/// <summary>
/// Reads a windows assembly image from the specified file path.
/// </summary>
/// <param name="filePath">The file path to the assembly to read.</param>
/// <returns>The assembly that was read.</returns>
protected virtual WindowsAssembly ReadAssembly(string filePath)
{
var windowsAssembly = WindowsAssembly.FromBytes(File.ReadAllBytes(filePath), new ReadingParameters());
windowsAssembly.NetDirectory.MetadataHeader.LockMetadata();
return(windowsAssembly);
}
/// <summary>
/// Initializes the PEReader using a byte-array of a given PE
/// </summary>
/// <param name="fileBytes">PE's byte-array</param>
public PEReader(byte[] fileBytes)
{
log.Log(LogType.Normal, "PE read using file-bytes...");
try
{
wasm = WindowsAssembly.FromBytes(fileBytes);
}
catch (Exception e)
{
log.Log(e, "Exception on loading file");
}
}
public void PersistentVTables()
{
var assembly = CreateTempAssembly();
var header = assembly.NetDirectory.MetadataHeader;
var importer = new ReferenceImporter(header.Image);
var type = new TypeDefinition(null, "SomeType", TypeAttributes.Public, importer.ImportType(typeof(object)));
for (int i = 0; i < 10; i++)
{
var method = new MethodDefinition("Method" + i, MethodAttributes.Public | MethodAttributes.Virtual,
new MethodSignature(header.Image.TypeSystem.Void));
method.MethodBody = new CilMethodBody(method)
{
Instructions = { CilInstruction.Create(CilOpCodes.Ret) }
};
type.Methods.Add(method);
}
header.Image.Assembly.Modules[0].TopLevelTypes.Add(type);
var mapping = header.UnlockMetadata();
var directory = new VTablesDirectory();
var vTableHeader = new VTableHeader()
{
Attributes = VTableAttributes.Is32Bit,
};
foreach (var method in type.Methods)
{
vTableHeader.Table.Add(header.GetStream <TableStream>().ResolveRow(mapping[method]));
}
directory.VTableHeaders.Add(vTableHeader);
assembly.NetDirectory.VTablesDirectory = directory;
using (var stream = new MemoryStream())
{
assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly));
assembly = WindowsAssembly.FromBytes(stream.ToArray());
directory = assembly.NetDirectory.VTablesDirectory;
Assert.NotNull(directory);
Assert.Equal(1, directory.VTableHeaders.Count);
Assert.Equal(type.Methods.Select(x => mapping[x]),
directory.VTableHeaders[0].Table.Select(x => x.MetadataToken));
}
}
public void UnmanagedMethod()
{
var assembly = WindowsAssembly.FromBytes(Properties.Resources.MixedModeApplication);
var header = assembly.NetDirectory.MetadataHeader;
var tableStream = header.GetStream<TableStream>();
var image = header.LockMetadata();
var moduleType = image.GetModuleType();
var unmanagedAdd = moduleType.Methods.First(m => m.Name == "add");
Assert.Null(unmanagedAdd.CilMethodBody);
var row = tableStream.GetTable<MethodDefinitionTable>()[(int) (unmanagedAdd.MetadataToken.Rid - 1)];
Assert.NotNull(row.Column1);
Assert.NotNull(assembly.GetSectionHeaderByFileOffset(row.Column1.StartOffset));
}
public void PersistentStrongName()
{
var strongNameData = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 };
var assembly = CreateTempAssembly();
assembly.NetDirectory.MetadataHeader.UnlockMetadata();
assembly.NetDirectory.StrongNameData = new DataSegment(strongNameData);
using (var stream = new MemoryStream())
{
assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly));
assembly = WindowsAssembly.FromBytes(stream.ToArray());
Assert.NotNull(assembly.NetDirectory.StrongNameData);
Assert.Equal(strongNameData, assembly.NetDirectory.StrongNameData.Data);
}
}
public void PersistentNativeResources()
{
var contents = new byte[] { 0, 1, 2, 3, 4, 5, 6 };
var assembly = CreateTempAssembly();
assembly.NetDirectory.MetadataHeader.UnlockMetadata();
var rootDirectory = new ImageResourceDirectory();
rootDirectory.Entries.Add(new ImageResourceDirectoryEntry
{
ResourceType = ImageResourceDirectoryType.VersionInfo,
SubDirectory = new ImageResourceDirectory
{
Entries =
{
new ImageResourceDirectoryEntry(1)
{
SubDirectory = new ImageResourceDirectory
{
Entries =
{
new ImageResourceDirectoryEntry
{
DataEntry = new ImageResourceDataEntry(contents)
}
}
}
}
}
}
});
assembly.RootResourceDirectory = rootDirectory;
using (var stream = new MemoryStream())
{
assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly));
assembly = WindowsAssembly.FromBytes(stream.ToArray());
Utilities.ValidateResourceDirectory(rootDirectory, assembly.RootResourceDirectory);
}
}
public void PersistentManagedResource()
{
var contents = new byte[] { 0, 1, 2, 3, 4, 5, 6 };
var assembly = CreateTempAssembly();
var image = assembly.NetDirectory.MetadataHeader.Image;
image.Assembly.Resources.Add(new ManifestResource("SomeResource", ManifestResourceAttributes.Public,
contents));
assembly.NetDirectory.MetadataHeader.UnlockMetadata();
using (var stream = new MemoryStream())
{
assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly));
assembly = WindowsAssembly.FromBytes(stream.ToArray());
image = assembly.NetDirectory.MetadataHeader.LockMetadata();
Assert.Single(image.Assembly.Resources);
Assert.Equal(contents, image.Assembly.Resources[0].Data);
}
}
public void PersistentExports()
{
var assembly = CreateTempAssembly();
assembly.NetDirectory.MetadataHeader.UnlockMetadata();
var exportDirectory = new ImageExportDirectory
{
Name = "somefile.dll",
OrdinalBase = 2,
Exports =
{
new ImageSymbolExport(0x1234),
new ImageSymbolExport(0x5678, "MyNamedExport1"),
new ImageSymbolExport(0x9ABC),
new ImageSymbolExport(0xDEF0, "MyNamedExport2"),
}
};
assembly.ExportDirectory = exportDirectory;
using (var stream = new MemoryStream())
{
assembly.Write(new BinaryStreamWriter(stream), new CompactNetAssemblyBuilder(assembly));
assembly = WindowsAssembly.FromBytes(stream.ToArray());
Assert.NotNull(assembly.ExportDirectory);
Assert.Equal(exportDirectory.Name, assembly.ExportDirectory.Name);
Assert.Equal(exportDirectory.Exports.Count, assembly.ExportDirectory.Exports.Count);
for (int i = 0; i < assembly.ExportDirectory.Exports.Count; i++)
{
var original = exportDirectory.Exports[i];
var newExport = assembly.ExportDirectory.Exports[i];
Assert.Equal(original.Rva, newExport.Rva);
Assert.Equal(original.Name, newExport.Name);
}
}
}
/// <summary>
/// Reads a windows assembly image from the specified file path.
/// </summary>
/// <param name="filePath">The file path to the assembly to read.</param>
/// <returns>The assembly that was read.</returns>
protected virtual WindowsAssembly ReadAssembly(string filePath)
{
return(WindowsAssembly.FromBytes(File.ReadAllBytes(filePath), new ReadingParameters()));
}
