private void LoadImports()
{
importDataDir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Import];
if (importDataDir.TargetOffset.FileOffset != 0)
{
offsetConverter = new OffsetConverter(importDataDir.Section);
image.SetOffset(importDataDir.TargetOffset.FileOffset);
LibraryReference libraryRef = null;
while (true)
{
libraryRef = ReadLibraryImport();
if (libraryRef == null)
{
break;
}
else
{
foreach (ImportMethod method in libraryRef.ImportMethods)
{
method.ParentLibrary = libraryRef;
}
imports.Add(libraryRef);
}
}
}
}
private static OffsetConverter CreateConverter(LWin32 assembly, ulong offset, int type)
{
OffsetConverter converter;
switch (type)
{
case 2:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset));
break;
case 3:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly._ntHeader.OptionalHeader.ImageBase)));
break;
default: // case 1:
converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset));
break;
}
if (converter.TargetSection == null)
{
converter = new OffsetConverter(assembly);
}
return(converter);
}
public MSILAssembler(MethodBody methodBody)
{
this.MethodBody = methodBody;
_disassembler = new MSILDisassembler(methodBody);
_image = methodBody.Method._netheader._assembly.Image;
_offsetConverter = new OffsetConverter(Section.GetSectionByRva(methodBody.Method._netheader._assembly, methodBody.Method.RVA));
_bodyOffset = _offsetConverter.RvaToFileOffset(methodBody.Method.RVA) + methodBody.HeaderSize;
_tokenResolver = methodBody.Method._netheader.TokenResolver;
}
public MSILAssembler(MethodBody methodBody)
{
this.MethodBody = methodBody;
_disassembler = new MSILDisassembler(methodBody);
_image = methodBody.Method._netheader._assembly.Image;
_offsetConverter = new OffsetConverter(Section.GetSectionByRva(methodBody.Method._netheader._assembly, methodBody.Method.RVA));
_bodyOffset = _offsetConverter.RvaToFileOffset(methodBody.Method.RVA) + methodBody.HeaderSize;
_tokenResolver = methodBody.Method._netheader.TokenResolver;
}
public MSILDisassembler(MethodBody body)
{
MethodBody = body;
Section section = Section.GetSectionByRva(body.Method._netheader._assembly, body.Method.RVA);
_ilOffset = new OffsetConverter(section).RvaToFileOffset(body.Method.RVA) + (uint)body.HeaderSize;
_reader = section.ParentAssembly._peImage.Reader;
TokenResolver = new MetaDataTokenResolver(body.Method._netheader);
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address that is relative to a section.
/// </summary>
/// <param name="rva">The relative virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromRva(uint rva, LWin32 assembly)
{
if (rva == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(0, rva, 0));
}
OffsetConverter offsetconverter = CreateConverter(assembly, rva, 2);
return(new Offset(offsetconverter.RvaToFileOffset(rva), rva, offsetconverter.RvaToVa(rva)));
}
/// <summary>
/// Creates an instance of an offset by specifying a virtual address.
/// </summary>
/// <param name="va">The virtual address.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromVa(ulong va, LWin32 assembly)
{
if (va == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(0, 0, va));
}
OffsetConverter offsetconverter = CreateConverter(assembly, va, 3);
return(new Offset(offsetconverter.VaToFileOffset(va), offsetconverter.VaToRva(va), va));
}
/// <summary>
/// Creates an instance of an offset by specifying a raw offset.
/// </summary>
/// <param name="rawoffset">The file offset.</param>
/// <param name="assembly">The assembly containing the offset.</param>
/// <returns></returns>
public static Offset FromFileOffset(uint rawoffset, LWin32 assembly)
{
if (rawoffset == 0)
{
return(new Offset(0, 0, 0));
}
if (assembly == null)
{
return(new Offset(rawoffset, 0, 0));
}
OffsetConverter offsetconverter = CreateConverter(assembly, rawoffset, 1);
return(new Offset(rawoffset, offsetconverter.FileOffsetToRva(rawoffset), offsetconverter.FileOffsetToVa(rawoffset)));
}
public void LoadData()
{
if (ntHeader.IsManagedAssembly)
{
image.Stream.Seek(ntHeader.OptionalHeader.DataDirectories[(int)DataDirectoryName.Clr]._targetOffset.FileOffset, SeekOrigin.Begin);
parent._rawOffset = (uint)image.Position;
parent._rawHeader = image.ReadStructure <Structures.IMAGE_COR20_HEADER>();
Section targetsection = Section.GetSectionByFileOffset(ntHeader.Sections, parent._rawOffset);
offsetConverter = new OffsetConverter(targetsection);
LoadDirectories();
}
}
public void LoadData()
{
if (ntHeader.IsManagedAssembly)
{
image.Stream.Seek(ntHeader.OptionalHeader.DataDirectories[(int)DataDirectoryName.Clr]._targetOffset.FileOffset, SeekOrigin.Begin);
parent._rawOffset = (uint)image.Position;
parent._rawHeader = image.ReadStructure<Structures.IMAGE_COR20_HEADER>();
Section targetsection = Section.GetSectionByFileOffset(ntHeader.Sections, parent._rawOffset);
offsetConverter = new OffsetConverter(targetsection);
LoadDirectories();
}
}
void LoadMetaData()
{
metadataRva = parent._rawHeader.MetaData.RVA;
Section section = Section.GetSectionByRva(ntHeader._assembly, metadataRva);
offsetConverter = new OffsetConverter(section);
metadataFileOffset = offsetConverter.RvaToFileOffset(metadataRva);//= (uint)new CodeOffsetConverter(header.oheader).RVirtualToFileOffset((int)metadatavirtualoffset);
metadataHeader1 = ntHeader._assembly._peImage.ReadStructure <Structures.METADATA_HEADER_1>(metadataFileOffset);
byte[] versionBytes = image.ReadBytes((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1), (int)metadataHeader1.VersionLength);
metadataVersionString = Encoding.ASCII.GetString(versionBytes).Trim();
metadataHeader2 = ntHeader._assembly._peImage.ReadStructure <Structures.METADATA_HEADER_2>((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1) + metadataHeader1.VersionLength);
metadataStreamOffset = (uint)metadataFileOffset + (uint)sizeof(Structures.METADATA_HEADER_1) + (uint)metadataHeader1.VersionLength + (uint)sizeof(Structures.METADATA_HEADER_2);
LoadMetaDataStreams();
}
private void LoadExports()
{
// TODO: Unnamed exports (detect exports with only an ordinal).
string libraryname = header._assembly._path.Substring(header._assembly._path.LastIndexOf('\\') + 1);
DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export];
if (exportdatadir._targetOffset.FileOffset == 0)
{
return;
}
image.SetOffset(exportdatadir.TargetOffset.FileOffset);
exportDirectory = image.ReadStructure <Structures.IMAGE_EXPORT_DIRECTORY>();
OffsetConverter offsetConverter = new OffsetConverter(exportdatadir.Section);
uint functionoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions);
uint functionnameoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames);
uint functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals);
for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++)
{
image.SetOffset(functionoffset);
uint functionRVA = image.Reader.ReadUInt32();
image.SetOffset(functionnameoffset);
uint functionNameRVA = image.Reader.ReadUInt32();
image.SetOffset(functionnameordinaloffset);
uint functionNameOrdinal = image.Reader.ReadUInt32();
string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA));
exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base)));
functionoffset += 4;
functionnameoffset += 4;
functionnameordinaloffset += 4;
}
}
private void LoadExports()
{
// TODO: Unnamed exports (detect exports with only an ordinal).
string libraryname = header._assembly._path.Substring(header._assembly._path.LastIndexOf('\\') + 1);
DataDirectory exportdatadir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Export];
if (exportdatadir._targetOffset.FileOffset == 0)
return;
image.SetOffset(exportdatadir.TargetOffset.FileOffset);
exportDirectory = image.ReadStructure<Structures.IMAGE_EXPORT_DIRECTORY>();
OffsetConverter offsetConverter = new OffsetConverter(exportdatadir.Section);
uint functionoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfFunctions);
uint functionnameoffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNames);
uint functionnameordinaloffset = offsetConverter.RvaToFileOffset(exportDirectory.AddressOfNameOrdinals);
for (uint i = 0; i < exportDirectory.NumberOfFunctions; i++)
{
image.SetOffset(functionoffset);
uint functionRVA = image.Reader.ReadUInt32();
image.SetOffset(functionnameoffset);
uint functionNameRVA = image.Reader.ReadUInt32();
image.SetOffset(functionnameordinaloffset);
uint functionNameOrdinal = image.Reader.ReadUInt32();
string name = image.ReadZeroTerminatedString(offsetConverter.RvaToFileOffset(functionNameRVA));
exports.Add(new ExportMethod(libraryname, name, functionNameRVA, functionRVA, (ushort)(i + exportDirectory.Base)));
functionoffset += 4;
functionnameoffset += 4;
functionnameordinaloffset += 4;
}
}
private void LoadImports()
{
importDataDir = header.OptionalHeader.DataDirectories[(int)DataDirectoryName.Import];
if (importDataDir.TargetOffset.FileOffset != 0)
{
offsetConverter = new OffsetConverter(importDataDir.Section);
image.SetOffset(importDataDir.TargetOffset.FileOffset);
LibraryReference libraryRef = null;
while (true)
{
libraryRef = ReadLibraryImport();
if (libraryRef == null)
break;
else
{
foreach (ImportMethod method in libraryRef.ImportMethods)
method.ParentLibrary = libraryRef;
imports.Add(libraryRef);
}
}
}
}
void LoadMetaData()
{
metadataRva = parent._rawHeader.MetaData.RVA;
Section section = Section.GetSectionByRva(ntHeader._assembly, metadataRva);
offsetConverter = new OffsetConverter(section);
metadataFileOffset = offsetConverter.RvaToFileOffset(metadataRva);//= (uint)new CodeOffsetConverter(header.oheader).RVirtualToFileOffset((int)metadatavirtualoffset);
metadataHeader1 = ntHeader._assembly._peImage.ReadStructure<Structures.METADATA_HEADER_1>(metadataFileOffset);
byte[] versionBytes = image.ReadBytes((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1), (int)metadataHeader1.VersionLength);
metadataVersionString = Encoding.ASCII.GetString(versionBytes).Trim();
metadataHeader2 = ntHeader._assembly._peImage.ReadStructure<Structures.METADATA_HEADER_2>((int)metadataFileOffset + sizeof(Structures.METADATA_HEADER_1) + metadataHeader1.VersionLength);
metadataStreamOffset = (uint)metadataFileOffset + (uint)sizeof(Structures.METADATA_HEADER_1) + (uint)metadataHeader1.VersionLength + (uint)sizeof(Structures.METADATA_HEADER_2);
LoadMetaDataStreams();
}
private static OffsetConverter CreateConverter(LWin32 assembly, ulong offset, int type)
{
OffsetConverter converter;
switch (type)
{
case 2:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)offset));
break;
case 3:
converter = new OffsetConverter(Section.GetSectionByRva(assembly, (uint)(offset - assembly._ntHeader.OptionalHeader.ImageBase)));
break;
default: // case 1:
converter = new OffsetConverter(Section.GetSectionByFileOffset(assembly, (uint)offset));
break;
}
if (converter.TargetSection == null)
converter = new OffsetConverter(assembly);
return converter;
}
