// Read a section of the file, considering endian issues void readFileSection(short[] p, int len, EndianImageReader rdr) { int pp = 0; for (int i = 0; i < len; i += 2) { p[pp++] = rdr.ReadLeInt16(); } }
public short ReadCoffHeader(EndianImageReader rdr) { this.machine = rdr.ReadLeUInt16(); short expectedMagic = GetExpectedMagic(machine); arch = CreateArchitecture(machine); platform = CreatePlatform(machine, Services, arch); innerLoader = CreateInnerLoader(machine); sections = rdr.ReadLeInt16(); rdr.ReadLeUInt32(); // timestamp. rdr.ReadLeUInt32(); // COFF symbol table. rdr.ReadLeUInt32(); // #of symbols. optionalHeaderSize = rdr.ReadLeInt16(); this.fileFlags = rdr.ReadLeUInt16(); rvaSectionTable = (uint)((int)rdr.Offset + optionalHeaderSize); return(expectedMagic); }
public void ReadOptionalHeader(EndianImageReader rdr, short expectedMagic) { if (optionalHeaderSize <= 0) { throw new BadImageFormatException("Optional header size should be larger than 0 in a PE executable image file."); } short magic = rdr.ReadLeInt16(); if (magic != expectedMagic) { throw new BadImageFormatException("Not a valid PE Header."); } rdr.ReadByte(); // Linker major version rdr.ReadByte(); // Linker minor version rdr.ReadLeUInt32(); // code size (== .text section size) rdr.ReadLeUInt32(); // size of initialized data rdr.ReadLeUInt32(); // size of uninitialized data rvaStartAddress = rdr.ReadLeUInt32(); uint rvaBaseOfCode = rdr.ReadLeUInt32(); preferredBaseOfImage = innerLoader.ReadPreferredImageBase(rdr); rdr.ReadLeUInt32(); // section alignment rdr.ReadLeUInt32(); // file alignment rdr.ReadLeUInt16(); // OS major version rdr.ReadLeUInt16(); // OS minor version rdr.ReadLeUInt16(); // Image major version rdr.ReadLeUInt16(); // Image minor version rdr.ReadLeUInt16(); // Subsystem major version rdr.ReadLeUInt16(); // Subsystem minor version rdr.ReadLeUInt32(); // reserved uint sizeOfImage = rdr.ReadLeUInt32(); uint sizeOfHeaders = rdr.ReadLeUInt32(); uint checksum = rdr.ReadLeUInt32(); ushort subsystem = rdr.ReadLeUInt16(); ushort dllFlags = rdr.ReadLeUInt16(); var stackReserve = innerLoader.ReadWord(rdr); var stackCommit = innerLoader.ReadWord(rdr); var heapReserve = innerLoader.ReadWord(rdr); var heapCommit = innerLoader.ReadWord(rdr); rdr.ReadLeUInt32(); // loader flags uint dictionaryCount = rdr.ReadLeUInt32(); if (dictionaryCount == 0) { return; } this.rvaExportTable = rdr.ReadLeUInt32(); this.sizeExportTable = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } this.rvaImportTable = rdr.ReadLeUInt32(); uint importTableSize = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } this.rvaResources = rdr.ReadLeUInt32(); // resource address rdr.ReadLeUInt32(); // resource size if (--dictionaryCount == 0) { return; } this.rvaExceptionTable = rdr.ReadLeUInt32(); // exception address this.sizeExceptionTable = rdr.ReadLeUInt32(); // exception size if (--dictionaryCount == 0) { return; } rdr.ReadLeUInt32(); // certificate address rdr.ReadLeUInt32(); // certificate size if (--dictionaryCount == 0) { return; } this.rvaBaseRelocationTable = rdr.ReadLeUInt32(); this.sizeBaseRelocationTable = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaDebug = rdr.ReadLeUInt32(); uint cbDebug = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaArchitecture = rdr.ReadLeUInt32(); uint cbArchitecture = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaGlobalPointer = rdr.ReadLeUInt32(); uint cbGlobalPointer = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaTls = rdr.ReadLeUInt32(); uint cbTls = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaLoadConfig = rdr.ReadLeUInt32(); uint cbLoadConfig = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaBoundImport = rdr.ReadLeUInt32(); uint cbBoundImport = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } uint rvaIat = rdr.ReadLeUInt32(); uint cbIat = rdr.ReadLeUInt32(); if (--dictionaryCount == 0) { return; } this.rvaDelayImportDescriptor = rdr.ReadLeUInt32(); uint cbDelayImportDescriptor = rdr.ReadLeUInt32(); }