Example #1
0
 public void Read(ReaderContext ctxt, BlobReader reader, bool isFat, Func<OpCode, Row, object> resolveRow)
 {
     if (isFat)
     {
         Flags = (CorILExceptionClause)reader.ReadUInt32();
         TryOffset = (int)reader.ReadUInt32();
         TryLength = (int)reader.ReadUInt32();
         HandlerOffset = (int)reader.ReadUInt32();
         HandlerLength = (int)reader.ReadUInt32();
     }
     else
     {
         Flags = (CorILExceptionClause)reader.ReadUInt16();
         TryOffset = (int)reader.ReadUInt16();
         TryLength = (int)reader.ReadByte();
         HandlerOffset = (int)reader.ReadUInt16();
         HandlerLength = (int)reader.ReadByte();
     }
     var rowRef = default(TokenRef);
     rowRef.Read(ctxt, reader);
     rowRef.ResolveIndexes(ctxt);
     Class = rowRef.Value == null ? null : resolveRow(OpCode.Ldobj, rowRef.Value);
     if (Flags == CorILExceptionClause.Filter)
         FilterOffset = (int)reader.ReadUInt32();
 }
Example #2
0
        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            if (reader.RemainingBytes < Size)
                throw new PEException("missing DOSHeader");

            var actualPrefix = reader.ReadBytes((uint)prefix.Length);
            if (!EqualBytes(actualPrefix, prefix))
                throw new PEException("invalid DOSHeader.Prefix");

            LfaNew.Read(reader);
            if (LfaNew.Offset < Size)
                throw new PEException("invalid DOSHeader.LfaNew");

            var actualSuffix = reader.ReadBytes((uint)suffix.Length);
            if (!EqualBytes(actualSuffix, suffix))
                throw new PEException("invalid DOSHeader.Suffix");

            Final = reader.ReadUInt32();

            if (ctxt.Tracer != null)
                LfaNew.Append(ctxt, "DOSHeader.LfaNew");
        }
Example #3
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     VirtualAddress = reader.ReadUInt32();
     Size = reader.ReadUInt16();
     Type = (CorVtable)reader.ReadUInt16();
 }
Example #4
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var actualCb = reader.ReadUInt32();
     if (actualCb != cb)
         throw new PEException("invalid CLIHeader.ActualCb");
     MajorRuntimeVersion = reader.ReadUInt16();
     MinorRuntimeVersion = reader.ReadUInt16();
     MetaData.Read(reader);
     Flags = (RuntimeFlags)reader.ReadUInt32();
     EntryPointToken = reader.ReadUInt32();
     Resources.Read(reader);
     StrongNameSignature.Read(reader);
     var actualCodeManagerTable = reader.ReadUInt64();
     if (actualCodeManagerTable != codeManagerTable)
         throw new PEException("invalid CLIHeader.CodeManagerTable");
     VtableFixups.Read(reader);
     var actualExportAddressTableJumps = reader.ReadUInt64();
     if (actualExportAddressTableJumps != exportAddressTableJumps)
         throw new PEException("invalid CLIHeader.ExportAddressTableJumps");
     var actualManagedNativeHeader = reader.ReadUInt64();
     if (actualManagedNativeHeader != managedNativeHeader)
         throw new PEException("invalid CLIHeader.ManagedNativeHeader");
 }
Example #5
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     Page = reader.ReadUInt32();
     if ((Page & 0xfff) != 0)
         throw new PEException("invalid FixupBlock.Page");
     var blockSize = reader.ReadUInt32();
     var numFixupEntries = (blockSize - 8)/ FixupEntry.Size;
     Entries = new FixupEntry[(int)numFixupEntries];
     for (var i = 0; i < numFixupEntries; i++)
         Entries[i].Read(ctxt, reader);
     reader.Align(4);
 }
Example #6
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var actualHint = reader.ReadUInt16();
     if (actualHint != hint)
         throw new PEException("invalid HintNameTable.Hint");
     Name = reader.ReadAsciiZeroTerminatedString(1);
     if (!Name.Equals(ExeHintName, StringComparison.Ordinal) &&
         !Name.Equals(DllHintName, StringComparison.Ordinal))
         throw new PEException("invalid HintNameTable.Name");
 }
Example #7
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     HintNameTable.Read(reader);
     if (HintNameTable.Address >> 31 != 0)
         throw new PEException("invalid ImportLookupTable/ImportAddressTable.HintNameTable");
     var actualPadding = reader.ReadUInt32();
     if (actualPadding != padding)
         throw new PEException("invalid ImportLookupTable/ImportAddressTable.Padding");
 }
Example #8
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     ImportLookupTable.Read(reader);
     var actualDateTimeStamp = reader.ReadUInt32();
     if (actualDateTimeStamp != dateTimeStamp)
         throw new PEException("invalid ImportTable.DateTimeStamp");
     var actualForwarderChain = reader.ReadUInt32();
     if (actualForwarderChain != forwarderChain)
         throw new PEException("invalid ImportTable.ForwarderChain");
     Name.Read(reader);
     ImportAddressTable.Read(reader);
     reader.Pad(paddingBytes);
 }
Example #9
0
 public void Deref(ReaderContext ctxt)
 {
     StandardFields.Deref(ctxt);
     DataDirectories.Deref(ctxt);
 }
Example #10
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var actualSignature = reader.ReadUInt32();
     if (actualSignature != signature)
         throw new PEException("invalid MetadataHeader.Signature");
     MajorVersion = reader.ReadUInt16();
     MinorVersion = reader.ReadUInt16();
     var actualReserved = reader.ReadUInt32();
     if (actualReserved != reserved)
         throw new PEException("invalid MetadataHeader.Reserved");
     Version = reader.ReadUTF8SizedZeroPaddedString(4);
     var actualFlags = reader.ReadUInt16();
     if (actualFlags != flags)
         throw new PEException("invalid MetadataHeader.Flags");
     var numStreams = reader.ReadUInt16();
     StreamHeaders = new StreamHeader[numStreams];
     for (var i = 0; i < numStreams; i++)
         StreamHeaders[i].Read(ctxt, reader);
 }
Example #11
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     Offset.Read(reader);
     Size = reader.ReadUInt32();
     Name = reader.ReadAsciiZeroTerminatedString(4);
     if (string.IsNullOrEmpty(Name))
         throw new PEException("invalid StreamHeader.Name");
 }
Example #12
0
 public void Read(ReaderContext ctxt, BlobReader reader, uint beginOffset, Func<OpCode, Row, object> resolveRow)
 {
     Offset = (int)(reader.Offset - beginOffset);
     OpCode = (OpCode)reader.ReadByte();
     if (OpCode == OpCode.Prefix1)
         OpCode = (OpCode)((ushort)OpCode << 8 | reader.ReadByte());
     Value = default(object);
     switch (OpCode)
     {
     case OpCode.Nop:
     case OpCode.Break:
     case OpCode.Ldarg_0:
     case OpCode.Ldarg_1:
     case OpCode.Ldarg_2:
     case OpCode.Ldarg_3:
     case OpCode.Ldloc_0:
     case OpCode.Ldloc_1:
     case OpCode.Ldloc_2:
     case OpCode.Ldloc_3:
     case OpCode.Stloc_0:
     case OpCode.Stloc_1:
     case OpCode.Stloc_2:
     case OpCode.Stloc_3:
     case OpCode.Ldnull:
     case OpCode.Ldc_i4_m1:
     case OpCode.Ldc_i4_0:
     case OpCode.Ldc_i4_1:
     case OpCode.Ldc_i4_2:
     case OpCode.Ldc_i4_3:
     case OpCode.Ldc_i4_4:
     case OpCode.Ldc_i4_5:
     case OpCode.Ldc_i4_6:
     case OpCode.Ldc_i4_7:
     case OpCode.Ldc_i4_8:
     case OpCode.Dup:
     case OpCode.Pop:
     case OpCode.Ret:
     case OpCode.Ldind_i1:
     case OpCode.Ldind_u1:
     case OpCode.Ldind_i2:
     case OpCode.Ldind_u2:
     case OpCode.Ldind_i4:
     case OpCode.Ldind_u4:
     case OpCode.Ldind_i8:
     case OpCode.Ldind_i:
     case OpCode.Ldind_r4:
     case OpCode.Ldind_r8:
     case OpCode.Ldind_ref:
     case OpCode.Stind_ref:
     case OpCode.Stind_i1:
     case OpCode.Stind_i2:
     case OpCode.Stind_i4:
     case OpCode.Stind_i8:
     case OpCode.Stind_r4:
     case OpCode.Stind_r8:
     case OpCode.Add:
     case OpCode.Sub:
     case OpCode.Mul:
     case OpCode.Div:
     case OpCode.Div_un:
     case OpCode.Rem:
     case OpCode.Rem_un:
     case OpCode.And:
     case OpCode.Or:
     case OpCode.Xor:
     case OpCode.Shl:
     case OpCode.Shr:
     case OpCode.Shr_un:
     case OpCode.Neg:
     case OpCode.Not:
     case OpCode.Conv_i1:
     case OpCode.Conv_i2:
     case OpCode.Conv_i4:
     case OpCode.Conv_i8:
     case OpCode.Conv_r4:
     case OpCode.Conv_r8:
     case OpCode.Conv_u4:
     case OpCode.Conv_u8:
     case OpCode.Conv_r_un:
     case OpCode.Throw:
     case OpCode.Conv_ovf_i1_un:
     case OpCode.Conv_ovf_i2_un:
     case OpCode.Conv_ovf_i4_un:
     case OpCode.Conv_ovf_i8_un:
     case OpCode.Conv_ovf_u1_un:
     case OpCode.Conv_ovf_u2_un:
     case OpCode.Conv_ovf_u4_un:
     case OpCode.Conv_ovf_u8_un:
     case OpCode.Conv_ovf_i_un:
     case OpCode.Conv_ovf_u_un:
     case OpCode.Ldlen:
     case OpCode.Ldelem_i1:
     case OpCode.Ldelem_u1:
     case OpCode.Ldelem_i2:
     case OpCode.Ldelem_u2:
     case OpCode.Ldelem_i4:
     case OpCode.Ldelem_u4:
     case OpCode.Ldelem_i8:
     case OpCode.Ldelem_i:
     case OpCode.Ldelem_r4:
     case OpCode.Ldelem_r8:
     case OpCode.Ldelem_ref:
     case OpCode.Stelem_i:
     case OpCode.Stelem_i1:
     case OpCode.Stelem_i2:
     case OpCode.Stelem_i4:
     case OpCode.Stelem_i8:
     case OpCode.Stelem_r4:
     case OpCode.Stelem_r8:
     case OpCode.Stelem_ref:
     case OpCode.Conv_ovf_i1:
     case OpCode.Conv_ovf_u1:
     case OpCode.Conv_ovf_i2:
     case OpCode.Conv_ovf_u2:
     case OpCode.Conv_ovf_i4:
     case OpCode.Conv_ovf_u4:
     case OpCode.Conv_ovf_i8:
     case OpCode.Conv_ovf_u8:
     case OpCode.Ckfinite:
     case OpCode.Conv_u2:
     case OpCode.Conv_u1:
     case OpCode.Conv_i:
     case OpCode.Conv_ovf_i:
     case OpCode.Conv_ovf_u:
     case OpCode.Add_ovf:
     case OpCode.Add_ovf_un:
     case OpCode.Mul_ovf:
     case OpCode.Mul_ovf_un:
     case OpCode.Sub_ovf:
     case OpCode.Sub_ovf_un:
     case OpCode.Endfinally:
     case OpCode.Stind_i:
     case OpCode.Conv_u:
     case OpCode.Prefix7:
     case OpCode.Prefix6:
     case OpCode.Prefix5:
     case OpCode.Prefix4:
     case OpCode.Prefix3:
     case OpCode.Prefix2:
     case OpCode.Prefix1:
     case OpCode.Prefixref:
     case OpCode.Arglist:
     case OpCode.Ceq:
     case OpCode.Cgt:
     case OpCode.Cgt_un:
     case OpCode.Clt:
     case OpCode.Clt_un:
     case OpCode.Localloc:
     case OpCode.Endfilter:
     case OpCode.Volatile:
     case OpCode.Tailcall:
     case OpCode.Cpblk:
     case OpCode.Initblk:
     case OpCode.Rethrow:
     case OpCode.Refanytype:
     case OpCode.Readonly:
         break;
     case OpCode.Br:
     case OpCode.Brfalse:
     case OpCode.Brtrue:
     case OpCode.Beq:
     case OpCode.Bge:
     case OpCode.Bgt:
     case OpCode.Ble:
     case OpCode.Blt:
     case OpCode.Bne_un:
     case OpCode.Bge_un:
     case OpCode.Bgt_un:
     case OpCode.Ble_un:
     case OpCode.Blt_un:
     case OpCode.Leave:
         {
             // NOTE: Delta is w.r.t. start of next instruction
             var delta = reader.ReadInt32();
             Value = (int)(reader.Offset - beginOffset) + delta;
         }
         break;
     case OpCode.Br_s:
     case OpCode.Brfalse_s:
     case OpCode.Brtrue_s:
     case OpCode.Beq_s:
     case OpCode.Bge_s:
     case OpCode.Bgt_s:
     case OpCode.Ble_s:
     case OpCode.Blt_s:
     case OpCode.Bne_un_s:
     case OpCode.Bge_un_s:
     case OpCode.Bgt_un_s:
     case OpCode.Ble_un_s:
     case OpCode.Blt_un_s:
     case OpCode.Leave_s:
         {
             var delta = reader.ReadSByte();
             Value = (int)(reader.Offset - beginOffset) + delta;
         }
         break;
     case OpCode.Ldc_i4_s:
         Value = (int)reader.ReadSByte();
         break;
     case OpCode.Unaligned:
     case OpCode.Ldarg_s:
     case OpCode.Ldarga_s:
     case OpCode.Starg_s:
     case OpCode.Ldloc_s:
     case OpCode.Ldloca_s:
     case OpCode.Stloc_s:
         Value = (int)reader.ReadByte();
         break;
     case OpCode.Ldc_i4:
         Value = reader.ReadInt32();
         break;
     case OpCode.Ldarg:
     case OpCode.Ldarga:
     case OpCode.Starg:
     case OpCode.Ldloc:
     case OpCode.Ldloca:
     case OpCode.Stloc:
         Value = (int)reader.ReadUInt32();
         break;
     case OpCode.Ldc_i8:
         Value = reader.ReadInt64();
         break;
     case OpCode.Ldc_r4:
         Value = reader.ReadSingle();
         break;
     case OpCode.Ldc_r8:
         Value = reader.ReadDouble();
         break;
     case OpCode.Ldstr:
         Value = ReadUserString(ctxt, reader);
         break;
     case OpCode.Switch:
         {
             var numTargets = (int)reader.ReadUInt32();
             var targets = new Seq<int>(numTargets);
             // Read as offsets from end of switch, then fixup to offsets from start of instructions
             for (var i = 0; i < numTargets; i++)
                 targets.Add(reader.ReadInt32());
             for (var i = 0; i < numTargets; i++)
                 targets[i] = (int)(reader.Offset - beginOffset) + targets[i];
             Value = targets;
         }
         break;
     case OpCode.Calli:
     case OpCode.Ldfld:
     case OpCode.Ldflda:
     case OpCode.Stfld:
     case OpCode.Ldsfld:
     case OpCode.Ldsflda:
     case OpCode.Stsfld:
     case OpCode.Jmp:
     case OpCode.Call:
     case OpCode.Callvirt:
     case OpCode.Newobj:
     case OpCode.Ldftn:
     case OpCode.Ldvirtftn:
     case OpCode.Ldtoken:
     case OpCode.Cpobj:
     case OpCode.Ldobj:
     case OpCode.Castclass:
     case OpCode.Isinst:
     case OpCode.Unbox:
     case OpCode.Stobj:
     case OpCode.Box:
     case OpCode.Newarr:
     case OpCode.Ldelema:
     case OpCode.Ldelem:
     case OpCode.Stelem:
     case OpCode.Unbox_any:
     case OpCode.Refanyval:
     case OpCode.Mkrefany:
     case OpCode.Initobj:
     case OpCode.Constrained:
     case OpCode.Sizeof:
         Value = resolveRow(OpCode, ReadToken(ctxt, reader));
         break;
     default:
         throw new PEException("unrecognised opcode");
     }
 }
Example #13
0
 private static string ReadUserString(ReaderContext ctxt, BlobReader reader)
 {
     var strref = default(UserStringRef);
     strref.Read(ctxt, reader);
     strref.ResolveIndexes(ctxt);
     return strref.Value;
 }
Example #14
0
 private static Row ReadToken(ReaderContext ctxt, BlobReader reader)
 {
     var rowRef = default(TokenRef);
     rowRef.Read(ctxt, reader);
     rowRef.ResolveIndexes(ctxt);
     return rowRef.Value;
 }
Example #15
0
        public void Read(ReaderContext ctxt)
        {
            var reader = ctxt.GetTablesReader();

            var actualReserved0 = reader.ReadUInt32();

            if (actualReserved0 != reserved0)
            {
                throw new PEException("invalid MetadataTable header");
            }
            var actualMajorVersion = reader.ReadByte();

            if (actualMajorVersion != majorVersion)
            {
                throw new PEException("invalid MetadataTable header");
            }
            var actualMinorVersion = reader.ReadByte();

            if (actualMinorVersion != minorVersion)
            {
                throw new PEException("invalid MetadataTable header");
            }
            var heapSizes = reader.ReadByte();

            IsStringStreamBig = (heapSizes & 0x01) != 0;
            IsGuidStreamBig   = (heapSizes & 0x02) != 0;
            IsBlobStreamBig   = (heapSizes & 0x04) != 0;
            Reserved1         = reader.ReadByte();

            var valid  = new IntSet64(reader.ReadUInt64());
            var sorted = new IntSet64(reader.ReadUInt64());

            for (var i = 0; i < 64; i++)
            {
                var numRows = 0;
                if (valid[i])
                {
                    numRows = (int)reader.ReadUInt32();
                }

                switch ((TableTag)i)
                {
                case TableTag.Module:
                    ModuleTable = new ModuleTable(numRows);
                    break;

                case TableTag.Assembly:
                    AssemblyTable = new AssemblyTable(numRows);
                    break;

                case TableTag.AssemblyOS:
                    AssemblyOSTable = new AssemblyOSTable(numRows);
                    break;

                case TableTag.AssemblyProcessor:
                    AssemblyProcessorTable = new AssemblyProcessorTable(numRows);
                    break;

                case TableTag.AssemblyRef:
                    AssemblyRefTable = new AssemblyRefTable(numRows);
                    break;

                case TableTag.AssemblyRefOS:
                    AssemblyRefOSTable = new AssemblyRefOSTable(numRows);
                    break;

                case TableTag.AssemblyRefProcessor:
                    AssemblyRefProcessorTable = new AssemblyRefProcessorTable(numRows);
                    break;

                case TableTag.ClassLayout:
                    ClassLayoutTable = new ClassLayoutTable(numRows);
                    break;

                case TableTag.Constant:
                    ConstantTable = new ConstantTable(numRows);
                    break;

                case TableTag.CustomAttribute:
                    CustomAttributeTable = new CustomAttributeTable(numRows);
                    break;

                case TableTag.DeclSecurity:
                    DeclSecurityTable = new DeclSecurityTable(numRows);
                    break;

                case TableTag.EventMap:
                    EventMapTable = new EventMapTable(numRows);
                    break;

                case TableTag.Event:
                    EventTable = new EventTable(numRows);
                    break;

                case TableTag.ExportedType:
                    ExportedTypeTable = new ExportedTypeTable(numRows);
                    break;

                case TableTag.Field:
                    FieldTable = new FieldTable(numRows);
                    break;

                case TableTag.FieldLayout:
                    FieldLayoutTable = new FieldLayoutTable(numRows);
                    break;

                case TableTag.FieldMarshal:
                    FieldMarshalTable = new FieldMarshalTable(numRows);
                    break;

                case TableTag.FieldRVA:
                    FieldRVATable = new FieldRVATable(numRows);
                    break;

                case TableTag.File:
                    FileTable = new FileTable(numRows);
                    break;

                case TableTag.GenericParam:
                    GenericParamTable = new GenericParamTable(numRows);
                    break;

                case TableTag.GenericParamConstraint:
                    GenericParamConstraintTable = new GenericParamConstraintTable(numRows);
                    break;

                case TableTag.ImplMap:
                    ImplMapTable = new ImplMapTable(numRows);
                    break;

                case TableTag.InterfaceImpl:
                    InterfaceImplTable = new InterfaceImplTable(numRows);
                    break;

                case TableTag.ManifestResource:
                    ManifestResourceTable = new ManifestResourceTable(numRows);
                    break;

                case TableTag.MemberRef:
                    MemberRefTable = new MemberRefTable(numRows);
                    break;

                case TableTag.MethodDef:
                    MethodDefTable = new MethodDefTable(numRows);
                    break;

                case TableTag.MethodImpl:
                    MethodImplTable = new MethodImplTable(numRows);
                    break;

                case TableTag.MethodSemantics:
                    MethodSemanticsTable = new MethodSemanticsTable(numRows);
                    break;

                case TableTag.MethodSpec:
                    MethodSpecTable = new MethodSpecTable(numRows);
                    break;

                case TableTag.ModuleRef:
                    ModuleRefTable = new ModuleRefTable(numRows);
                    break;

                case TableTag.NestedClass:
                    NestedClassTable = new NestedClassTable(numRows);
                    break;

                case TableTag.Param:
                    ParamTable = new ParamTable(numRows);
                    break;

                case TableTag.Property:
                    PropertyTable = new PropertyTable(numRows);
                    break;

                case TableTag.PropertyMap:
                    PropertyMapTable = new PropertyMapTable(numRows);
                    break;

                case TableTag.StandAloneSig:
                    StandAloneSigTable = new StandAloneSigTable(numRows);
                    break;

                case TableTag.TypeDef:
                    TypeDefTable = new TypeDefTable(numRows);
                    break;

                case TableTag.TypeRef:
                    TypeRefTable = new TypeRefTable(numRows);
                    break;

                case TableTag.TypeSpec:
                    TypeSpecTable = new TypeSpecTable(numRows);
                    break;

                default:
                    // Ignore
                    break;
                }
            }

            DetermineIndexCodingSizes();

            for (var i = 0; i < 64; i++)
            {
                if (valid[i])
                {
                    switch ((TableTag)i)
                    {
                    case TableTag.Module:
                        ModuleTable.Read(ctxt, reader);
                        break;

                    case TableTag.Assembly:
                        AssemblyTable.Read(ctxt, reader);
                        break;

                    case TableTag.AssemblyOS:
                        AssemblyOSTable.Read(ctxt, reader);
                        break;

                    case TableTag.AssemblyProcessor:
                        AssemblyProcessorTable.Read(ctxt, reader);
                        break;

                    case TableTag.AssemblyRef:
                        AssemblyRefTable.Read(ctxt, reader);
                        break;

                    case TableTag.AssemblyRefOS:
                        AssemblyRefOSTable.Read(ctxt, reader);
                        break;

                    case TableTag.AssemblyRefProcessor:
                        AssemblyRefProcessorTable.Read(ctxt, reader);
                        break;

                    case TableTag.ClassLayout:
                        ClassLayoutTable.Read(ctxt, reader);
                        break;

                    case TableTag.Constant:
                        ConstantTable.Read(ctxt, reader);
                        break;

                    case TableTag.CustomAttribute:
                        CustomAttributeTable.Read(ctxt, reader);
                        break;

                    case TableTag.DeclSecurity:
                        DeclSecurityTable.Read(ctxt, reader);
                        break;

                    case TableTag.EventMap:
                        EventMapTable.Read(ctxt, reader);
                        break;

                    case TableTag.Event:
                        EventTable.Read(ctxt, reader);
                        break;

                    case TableTag.ExportedType:
                        ExportedTypeTable.Read(ctxt, reader);
                        break;

                    case TableTag.Field:
                        FieldTable.Read(ctxt, reader);
                        break;

                    case TableTag.FieldLayout:
                        FieldLayoutTable.Read(ctxt, reader);
                        break;

                    case TableTag.FieldMarshal:
                        FieldMarshalTable.Read(ctxt, reader);
                        break;

                    case TableTag.FieldRVA:
                        FieldRVATable.Read(ctxt, reader);
                        break;

                    case TableTag.File:
                        FileTable.Read(ctxt, reader);
                        break;

                    case TableTag.GenericParam:
                        GenericParamTable.Read(ctxt, reader);
                        break;

                    case TableTag.GenericParamConstraint:
                        GenericParamConstraintTable.Read(ctxt, reader);
                        break;

                    case TableTag.ImplMap:
                        ImplMapTable.Read(ctxt, reader);
                        break;

                    case TableTag.InterfaceImpl:
                        InterfaceImplTable.Read(ctxt, reader);
                        break;

                    case TableTag.ManifestResource:
                        ManifestResourceTable.Read(ctxt, reader);
                        break;

                    case TableTag.MemberRef:
                        MemberRefTable.Read(ctxt, reader);
                        break;

                    case TableTag.MethodDef:
                        MethodDefTable.Read(ctxt, reader);
                        break;

                    case TableTag.MethodImpl:
                        MethodImplTable.Read(ctxt, reader);
                        break;

                    case TableTag.MethodSemantics:
                        MethodSemanticsTable.Read(ctxt, reader);
                        break;

                    case TableTag.MethodSpec:
                        MethodSpecTable.Read(ctxt, reader);
                        break;

                    case TableTag.ModuleRef:
                        ModuleRefTable.Read(ctxt, reader);
                        break;

                    case TableTag.NestedClass:
                        NestedClassTable.Read(ctxt, reader);
                        break;

                    case TableTag.Param:
                        ParamTable.Read(ctxt, reader);
                        break;

                    case TableTag.Property:
                        PropertyTable.Read(ctxt, reader);
                        break;

                    case TableTag.PropertyMap:
                        PropertyMapTable.Read(ctxt, reader);
                        break;

                    case TableTag.StandAloneSig:
                        StandAloneSigTable.Read(ctxt, reader);
                        break;

                    case TableTag.TypeDef:
                        TypeDefTable.Read(ctxt, reader);
                        break;

                    case TableTag.TypeRef:
                        TypeRefTable.Read(ctxt, reader);
                        break;

                    case TableTag.TypeSpec:
                        TypeSpecTable.Read(ctxt, reader);
                        break;

                    default:
                        throw new PEException("unexpected table tag in MetadataTable body");
                    }
                }
            }

            ModuleTable.ResolveIndexes(ctxt);
            TypeRefTable.ResolveIndexes(ctxt);
            TypeDefTable.ResolveIndexes(ctxt);
            FieldTable.ResolveIndexes(ctxt);
            MethodDefTable.ResolveIndexes(ctxt);
            ParamTable.ResolveIndexes(ctxt);
            InterfaceImplTable.ResolveIndexes(ctxt);
            MemberRefTable.ResolveIndexes(ctxt);
            ConstantTable.ResolveIndexes(ctxt);
            CustomAttributeTable.ResolveIndexes(ctxt);
            FieldMarshalTable.ResolveIndexes(ctxt);
            DeclSecurityTable.ResolveIndexes(ctxt);
            ClassLayoutTable.ResolveIndexes(ctxt);
            FieldLayoutTable.ResolveIndexes(ctxt);
            StandAloneSigTable.ResolveIndexes(ctxt);
            EventMapTable.ResolveIndexes(ctxt);
            EventTable.ResolveIndexes(ctxt);
            PropertyMapTable.ResolveIndexes(ctxt);
            PropertyTable.ResolveIndexes(ctxt);
            MethodSemanticsTable.ResolveIndexes(ctxt);
            MethodImplTable.ResolveIndexes(ctxt);
            ModuleRefTable.ResolveIndexes(ctxt);
            TypeSpecTable.ResolveIndexes(ctxt);
            ImplMapTable.ResolveIndexes(ctxt);
            FieldRVATable.ResolveIndexes(ctxt);
            AssemblyTable.ResolveIndexes(ctxt);
            AssemblyProcessorTable.ResolveIndexes(ctxt);
            AssemblyOSTable.ResolveIndexes(ctxt);
            AssemblyRefTable.ResolveIndexes(ctxt);
            AssemblyRefProcessorTable.ResolveIndexes(ctxt);
            AssemblyRefOSTable.ResolveIndexes(ctxt);
            FileTable.ResolveIndexes(ctxt);
            ExportedTypeTable.ResolveIndexes(ctxt);
            ManifestResourceTable.ResolveIndexes(ctxt);
            NestedClassTable.ResolveIndexes(ctxt);
            GenericParamTable.ResolveIndexes(ctxt);
            MethodSpecTable.ResolveIndexes(ctxt);
            GenericParamConstraintTable.ResolveIndexes(ctxt);
        }
Example #16
0
        public void Read(ReaderContext ctxt, BlobReader reader, uint beginOffset, Func <OpCode, Row, object> resolveRow)
        {
            Offset = (int)(reader.Offset - beginOffset);
            OpCode = (OpCode)reader.ReadByte();
            if (OpCode == OpCode.Prefix1)
            {
                OpCode = (OpCode)((ushort)OpCode << 8 | reader.ReadByte());
            }
            Value = default(object);
            switch (OpCode)
            {
            case OpCode.Nop:
            case OpCode.Break:
            case OpCode.Ldarg_0:
            case OpCode.Ldarg_1:
            case OpCode.Ldarg_2:
            case OpCode.Ldarg_3:
            case OpCode.Ldloc_0:
            case OpCode.Ldloc_1:
            case OpCode.Ldloc_2:
            case OpCode.Ldloc_3:
            case OpCode.Stloc_0:
            case OpCode.Stloc_1:
            case OpCode.Stloc_2:
            case OpCode.Stloc_3:
            case OpCode.Ldnull:
            case OpCode.Ldc_i4_m1:
            case OpCode.Ldc_i4_0:
            case OpCode.Ldc_i4_1:
            case OpCode.Ldc_i4_2:
            case OpCode.Ldc_i4_3:
            case OpCode.Ldc_i4_4:
            case OpCode.Ldc_i4_5:
            case OpCode.Ldc_i4_6:
            case OpCode.Ldc_i4_7:
            case OpCode.Ldc_i4_8:
            case OpCode.Dup:
            case OpCode.Pop:
            case OpCode.Ret:
            case OpCode.Ldind_i1:
            case OpCode.Ldind_u1:
            case OpCode.Ldind_i2:
            case OpCode.Ldind_u2:
            case OpCode.Ldind_i4:
            case OpCode.Ldind_u4:
            case OpCode.Ldind_i8:
            case OpCode.Ldind_i:
            case OpCode.Ldind_r4:
            case OpCode.Ldind_r8:
            case OpCode.Ldind_ref:
            case OpCode.Stind_ref:
            case OpCode.Stind_i1:
            case OpCode.Stind_i2:
            case OpCode.Stind_i4:
            case OpCode.Stind_i8:
            case OpCode.Stind_r4:
            case OpCode.Stind_r8:
            case OpCode.Add:
            case OpCode.Sub:
            case OpCode.Mul:
            case OpCode.Div:
            case OpCode.Div_un:
            case OpCode.Rem:
            case OpCode.Rem_un:
            case OpCode.And:
            case OpCode.Or:
            case OpCode.Xor:
            case OpCode.Shl:
            case OpCode.Shr:
            case OpCode.Shr_un:
            case OpCode.Neg:
            case OpCode.Not:
            case OpCode.Conv_i1:
            case OpCode.Conv_i2:
            case OpCode.Conv_i4:
            case OpCode.Conv_i8:
            case OpCode.Conv_r4:
            case OpCode.Conv_r8:
            case OpCode.Conv_u4:
            case OpCode.Conv_u8:
            case OpCode.Conv_r_un:
            case OpCode.Throw:
            case OpCode.Conv_ovf_i1_un:
            case OpCode.Conv_ovf_i2_un:
            case OpCode.Conv_ovf_i4_un:
            case OpCode.Conv_ovf_i8_un:
            case OpCode.Conv_ovf_u1_un:
            case OpCode.Conv_ovf_u2_un:
            case OpCode.Conv_ovf_u4_un:
            case OpCode.Conv_ovf_u8_un:
            case OpCode.Conv_ovf_i_un:
            case OpCode.Conv_ovf_u_un:
            case OpCode.Ldlen:
            case OpCode.Ldelem_i1:
            case OpCode.Ldelem_u1:
            case OpCode.Ldelem_i2:
            case OpCode.Ldelem_u2:
            case OpCode.Ldelem_i4:
            case OpCode.Ldelem_u4:
            case OpCode.Ldelem_i8:
            case OpCode.Ldelem_i:
            case OpCode.Ldelem_r4:
            case OpCode.Ldelem_r8:
            case OpCode.Ldelem_ref:
            case OpCode.Stelem_i:
            case OpCode.Stelem_i1:
            case OpCode.Stelem_i2:
            case OpCode.Stelem_i4:
            case OpCode.Stelem_i8:
            case OpCode.Stelem_r4:
            case OpCode.Stelem_r8:
            case OpCode.Stelem_ref:
            case OpCode.Conv_ovf_i1:
            case OpCode.Conv_ovf_u1:
            case OpCode.Conv_ovf_i2:
            case OpCode.Conv_ovf_u2:
            case OpCode.Conv_ovf_i4:
            case OpCode.Conv_ovf_u4:
            case OpCode.Conv_ovf_i8:
            case OpCode.Conv_ovf_u8:
            case OpCode.Ckfinite:
            case OpCode.Conv_u2:
            case OpCode.Conv_u1:
            case OpCode.Conv_i:
            case OpCode.Conv_ovf_i:
            case OpCode.Conv_ovf_u:
            case OpCode.Add_ovf:
            case OpCode.Add_ovf_un:
            case OpCode.Mul_ovf:
            case OpCode.Mul_ovf_un:
            case OpCode.Sub_ovf:
            case OpCode.Sub_ovf_un:
            case OpCode.Endfinally:
            case OpCode.Stind_i:
            case OpCode.Conv_u:
            case OpCode.Prefix7:
            case OpCode.Prefix6:
            case OpCode.Prefix5:
            case OpCode.Prefix4:
            case OpCode.Prefix3:
            case OpCode.Prefix2:
            case OpCode.Prefix1:
            case OpCode.Prefixref:
            case OpCode.Arglist:
            case OpCode.Ceq:
            case OpCode.Cgt:
            case OpCode.Cgt_un:
            case OpCode.Clt:
            case OpCode.Clt_un:
            case OpCode.Localloc:
            case OpCode.Endfilter:
            case OpCode.Volatile:
            case OpCode.Tailcall:
            case OpCode.Cpblk:
            case OpCode.Initblk:
            case OpCode.Rethrow:
            case OpCode.Refanytype:
            case OpCode.Readonly:
                break;

            case OpCode.Br:
            case OpCode.Brfalse:
            case OpCode.Brtrue:
            case OpCode.Beq:
            case OpCode.Bge:
            case OpCode.Bgt:
            case OpCode.Ble:
            case OpCode.Blt:
            case OpCode.Bne_un:
            case OpCode.Bge_un:
            case OpCode.Bgt_un:
            case OpCode.Ble_un:
            case OpCode.Blt_un:
            case OpCode.Leave:
            {
                // NOTE: Delta is w.r.t. start of next instruction
                var delta = reader.ReadInt32();
                Value = (int)(reader.Offset - beginOffset) + delta;
            }
            break;

            case OpCode.Br_s:
            case OpCode.Brfalse_s:
            case OpCode.Brtrue_s:
            case OpCode.Beq_s:
            case OpCode.Bge_s:
            case OpCode.Bgt_s:
            case OpCode.Ble_s:
            case OpCode.Blt_s:
            case OpCode.Bne_un_s:
            case OpCode.Bge_un_s:
            case OpCode.Bgt_un_s:
            case OpCode.Ble_un_s:
            case OpCode.Blt_un_s:
            case OpCode.Leave_s:
            {
                var delta = reader.ReadSByte();
                Value = (int)(reader.Offset - beginOffset) + delta;
            }
            break;

            case OpCode.Ldc_i4_s:
                Value = (int)reader.ReadSByte();
                break;

            case OpCode.Unaligned:
            case OpCode.Ldarg_s:
            case OpCode.Ldarga_s:
            case OpCode.Starg_s:
            case OpCode.Ldloc_s:
            case OpCode.Ldloca_s:
            case OpCode.Stloc_s:
                Value = (int)reader.ReadByte();
                break;

            case OpCode.Ldc_i4:
                Value = reader.ReadInt32();
                break;

            case OpCode.Ldarg:
            case OpCode.Ldarga:
            case OpCode.Starg:
            case OpCode.Ldloc:
            case OpCode.Ldloca:
            case OpCode.Stloc:
                Value = (int)reader.ReadUInt32();
                break;

            case OpCode.Ldc_i8:
                Value = reader.ReadInt64();
                break;

            case OpCode.Ldc_r4:
                Value = reader.ReadSingle();
                break;

            case OpCode.Ldc_r8:
                Value = reader.ReadDouble();
                break;

            case OpCode.Ldstr:
                Value = ReadUserString(ctxt, reader);
                break;

            case OpCode.Switch:
            {
                var numTargets = (int)reader.ReadUInt32();
                var targets    = new Seq <int>(numTargets);
                // Read as offsets from end of switch, then fixup to offsets from start of instructions
                for (var i = 0; i < numTargets; i++)
                {
                    targets.Add(reader.ReadInt32());
                }
                for (var i = 0; i < numTargets; i++)
                {
                    targets[i] = (int)(reader.Offset - beginOffset) + targets[i];
                }
                Value = targets;
            }
            break;

            case OpCode.Calli:
            case OpCode.Ldfld:
            case OpCode.Ldflda:
            case OpCode.Stfld:
            case OpCode.Ldsfld:
            case OpCode.Ldsflda:
            case OpCode.Stsfld:
            case OpCode.Jmp:
            case OpCode.Call:
            case OpCode.Callvirt:
            case OpCode.Newobj:
            case OpCode.Ldftn:
            case OpCode.Ldvirtftn:
            case OpCode.Ldtoken:
            case OpCode.Cpobj:
            case OpCode.Ldobj:
            case OpCode.Castclass:
            case OpCode.Isinst:
            case OpCode.Unbox:
            case OpCode.Stobj:
            case OpCode.Box:
            case OpCode.Newarr:
            case OpCode.Ldelema:
            case OpCode.Ldelem:
            case OpCode.Stelem:
            case OpCode.Unbox_any:
            case OpCode.Refanyval:
            case OpCode.Mkrefany:
            case OpCode.Initobj:
            case OpCode.Constrained:
            case OpCode.Sizeof:
                Value = resolveRow(OpCode, ReadToken(ctxt, reader));
                break;

            default:
                throw new PEException("unrecognised opcode");
            }
        }
Example #17
0
        public void Read(ReaderContext ctxt)
        {
            if (ctxt.Tracer != null)
            {
                ctxt.Tracer.Append("PEFile '");
                ctxt.Tracer.Append(ctxt.FileName);
                ctxt.Tracer.AppendLine("' {");
                ctxt.Tracer.Indent();
            }
            try
            {
                var reader = ctxt.GetFileReader();

                DOSHeader.Read(ctxt, reader);
                reader.Offset = DOSHeader.LfaNew.Offset; // Follow LfaNew pointer
                PEFileHeader.Read(ctxt, reader);
                PEOptionalHeader.Read(ctxt, reader);
                SectionHeaders = new SectionHeader[PEFileHeader.NumberOfSections];
                for (var i = 0; i < SectionHeaders.Length; i++)
                    SectionHeaders[i].Read(ctxt, reader);
                ctxt.SectionHeaders = SectionHeaders; // RVA's may now be resolved

                PEOptionalHeader.Deref(ctxt);

                Tables = new MetadataTables();
                ctxt.Tables = Tables; // Coded indexes may now be resolved
                Tables.Read(ctxt);
            }
            finally
            {
                if (ctxt.Tracer != null)
                {
                    ctxt.Tracer.Outdent();
                    ctxt.Tracer.AppendLine("}");
                }
            }
        }
Example #18
0
        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            var name = reader.ReadAsciiZeroPaddedString(8);
            if (string.IsNullOrEmpty(name))
                throw new PEException("invalid SectionHeader.Name");
            if (name.Equals(".text", StringComparison.Ordinal))
                Section = Section.Text;
            else if (name.Equals(".rsrc", StringComparison.Ordinal))
                Section = Section.Rsrc;
            else if (name.Equals(".reloc", StringComparison.Ordinal))
                Section = Section.Reloc;
            else
                throw new PEException("invalid SectionHeader.Name");

            VirtualSize = reader.ReadUInt32();
            VirtualAddress = reader.ReadUInt32();
            SizeOfRawData = reader.ReadUInt32();
            // NOTE: Virtual size may be less than raw data size
            if (VirtualSize > SizeOfRawData)
                // Need to support readers with implicit zero padding at end
                throw new NotImplementedException();
            PointerToRawData.Read(reader);
            PointerToRelocations = reader.ReadUInt32();
            var actualPointerToLinenumbers = reader.ReadUInt32();
            if (actualPointerToLinenumbers != pointerToLinenumbers)
                throw new PEException("invalid SectionHeader.PointerToLinenumbers");
            NumberOfRelocations = reader.ReadUInt16();
            var actualNumberOfLinenumbers = reader.ReadUInt16();
            if (actualNumberOfLinenumbers != numberOfLinenumbers)
                throw new PEException("invalid SectionHeader.NumberOfLinenumbers");
            Characteristics = (ImageSectionCharacteristics)reader.ReadUInt32();

            if (ctxt.Tracer != null)
            {
                ctxt.Tracer.AppendLine("SectionHeader {");
                ctxt.Tracer.Indent();
                ctxt.Tracer.AppendLine(String.Format("Name: {0}", Section.ToString()));
                ctxt.Tracer.AppendLine(String.Format("VirtualSize: {0:x8}", VirtualSize));
                ctxt.Tracer.AppendLine(String.Format("VirtualAddress: {0:x8}", VirtualAddress));
                ctxt.Tracer.AppendLine(String.Format("SizeOfRawData: {0:x8}", SizeOfRawData));
                PointerToRawData.Append(ctxt, "PointerToRawData");
                ctxt.Tracer.Outdent();
                ctxt.Tracer.AppendLine("}");
            }
        }
Example #19
0
        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            if (reader.RemainingBytes < Size)
                throw new PEException("missing PEFileHeader");

            var actualPrefix = reader.ReadUInt32();
            if (actualPrefix != prefix)
                throw new PEException("invalid PEFileHeader.Prefix");
            var actualMachine = reader.ReadUInt16();
            if (actualMachine != machine)
                throw new PEException("invalid PEFileHeader.Machine");
            var actualNumberOfSections = reader.ReadUInt16();
            if (actualNumberOfSections != NumberOfSections)
                throw new PEException("invalid PEFileHeader.NumberOfSections");
            var seconds = reader.ReadUInt32();
            DateTimeStamp = nineteenSeventy.AddSeconds((double)seconds);
            var actualPointerToSymbolTable = reader.ReadUInt32();
            if (actualPointerToSymbolTable != pointerToSymbolTable)
                throw new PEException("invalid PEFileHeader.PointerToSymbolTable");
            var actualNumberOfSymbols = reader.ReadUInt32();
            if (actualNumberOfSymbols != numberOfSymbols)
                throw new PEException("invalid PEFileHeader.NumberOfSymbols");
            var actualOptionalHeaderSize = reader.ReadUInt16();
            if (actualOptionalHeaderSize != PEOptionalHeader.Size)
                throw new PEException("invalid PEFileHeader.OptionalHeaderSize");
            Flags = (ImageFileFlags)reader.ReadUInt16();
            var check = Flags & ~ImageFileFlags.DLL;
            if ((check & setFlags) != setFlags)
                throw new PEException("invalid PEFileHeader.Flags");
            if ((check & clearFlags) != 0)
                throw new PEException("invalid PEFileHeader.Flags");
        }
Example #20
0
        public void Deref(ReaderContext ctxt)
        {
            ImportLookupTable.Value.Read(ctxt, ImportLookupTable.GetReaderNonNull(ctxt));
            Name.Value = Name.GetReaderNonNull(ctxt).ReadAsciiZeroTerminatedString(1);
            if (!Name.Value.Equals(MSCorEE, StringComparison.OrdinalIgnoreCase))
                throw new PEException("invalid ImportTable.Name");
            ImportAddressTable.Value.Read(ctxt, ImportAddressTable.GetReaderNonNull(ctxt));

            ImportLookupTable.Value.Deref(ctxt);
            ImportAddressTable.Value.Deref(ctxt);

            if (ctxt.Tracer != null)
            {
                ImportLookupTable.Append(ctxt, "ImportTable.ImportLookupTable");
                Name.Append(ctxt, "ImportTable.Name");
                ImportAddressTable.Append(ctxt, "ImportTable.ImportAddressTable");
            }
        }
Example #21
0
        public RVA BaseOfData; // == start of .reloc or .rsrc section, whichever is lower

        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            var actualMagic = reader.ReadUInt16();
            if (actualMagic != magic)
                throw new PEException("invalid PEHeaderStandardFields.Magic");
            LMajor = reader.ReadByte();
            if (LMajor < lMajorLow || LMajor > lMajorHigh)
                throw new PEException("invalid PEHeaderStandardFields.LMajor");
            var actualLMinor = reader.ReadByte();
            if (actualLMinor != lMinor)
                throw new PEException("invalid PEHeaderStandardFields.LMinor");
            CodeSize = reader.ReadUInt32();
            InitializedDataSize = reader.ReadUInt32();
            var actualUninitializedDataSize = reader.ReadUInt32();
            if (actualUninitializedDataSize != uninitializedDataSize)
                throw new PEException("invalid PEHeaderStandardFields.UninitializedDataSize");
            EntryPoint.Read(reader);
            BaseOfCode.Read(reader);
            BaseOfData.Read(reader);

            if (ctxt.Tracer != null)
            {
                ctxt.Tracer.AppendLine(String.Format("PEHeaderStandardFields.CodeSize: {0:x8}", CodeSize));
                ctxt.Tracer.AppendLine
                    (String.Format("PEHeaderStandardFields.InitializedDataSize: {0:x8}", InitializedDataSize));
            }
        }
Example #22
0
        public void Deref(ReaderContext ctxt)
        {
            HintNameTable.Value.Read(ctxt, HintNameTable.GetReaderNonNull(ctxt));

            if (ctxt.Tracer != null)
            {
                HintNameTable.Append(ctxt, "ImportLookupTable/ImportAddressTable.HintNameTable");
            }
        }
Example #23
0
        public void Deref(ReaderContext ctxt)
        {
            EntryPoint.Value = EntryPoint.GetReaderNonNull(ctxt).ReadBytes(6);
            if (EntryPoint.Value[0] != 0xff || EntryPoint.Value[1] != 0x25)
                throw new PEException("invalid PEHeaderStandardFields.EntryPoint");

            if (ctxt.Tracer != null)
            {
                EntryPoint.Append(ctxt, "PEHeaderStandardFields.EntryPoint");
                BaseOfCode.Append(ctxt, "PEHeaderStandardFields.BaseOfCode");
                BaseOfData.Append(ctxt, "PEHeaderStandardFields.BaseOfData");
            }
        }
Example #24
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var word = reader.ReadUInt16();
     Type = (ImageRelocation)(word >> 12);
     Offset = (ushort)(word & 0xFFF);
 }
Example #25
0
        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            ImageBase = reader.ReadUInt32();
            var actualSectionAlignment = reader.ReadUInt32();
            if (actualSectionAlignment != sectionAlignment)
                throw new PEException("invalid PEHeaderNTSpecificFields.SectionAlignment");
            FileAlignment = reader.ReadUInt32();
            if (FileAlignment != fileAlignment1 && FileAlignment != fileAlignment2)
                throw new PEException("invalid PEHeaderNTSpecificFields.FileAlignment");
            var actualOSMajor = reader.ReadUInt16();
            if (actualOSMajor != osMajor)
                throw new PEException("invalid PEHeaderNTSpecificFields.OSMajor");
            var actualOSMinor = reader.ReadUInt16();
            if (actualOSMinor != osMinor)
                throw new PEException("invalid PEHeaderNTSpecificFields.OSMinor");
            var actualUserMajor = reader.ReadUInt16();
            if (actualUserMajor != userMajor)
                throw new PEException("invalid PEHeaderNTSpecificFields.UserMajor");
            var actualUserMinor = reader.ReadUInt16();
            if (actualUserMinor != userMinor)
                throw new PEException("invalid PEHeaderNTSpecificFields.UserMinor");
            var actualSubSysMajor = reader.ReadUInt16();
            if (actualSubSysMajor != subSysMajor)
                throw new PEException("invalid PEHeaderNTSpecificFields.SubSysMajor");
            var actualSubSysMinor = reader.ReadUInt16();
            if (actualSubSysMinor != subSysMinor)
                throw new PEException("invalid PEHeaderNTSpecificFields.SubSysMinor");
            var actualReserved = reader.ReadUInt32();
            if (actualReserved != reserved)
                throw new PEException("invalid PEHeaderNTSpecificFields.Reserved");
            ImageSize = reader.ReadUInt32();
            if (ImageSize % sectionAlignment != 0)
                throw new PEException("invalid PEHeaderNTSpecificFields.ImageSize");
            HeaderSize = reader.ReadUInt32();
            if (HeaderSize % FileAlignment != 0)
                throw new PEException("invalid PEHeaderNTSpecificFields.HeaderSize");
            FileChecksum = reader.ReadUInt32();
            SubSystem = (SubSystem)reader.ReadUInt16();
            if (SubSystem != SubSystem.WINDOWS_CUI && SubSystem != SubSystem.WINDOWS_GUI)
                throw new PEException("invalid PEHeaderNTSpecificFields.SubSystem");
            DllFlags = reader.ReadUInt16();
            var actualStackReserveSize = reader.ReadUInt32();
            if (actualStackReserveSize != stackReserveSize)
                throw new PEException("invalid PEHeaderNTSpecificFields.StackReserveSize");
            StackCommitSize = reader.ReadUInt32();
            HeapReserveSize = reader.ReadUInt32();
            HeapCommitSize = reader.ReadUInt32();
            var actualLoaderFlags = reader.ReadUInt32();
            if (actualLoaderFlags != loaderFlags)
                throw new PEException("invalid PEHeaderNTSpecificFields.LoaderFlags");
            var actualNumberOfDataDirectories = reader.ReadUInt32();
            if (actualNumberOfDataDirectories != numberOfDataDirectories)
                throw new PEException("invalid PEHeaderNTSpecificFields.NumberOfDataDirectories");

            if (ctxt.Tracer != null)
            {
                ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.ImageBase: {0:x8}", ImageBase));
                ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.ImageSize: {0:x8}", ImageSize));
                ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.HeaderSize: {0:x8}", HeaderSize));
                ctxt.Tracer.AppendLine(String.Format("PEHeaderNTSpecificFields.FileChecksum: {0:x8}", FileChecksum));
            }
        }
Example #26
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var initOffset = reader.Offset;
     var n = 0;
     while (!reader.AtEndOfBlob) {
         FixupBlock.Skip(reader);
         n++;
     }
     Blocks = new FixupBlock[n];
     reader.Offset = initOffset;
     for (var i = 0; i < n; i++)
         Blocks[i].Read(ctxt, reader);
 }
Example #27
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     var actualExportTable = reader.ReadUInt64();
     if (actualExportTable != exportTable)
         throw new PEException("invalid PEHeaderDataDirecties.ExportTable");
     ImportTable.Read(reader);
     ResourceTable.Read(reader);
     var actualExceptionTable = reader.ReadUInt64();
     if (actualExceptionTable != exceptionTable)
         throw new PEException("invalid PEHeaderDataDirecties.ExceptionTable");
     CertificateTable.Read(reader);
     BaseRelocationTable.Read(reader);
     Debug.Read(reader);
     var actualCopyright = reader.ReadUInt64();
     if (actualCopyright != copyright)
         throw new PEException("invalid PEHeaderDataDirecties.Copyright");
     var actualGlobalPtr = reader.ReadUInt64();
     if (actualGlobalPtr != globalPtr)
         throw new PEException("invalid PEHeaderDataDirecties.GlobalPtr");
     var actualTLSTable = reader.ReadUInt64();
     if (actualTLSTable != tlsTable)
         throw new PEException("invalid PEHeaderDataDirecties.TlsTable");
     var actualLoadConfigTable = reader.ReadUInt64();
     if (actualLoadConfigTable != loadConfigTable)
         throw new PEException("invalid PEHeaderDataDirecties.LoadConfigTable");
     var actualBoundImport = reader.ReadUInt64();
     if (actualBoundImport != boundImport)
         throw new PEException("invalid PEHeaderDataDirecties.BoundImport");
     IAT.Read(reader);
     var actualDelayImportDescriptor = reader.ReadUInt64();
     if (actualDelayImportDescriptor != delayImportDescriptor)
         throw new PEException("invalid PEHeaderDataDirecties.DelayImportDescriptor");
     CLIHeader.Read(reader);
     var actualReserved = reader.ReadUInt64();
     if (actualReserved != reserved)
         throw new PEException("invalid PEHeaderDataDirecties.Reserved");
 }
Example #28
0
        public void Deref(ReaderContext ctxt)
        {
            var metadataReader = MetaData.GetReaderNonNull(ctxt);
            MetaData.Value.Read(ctxt, metadataReader);
            ctxt.MetadataReader = metadataReader;
            ctxt.StreamHeaders = MetaData.Value.StreamHeaders; // Blob etc refs may now be resolved

            Resources.Value = Resources.GetBytes(ctxt);
            StrongNameSignature.Value = StrongNameSignature.GetBytes(ctxt);
            VtableFixups.Value.Read(ctxt, VtableFixups.GetReader(ctxt));

            if (ctxt.Tracer != null)
            {
                MetaData.Append(ctxt, "CLIHeader.MetaData");
                Resources.Append(ctxt, "CLIHeader.Resources");
                StrongNameSignature.Append(ctxt, "CLIHeader.StrongNameSignature");
                VtableFixups.Append(ctxt, "CLIHeader.VtableFixups");
            }
        }
Example #29
0
        public void Deref(ReaderContext ctxt)
        {
            ImportTable.Value.Read(ctxt, ImportTable.GetReaderNonNull(ctxt));
            ResourceTable.Value = ResourceTable.GetBytes(ctxt);
            // Silverlight bug: these end up pointing outside of the .rsrc section
            // CertificateTable.Value = CertificateTable.GetBytes(ctxt);
            BaseRelocationTable.Value.Read(ctxt, BaseRelocationTable.GetReaderNonNull(ctxt));
            Debug.Value = Debug.GetBytes(ctxt);
            CLIHeader.Value.Read(ctxt, CLIHeader.GetReaderNonNull(ctxt));

            ImportTable.Value.Deref(ctxt);
            CLIHeader.Value.Deref(ctxt);

            if (ctxt.Tracer != null)
            {
                ImportTable.Append(ctxt, "PEHeaderDataDirectories.ImportTable");
                ResourceTable.Append(ctxt, "PEHeaderDataDirectories.ResourceTable");
                CertificateTable.Append(ctxt, "PEHeaderDataDirectories.CertificateTable");
                BaseRelocationTable.Append(ctxt, "PEHeaderDataDirectories.BaseRelocationTable");
                Debug.Append(ctxt, "PEHeaderDataDirectories.Debug");
                CLIHeader.Append(ctxt, "PEHeaderDataDirectories.CLIHeader");
            }
        }
Example #30
0
 public void Read(ReaderContext ctxt, BlobReader reader)
 {
     if (reader == null)
         Fixups = new VtableFixup[0];
     else
     {
         var initOffset = reader.Offset;
         var n = 0;
         while (!reader.AtEndOfBlob) {
             VtableFixup.Skip(reader);
             n++;
         }
         reader.Offset = initOffset;
         Fixups = new VtableFixup[n];
         for (var i = 0; i < n; i++)
             Fixups[i].Read(ctxt, reader);
     }
 }
Example #31
0
        public void Read(ReaderContext ctxt, BlobReader reader)
        {
            if (reader.RemainingBytes < Size)
                throw new PEException("missig PEOptionalHeader");

            StandardFields.Read(ctxt, reader);
            NTSpecificFields.Read(ctxt, reader);
            DataDirectories.Read(ctxt, reader);
        }
Example #32
0
        public void Read(ReaderContext ctxt)
        {
            var reader = ctxt.GetTablesReader();

            var actualReserved0 = reader.ReadUInt32();
            if (actualReserved0 != reserved0)
                throw new PEException("invalid MetadataTable header");
            var actualMajorVersion = reader.ReadByte();
            if (actualMajorVersion != majorVersion)
                throw new PEException("invalid MetadataTable header");
            var actualMinorVersion = reader.ReadByte();
            if (actualMinorVersion != minorVersion)
                throw new PEException("invalid MetadataTable header");
            var heapSizes = reader.ReadByte();
            IsStringStreamBig = (heapSizes & 0x01) != 0;
            IsGuidStreamBig = (heapSizes & 0x02) != 0;
            IsBlobStreamBig = (heapSizes & 0x04) != 0;
            Reserved1 = reader.ReadByte();

            var valid = new IntSet64(reader.ReadUInt64());
            var sorted = new IntSet64(reader.ReadUInt64());

            for (var i = 0; i < 64; i++)
            {
                var numRows = 0;
                if (valid[i])
                    numRows = (int)reader.ReadUInt32();

                switch ((TableTag)i)
                {
                case TableTag.Module:
                    ModuleTable = new ModuleTable(numRows);
                    break;
                case TableTag.Assembly:
                    AssemblyTable = new AssemblyTable(numRows);
                    break;
                case TableTag.AssemblyOS:
                    AssemblyOSTable = new AssemblyOSTable(numRows);
                    break;
                case TableTag.AssemblyProcessor:
                    AssemblyProcessorTable = new AssemblyProcessorTable(numRows);
                    break;
                case TableTag.AssemblyRef:
                    AssemblyRefTable = new AssemblyRefTable(numRows);
                    break;
                case TableTag.AssemblyRefOS:
                    AssemblyRefOSTable = new AssemblyRefOSTable(numRows);
                    break;
                case TableTag.AssemblyRefProcessor:
                    AssemblyRefProcessorTable = new AssemblyRefProcessorTable(numRows);
                    break;
                case TableTag.ClassLayout:
                    ClassLayoutTable = new ClassLayoutTable(numRows);
                    break;
                case TableTag.Constant:
                    ConstantTable = new ConstantTable(numRows);
                    break;
                case TableTag.CustomAttribute:
                    CustomAttributeTable = new CustomAttributeTable(numRows);
                    break;
                case TableTag.DeclSecurity:
                    DeclSecurityTable = new DeclSecurityTable(numRows);
                    break;
                case TableTag.EventMap:
                    EventMapTable = new EventMapTable(numRows);
                    break;
                case TableTag.Event:
                    EventTable = new EventTable(numRows);
                    break;
                case TableTag.ExportedType:
                    ExportedTypeTable = new ExportedTypeTable(numRows);
                    break;
                case TableTag.Field:
                    FieldTable = new FieldTable(numRows);
                    break;
                case TableTag.FieldLayout:
                    FieldLayoutTable = new FieldLayoutTable(numRows);
                    break;
                case TableTag.FieldMarshal:
                    FieldMarshalTable = new FieldMarshalTable(numRows);
                    break;
                case TableTag.FieldRVA:
                    FieldRVATable = new FieldRVATable(numRows);
                    break;
                case TableTag.File:
                    FileTable = new FileTable(numRows);
                    break;
                case TableTag.GenericParam:
                    GenericParamTable = new GenericParamTable(numRows);
                    break;
                case TableTag.GenericParamConstraint:
                    GenericParamConstraintTable = new GenericParamConstraintTable(numRows);
                    break;
                case TableTag.ImplMap:
                    ImplMapTable = new ImplMapTable(numRows);
                    break;
                case TableTag.InterfaceImpl:
                    InterfaceImplTable = new InterfaceImplTable(numRows);
                    break;
                case TableTag.ManifestResource:
                    ManifestResourceTable = new ManifestResourceTable(numRows);
                    break;
                case TableTag.MemberRef:
                    MemberRefTable = new MemberRefTable(numRows);
                    break;
                case TableTag.MethodDef:
                    MethodDefTable = new MethodDefTable(numRows);
                    break;
                case TableTag.MethodImpl:
                    MethodImplTable = new MethodImplTable(numRows);
                    break;
                case TableTag.MethodSemantics:
                    MethodSemanticsTable = new MethodSemanticsTable(numRows);
                    break;
                case TableTag.MethodSpec:
                    MethodSpecTable = new MethodSpecTable(numRows);
                    break;
                case TableTag.ModuleRef:
                    ModuleRefTable = new ModuleRefTable(numRows);
                    break;
                case TableTag.NestedClass:
                    NestedClassTable = new NestedClassTable(numRows);
                    break;
                case TableTag.Param:
                    ParamTable = new ParamTable(numRows);
                    break;
                case TableTag.Property:
                    PropertyTable = new PropertyTable(numRows);
                    break;
                case TableTag.PropertyMap:
                    PropertyMapTable = new PropertyMapTable(numRows);
                    break;
                case TableTag.StandAloneSig:
                    StandAloneSigTable = new StandAloneSigTable(numRows);
                    break;
                case TableTag.TypeDef:
                    TypeDefTable = new TypeDefTable(numRows);
                    break;
                case TableTag.TypeRef:
                    TypeRefTable = new TypeRefTable(numRows);
                    break;
                case TableTag.TypeSpec:
                    TypeSpecTable = new TypeSpecTable(numRows);
                    break;
                default:
                    // Ignore
                    break;
                }
            }

            DetermineIndexCodingSizes();

            for (var i = 0; i < 64; i++)
            {
                if (valid[i])
                {
                    switch ((TableTag)i)
                    {
                    case TableTag.Module:
                        ModuleTable.Read(ctxt, reader);
                        break;
                    case TableTag.Assembly:
                        AssemblyTable.Read(ctxt, reader);
                        break;
                    case TableTag.AssemblyOS:
                        AssemblyOSTable.Read(ctxt, reader);
                        break;
                    case TableTag.AssemblyProcessor:
                        AssemblyProcessorTable.Read(ctxt, reader);
                        break;
                    case TableTag.AssemblyRef:
                        AssemblyRefTable.Read(ctxt, reader);
                        break;
                    case TableTag.AssemblyRefOS:
                        AssemblyRefOSTable.Read(ctxt, reader);
                        break;
                    case TableTag.AssemblyRefProcessor:
                        AssemblyRefProcessorTable.Read(ctxt, reader);
                        break;
                    case TableTag.ClassLayout:
                        ClassLayoutTable.Read(ctxt, reader);
                        break;
                    case TableTag.Constant:
                        ConstantTable.Read(ctxt, reader);
                        break;
                    case TableTag.CustomAttribute:
                        CustomAttributeTable.Read(ctxt, reader);
                        break;
                    case TableTag.DeclSecurity:
                        DeclSecurityTable.Read(ctxt, reader);
                        break;
                    case TableTag.EventMap:
                        EventMapTable.Read(ctxt, reader);
                        break;
                    case TableTag.Event:
                        EventTable.Read(ctxt, reader);
                        break;
                    case TableTag.ExportedType:
                        ExportedTypeTable.Read(ctxt, reader);
                        break;
                    case TableTag.Field:
                        FieldTable.Read(ctxt, reader);
                        break;
                    case TableTag.FieldLayout:
                        FieldLayoutTable.Read(ctxt, reader);
                        break;
                    case TableTag.FieldMarshal:
                        FieldMarshalTable.Read(ctxt, reader);
                        break;
                    case TableTag.FieldRVA:
                        FieldRVATable.Read(ctxt, reader);
                        break;
                    case TableTag.File:
                        FileTable.Read(ctxt, reader);
                        break;
                    case TableTag.GenericParam:
                        GenericParamTable.Read(ctxt, reader);
                        break;
                    case TableTag.GenericParamConstraint:
                        GenericParamConstraintTable.Read(ctxt, reader);
                        break;
                    case TableTag.ImplMap:
                        ImplMapTable.Read(ctxt, reader);
                        break;
                    case TableTag.InterfaceImpl:
                        InterfaceImplTable.Read(ctxt, reader);
                        break;
                    case TableTag.ManifestResource:
                        ManifestResourceTable.Read(ctxt, reader);
                        break;
                    case TableTag.MemberRef:
                        MemberRefTable.Read(ctxt, reader);
                        break;
                    case TableTag.MethodDef:
                        MethodDefTable.Read(ctxt, reader);
                        break;
                    case TableTag.MethodImpl:
                        MethodImplTable.Read(ctxt, reader);
                        break;
                    case TableTag.MethodSemantics:
                        MethodSemanticsTable.Read(ctxt, reader);
                        break;
                    case TableTag.MethodSpec:
                        MethodSpecTable.Read(ctxt, reader);
                        break;
                    case TableTag.ModuleRef:
                        ModuleRefTable.Read(ctxt, reader);
                        break;
                    case TableTag.NestedClass:
                        NestedClassTable.Read(ctxt, reader);
                        break;
                    case TableTag.Param:
                        ParamTable.Read(ctxt, reader);
                        break;
                    case TableTag.Property:
                        PropertyTable.Read(ctxt, reader);
                        break;
                    case TableTag.PropertyMap:
                        PropertyMapTable.Read(ctxt, reader);
                        break;
                    case TableTag.StandAloneSig:
                        StandAloneSigTable.Read(ctxt, reader);
                        break;
                    case TableTag.TypeDef:
                        TypeDefTable.Read(ctxt, reader);
                        break;
                    case TableTag.TypeRef:
                        TypeRefTable.Read(ctxt, reader);
                        break;
                    case TableTag.TypeSpec:
                        TypeSpecTable.Read(ctxt, reader);
                        break;
                    default:
                        throw new PEException("unexpected table tag in MetadataTable body");
                    }
                }
            }

            ModuleTable.ResolveIndexes(ctxt);
            TypeRefTable.ResolveIndexes(ctxt);
            TypeDefTable.ResolveIndexes(ctxt);
            FieldTable.ResolveIndexes(ctxt);
            MethodDefTable.ResolveIndexes(ctxt);
            ParamTable.ResolveIndexes(ctxt);
            InterfaceImplTable.ResolveIndexes(ctxt);
            MemberRefTable.ResolveIndexes(ctxt);
            ConstantTable.ResolveIndexes(ctxt);
            CustomAttributeTable.ResolveIndexes(ctxt);
            FieldMarshalTable.ResolveIndexes(ctxt);
            DeclSecurityTable.ResolveIndexes(ctxt);
            ClassLayoutTable.ResolveIndexes(ctxt);
            FieldLayoutTable.ResolveIndexes(ctxt);
            StandAloneSigTable.ResolveIndexes(ctxt);
            EventMapTable.ResolveIndexes(ctxt);
            EventTable.ResolveIndexes(ctxt);
            PropertyMapTable.ResolveIndexes(ctxt);
            PropertyTable.ResolveIndexes(ctxt);
            MethodSemanticsTable.ResolveIndexes(ctxt);
            MethodImplTable.ResolveIndexes(ctxt);
            ModuleRefTable.ResolveIndexes(ctxt);
            TypeSpecTable.ResolveIndexes(ctxt);
            ImplMapTable.ResolveIndexes(ctxt);
            FieldRVATable.ResolveIndexes(ctxt);
            AssemblyTable.ResolveIndexes(ctxt);
            AssemblyProcessorTable.ResolveIndexes(ctxt);
            AssemblyOSTable.ResolveIndexes(ctxt);
            AssemblyRefTable.ResolveIndexes(ctxt);
            AssemblyRefProcessorTable.ResolveIndexes(ctxt);
            AssemblyRefOSTable.ResolveIndexes(ctxt);
            FileTable.ResolveIndexes(ctxt);
            ExportedTypeTable.ResolveIndexes(ctxt);
            ManifestResourceTable.ResolveIndexes(ctxt);
            NestedClassTable.ResolveIndexes(ctxt);
            GenericParamTable.ResolveIndexes(ctxt);
            MethodSpecTable.ResolveIndexes(ctxt);
            GenericParamConstraintTable.ResolveIndexes(ctxt);
        }
Example #33
0
        public void Read(ReaderContext ctxt, BlobReader reader, Func <OpCode, Row, object> resolveRow)
        {
            ExceptionHandlingClauses = new Seq <ExceptionHandlingClause>();

            var firstByte  = reader.ReadByte();
            var formatKind = (CorILMethod)(firstByte & 0x3);
            var bodySize   = default(uint);
            var more       = default(bool);

            switch (formatKind)
            {
            case CorILMethod.TinyFormat:
            {
                MaxStack = 8;
                bodySize = (uint)(firstByte >> 2);
                break;
            }

            case CorILMethod.FatFormat:
            {
                var secondByte = reader.ReadByte();
                var flags      = (CorILMethod)(((ushort)(secondByte & 0x7) << 8) | (ushort)firstByte);
                IsInitLocals = (flags & CorILMethod.InitLocals) != 0;
                var headerSize = (secondByte >> 4) & 0x7;
                if (headerSize != 3)
                {
                    throw new PEException("unexpected method body header size");
                }
                MaxStack = (int)reader.ReadUInt16();
                bodySize = reader.ReadUInt32();
                LocalVarRef.Read(ctxt, reader);
                LocalVarRef.ResolveIndexes(ctxt);
                more = (flags & CorILMethod.MoreSects) != 0;
                break;
            }

            default:
                throw new InvalidOperationException("invalid method body format");
            }

            if (bodySize > 0)
            {
                var beginOffset = reader.Offset;
                var endOffset   = reader.Offset + bodySize;
                var n           = 0;
                while (reader.Offset < endOffset)
                {
                    n++;
                    Instruction.Skip(reader);
                }
                reader.Offset = beginOffset;
                Instructions  = new Instruction[n];
                for (var i = 0; i < n; i++)
                {
                    Instructions[i].Read(ctxt, reader, beginOffset, resolveRow);
                }
            }

            while (more)
            {
                more = ReadMethodDataSection(ctxt, reader, resolveRow);
            }
        }