment) != 1)
{
Throw.ArgumentOutOfRange(nameof(fileAlignment));
}
if (sectionAlignment < fileAlignment || BitArithmetic.CountBits(sectionAlignment) != 1)
{
Throw.ArgumentOutOfRange(nameof(sectionAlignment));
}
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
}
/// <summary>
/// Creates PE header builder.
/// </summary>
/// <exception cref="ArgumentOutOfRangeException">
/// <paramref name="fileAlignment"/> is not power of 2 between 512 and 64K, or
/// <paramref name="sectionAlignment"/> not power of 2 or it's less than <paramref name="fileAlignment"/>.
/// </exception>
public PEHeaderBuilder(
Machine machine = 0,
int sectionAlignment = 0x2000,
int fileAlignment = 0x200,
ulong imageBase = 0x00400000,
byte majorLinkerVersion = 0x30, // (what is ref.emit using?)
byte minorLinkerVersion = 0,
ushort majorOperatingSystemVersion = 4,
ushort minorOperatingSystemVersion = 0,
ushort majorImageVersion = 0,
ushort minorImageVersion = 0,
ushort majorSubsystemVersion = 4,
ushort minorSubsystemVersion = 0,
Subsystem subsystem = Subsystem.WindowsCui,
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible | DllCharacteristics.NoSeh | DllCharacteristics.TerminalServerAware,
Characteristics imageCharacteristics = Characteristics.Dll,
ulong sizeOfStackReserve = 0x00100000,
ulong sizeOfStackCommit = 0x1000,
ulong sizeOfHeapReserve = 0x00100000,
ulong sizeOfHeapCommit = 0x1000)
{
if (fileAlignment < 512 || fileAlignment > 64 * 1024 || BitArithmetic.CountBits(fileAlignment) != 1)
{
Throw.ArgumentOutOfRange(nameof(fileAlignment));
}
if (sectionAlignment < fileAlignment || BitArithmetic.CountBits(sectionAlignment) != 1)
{
Throw.ArgumentOutOfRange(nameof(sectionAlignment));
}
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
}
void SetFlagValue(DllCharacteristics flag, bool?value)
{
if (DllCharacteristics == null)
{
DllCharacteristics = 0;
}
if (value ?? false)
{
DllCharacteristics |= flag;
}
else
{
DllCharacteristics &= ~flag;
}
}
private void SetupValues()
{
if (_loaded_values)
{
return;
}
_loaded_values = true;
_image_sections = new List <ImageSection>();
IntPtr base_ptr = GetBasePointer();
if (base_ptr == IntPtr.Zero)
{
return;
}
IntPtr header_ptr = GetHeaderPointer(base_ptr);
if (header_ptr == IntPtr.Zero)
{
return;
}
ImageNtHeaders header = (ImageNtHeaders)Marshal.PtrToStructure(header_ptr, typeof(ImageNtHeaders));
var buffer = header_ptr + Marshal.SizeOf(header) + header.FileHeader.SizeOfOptionalHeader;
ImageSectionHeader[] section_headers = new ImageSectionHeader[header.FileHeader.NumberOfSections];
int header_size = Marshal.SizeOf(typeof(ImageSectionHeader));
for (int i = 0; i < header.FileHeader.NumberOfSections; ++i)
{
ImageSectionHeader section = (ImageSectionHeader)Marshal.PtrToStructure(buffer + i * header_size, typeof(ImageSectionHeader));
_image_sections.Add(new ImageSection(section, MappedAsImage, base_ptr));
}
IImageOptionalHeader optional_header = GetOptionalHeader(header_ptr);
if (optional_header == null)
{
return;
}
_image_base_address = optional_header.GetImageBase();
_image_entry_point = optional_header.GetAddressOfEntryPoint();
_is_64bit = optional_header.GetMagic() == IMAGE_NT_OPTIONAL_HDR_MAGIC.HDR64;
_dll_characteristics = optional_header.GetDllCharacteristics();
}
public PEBuilder(
Machine machine,
int sectionAlignment,
int fileAlignment,
ulong imageBase,
byte majorLinkerVersion,
byte minorLinkerVersion,
ushort majorOperatingSystemVersion,
ushort minorOperatingSystemVersion,
ushort majorImageVersion,
ushort minorImageVersion,
ushort majorSubsystemVersion,
ushort minorSubsystemVersion,
Subsystem subsystem,
DllCharacteristics dllCharacteristics,
Characteristics imageCharacteristics,
ulong sizeOfStackReserve,
ulong sizeOfStackCommit,
ulong sizeOfHeapReserve,
ulong sizeOfHeapCommit,
Func <BlobBuilder, ContentId> deterministicIdProvider = null)
{
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
IsDeterministic = deterministicIdProvider != null;
IdProvider = deterministicIdProvider ?? GetCurrentTimeBasedIdProvider();
_sections = new List <Section>();
}
public ModuleOptions(ModuleDef module) {
Mvid = module.Mvid;
EncId = module.EncId;
EncBaseId = module.EncBaseId;
Name = module.Name;
Kind = module.Kind;
Characteristics = module.Characteristics;
DllCharacteristics = module.DllCharacteristics;
RuntimeVersion = module.RuntimeVersion;
Machine = module.Machine;
Cor20HeaderFlags = module.Cor20HeaderFlags;
Cor20HeaderRuntimeVersion = module.Cor20HeaderRuntimeVersion;
TablesHeaderVersion = module.TablesHeaderVersion;
ManagedEntryPoint = module.ManagedEntryPoint;
NativeEntryPoint = module.NativeEntryPoint;
CustomAttributes.AddRange(module.CustomAttributes);
}
// TODO: Data contract, attributes, good mapping
public void Read(IBinaryHelper binary)
{
Magic = (ImageState)binary.Reader.ReadUInt16();
MajorLinkerVersion = binary.Reader.ReadByte();
MinorLinkerVersion = binary.Reader.ReadByte();
SizeOfCode = binary.Reader.ReadUInt32();
SizeOfInitializedData = binary.Reader.ReadUInt32();
SizeOfUninitializedData = binary.Reader.ReadUInt32();
AddressOfEntryPoint = binary.Reader.ReadUInt32();
BaseOfCode = binary.Reader.ReadUInt32();
if (Magic == ImageState.Pe32)
{
BaseOfData = binary.Reader.ReadUInt32();
}
ImageBase = binary.Reader.ReadUInt32();
SectionAlignment = binary.Reader.ReadUInt32();
FileAlignment = binary.Reader.ReadUInt32();
MajorOperatingSystemVersion = binary.Reader.ReadUInt16();
MinorOperatingSystemVersion = binary.Reader.ReadUInt16();
MajorImageVersion = binary.Reader.ReadUInt16();
MinorImageVersion = binary.Reader.ReadUInt16();
MajorSubsystemVersion = binary.Reader.ReadUInt16();
MinorSubsystemVersion = binary.Reader.ReadUInt16();
Win32VersionValue = binary.Reader.ReadUInt32();
SizeOfImage = binary.Reader.ReadUInt32();
SizeOfHeaders = binary.Reader.ReadUInt32();
CheckSum = binary.Reader.ReadUInt32();
Subsystem = (Subsystem)binary.Reader.ReadUInt16();
DllCharacteristics = (DllCharacteristics)binary.Reader.ReadUInt16();
SizeOfStackReserve = binary.Reader.ReadUInt32();
SizeOfStackCommit = binary.Reader.ReadUInt32();
SizeOfHeapReserve = binary.Reader.ReadUInt32();
SizeOfHeapCommit = binary.Reader.ReadUInt32();
LoaderFlags = binary.Reader.ReadUInt32();
NumberOfRvaAndSizes = binary.Reader.ReadUInt32();
DataDirectories = new List <DataDirectory>((int)NumberOfRvaAndSizes);
for (var i = 0; i < NumberOfRvaAndSizes; i++)
{
DataDirectories.Add(binary.MarshalAt <DataDirectory>());
}
}
public ModuleOptions(ModuleDef module)
{
this.Mvid = module.Mvid;
this.EncId = module.EncId;
this.EncBaseId = module.EncBaseId;
this.Name = module.Name;
this.Kind = module.Kind;
this.Characteristics = module.Characteristics;
this.DllCharacteristics = module.DllCharacteristics;
this.RuntimeVersion = module.RuntimeVersion;
this.Machine = module.Machine;
this.Cor20HeaderFlags = module.Cor20HeaderFlags;
this.Cor20HeaderRuntimeVersion = module.Cor20HeaderRuntimeVersion;
this.TablesHeaderVersion = module.TablesHeaderVersion;
this.ManagedEntryPoint = module.ManagedEntryPoint;
this.NativeEntryPoint = module.NativeEntryPoint;
this.CustomAttributes.AddRange(module.CustomAttributes);
}
public OptionalHeaderInfo(
IMZResult mzHeader,
ISectionsResult sections,
byte majorLinkerVersion,
byte minorLinkerVersion,
ushort majorOperatingSystemVersion,
ushort minorOperatingSystemVersion,
ushort majorSubSystemVersion,
ushort minorSubSystemVersion,
ushort majorImageVersion,
ushort minorImageVersion,
uint fileAlignment,
uint sectionAlignment,
Subsystem subsystem,
DllCharacteristics dllCharacteristics,
uint stackSizeReserve,
uint stackSizeCommit,
uint heapSizeReserve,
uint heapSizeCommit,
ulong imageBase
)
{
MZHeader = mzHeader;
Sections = sections;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorSubSystemVersion = majorSubSystemVersion;
MinorSubSystemVersion = minorSubSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
FileAlignment = fileAlignment;
SectionAlignment = sectionAlignment;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
StackSizeReserve = stackSizeReserve;
StackSizeCommit = stackSizeCommit;
HeapSizeReserve = heapSizeReserve;
HeapSizeCommit = heapSizeCommit;
ImageBase = imageBase;
}
public PEHeaderBuilder(
Machine machine = 0,
int sectionAlignment = 0x2000,
int fileAlignment = 0x200,
ulong imageBase = 0x00400000,
byte majorLinkerVersion = 0x30, // (what is ref.emit using?)
byte minorLinkerVersion = 0,
ushort majorOperatingSystemVersion = 4,
ushort minorOperatingSystemVersion = 0,
ushort majorImageVersion = 0,
ushort minorImageVersion = 0,
ushort majorSubsystemVersion = 4,
ushort minorSubsystemVersion = 0,
Subsystem subsystem = Subsystem.WindowsCui,
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible | DllCharacteristics.NoSeh | DllCharacteristics.TerminalServerAware,
Characteristics imageCharacteristics = Characteristics.Dll,
ulong sizeOfStackReserve = 0x00100000,
ulong sizeOfStackCommit = 0x1000,
ulong sizeOfHeapReserve = 0x00100000,
ulong sizeOfHeapCommit = 0x1000)
{
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
}
public PEHeaderBuilder(
Machine machine = 0,
int sectionAlignment = 0x2000,
int fileAlignment = 0x200,
ulong imageBase = 0x00400000,
byte majorLinkerVersion = 0x30, // (what is ref.emit using?)
byte minorLinkerVersion = 0,
ushort majorOperatingSystemVersion = 4,
ushort minorOperatingSystemVersion = 0,
ushort majorImageVersion = 0,
ushort minorImageVersion = 0,
ushort majorSubsystemVersion = 4,
ushort minorSubsystemVersion = 0,
Subsystem subsystem = Subsystem.WindowsCui,
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible | DllCharacteristics.NoSeh | DllCharacteristics.TerminalServerAware,
Characteristics imageCharacteristics = Characteristics.Dll,
ulong sizeOfStackReserve = 0x00100000,
ulong sizeOfStackCommit = 0x1000,
ulong sizeOfHeapReserve = 0x00100000,
ulong sizeOfHeapCommit = 0x1000)
{
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
}
internal ModulePropertiesForSerialization(
Guid persistentIdentifier,
CorFlags corFlags,
int fileAlignment,
int sectionAlignment,
string targetRuntimeVersion,
Machine machine,
ulong baseAddress,
ulong sizeOfHeapReserve,
ulong sizeOfHeapCommit,
ulong sizeOfStackReserve,
ulong sizeOfStackCommit,
DllCharacteristics dllCharacteristics,
Characteristics imageCharacteristics,
Subsystem subsystem,
ushort majorSubsystemVersion,
ushort minorSubsystemVersion,
byte linkerMajorVersion,
byte linkerMinorVersion
)
{
this.PersistentIdentifier = persistentIdentifier;
this.FileAlignment = fileAlignment;
this.SectionAlignment = sectionAlignment;
this.TargetRuntimeVersion = targetRuntimeVersion;
this.Machine = machine;
this.BaseAddress = baseAddress;
this.SizeOfHeapReserve = sizeOfHeapReserve;
this.SizeOfHeapCommit = sizeOfHeapCommit;
this.SizeOfStackReserve = sizeOfStackReserve;
this.SizeOfStackCommit = sizeOfStackCommit;
this.LinkerMajorVersion = linkerMajorVersion;
this.LinkerMinorVersion = linkerMinorVersion;
this.MajorSubsystemVersion = majorSubsystemVersion;
this.MinorSubsystemVersion = minorSubsystemVersion;
this.ImageCharacteristics = imageCharacteristics;
this.Subsystem = subsystem;
this.DllCharacteristics = dllCharacteristics;
this.CorFlags = corFlags;
}
public CoffWindowsFields32Plus(BinaryReader rdr)
{
ImageBase = rdr.ReadUInt64();
SectionAlignment = rdr.ReadUInt32();
FileAlignment = rdr.ReadUInt32();
MajorOperatingSystemVersion = rdr.ReadUInt16();
MinorOperatingSystemVersion = rdr.ReadUInt16();
MajorImageVersion = rdr.ReadUInt16();
MinorImageVersion = rdr.ReadUInt16();
MajorSubsystemVersion = rdr.ReadUInt16();
MinorSubsystemVersion = rdr.ReadUInt16();
Win32VersionValue = rdr.ReadUInt32();
SizeOfImage = rdr.ReadUInt32();
SizeOfHeaders = rdr.ReadUInt32();
CheckSum = rdr.ReadUInt32();
Subsystem = (PESubsystem)rdr.ReadUInt16();
Characteristics = (DllCharacteristics)rdr.ReadUInt16();
SizeOfStackReserve = rdr.ReadUInt64();
SizeOfStackCommit = rdr.ReadUInt64();
SizeOfHeapReserve = rdr.ReadUInt64();
SizeOfHeapCommit = rdr.ReadUInt64();
LoaderFlags = (LoaderFlags)rdr.ReadUInt32();
NumberOfRvaAndSizes = rdr.ReadUInt32();
}
bool GetFlagValue(DllCharacteristics flag)
{
return((DllCharacteristics & flag) != 0);
}
static void WriteUInt16(BinaryWriter writer, DllCharacteristics? value) {
if (value == null)
writer.BaseStream.Position += 2;
else
writer.Write((ushort)value.Value);
}
/// <summary>
/// Fill in PE header information into a PEHeaderBuilder used by PEBuilder.
/// </summary>
/// <param name="subsystem">Targeting subsystem</param>
/// <param name="target">Target architecture to set in the header</param>
public static PEHeaderBuilder Create(Subsystem subsystem, TargetDetails target)
{
bool is64BitTarget = target.PointerSize == sizeof(long);
Characteristics imageCharacteristics = Characteristics.ExecutableImage | Characteristics.Dll;
imageCharacteristics |= is64BitTarget ? Characteristics.LargeAddressAware : Characteristics.Bit32Machine;
ulong imageBase = is64BitTarget ? PE64HeaderConstants.DllImageBase : PE32HeaderConstants.ImageBase;
int fileAlignment = 0x200;
if (!target.IsWindows && !is64BitTarget)
{
// To minimize wasted VA space on 32-bit systems, align file to page boundaries (presumed to be 4K)
fileAlignment = 0x1000;
}
int sectionAlignment = 0x1000;
if (!target.IsWindows && is64BitTarget)
{
// On Linux, we must match the bottom 12 bits of section RVA's to their file offsets. For this reason
// we need the same alignment for both.
sectionAlignment = fileAlignment;
}
// Without NxCompatible the PE executable cannot execute on Windows ARM64
DllCharacteristics dllCharacteristics =
DllCharacteristics.DynamicBase |
DllCharacteristics.NxCompatible |
DllCharacteristics.TerminalServerAware;
if (is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.HighEntropyVirtualAddressSpace;
}
else
{
dllCharacteristics |= DllCharacteristics.NoSeh;
}
return(new PEHeaderBuilder(
machine: target.MachineFromTarget(),
sectionAlignment: sectionAlignment,
fileAlignment: fileAlignment,
imageBase: imageBase,
majorLinkerVersion: PEHeaderConstants.MajorLinkerVersion,
minorLinkerVersion: PEHeaderConstants.MinorLinkerVersion,
majorOperatingSystemVersion: PEHeaderConstants.MajorOperatingSystemVersion,
minorOperatingSystemVersion: PEHeaderConstants.MinorOperatingSystemVersion,
majorImageVersion: PEHeaderConstants.MajorImageVersion,
minorImageVersion: PEHeaderConstants.MinorImageVersion,
majorSubsystemVersion: PEHeaderConstants.MajorSubsystemVersion,
minorSubsystemVersion: PEHeaderConstants.MinorSubsystemVersion,
subsystem: subsystem,
dllCharacteristics: dllCharacteristics,
imageCharacteristics: imageCharacteristics,
sizeOfStackReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfStackReserve : PE32HeaderConstants.SizeOfStackReserve),
sizeOfStackCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfStackCommit : PE32HeaderConstants.SizeOfStackCommit),
sizeOfHeapReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapReserve : PE32HeaderConstants.SizeOfHeapReserve),
sizeOfHeapCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapCommit : PE32HeaderConstants.SizeOfHeapCommit)));
}
protected unsafe void Read(IBinaryAccessor accessor)
{
// DOS
DOSHeader dosHeader;
fixed(byte *pBuff = accessor.ReadBytes(PEConstants.DosHeaderSize))
{
dosHeader = *(DOSHeader *)pBuff;
}
if (dosHeader.Signature != PEConstants.DosSignature)
{
throw new BadImageFormatException(SR.DOSHeaderSignatureNotValid);
}
accessor.Position = dosHeader.Lfanew;
// NT Signature
if (accessor.ReadUInt32() != PEConstants.NTSignature)
{
throw new BadImageFormatException(SR.PESignatureNotValid);
}
// COFF
COFFHeader coffHeader;
fixed(byte *pBuff = accessor.ReadBytes(PEConstants.COFFHeaderSize))
{
coffHeader = *(COFFHeader *)pBuff;
}
_characteristics = coffHeader.Characteristics;
_machine = coffHeader.Machine;
// PE
ushort peMagic = accessor.ReadUInt16();
accessor.Position -= 2;
if (peMagic == PEConstants.PEMagic32)
{
_is32Bits = true;
PEHeader peHeader;
fixed(byte *pBuff = accessor.ReadBytes(PEConstants.PEHeaderSize))
{
peHeader = *(PEHeader *)pBuff;
}
_addressOfEntryPoint = peHeader.AddressOfEntryPoint;
_imageBase = peHeader.ImageBase;
_sectionAlignment = peHeader.SectionAlignment;
_fileAlignment = peHeader.FileAlignment;
_subsystem = peHeader.Subsystem;
_dllCharacteristics = peHeader.DllCharacteristics;
_sizeOfStackReserve = peHeader.SizeOfStackReserve;
}
else if (peMagic == 0x20b)
{
_is32Bits = false;
PEHeader64 peHeader;
fixed(byte *pBuff = accessor.ReadBytes(PEConstants.PEHeader64Size))
{
peHeader = *(PEHeader64 *)pBuff;
}
_addressOfEntryPoint = peHeader.AddressOfEntryPoint;
_imageBase = peHeader.ImageBase;
_sectionAlignment = peHeader.SectionAlignment;
_fileAlignment = peHeader.FileAlignment;
_subsystem = peHeader.Subsystem;
_dllCharacteristics = peHeader.DllCharacteristics;
_sizeOfStackReserve = peHeader.SizeOfStackReserve;
}
else
{
throw new BadImageFormatException(SR.PEHeaderSignatureNotValid);
}
// Directories
for (int i = 0; i < PEConstants.NumberOfRvaAndSizes; i++)
{
fixed(byte *pBuff = accessor.ReadBytes(8))
{
_directories[i] = *(DataDirectory *)pBuff;
}
}
// Sections
_sections = new PESection[coffHeader.NumberOfSections];
for (int i = 0; i < coffHeader.NumberOfSections; i++)
{
_sections[i] = PESection.Read(accessor);
}
}
public PEBuilder(
Machine machine,
int sectionAlignment,
int fileAlignment,
ulong imageBase,
byte majorLinkerVersion,
byte minorLinkerVersion,
ushort majorOperatingSystemVersion,
ushort minorOperatingSystemVersion,
ushort majorImageVersion,
ushort minorImageVersion,
ushort majorSubsystemVersion,
ushort minorSubsystemVersion,
Subsystem subsystem,
DllCharacteristics dllCharacteristics,
Characteristics imageCharacteristics,
ulong sizeOfStackReserve,
ulong sizeOfStackCommit,
ulong sizeOfHeapReserve,
ulong sizeOfHeapCommit,
Func<BlobBuilder, ContentId> deterministicIdProvider = null)
{
Machine = machine;
SectionAlignment = sectionAlignment;
FileAlignment = fileAlignment;
ImageBase = imageBase;
MajorLinkerVersion = majorLinkerVersion;
MinorLinkerVersion = minorLinkerVersion;
MajorOperatingSystemVersion = majorOperatingSystemVersion;
MinorOperatingSystemVersion = minorOperatingSystemVersion;
MajorImageVersion = majorImageVersion;
MinorImageVersion = minorImageVersion;
MajorSubsystemVersion = majorSubsystemVersion;
MinorSubsystemVersion = minorSubsystemVersion;
Subsystem = subsystem;
DllCharacteristics = dllCharacteristics;
ImageCharacteristics = imageCharacteristics;
SizeOfStackReserve = sizeOfStackReserve;
SizeOfStackCommit = sizeOfStackCommit;
SizeOfHeapReserve = sizeOfHeapReserve;
SizeOfHeapCommit = sizeOfHeapCommit;
IsDeterministic = deterministicIdProvider != null;
IdProvider = deterministicIdProvider ?? GetCurrentTimeBasedIdProvider();
_sections = new List<Section>();
}
bool GetFlagValue(DllCharacteristics flag) => (DllCharacteristics & flag) != 0;
/// <summary>
/// Fill in PE header information into a PEHeaderBuilder used by PEBuilder.
/// </summary>
/// <param name="subsystem">Targeting subsystem</param>
/// <param name="target">Target architecture to set in the header</param>
public static PEHeaderBuilder Create(Subsystem subsystem, TargetDetails target, ulong imageBase)
{
bool is64BitTarget = target.PointerSize == sizeof(long);
Characteristics imageCharacteristics = Characteristics.ExecutableImage | Characteristics.Dll;
imageCharacteristics |= is64BitTarget ? Characteristics.LargeAddressAware : Characteristics.Bit32Machine;
int fileAlignment = 0x200;
bool isWindowsOr32bit = target.IsWindows || !is64BitTarget;
if (isWindowsOr32bit)
{
// To minimize wasted VA space on 32-bit systems (regardless of OS),
// align file to page boundaries (presumed to be 4K)
//
// On Windows we use 4K file alignment (regardless of ptr size),
// per requirements of memory mapping API (MapViewOfFile3, et al).
// The alternative could be using the same approach as on Unix, but that would result in PEs
// incompatible with OS loader. While that is not a problem on Unix, we do not want that on Windows.
fileAlignment = 0x1000;
}
int sectionAlignment = 0x1000;
if (!isWindowsOr32bit)
{
// On 64bit Linux, we must match the bottom 12 bits of section RVA's to their file offsets. For this reason
// we need the same alignment for both.
//
// In addition to that we specify section RVAs to be at least 64K apart, which is > page on most systems.
// It ensures that the sections will not overlap when mapped from a singlefile bundle, which introduces a sub-page skew.
//
// Such format would not be accepted by OS loader on Windows, but it is not a problem on Unix.
sectionAlignment = fileAlignment;
}
// Without NxCompatible the PE executable cannot execute on Windows ARM64
DllCharacteristics dllCharacteristics =
DllCharacteristics.DynamicBase |
DllCharacteristics.NxCompatible |
DllCharacteristics.TerminalServerAware;
if (is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.HighEntropyVirtualAddressSpace;
}
else
{
dllCharacteristics |= DllCharacteristics.NoSeh;
}
return(new PEHeaderBuilder(
machine: target.MachineFromTarget(),
sectionAlignment: sectionAlignment,
fileAlignment: fileAlignment,
imageBase: imageBase,
majorLinkerVersion: PEHeaderConstants.MajorLinkerVersion,
minorLinkerVersion: PEHeaderConstants.MinorLinkerVersion,
majorOperatingSystemVersion: PEHeaderConstants.MajorOperatingSystemVersion,
minorOperatingSystemVersion: PEHeaderConstants.MinorOperatingSystemVersion,
majorImageVersion: PEHeaderConstants.MajorImageVersion,
minorImageVersion: PEHeaderConstants.MinorImageVersion,
majorSubsystemVersion: PEHeaderConstants.MajorSubsystemVersion,
minorSubsystemVersion: PEHeaderConstants.MinorSubsystemVersion,
subsystem: subsystem,
dllCharacteristics: dllCharacteristics,
imageCharacteristics: imageCharacteristics,
sizeOfStackReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfStackReserve : PE32HeaderConstants.SizeOfStackReserve),
sizeOfStackCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfStackCommit : PE32HeaderConstants.SizeOfStackCommit),
sizeOfHeapReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapReserve : PE32HeaderConstants.SizeOfHeapReserve),
sizeOfHeapCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapCommit : PE32HeaderConstants.SizeOfHeapCommit)));
}
bool GetFlagValue(DllCharacteristics flag) => (DllCharacteristics & flag) != 0;
void SetFlagValue(DllCharacteristics flag, bool value) {
if (value)
DllCharacteristics |= flag;
else
DllCharacteristics &= ~flag;
}
bool? GetFlagValue(DllCharacteristics flag) {
return DllCharacteristics == null ? (bool?)null : (DllCharacteristics.Value & flag) != 0;
}
void SetFlagValue(DllCharacteristics flag, bool? value) {
if (DllCharacteristics == null)
DllCharacteristics = 0;
if (value ?? false)
DllCharacteristics |= flag;
else
DllCharacteristics &= ~flag;
}
bool?GetFlagValue(DllCharacteristics flag) => DllCharacteristics == null ? (bool?)null : (DllCharacteristics.Value & flag) != 0;
bool GetFlagValue(DllCharacteristics flag)
{
return (DllCharacteristics & flag) != 0;
}
/// <summary>
/// Copy PE headers into a PEHeaderBuilder used by PEBuilder.
/// </summary>
/// <param name="peHeaders">Headers to copy</param>
/// <param name="target">Target architecture to set in the header</param>
public static PEHeaderBuilder Copy(PEHeaders peHeaders, TargetDetails target)
{
// Default base addresses used by Roslyn
const ulong DefaultExeBaseAddress64Bit = 0x1_4000_0000;
const ulong DefaultDllBaseAddress64Bit = 0x1_8000_0000;
bool is64BitTarget = target.PointerSize == sizeof(long);
Characteristics imageCharacteristics = peHeaders.CoffHeader.Characteristics;
if (is64BitTarget)
{
imageCharacteristics &= ~Characteristics.Bit32Machine;
imageCharacteristics |= Characteristics.LargeAddressAware;
}
ulong imageBase = peHeaders.PEHeader.ImageBase;
if (target.IsWindows && is64BitTarget && (imageBase <= uint.MaxValue))
{
// Base addresses below 4 GiB are reserved for WoW on x64 and disallowed on ARM64.
// If the input assembly was compiled for anycpu, its base address is 32-bit and we need to fix it.
imageBase = (imageCharacteristics & Characteristics.Dll) != 0 ? DefaultDllBaseAddress64Bit : DefaultExeBaseAddress64Bit;
}
int fileAlignment = 0x200;
if (!target.IsWindows && !is64BitTarget)
{
// To minimize wasted VA space on 32 bit systems align file to page bounaries (presumed to be 4K).
fileAlignment = 0x1000;
}
int sectionAlignment = 0x1000;
if (!target.IsWindows && is64BitTarget)
{
// On Linux, we must match the bottom 12 bits of section RVA's to their file offsets. For this reason
// we need the same alignment for both.
sectionAlignment = fileAlignment;
}
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible;
// Copy over selected DLL characteristics bits from IL image
dllCharacteristics |= peHeaders.PEHeader.DllCharacteristics &
(DllCharacteristics.TerminalServerAware | DllCharacteristics.AppContainer);
if (is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.HighEntropyVirtualAddressSpace;
}
else
{
dllCharacteristics |= DllCharacteristics.NoSeh;
}
return(new PEHeaderBuilder(
machine: target.MachineFromTarget(),
sectionAlignment: sectionAlignment,
fileAlignment: fileAlignment,
imageBase: imageBase,
majorLinkerVersion: 11,
minorLinkerVersion: 0,
majorOperatingSystemVersion: 5,
// Win2k = 5.0 for 32-bit images, Win2003 = 5.2 for 64-bit images
minorOperatingSystemVersion: is64BitTarget ? (ushort)2 : (ushort)0,
majorImageVersion: peHeaders.PEHeader.MajorImageVersion,
minorImageVersion: peHeaders.PEHeader.MinorImageVersion,
majorSubsystemVersion: peHeaders.PEHeader.MajorSubsystemVersion,
minorSubsystemVersion: peHeaders.PEHeader.MinorSubsystemVersion,
subsystem: peHeaders.PEHeader.Subsystem,
dllCharacteristics: dllCharacteristics,
imageCharacteristics: imageCharacteristics,
sizeOfStackReserve: peHeaders.PEHeader.SizeOfStackReserve,
sizeOfStackCommit: peHeaders.PEHeader.SizeOfStackCommit,
sizeOfHeapReserve: 0,
sizeOfHeapCommit: 0));
}
internal ModulePropertiesForSerialization(
Guid persistentIdentifier,
CorFlags corFlags,
int fileAlignment,
int sectionAlignment,
string targetRuntimeVersion,
Machine machine,
ulong baseAddress,
ulong sizeOfHeapReserve,
ulong sizeOfHeapCommit,
ulong sizeOfStackReserve,
ulong sizeOfStackCommit,
DllCharacteristics dllCharacteristics,
Characteristics imageCharacteristics,
Subsystem subsystem,
ushort majorSubsystemVersion,
ushort minorSubsystemVersion,
byte linkerMajorVersion,
byte linkerMinorVersion)
{
this.PersistentIdentifier = persistentIdentifier;
this.FileAlignment = fileAlignment;
this.SectionAlignment = sectionAlignment;
this.TargetRuntimeVersion = targetRuntimeVersion;
this.Machine = machine;
this.BaseAddress = baseAddress;
this.SizeOfHeapReserve = sizeOfHeapReserve;
this.SizeOfHeapCommit = sizeOfHeapCommit;
this.SizeOfStackReserve = sizeOfStackReserve;
this.SizeOfStackCommit = sizeOfStackCommit;
this.LinkerMajorVersion = linkerMajorVersion;
this.LinkerMinorVersion = linkerMinorVersion;
this.MajorSubsystemVersion = majorSubsystemVersion;
this.MinorSubsystemVersion = minorSubsystemVersion;
this.ImageCharacteristics = imageCharacteristics;
this.Subsystem = subsystem;
this.DllCharacteristics = dllCharacteristics;
this.CorFlags = corFlags;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="reader">PE file reader pointing to the start of this section</param>
/// <param name="totalSize">Total size of this optional header (from the file header)</param>
/// <param name="verify">Verify section</param>
/// <exception cref="BadImageFormatException">Thrown if verification fails</exception>
public ImageOptionalHeader32(IImageStream reader, uint totalSize, bool verify) {
if (totalSize < 0x60)
throw new BadImageFormatException("Invalid optional header size");
if (verify && reader.Position + totalSize > reader.Length)
throw new BadImageFormatException("Invalid optional header size");
SetStartOffset(reader);
this.magic = reader.ReadUInt16();
this.majorLinkerVersion = reader.ReadByte();
this.minorLinkerVersion = reader.ReadByte();
this.sizeOfCode = reader.ReadUInt32();
this.sizeOfInitializedData = reader.ReadUInt32();
this.sizeOfUninitializedData = reader.ReadUInt32();
this.addressOfEntryPoint = (RVA)reader.ReadUInt32();
this.baseOfCode = (RVA)reader.ReadUInt32();
this.baseOfData = (RVA)reader.ReadUInt32();
this.imageBase = reader.ReadUInt32();
this.sectionAlignment = reader.ReadUInt32();
this.fileAlignment = reader.ReadUInt32();
this.majorOperatingSystemVersion = reader.ReadUInt16();
this.minorOperatingSystemVersion = reader.ReadUInt16();
this.majorImageVersion = reader.ReadUInt16();
this.minorImageVersion = reader.ReadUInt16();
this.majorSubsystemVersion = reader.ReadUInt16();
this.minorSubsystemVersion = reader.ReadUInt16();
this.win32VersionValue = reader.ReadUInt32();
this.sizeOfImage = reader.ReadUInt32();
this.sizeOfHeaders = reader.ReadUInt32();
this.checkSum = reader.ReadUInt32();
this.subsystem = (Subsystem)reader.ReadUInt16();
this.dllCharacteristics = (DllCharacteristics)reader.ReadUInt16();
this.sizeOfStackReserve = reader.ReadUInt32();
this.sizeOfStackCommit = reader.ReadUInt32();
this.sizeOfHeapReserve = reader.ReadUInt32();
this.sizeOfHeapCommit = reader.ReadUInt32();
this.loaderFlags = reader.ReadUInt32();
this.numberOfRvaAndSizes = reader.ReadUInt32();
for (int i = 0; i < dataDirectories.Length; i++) {
uint len = (uint)(reader.Position - startOffset);
if (len + 8 <= totalSize)
dataDirectories[i] = new ImageDataDirectory(reader, verify);
else
dataDirectories[i] = new ImageDataDirectory();
}
reader.Position = (long)startOffset + totalSize;
SetEndoffset(reader);
}
/// <summary>
/// Fill in PE header information into a PEHeaderBuilder used by PEBuilder.
/// </summary>
/// <param name="relocsStripped">Relocs are not present in the PE executable</param>
/// <param name="dllCharacteristics">Extra DLL characteristics to apply</param>
/// <param name="subsystem">Targeting subsystem</param>
/// <param name="target">Target architecture to set in the header</param>
public static PEHeaderBuilder Create(Characteristics imageCharacteristics, DllCharacteristics dllCharacteristics, Subsystem subsystem, TargetDetails target)
{
bool is64BitTarget = target.PointerSize == sizeof(long);
imageCharacteristics &= ~(Characteristics.Bit32Machine | Characteristics.LargeAddressAware);
imageCharacteristics |= (is64BitTarget ? Characteristics.LargeAddressAware : Characteristics.Bit32Machine);
ulong imageBase = PE32HeaderConstants.ImageBase;
if (target.IsWindows && is64BitTarget && (imageBase <= uint.MaxValue))
{
// Base addresses below 4 GiB are reserved for WoW on x64 and disallowed on ARM64.
// If the input assembly was compiled for anycpu, its base address is 32-bit and we need to fix it.
imageBase = (imageCharacteristics & Characteristics.Dll) != 0 ? PE64HeaderConstants.DllImageBase : PE64HeaderConstants.ExeImageBase;
}
int fileAlignment = 0x200;
if (!target.IsWindows && !is64BitTarget)
{
// To minimize wasted VA space on 32 bit systems align file to page bounaries (presumed to be 4K).
fileAlignment = 0x1000;
}
int sectionAlignment = 0x1000;
if (!target.IsWindows && is64BitTarget)
{
// On Linux, we must match the bottom 12 bits of section RVA's to their file offsets. For this reason
// we need the same alignment for both.
sectionAlignment = fileAlignment;
}
dllCharacteristics &= DllCharacteristics.AppContainer;
// In Crossgen1, this is under a debug-specific condition 'if (0 == CLRConfig::GetConfigValue(CLRConfig::INTERNAL_NoASLRForNgen))'
dllCharacteristics |= DllCharacteristics.DynamicBase;
// Without NxCompatible the PE executable cannot execute on Windows ARM64
dllCharacteristics |= DllCharacteristics.NxCompatible | DllCharacteristics.TerminalServerAware;
if (is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.HighEntropyVirtualAddressSpace;
}
else
{
dllCharacteristics |= DllCharacteristics.NoSeh;
}
return(new PEHeaderBuilder(
machine: target.MachineFromTarget(),
sectionAlignment: sectionAlignment,
fileAlignment: fileAlignment,
imageBase: imageBase,
majorLinkerVersion: PEHeaderConstants.MajorLinkerVersion,
minorLinkerVersion: PEHeaderConstants.MinorLinkerVersion,
majorOperatingSystemVersion: PEHeaderConstants.MajorOperatingSystemVersion,
minorOperatingSystemVersion: PEHeaderConstants.MinorOperatingSystemVersion,
majorImageVersion: PEHeaderConstants.MajorImageVersion,
minorImageVersion: PEHeaderConstants.MinorImageVersion,
majorSubsystemVersion: PEHeaderConstants.MajorSubsystemVersion,
minorSubsystemVersion: PEHeaderConstants.MinorSubsystemVersion,
subsystem: subsystem,
dllCharacteristics: dllCharacteristics,
imageCharacteristics: imageCharacteristics,
sizeOfStackReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfStackReserve : PE32HeaderConstants.SizeOfStackReserve),
sizeOfStackCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfStackCommit : PE32HeaderConstants.SizeOfStackCommit),
sizeOfHeapReserve: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapReserve : PE32HeaderConstants.SizeOfHeapReserve),
sizeOfHeapCommit: (is64BitTarget ? PE64HeaderConstants.SizeOfHeapCommit : PE32HeaderConstants.SizeOfHeapCommit)));
}
/// <summary>
/// Copy PE headers into a PEHeaderBuilder used by PEBuilder.
/// </summary>
/// <param name="peHeaders">Headers to copy</param>
/// <param name="target">Target architecture to set in the header</param>
public static PEHeaderBuilder Copy(PEHeaders peHeaders, TargetDetails target)
{
bool is64BitTarget = target.PointerSize == sizeof(long);
Characteristics imageCharacteristics = peHeaders.CoffHeader.Characteristics;
if (is64BitTarget)
{
imageCharacteristics &= ~Characteristics.Bit32Machine;
imageCharacteristics |= Characteristics.LargeAddressAware;
}
int fileAlignment = 0x200;
if (!target.IsWindows && !is64BitTarget)
{
// To minimize wasted VA space on 32 bit systems align file to page bounaries (presumed to be 4K).
fileAlignment = 0x1000;
}
int sectionAlignment = 0x1000;
if (!target.IsWindows && is64BitTarget)
{
// On Linux, we must match the bottom 12 bits of section RVA's to their file offsets. For this reason
// we need the same alignment for both.
sectionAlignment = fileAlignment;
}
DllCharacteristics dllCharacteristics = DllCharacteristics.DynamicBase | DllCharacteristics.NxCompatible;
if (!is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.NoSeh;
}
// Copy over selected DLL characteristics bits from IL image
dllCharacteristics |= peHeaders.PEHeader.DllCharacteristics &
(DllCharacteristics.TerminalServerAware | DllCharacteristics.AppContainer);
if (is64BitTarget)
{
dllCharacteristics |= DllCharacteristics.HighEntropyVirtualAddressSpace;
}
return(new PEHeaderBuilder(
machine: target.MachineFromTarget(),
sectionAlignment: sectionAlignment,
fileAlignment: fileAlignment,
imageBase: peHeaders.PEHeader.ImageBase,
majorLinkerVersion: 11,
minorLinkerVersion: 0,
majorOperatingSystemVersion: 5,
// Win2k = 5.0 for 32-bit images, Win2003 = 5.2 for 64-bit images
minorOperatingSystemVersion: is64BitTarget ? (ushort)2 : (ushort)0,
majorImageVersion: peHeaders.PEHeader.MajorImageVersion,
minorImageVersion: peHeaders.PEHeader.MinorImageVersion,
majorSubsystemVersion: peHeaders.PEHeader.MajorSubsystemVersion,
minorSubsystemVersion: peHeaders.PEHeader.MinorSubsystemVersion,
subsystem: peHeaders.PEHeader.Subsystem,
dllCharacteristics: dllCharacteristics,
imageCharacteristics: imageCharacteristics,
sizeOfStackReserve: peHeaders.PEHeader.SizeOfStackReserve,
sizeOfStackCommit: peHeaders.PEHeader.SizeOfStackCommit,
sizeOfHeapReserve: 0,
sizeOfHeapCommit: 0));
}
