/// <summary> /// Reads a windows assembly image from the specified file path. /// </summary> /// <param name="filePath">The file path to the assembly to read.</param> /// <returns>The assembly that was read.</returns> protected virtual WindowsAssembly ReadAssembly(string filePath) { var windowsAssembly = WindowsAssembly.FromBytes(File.ReadAllBytes(filePath), new ReadingParameters()); windowsAssembly.NetDirectory.MetadataHeader.LockMetadata(); return(windowsAssembly); }
/// <summary> /// Initializes the PEReader using a byte-array of a given PE /// </summary> /// <param name="fileBytes">PE's byte-array</param> public PEReader(byte[] fileBytes) { log.Log(LogType.Normal, "PE read using file-bytes..."); try { wasm = WindowsAssembly.FromBytes(fileBytes); } catch (Exception e) { log.Log(e, "Exception on loading file"); } }
public void PersistentVTables() { var assembly = CreateTempAssembly(); var header = assembly.NetDirectory.MetadataHeader; var importer = new ReferenceImporter(header.Image); var type = new TypeDefinition(null, "SomeType", TypeAttributes.Public, importer.ImportType(typeof(object))); for (int i = 0; i < 10; i++) { var method = new MethodDefinition("Method" + i, MethodAttributes.Public | MethodAttributes.Virtual, new MethodSignature(header.Image.TypeSystem.Void)); method.MethodBody = new CilMethodBody(method) { Instructions = { CilInstruction.Create(CilOpCodes.Ret) } }; type.Methods.Add(method); } header.Image.Assembly.Modules[0].TopLevelTypes.Add(type); var mapping = header.UnlockMetadata(); var directory = new VTablesDirectory(); var vTableHeader = new VTableHeader() { Attributes = VTableAttributes.Is32Bit, }; foreach (var method in type.Methods) { vTableHeader.Table.Add(header.GetStream <TableStream>().ResolveRow(mapping[method])); } directory.VTableHeaders.Add(vTableHeader); assembly.NetDirectory.VTablesDirectory = directory; using (var stream = new MemoryStream()) { assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly)); assembly = WindowsAssembly.FromBytes(stream.ToArray()); directory = assembly.NetDirectory.VTablesDirectory; Assert.NotNull(directory); Assert.Equal(1, directory.VTableHeaders.Count); Assert.Equal(type.Methods.Select(x => mapping[x]), directory.VTableHeaders[0].Table.Select(x => x.MetadataToken)); } }
public void UnmanagedMethod() { var assembly = WindowsAssembly.FromBytes(Properties.Resources.MixedModeApplication); var header = assembly.NetDirectory.MetadataHeader; var tableStream = header.GetStream<TableStream>(); var image = header.LockMetadata(); var moduleType = image.GetModuleType(); var unmanagedAdd = moduleType.Methods.First(m => m.Name == "add"); Assert.Null(unmanagedAdd.CilMethodBody); var row = tableStream.GetTable<MethodDefinitionTable>()[(int) (unmanagedAdd.MetadataToken.Rid - 1)]; Assert.NotNull(row.Column1); Assert.NotNull(assembly.GetSectionHeaderByFileOffset(row.Column1.StartOffset)); }
public void PersistentStrongName() { var strongNameData = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; var assembly = CreateTempAssembly(); assembly.NetDirectory.MetadataHeader.UnlockMetadata(); assembly.NetDirectory.StrongNameData = new DataSegment(strongNameData); using (var stream = new MemoryStream()) { assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly)); assembly = WindowsAssembly.FromBytes(stream.ToArray()); Assert.NotNull(assembly.NetDirectory.StrongNameData); Assert.Equal(strongNameData, assembly.NetDirectory.StrongNameData.Data); } }
public void PersistentNativeResources() { var contents = new byte[] { 0, 1, 2, 3, 4, 5, 6 }; var assembly = CreateTempAssembly(); assembly.NetDirectory.MetadataHeader.UnlockMetadata(); var rootDirectory = new ImageResourceDirectory(); rootDirectory.Entries.Add(new ImageResourceDirectoryEntry { ResourceType = ImageResourceDirectoryType.VersionInfo, SubDirectory = new ImageResourceDirectory { Entries = { new ImageResourceDirectoryEntry(1) { SubDirectory = new ImageResourceDirectory { Entries = { new ImageResourceDirectoryEntry { DataEntry = new ImageResourceDataEntry(contents) } } } } } } }); assembly.RootResourceDirectory = rootDirectory; using (var stream = new MemoryStream()) { assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly)); assembly = WindowsAssembly.FromBytes(stream.ToArray()); Utilities.ValidateResourceDirectory(rootDirectory, assembly.RootResourceDirectory); } }
public void PersistentManagedResource() { var contents = new byte[] { 0, 1, 2, 3, 4, 5, 6 }; var assembly = CreateTempAssembly(); var image = assembly.NetDirectory.MetadataHeader.Image; image.Assembly.Resources.Add(new ManifestResource("SomeResource", ManifestResourceAttributes.Public, contents)); assembly.NetDirectory.MetadataHeader.UnlockMetadata(); using (var stream = new MemoryStream()) { assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly)); assembly = WindowsAssembly.FromBytes(stream.ToArray()); image = assembly.NetDirectory.MetadataHeader.LockMetadata(); Assert.Single(image.Assembly.Resources); Assert.Equal(contents, image.Assembly.Resources[0].Data); } }
public void PersistentExports() { var assembly = CreateTempAssembly(); assembly.NetDirectory.MetadataHeader.UnlockMetadata(); var exportDirectory = new ImageExportDirectory { Name = "somefile.dll", OrdinalBase = 2, Exports = { new ImageSymbolExport(0x1234), new ImageSymbolExport(0x5678, "MyNamedExport1"), new ImageSymbolExport(0x9ABC), new ImageSymbolExport(0xDEF0, "MyNamedExport2"), } }; assembly.ExportDirectory = exportDirectory; using (var stream = new MemoryStream()) { assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly)); assembly = WindowsAssembly.FromBytes(stream.ToArray()); Assert.NotNull(assembly.ExportDirectory); Assert.Equal(exportDirectory.Name, assembly.ExportDirectory.Name); Assert.Equal(exportDirectory.Exports.Count, assembly.ExportDirectory.Exports.Count); for (int i = 0; i < assembly.ExportDirectory.Exports.Count; i++) { var original = exportDirectory.Exports[i]; var newExport = assembly.ExportDirectory.Exports[i]; Assert.Equal(original.Rva, newExport.Rva); Assert.Equal(original.Name, newExport.Name); } } }
/// <summary> /// Reads a windows assembly image from the specified file path. /// </summary> /// <param name="filePath">The file path to the assembly to read.</param> /// <returns>The assembly that was read.</returns> protected virtual WindowsAssembly ReadAssembly(string filePath) { return(WindowsAssembly.FromBytes(File.ReadAllBytes(filePath), new ReadingParameters())); }