public ImageSectionHeaderVM(HexBuffer buffer, PeSectionData section)
: base(section.Span)
{
Name = section.Name;
NameVM = new StringHexField(section.SectionName);
VirtualSizeVM = new UInt32HexField(section.VirtualSize);
VirtualAddressVM = new UInt32HexField(section.VirtualAddress);
SizeOfRawDataVM = new UInt32HexField(section.SizeOfRawData);
PointerToRawDataVM = new UInt32HexField(section.PointerToRawData);
PointerToRelocationsVM = new UInt32HexField(section.PointerToRelocations);
PointerToLinenumbersVM = new UInt32HexField(section.PointerToLinenumbers);
NumberOfRelocationsVM = new UInt16HexField(section.NumberOfRelocations);
NumberOfLinenumbersVM = new UInt16HexField(section.NumberOfLinenumbers);
CharacteristicsVM = new UInt32FlagsHexField(section.Characteristics);
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_DSECT", 0));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_NOLOAD", 1));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_GROUP", 2));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_NO_PAD", 3));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_COPY", 4));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_CODE", 5));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_INITIALIZED_DATA", 6));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_UNINITIALIZED_DATA", 7));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_OTHER", 8));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_INFO", 9));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_OVER", 10));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_REMOVE", 11));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_COMDAT", 12));
CharacteristicsVM.Add(new BooleanHexBitField("RESERVED", 13));
CharacteristicsVM.Add(new BooleanHexBitField("NO_DEFER_SPEC_EXC", 14));
CharacteristicsVM.Add(new BooleanHexBitField("GPREL", 15));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_SYSHEAP", 16));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_PURGEABLE", 17));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_LOCKED", 18));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_PRELOAD", 19));
CharacteristicsVM.Add(new IntegerHexBitField("Alignment", 20, 4, AlignInfos));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_NRELOC_OVFL", 24));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_DISCARDABLE", 25));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_NOT_CACHED", 26));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_NOT_PAGED", 27));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_SHARED", 28));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_EXECUTE", 29));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_READ", 30));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_WRITE", 31));
hexFields = new HexField[] {
NameVM,
VirtualSizeVM,
VirtualAddressVM,
SizeOfRawDataVM,
PointerToRawDataVM,
PointerToRelocationsVM,
PointerToLinenumbersVM,
NumberOfRelocationsVM,
NumberOfLinenumbersVM,
CharacteristicsVM,
};
}
public ImageSectionHeaderVM(HexBuffer buffer, HexPosition startOffset) {
NameVM = new StringHexField(buffer, Name, "Name", startOffset + 0, Encoding.UTF8, 8);
VirtualSizeVM = new UInt32HexField(buffer, Name, "VirtualSize", startOffset + 8);
VirtualAddressVM = new UInt32HexField(buffer, Name, "VirtualAddress", startOffset + 0x0C);
SizeOfRawDataVM = new UInt32HexField(buffer, Name, "SizeOfRawData", startOffset + 0x10);
PointerToRawDataVM = new UInt32HexField(buffer, Name, "PointerToRawData", startOffset + 0x14);
PointerToRelocationsVM = new UInt32HexField(buffer, Name, "PointerToRelocations", startOffset + 0x18);
PointerToLinenumbersVM = new UInt32HexField(buffer, Name, "PointerToLinenumbers", startOffset + 0x1C);
NumberOfRelocationsVM = new UInt16HexField(buffer, Name, "NumberOfRelocations", startOffset + 0x20);
NumberOfLinenumbersVM = new UInt16HexField(buffer, Name, "NumberOfLinenumbers", startOffset + 0x22);
CharacteristicsVM = new UInt32FlagsHexField(buffer, Name, "Characteristics", startOffset + 0x24);
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_DSECT", 0));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_NOLOAD", 1));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_GROUP", 2));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_NO_PAD", 3));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_COPY", 4));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_CODE", 5));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_INITIALIZED_DATA", 6));
CharacteristicsVM.Add(new BooleanHexBitField("CNT_UNINITIALIZED_DATA", 7));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_OTHER", 8));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_INFO", 9));
CharacteristicsVM.Add(new BooleanHexBitField("TYPE_OVER", 10));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_REMOVE", 11));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_COMDAT", 12));
CharacteristicsVM.Add(new BooleanHexBitField("RESERVED", 13));
CharacteristicsVM.Add(new BooleanHexBitField("NO_DEFER_SPEC_EXC", 14));
CharacteristicsVM.Add(new BooleanHexBitField("GPREL", 15));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_SYSHEAP", 16));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_PURGEABLE", 17));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_LOCKED", 18));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_PRELOAD", 19));
CharacteristicsVM.Add(new IntegerHexBitField("Alignment", 20, 4, AlignInfos));
CharacteristicsVM.Add(new BooleanHexBitField("LNK_NRELOC_OVFL", 24));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_DISCARDABLE", 25));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_NOT_CACHED", 26));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_NOT_PAGED", 27));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_SHARED", 28));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_EXECUTE", 29));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_READ", 30));
CharacteristicsVM.Add(new BooleanHexBitField("MEM_WRITE", 31));
hexFields = new HexField[] {
NameVM,
VirtualSizeVM,
VirtualAddressVM,
SizeOfRawDataVM,
PointerToRawDataVM,
PointerToRelocationsVM,
PointerToLinenumbersVM,
NumberOfRelocationsVM,
NumberOfLinenumbersVM,
CharacteristicsVM,
};
}
public StorageHeaderVM(HexBuffer buffer, HexPosition startOffset) {
FFlagsVM = new ByteFlagsHexField(buffer, Name, "fFlags", startOffset + 0);
FFlagsVM.Add(new BooleanHexBitField("ExtraData", 0));
PadVM = new ByteHexField(buffer, Name, "pad", startOffset + 1);
IStreamsVM = new UInt16HexField(buffer, Name, "iStreams", startOffset + 2);
hexFields = new HexField[] {
FFlagsVM,
PadVM,
IStreamsVM,
};
}
public StorageHeaderVM(HexBuffer buffer, DotNetMetadataHeaderData mdHeader)
: base(HexSpan.FromBounds(mdHeader.Flags.Data.Span.Start, mdHeader.StreamCount.Data.Span.End))
{
FFlagsVM = new ByteFlagsHexField(mdHeader.Flags);
FFlagsVM.Add(new BooleanHexBitField(mdHeader.ExtraData.Name, 0));
PadVM = new ByteHexField(mdHeader.Pad);
IStreamsVM = new UInt16HexField(mdHeader.StreamCount);
hexFields = new HexField[] {
FFlagsVM,
PadVM,
IStreamsVM,
};
}
public ImageCor20HeaderVM(HexBuffer buffer, DotNetCor20Data cor20)
: base(cor20.Span)
{
Name = cor20.Name;
CbVM = new UInt32HexField(cor20.Cb);
MajorRuntimeVersionVM = new UInt16HexField(cor20.MajorRuntimeVersion, true);
MinorRuntimeVersionVM = new UInt16HexField(cor20.MinorRuntimeVersion, true);
MetaDataVM = new DataDirectoryVM(cor20.MetaData);
FlagsVM = new UInt32FlagsHexField(cor20.Flags);
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_IL_Only, 0));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_32BitReqd, 1));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_ILLibrary, 2));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_StrongNameSigned, 3));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_NativeEntryPoint, 4));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_TrackDebugData, 16));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_32BitPref, 17));
EntryPointTokenRVAVM = new UInt32HexField(cor20.EntryPointTokenOrRVA);
ResourcesVM = new DataDirectoryVM(cor20.Resources);
StrongNameSignatureVM = new DataDirectoryVM(cor20.StrongNameSignature);
CodeManagerTableVM = new DataDirectoryVM(cor20.CodeManagerTable);
VTableFixupsVM = new DataDirectoryVM(cor20.VTableFixups);
ExportAddressTableJumpsVM = new DataDirectoryVM(cor20.ExportAddressTableJumps);
ManagedNativeHeaderVM = new DataDirectoryVM(cor20.ManagedNativeHeader);
hexFields = new HexField[] {
CbVM,
MajorRuntimeVersionVM,
MinorRuntimeVersionVM,
MetaDataVM.RVAVM,
MetaDataVM.SizeVM,
FlagsVM,
EntryPointTokenRVAVM,
ResourcesVM.RVAVM,
ResourcesVM.SizeVM,
StrongNameSignatureVM.RVAVM,
StrongNameSignatureVM.SizeVM,
CodeManagerTableVM.RVAVM,
CodeManagerTableVM.SizeVM,
VTableFixupsVM.RVAVM,
VTableFixupsVM.SizeVM,
ExportAddressTableJumpsVM.RVAVM,
ExportAddressTableJumpsVM.SizeVM,
ManagedNativeHeaderVM.RVAVM,
ManagedNativeHeaderVM.SizeVM,
};
}
public StorageSignatureVM(HexBuffer buffer, HexPosition startOffset, int stringLen) {
LSignatureVM = new UInt32HexField(buffer, Name, "lSignature", startOffset + 0);
IMajorVerVM = new UInt16HexField(buffer, Name, "iMajorVer", startOffset + 4, true);
IMinorVerVM = new UInt16HexField(buffer, Name, "iMinorVer", startOffset + 6, true);
IExtraDataVM = new UInt32HexField(buffer, Name, "iExtraData", startOffset + 8);
IVersionStringVM = new UInt32HexField(buffer, Name, "iVersionString", startOffset + 0x0C);
VersionStringVM = new StringHexField(buffer, Name, "VersionString", startOffset + 0x10, Encoding.UTF8, stringLen);
hexFields = new HexField[] {
LSignatureVM,
IMajorVerVM,
IMinorVerVM,
IExtraDataVM,
IVersionStringVM,
VersionStringVM,
};
}
public StorageSignatureVM(HexBuffer buffer, DotNetMetadataHeaderData mdHeader)
: base(HexSpan.FromBounds(mdHeader.Span.Start, mdHeader.VersionString.Data.Span.End))
{
LSignatureVM = new UInt32HexField(mdHeader.Signature);
IMajorVerVM = new UInt16HexField(mdHeader.MajorVersion, true);
IMinorVerVM = new UInt16HexField(mdHeader.MinorVersion, true);
IExtraDataVM = new UInt32HexField(mdHeader.ExtraData);
IVersionStringVM = new UInt32HexField(mdHeader.VersionStringCount);
VersionStringVM = new StringHexField(mdHeader.VersionString);
hexFields = new HexField[] {
LSignatureVM,
IMajorVerVM,
IMinorVerVM,
IExtraDataVM,
IVersionStringVM,
VersionStringVM,
};
}
public ImageCor20HeaderVM(HexBuffer buffer, HexPosition startOffset) {
CbVM = new UInt32HexField(buffer, Name, "cb", startOffset + 0);
MajorRuntimeVersionVM = new UInt16HexField(buffer, Name, "MajorRuntimeVersion", startOffset + 4, true);
MinorRuntimeVersionVM = new UInt16HexField(buffer, Name, "MinorRuntimeVersion", startOffset + 6, true);
MetaDataVM = new DataDirVM(buffer, Name, "MetaData", startOffset + 8);
FlagsVM = new UInt32FlagsHexField(buffer, Name, "Flags", startOffset + 0x10);
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_IL_Only, 0));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_32BitReqd, 1));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_ILLibrary, 2));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_StrongNameSigned, 3));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_NativeEntryPoint, 4));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_TrackDebugData, 16));
FlagsVM.Add(new BooleanHexBitField(dnSpy_AsmEditor_Resources.HexNode_Cor20Header_Flags_32BitPref, 17));
EntryPointTokenRVAVM = new UInt32HexField(buffer, Name, "EntryPoint Token/RVA", startOffset + 0x14);
ResourcesVM = new DataDirVM(buffer, Name, "Resources", startOffset + 0x18);
StrongNameSignatureVM = new DataDirVM(buffer, Name, "StrongNameSignature", startOffset + 0x20);
CodeManagerTableVM = new DataDirVM(buffer, Name, "CodeManagerTable", startOffset + 0x28);
VTableFixupsVM = new DataDirVM(buffer, Name, "VTableFixups", startOffset + 0x30);
ExportAddressTableJumpsVM = new DataDirVM(buffer, Name, "ExportAddressTableJumps", startOffset + 0x38);
ManagedNativeHeaderVM = new DataDirVM(buffer, Name, "ManagedNativeHeader", startOffset + 0x40);
hexFields = new HexField[] {
CbVM,
MajorRuntimeVersionVM,
MinorRuntimeVersionVM,
MetaDataVM.RVAVM,
MetaDataVM.SizeVM,
FlagsVM,
EntryPointTokenRVAVM,
ResourcesVM.RVAVM,
ResourcesVM.SizeVM,
StrongNameSignatureVM.RVAVM,
StrongNameSignatureVM.SizeVM,
CodeManagerTableVM.RVAVM,
CodeManagerTableVM.SizeVM,
VTableFixupsVM.RVAVM,
VTableFixupsVM.SizeVM,
ExportAddressTableJumpsVM.RVAVM,
ExportAddressTableJumpsVM.SizeVM,
ManagedNativeHeaderVM.RVAVM,
ManagedNativeHeaderVM.SizeVM,
};
}
public ImageFileHeaderVM(HexBuffer buffer, PeFileHeaderData fileHeader)
: base(fileHeader.Span)
{
Name = fileHeader.Name;
MachineVM = new UInt16FlagsHexField(fileHeader.Machine);
MachineVM.Add(new IntegerHexBitField(fileHeader.Machine.Name, 0, 16, MachineInfos));
NumberOfSectionsVM = new UInt16HexField(fileHeader.NumberOfSections);
TimeDateStampVM = new UInt32HexField(fileHeader.TimeDateStamp.Data, fileHeader.TimeDateStamp.Name);
TimeDateStampVM.DataFieldVM.PropertyChanged += (s, e) => OnPropertyChanged(nameof(TimeDateStampString));
PointerToSymbolTableVM = new UInt32HexField(fileHeader.PointerToSymbolTable);
NumberOfSymbolsVM = new UInt32HexField(fileHeader.NumberOfSymbols);
SizeOfOptionalHeaderVM = new UInt16HexField(fileHeader.SizeOfOptionalHeader);
CharacteristicsVM = new UInt16FlagsHexField(fileHeader.Characteristics);
CharacteristicsVM.Add(new BooleanHexBitField("Relocs Stripped", 0));
CharacteristicsVM.Add(new BooleanHexBitField("Executable Image", 1));
CharacteristicsVM.Add(new BooleanHexBitField("Line Nums Stripped", 2));
CharacteristicsVM.Add(new BooleanHexBitField("Local Syms Stripped", 3));
CharacteristicsVM.Add(new BooleanHexBitField("Aggressive WS Trim", 4));
CharacteristicsVM.Add(new BooleanHexBitField("Large Address Aware", 5));
CharacteristicsVM.Add(new BooleanHexBitField("Reserved 0040h", 6));
CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Lo", 7));
CharacteristicsVM.Add(new BooleanHexBitField("32-Bit Machine", 8));
CharacteristicsVM.Add(new BooleanHexBitField("Debug Stripped", 9));
CharacteristicsVM.Add(new BooleanHexBitField("Removable Run From Swap", 10));
CharacteristicsVM.Add(new BooleanHexBitField("Net Run From Swap", 11));
CharacteristicsVM.Add(new BooleanHexBitField("System", 12));
CharacteristicsVM.Add(new BooleanHexBitField("Dll", 13));
CharacteristicsVM.Add(new BooleanHexBitField("Up System Only", 14));
CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Hi", 15));
hexFields = new HexField[] {
MachineVM,
NumberOfSectionsVM,
TimeDateStampVM,
PointerToSymbolTableVM,
NumberOfSymbolsVM,
SizeOfOptionalHeaderVM,
CharacteristicsVM,
};
}
protected ImageOptionalHeaderVM(HexBuffer buffer, PeOptionalHeaderData optionalHeader)
: base(optionalHeader.Span)
{
hexFields = null !;
MagicVM = new UInt16HexField(optionalHeader.Magic);
MajorLinkerVersionVM = new ByteHexField(optionalHeader.MajorLinkerVersion, true);
MinorLinkerVersionVM = new ByteHexField(optionalHeader.MinorLinkerVersion, true);
SizeOfCodeVM = new UInt32HexField(optionalHeader.SizeOfCode);
SizeOfInitializedDataVM = new UInt32HexField(optionalHeader.SizeOfInitializedData);
SizeOfUninitializedDataVM = new UInt32HexField(optionalHeader.SizeOfUninitializedData);
AddressOfEntryPointVM = new UInt32HexField(optionalHeader.AddressOfEntryPoint);
BaseOfCodeVM = new UInt32HexField(optionalHeader.BaseOfCode);
SectionAlignmentVM = new UInt32HexField(optionalHeader.SectionAlignment);
FileAlignmentVM = new UInt32HexField(optionalHeader.FileAlignment);
MajorOperatingSystemVersionVM = new UInt16HexField(optionalHeader.MajorOperatingSystemVersion, true);
MinorOperatingSystemVersionVM = new UInt16HexField(optionalHeader.MinorOperatingSystemVersion, true);
MajorImageVersionVM = new UInt16HexField(optionalHeader.MajorImageVersion, true);
MinorImageVersionVM = new UInt16HexField(optionalHeader.MinorImageVersion, true);
MajorSubsystemVersionVM = new UInt16HexField(optionalHeader.MajorSubsystemVersion, true);
MinorSubsystemVersionVM = new UInt16HexField(optionalHeader.MinorSubsystemVersion, true);
Win32VersionValueVM = new UInt32HexField(optionalHeader.Win32VersionValue, true);
SizeOfImageVM = new UInt32HexField(optionalHeader.SizeOfImage);
SizeOfHeadersVM = new UInt32HexField(optionalHeader.SizeOfHeaders);
CheckSumVM = new UInt32HexField(optionalHeader.CheckSum);
SubsystemVM = new UInt16FlagsHexField(optionalHeader.Subsystem);
SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
DllCharacteristicsVM = new UInt16FlagsHexField(optionalHeader.DllCharacteristics);
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
LoaderFlagsVM = new UInt32HexField(optionalHeader.LoaderFlags);
NumberOfRvaAndSizesVM = new UInt32HexField(optionalHeader.NumberOfRvaAndSizes);
DataDir0VM = Create(optionalHeader, 0, "Export");
DataDir1VM = Create(optionalHeader, 1, "Import");
DataDir2VM = Create(optionalHeader, 2, "Resource");
DataDir3VM = Create(optionalHeader, 3, "Exception");
DataDir4VM = Create(optionalHeader, 4, "Security");
DataDir5VM = Create(optionalHeader, 5, "Base Reloc");
DataDir6VM = Create(optionalHeader, 6, "Debug");
DataDir7VM = Create(optionalHeader, 7, "Architecture");
DataDir8VM = Create(optionalHeader, 8, "Global Ptr");
DataDir9VM = Create(optionalHeader, 9, "TLS");
DataDir10VM = Create(optionalHeader, 10, "Load Config");
DataDir11VM = Create(optionalHeader, 11, "Bound Import");
DataDir12VM = Create(optionalHeader, 12, "IAT");
DataDir13VM = Create(optionalHeader, 13, "Delay Import");
DataDir14VM = Create(optionalHeader, 14, ".NET");
DataDir15VM = Create(optionalHeader, 15, "Reserved15");
}
protected ImageOptionalHeaderVM(HexBuffer buffer, HexPosition startOffset, HexPosition endOffset, ulong offs1, ulong offs2) {
MagicVM = new UInt16HexField(buffer, Name, "Magic", startOffset + 0);
MajorLinkerVersionVM = new ByteHexField(buffer, Name, "MajorLinkerVersion", startOffset + 2, true);
MinorLinkerVersionVM = new ByteHexField(buffer, Name, "MinorLinkerVersion", startOffset + 3, true);
SizeOfCodeVM = new UInt32HexField(buffer, Name, "SizeOfCode", startOffset + 4);
SizeOfInitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfInitializedData", startOffset + 8);
SizeOfUninitializedDataVM = new UInt32HexField(buffer, Name, "SizeOfUninitializedData", startOffset + 0x0C);
AddressOfEntryPointVM = new UInt32HexField(buffer, Name, "AddressOfEntryPoint", startOffset + 0x10);
BaseOfCodeVM = new UInt32HexField(buffer, Name, "BaseOfCode", startOffset + 0x14);
SectionAlignmentVM = new UInt32HexField(buffer, Name, "SectionAlignment", startOffset + offs1 + 0);
FileAlignmentVM = new UInt32HexField(buffer, Name, "FileAlignment", startOffset + offs1 + 4);
MajorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MajorOperatingSystemVersion", startOffset + offs1 + 8, true);
MinorOperatingSystemVersionVM = new UInt16HexField(buffer, Name, "MinorOperatingSystemVersion", startOffset + offs1 + 0x0A, true);
MajorImageVersionVM = new UInt16HexField(buffer, Name, "MajorImageVersion", startOffset + offs1 + 0x0C, true);
MinorImageVersionVM = new UInt16HexField(buffer, Name, "MinorImageVersion", startOffset + offs1 + 0x0E, true);
MajorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MajorSubsystemVersion", startOffset + offs1 + 0x10, true);
MinorSubsystemVersionVM = new UInt16HexField(buffer, Name, "MinorSubsystemVersion", startOffset + offs1 + 0x12, true);
Win32VersionValueVM = new UInt32HexField(buffer, Name, "Win32VersionValue", startOffset + offs1 + 0x14, true);
SizeOfImageVM = new UInt32HexField(buffer, Name, "SizeOfImage", startOffset + offs1 + 0x18);
SizeOfHeadersVM = new UInt32HexField(buffer, Name, "SizeOfHeaders", startOffset + offs1 + 0x1C);
CheckSumVM = new UInt32HexField(buffer, Name, "CheckSum", startOffset + offs1 + 0x20);
SubsystemVM = new UInt16FlagsHexField(buffer, Name, "Subsystem", startOffset + offs1 + 0x24);
SubsystemVM.Add(new IntegerHexBitField("Subsystem", 0, 16, SubsystemInfos));
DllCharacteristicsVM = new UInt16FlagsHexField(buffer, Name, "DllCharacteristics", startOffset + offs1 + 0x26);
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved1", 0));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved2", 1));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved3", 2));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved4", 3));
DllCharacteristicsVM.Add(new BooleanHexBitField("Reserved5", 4));
DllCharacteristicsVM.Add(new BooleanHexBitField("High Entropy VA", 5));
DllCharacteristicsVM.Add(new BooleanHexBitField("Dynamic Base", 6));
DllCharacteristicsVM.Add(new BooleanHexBitField("Force Integrity", 7));
DllCharacteristicsVM.Add(new BooleanHexBitField("NX Compat", 8));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Isolation", 9));
DllCharacteristicsVM.Add(new BooleanHexBitField("No SEH", 10));
DllCharacteristicsVM.Add(new BooleanHexBitField("No Bind", 11));
DllCharacteristicsVM.Add(new BooleanHexBitField("AppContainer", 12));
DllCharacteristicsVM.Add(new BooleanHexBitField("WDM Driver", 13));
DllCharacteristicsVM.Add(new BooleanHexBitField("Guard CF", 14));
DllCharacteristicsVM.Add(new BooleanHexBitField("Terminal Server Aware", 15));
LoaderFlagsVM = new UInt32HexField(buffer, Name, "LoaderFlags", startOffset + offs2 + 0);
NumberOfRvaAndSizesVM = new UInt32HexField(buffer, Name, "NumberOfRvaAndSizes", startOffset + offs2 + 4);
ulong doffs = offs2 + 8;
DataDir0VM = new DataDirVM(buffer, Name, "Export", startOffset + doffs + 0);
DataDir1VM = new DataDirVM(buffer, Name, "Import", startOffset + doffs + 8);
DataDir2VM = new DataDirVM(buffer, Name, "Resource", startOffset + doffs + 0x10);
DataDir3VM = new DataDirVM(buffer, Name, "Exception", startOffset + doffs + 0x18);
DataDir4VM = new DataDirVM(buffer, Name, "Security", startOffset + doffs + 0x20);
DataDir5VM = new DataDirVM(buffer, Name, "Base Reloc", startOffset + doffs + 0x28);
DataDir6VM = new DataDirVM(buffer, Name, "Debug", startOffset + doffs + 0x30);
DataDir7VM = new DataDirVM(buffer, Name, "Architecture", startOffset + doffs + 0x38);
DataDir8VM = new DataDirVM(buffer, Name, "Global Ptr", startOffset + doffs + 0x40);
DataDir9VM = new DataDirVM(buffer, Name, "TLS", startOffset + doffs + 0x48);
DataDir10VM = new DataDirVM(buffer, Name, "Load Config", startOffset + doffs + 0x50);
DataDir11VM = new DataDirVM(buffer, Name, "Bound Import", startOffset + doffs + 0x58);
DataDir12VM = new DataDirVM(buffer, Name, "IAT", startOffset + doffs + 0x60);
DataDir13VM = new DataDirVM(buffer, Name, "Delay Import", startOffset + doffs + 0x68);
DataDir14VM = new DataDirVM(buffer, Name, ".NET", startOffset + doffs + 0x70);
DataDir15VM = new DataDirVM(buffer, Name, "Reserved15", startOffset + doffs + 0x78);
}
public ImageDosHeaderVM(HexBuffer buffer, HexPosition startOffset) {
MagicVM = new UInt16HexField(buffer, Name, "e_magic", startOffset + 0);
CblpVM = new UInt16HexField(buffer, Name, "e_cblp", startOffset + 2);
CpVM = new UInt16HexField(buffer, Name, "e_cp", startOffset + 4);
CrlcVM = new UInt16HexField(buffer, Name, "e_crlc", startOffset + 6);
CparhdrVM = new UInt16HexField(buffer, Name, "e_cparhdr", startOffset + 8);
MinallocVM = new UInt16HexField(buffer, Name, "e_minalloc", startOffset + 0x0A);
MaxallocVM = new UInt16HexField(buffer, Name, "e_maxalloc", startOffset + 0x0C);
SsVM = new UInt16HexField(buffer, Name, "e_ss", startOffset + 0x0E);
SpVM = new UInt16HexField(buffer, Name, "e_sp", startOffset + 0x10);
CsumVM = new UInt16HexField(buffer, Name, "e_csum", startOffset + 0x12);
IpVM = new UInt16HexField(buffer, Name, "e_ip", startOffset + 0x14);
CsVM = new UInt16HexField(buffer, Name, "e_cs", startOffset + 0x16);
LfarlcVM = new UInt16HexField(buffer, Name, "e_lfarlc", startOffset + 0x18);
OvnoVM = new UInt16HexField(buffer, Name, "e_ovno", startOffset + 0x1A);
Res_0VM = new UInt16HexField(buffer, Name, "e_res[0]", startOffset + 0x1C);
Res_1VM = new UInt16HexField(buffer, Name, "e_res[1]", startOffset + 0x1E);
Res_2VM = new UInt16HexField(buffer, Name, "e_res[2]", startOffset + 0x20);
Res_3VM = new UInt16HexField(buffer, Name, "e_res[3]", startOffset + 0x22);
OemidVM = new UInt16HexField(buffer, Name, "e_oemid", startOffset + 0x24);
OeminfoVM = new UInt16HexField(buffer, Name, "e_oeminfo", startOffset + 0x26);
Res2_0VM = new UInt16HexField(buffer, Name, "e_res2[0]", startOffset + 0x28);
Res2_1VM = new UInt16HexField(buffer, Name, "e_res2[1]", startOffset + 0x2A);
Res2_2VM = new UInt16HexField(buffer, Name, "e_res2[2]", startOffset + 0x2C);
Res2_3VM = new UInt16HexField(buffer, Name, "e_res2[3]", startOffset + 0x2E);
Res2_4VM = new UInt16HexField(buffer, Name, "e_res2[4]", startOffset + 0x30);
Res2_5VM = new UInt16HexField(buffer, Name, "e_res2[5]", startOffset + 0x32);
Res2_6VM = new UInt16HexField(buffer, Name, "e_res2[6]", startOffset + 0x34);
Res2_7VM = new UInt16HexField(buffer, Name, "e_res2[7]", startOffset + 0x36);
Res2_8VM = new UInt16HexField(buffer, Name, "e_res2[8]", startOffset + 0x38);
Res2_9VM = new UInt16HexField(buffer, Name, "e_res2[9]", startOffset + 0x3A);
LfanewVM = new Int32HexField(buffer, Name, "e_lfanew", startOffset + 0x3C);
hexFields = new HexField[] {
MagicVM,
CblpVM,
CpVM,
CrlcVM,
CparhdrVM,
MinallocVM,
MaxallocVM,
SsVM,
SpVM,
CsumVM,
IpVM,
CsVM,
LfarlcVM,
OvnoVM,
Res_0VM,
Res_1VM,
Res_2VM,
Res_3VM,
OemidVM,
OeminfoVM,
Res2_0VM,
Res2_1VM,
Res2_2VM,
Res2_3VM,
Res2_4VM,
Res2_5VM,
Res2_6VM,
Res2_7VM,
Res2_8VM,
Res2_9VM,
LfanewVM,
};
}
public ImageDosHeaderVM(HexBuffer buffer, PeDosHeaderData dosHeader)
: base(dosHeader.Span.Span)
{
Name = dosHeader.Name;
MagicVM = new UInt16HexField(dosHeader.Magic);
CblpVM = new UInt16HexField(dosHeader.Cblp);
CpVM = new UInt16HexField(dosHeader.Cp);
CrlcVM = new UInt16HexField(dosHeader.Crlc);
CparhdrVM = new UInt16HexField(dosHeader.Cparhdr);
MinallocVM = new UInt16HexField(dosHeader.Minalloc);
MaxallocVM = new UInt16HexField(dosHeader.Maxalloc);
SsVM = new UInt16HexField(dosHeader.Ss);
SpVM = new UInt16HexField(dosHeader.Sp);
CsumVM = new UInt16HexField(dosHeader.Csum);
IpVM = new UInt16HexField(dosHeader.Ip);
CsVM = new UInt16HexField(dosHeader.Cs);
LfarlcVM = new UInt16HexField(dosHeader.Lfarlc);
OvnoVM = new UInt16HexField(dosHeader.Ovno);
Res_0VM = new UInt16HexField(dosHeader.Res.Data[0].Data, dosHeader.Res.Name + "[0]");
Res_1VM = new UInt16HexField(dosHeader.Res.Data[1].Data, dosHeader.Res.Name + "[1]");
Res_2VM = new UInt16HexField(dosHeader.Res.Data[2].Data, dosHeader.Res.Name + "[2]");
Res_3VM = new UInt16HexField(dosHeader.Res.Data[3].Data, dosHeader.Res.Name + "[3]");
OemidVM = new UInt16HexField(dosHeader.Oemid);
OeminfoVM = new UInt16HexField(dosHeader.Oeminfo);
Res2_0VM = new UInt16HexField(dosHeader.Res2.Data[0].Data, dosHeader.Res2.Name + "[0]");
Res2_1VM = new UInt16HexField(dosHeader.Res2.Data[1].Data, dosHeader.Res2.Name + "[1]");
Res2_2VM = new UInt16HexField(dosHeader.Res2.Data[2].Data, dosHeader.Res2.Name + "[2]");
Res2_3VM = new UInt16HexField(dosHeader.Res2.Data[3].Data, dosHeader.Res2.Name + "[3]");
Res2_4VM = new UInt16HexField(dosHeader.Res2.Data[4].Data, dosHeader.Res2.Name + "[4]");
Res2_5VM = new UInt16HexField(dosHeader.Res2.Data[5].Data, dosHeader.Res2.Name + "[5]");
Res2_6VM = new UInt16HexField(dosHeader.Res2.Data[6].Data, dosHeader.Res2.Name + "[6]");
Res2_7VM = new UInt16HexField(dosHeader.Res2.Data[7].Data, dosHeader.Res2.Name + "[7]");
Res2_8VM = new UInt16HexField(dosHeader.Res2.Data[8].Data, dosHeader.Res2.Name + "[8]");
Res2_9VM = new UInt16HexField(dosHeader.Res2.Data[9].Data, dosHeader.Res2.Name + "[9]");
LfanewVM = new UInt32HexField(dosHeader.Lfanew);
hexFields = new HexField[] {
MagicVM,
CblpVM,
CpVM,
CrlcVM,
CparhdrVM,
MinallocVM,
MaxallocVM,
SsVM,
SpVM,
CsumVM,
IpVM,
CsVM,
LfarlcVM,
OvnoVM,
Res_0VM,
Res_1VM,
Res_2VM,
Res_3VM,
OemidVM,
OeminfoVM,
Res2_0VM,
Res2_1VM,
Res2_2VM,
Res2_3VM,
Res2_4VM,
Res2_5VM,
Res2_6VM,
Res2_7VM,
Res2_8VM,
Res2_9VM,
LfanewVM,
};
}
public ImageFileHeaderVM(HexBuffer buffer, HexPosition startOffset) {
MachineVM = new UInt16FlagsHexField(buffer, Name, "Machine", startOffset + 0);
MachineVM.Add(new IntegerHexBitField("Machine", 0, 16, MachineInfos));
NumberOfSectionsVM = new UInt16HexField(buffer, Name, "NumberOfSections", startOffset + 2);
TimeDateStampVM = new UInt32HexField(buffer, Name, "TimeDateStamp", startOffset + 4);
TimeDateStampVM.DataFieldVM.PropertyChanged += (s, e) => OnPropertyChanged(nameof(TimeDateStampString));
PointerToSymbolTableVM = new UInt32HexField(buffer, Name, "PointerToSymbolTable", startOffset + 8);
NumberOfSymbolsVM = new UInt32HexField(buffer, Name, "NumberOfSymbols", startOffset + 0x0C);
SizeOfOptionalHeaderVM = new UInt16HexField(buffer, Name, "SizeOfOptionalHeader", startOffset + 0x10);
CharacteristicsVM = new UInt16FlagsHexField(buffer, Name, "Characteristics", startOffset + 0x12);
CharacteristicsVM.Add(new BooleanHexBitField("Relocs Stripped", 0));
CharacteristicsVM.Add(new BooleanHexBitField("Executable Image", 1));
CharacteristicsVM.Add(new BooleanHexBitField("Line Nums Stripped", 2));
CharacteristicsVM.Add(new BooleanHexBitField("Local Syms Stripped", 3));
CharacteristicsVM.Add(new BooleanHexBitField("Aggressive WS Trim", 4));
CharacteristicsVM.Add(new BooleanHexBitField("Large Address Aware", 5));
CharacteristicsVM.Add(new BooleanHexBitField("Reserved 0040h", 6));
CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Lo", 7));
CharacteristicsVM.Add(new BooleanHexBitField("32-Bit Machine", 8));
CharacteristicsVM.Add(new BooleanHexBitField("Debug Stripped", 9));
CharacteristicsVM.Add(new BooleanHexBitField("Removable Run From Swap", 10));
CharacteristicsVM.Add(new BooleanHexBitField("Net Run From Swap", 11));
CharacteristicsVM.Add(new BooleanHexBitField("System", 12));
CharacteristicsVM.Add(new BooleanHexBitField("Dll", 13));
CharacteristicsVM.Add(new BooleanHexBitField("Up System Only", 14));
CharacteristicsVM.Add(new BooleanHexBitField("Bytes Reversed Hi", 15));
hexFields = new HexField[] {
MachineVM,
NumberOfSectionsVM,
TimeDateStampVM,
PointerToSymbolTableVM,
NumberOfSymbolsVM,
SizeOfOptionalHeaderVM,
CharacteristicsVM,
};
}
