public void DataDirectory()
{
var dd = new DataDirectory
{
VirtualAddress = 0x10,
Size = 0x11
};
Assert.AreEqual("10:11h", dd.ToString());
}
void ReadOptionalHeader(BinaryStreamReader reader)
{
if (this.OptionalHeader == null)
this.OptionalHeader = new OptionalHeader();
var peMagic = (PEMagic)reader.ReadInt16();
if (peMagic != PEMagic.NT32
&& peMagic != PEMagic.NT64)
throw new BadImageFormatException("Unsupported PE magic value " + peMagic + ".");
this.OptionalHeader.PEMagic = peMagic;
this.OptionalHeader.MajorLinkerVersion = reader.ReadByte();
this.OptionalHeader.MinorLinkerVersion = reader.ReadByte();
this.OptionalHeader.SizeOfCode = reader.ReadUInt32();
this.OptionalHeader.SizeOfInitializedData = reader.ReadUInt32();
this.OptionalHeader.SizeOfUninitializedData = reader.ReadUInt32();
this.OptionalHeader.AddressOfEntryPoint = reader.ReadUInt32();
this.OptionalHeader.BaseOfCode = reader.ReadUInt32();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.BaseOfData = reader.ReadUInt32();
this.OptionalHeader.ImageBase = reader.ReadUInt32();
}
else
{
this.OptionalHeader.ImageBase = reader.ReadUInt64();
}
this.OptionalHeader.SectionAlignment = reader.ReadUInt32();
this.OptionalHeader.FileAlignment = reader.ReadUInt32();
this.OptionalHeader.MajorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorOperatingSystemVersion = reader.ReadUInt16();
this.OptionalHeader.MajorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MinorImageVersion = reader.ReadUInt16();
this.OptionalHeader.MajorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.MinorSubsystemVersion = reader.ReadUInt16();
this.OptionalHeader.Win32VersionValue = reader.ReadUInt32();
this.OptionalHeader.SizeOfImage = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeaders = reader.ReadUInt32();
this.OptionalHeader.CheckSum = reader.ReadUInt32();
this.OptionalHeader.Subsystem = (Subsystem)reader.ReadUInt16();
this.OptionalHeader.DllCharacteristics = (DllCharacteristics)reader.ReadUInt16();
if (peMagic == PEMagic.NT32)
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt32();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt32();
}
else
{
this.OptionalHeader.SizeOfStackReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfStackCommit = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapReserve = reader.ReadUInt64();
this.OptionalHeader.SizeOfHeapCommit = reader.ReadUInt64();
}
this.OptionalHeader.LoaderFlags = reader.ReadUInt32();
this.OptionalHeader.NumberOfRvaAndSizes = reader.ReadUInt32();
if (this.OptionalHeader.DataDirectories == null
|| this.OptionalHeader.DataDirectories.Length != this.OptionalHeader.NumberOfRvaAndSizes)
this.OptionalHeader.DataDirectories = new DataDirectory[this.OptionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < this.OptionalHeader.DataDirectories.Length; i++)
{
var dd = new DataDirectory();
dd.Read(reader);
this.OptionalHeader.DataDirectories[i] = dd;
}
}
public static OptionalHeader Read(Stream stream, ushort optionalHeaderSize)
{
var optionalHeader = new OptionalHeader();
optionalHeader.PEMagic = ReadPEMagic(stream);
optionalHeader.MajorLinkerVersion = stream.CheckedReadByte("reading major linker version in optional PE header");
optionalHeader.MinorLinkerVersion = stream.CheckedReadByte("reading minor linker version in optional PE header");
optionalHeader.SizeOfCode = stream.CheckedReadInt32("reading size of code field in optional PE header");
optionalHeader.SizeOfInitializedData = stream.CheckedReadInt32("reading size of initialized data field in optional PE header");
optionalHeader.SizeOfUninitializedData = stream.CheckedReadInt32("reading size of uninitalized data field in optional PE header");
optionalHeader.AddressOfEntryPoint = stream.CheckedReadInt32("reading RVA of entry point in optional PE header");
optionalHeader.BaseOfCode = stream.CheckedReadInt32("reading base of code field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.BaseOfData = stream.CheckedReadInt32("reading base of data field in optional PE header");
optionalHeader.ImageBase = stream.CheckedReadUInt32("reading (32-bit) image base field in optional PE header");
}
else
{
optionalHeader.ImageBase = stream.CheckedReadUInt64("reading (64-bit) image base field in optional PE header");
}
optionalHeader.SectionAlignment = stream.CheckedReadInt32("reading section alignment field in optional PE header");
optionalHeader.FileAlignment = stream.CheckedReadUInt32("reading file alignment field in optional PE header");
optionalHeader.MajorOperatingSystemVersion = stream.CheckedReadUInt16("reading major operting system version field in optional PE header");
optionalHeader.MinorOperatingSystemVersion = stream.CheckedReadUInt16("reading minor operating system version field in optional PE header");
optionalHeader.MajorImageVersion = stream.CheckedReadUInt16("reading major image version field in optional PE header");
optionalHeader.MinorImageVersion = stream.CheckedReadUInt16("reading minor image version field in optional PE header");
optionalHeader.MajorSubsystemVersion = stream.CheckedReadUInt16("reading major subsystem version field in optional PE header");
optionalHeader.MinorSubsystemVersion = stream.CheckedReadUInt16("reading minor subsystem version field in optional PE header");
optionalHeader.Win32VersionValue = stream.CheckedReadUInt32("reading Win32Version (reserved) field in optional PE header");
optionalHeader.SizeOfImage = stream.CheckedReadInt32("reading size of image field in optional PE header");
optionalHeader.SizeOfHeaders = stream.CheckedReadInt32("reading size of headers field in optional PE header");
optionalHeader.CheckSum = stream.CheckedReadUInt32("reading checksum field in optional PE header");
optionalHeader.Subsystem = (Subsystem)stream.CheckedReadUInt16("reading subsystem field in optional PE header");
optionalHeader.DllCharacteristics = (DllCharacteristics)stream.CheckedReadUInt16("reading DLL characteristics field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt32("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt32("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt32("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt32("reading size of heap commit field in optional PE header");
}
else
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt64("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt64("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt64("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt64("reading size of heap commit field in optional PE header");
}
optionalHeader.LoaderFlags = stream.CheckedReadUInt32("reading loader flags field in optional PE header");
optionalHeader.NumberOfRvaAndSizes = stream.CheckedReadInt32("reading NumberOfRvaAndSizes field in optional PE header");
uint readHeaderSize = optionalHeader.PEMagic == PEMagic.NT32 ?
ReadHeaderSizes.OptionalHeader32 :
ReadHeaderSizes.OptionalHeader64;
if (optionalHeader.NumberOfRvaAndSizes > 0)
{
var directories = new DataDirectory[optionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < directories.Length; i++)
{
directories[i] = new DataDirectory
{
VirtualAddress = stream.CheckedReadUInt32("reading virtual address field of PE data directory structure"),
Size = stream.CheckedReadUInt32("reading size field of PE data directory structure")
};
}
optionalHeader.DataDirectories = directories;
}
return optionalHeader;
}
public static OptionalHeader Read(Stream stream, ushort optionalHeaderSize)
{
var optionalHeader = new OptionalHeader();
optionalHeader.PEMagic = ReadPEMagic(stream);
optionalHeader.MajorLinkerVersion = stream.CheckedReadByte("reading major linker version in optional PE header");
optionalHeader.MinorLinkerVersion = stream.CheckedReadByte("reading minor linker version in optional PE header");
optionalHeader.SizeOfCode = stream.CheckedReadInt32("reading size of code field in optional PE header");
optionalHeader.SizeOfInitializedData = stream.CheckedReadInt32("reading size of initialized data field in optional PE header");
optionalHeader.SizeOfUninitializedData = stream.CheckedReadInt32("reading size of uninitalized data field in optional PE header");
optionalHeader.AddressOfEntryPoint = stream.CheckedReadInt32("reading RVA of entry point in optional PE header");
optionalHeader.BaseOfCode = stream.CheckedReadInt32("reading base of code field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.BaseOfData = stream.CheckedReadInt32("reading base of data field in optional PE header");
optionalHeader.ImageBase = stream.CheckedReadUInt32("reading (32-bit) image base field in optional PE header");
}
else
{
optionalHeader.ImageBase = stream.CheckedReadUInt64("reading (64-bit) image base field in optional PE header");
}
optionalHeader.SectionAlignment = stream.CheckedReadInt32("reading section alignment field in optional PE header");
optionalHeader.FileAlignment = stream.CheckedReadUInt32("reading file alignment field in optional PE header");
optionalHeader.MajorOperatingSystemVersion = stream.CheckedReadUInt16("reading major operting system version field in optional PE header");
optionalHeader.MinorOperatingSystemVersion = stream.CheckedReadUInt16("reading minor operating system version field in optional PE header");
optionalHeader.MajorImageVersion = stream.CheckedReadUInt16("reading major image version field in optional PE header");
optionalHeader.MinorImageVersion = stream.CheckedReadUInt16("reading minor image version field in optional PE header");
optionalHeader.MajorSubsystemVersion = stream.CheckedReadUInt16("reading major subsystem version field in optional PE header");
optionalHeader.MinorSubsystemVersion = stream.CheckedReadUInt16("reading minor subsystem version field in optional PE header");
optionalHeader.Win32VersionValue = stream.CheckedReadUInt32("reading Win32Version (reserved) field in optional PE header");
optionalHeader.SizeOfImage = stream.CheckedReadInt32("reading size of image field in optional PE header");
optionalHeader.SizeOfHeaders = stream.CheckedReadInt32("reading size of headers field in optional PE header");
optionalHeader.CheckSum = stream.CheckedReadUInt32("reading checksum field in optional PE header");
optionalHeader.Subsystem = (Subsystem)stream.CheckedReadUInt16("reading subsystem field in optional PE header");
optionalHeader.DllCharacteristics = (DllCharacteristics)stream.CheckedReadUInt16("reading DLL characteristics field in optional PE header");
if (optionalHeader.PEMagic == PEMagic.NT32)
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt32("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt32("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt32("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt32("reading size of heap commit field in optional PE header");
}
else
{
optionalHeader.SizeOfStackReserve = stream.CheckedReadUInt64("reading size of stack reserve field in optional PE header");
optionalHeader.SizeOfStackCommit = stream.CheckedReadUInt64("reading size of stack commit field in optional PE header");
optionalHeader.SizeOfHeapReserve = stream.CheckedReadUInt64("reading size of heap reserve field in optional PE header");
optionalHeader.SizeOfHeapCommit = stream.CheckedReadUInt64("reading size of heap commit field in optional PE header");
}
optionalHeader.LoaderFlags = stream.CheckedReadUInt32("reading loader flags field in optional PE header");
optionalHeader.NumberOfRvaAndSizes = stream.CheckedReadInt32("reading NumberOfRvaAndSizes field in optional PE header");
uint readHeaderSize = optionalHeader.PEMagic == PEMagic.NT32 ?
ReadHeaderSizes.OptionalHeader32 :
ReadHeaderSizes.OptionalHeader64;
if (optionalHeader.NumberOfRvaAndSizes > 0)
{
var directories = new DataDirectory[optionalHeader.NumberOfRvaAndSizes];
for (int i = 0; i < directories.Length; i++)
{
directories[i] = new DataDirectory
{
VirtualAddress = stream.CheckedReadUInt32("reading virtual address field of PE data directory structure"),
Size = stream.CheckedReadUInt32("reading size field of PE data directory structure")
};
}
optionalHeader.DataDirectories = directories;
}
return(optionalHeader);
}