public Sections(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
this.sectionCount = (int)(reader.GetFileHeader().GetNumberOfSections());
long optHeaderAddress = reader.GetDOSHeader().GetFileAddress() + fileHeaderLength;
long dataDirectoryAddress = optHeaderAddress + optHeaderLength;
sectionAddress = (dataDirectoryAddress + dataDirectorySize) + sectionPadding + 0x4;
for (int i = 0; i < sectionCount; i++)
{
long count = sectionLength * i;
long offset = sectionAddress + count;
memStream.Position = offset;
string name = Encoding.Default.GetString(binaryParser.ReadBytes(8));
UInt32 virtualSize = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0xc;
UInt32 virtualAddress = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0x10;
UInt32 rawDataSize = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0x14;
UInt32 rawDataAddress = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0x18;
UInt32 relocAddress = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0x1c;
UInt32 lineAddress = (UInt32)(memStream.Position = binaryParser.ReadUInt32());
memStream.Position = offset + 0x20;
UInt16 relocCount = (UInt16)(memStream.Position = binaryParser.ReadUInt16());
memStream.Position = offset + 0x22;
UInt16 lineCount = (UInt16)(memStream.Position = binaryParser.ReadUInt16());
this.allSections.Add(new Section(name, virtualAddress, virtualSize, rawDataSize, rawDataAddress, relocAddress, lineAddress, relocCount, lineCount));
}
}
public CLRHeader(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
uint netDirectoryAddress = reader.GetDataDirectories().GetNETMetadataDirectory().GetAddress();
this.clrHeaderAddress = (long)reader.RVAtoOffset(netDirectoryAddress);
}
public DataDirectories(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
long optHeaderAddress = reader.GetDOSHeader().GetFileAddress() + fileHeaderLength;
dataDirectoryAddress = optHeaderAddress + optHeaderLength;
}
public BlobHeap(Reader reader, string name, uint offset, uint size)
: base(name, offset, size)
{
this.binaryParser = reader.GetBinaryParser();
this.name = name;
this.offset = offset;
this.size = size;
}
public MetadataHeader(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
uint metaDataRVA = reader.GetCLRHeader().GetMetaDataRVA();
this.metaDataHeaderAddress = (long)reader.RVAtoOffset(metaDataRVA);
this.versionLength = (int)(binaryParser.ParseUInt32(metaDataHeaderAddress + 0xC));
}
public TableHeap(Reader reader, string name, uint offset, uint size)
: base(name, offset, size)
{
this.reader = reader;
this.metadataStreamAddress = StreamParser.tableHeapOffset + 0x18;
this.reader.binaryParser.BaseStream.Position = metadataStreamAddress;
//Gets table count
//BitArray bits = new BitArray(this.GetStreamHeader().GetValidTables());
//for (int i = 0; i < 64; i++)
//{
// if (bits.Get(i) == true)
// this.tableCount++;
//}
//this.tables = new MetadataTable[this.GetTableCount()];
Read();
}
public NTHeader(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
}
public FileHeader(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
this.fileHeaderAddress = reader.GetDOSHeader().GetFileAddress();
}
public MetadataStreamHeader(Reader reader, long metadataAddress)
{
this.reader = reader;
this.metadataStreamAddress = metadataAddress;
}
public StreamParser(Reader reader)
{
this.reader = reader;
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
uint metaDataRVA = reader.GetCLRHeader().GetMetaDataRVA();
long metaDataHeaderAddress = (long)reader.RVAtoOffset(metaDataRVA);
this.streamHeaderAddress = (long)(metaDataHeaderAddress + 0x20);
this.streamCount = (int)reader.GetMetadataHeader().GetNumberOfStreams();
binaryParser.BaseStream.Position = streamHeaderAddress;
streams = new MetadataStream[this.streamCount];
int count = 0;
for (int i = 0; i < this.streamCount; i++)
{
string name;
long start = streamHeaderAddress + count;
long streamStart = start + (i * 4);
binaryParser.BaseStream.Position = streamStart;
uint offset = binaryParser.ReadUInt32();
uint size = binaryParser.ReadUInt32();
List<char> buff = new List<char>();
char next;
do
{
next = this.binaryParser.ReadChar();
buff.Add(next);
} while (this.binaryParser.BaseStream.Position % 4 != 0 || next != '\0');
name = new string(buff.TakeWhile(sName => !sName.Equals('\0')).ToArray());
//gets tableheap offset
if (i == this.streamCount -1)
{
tableHeapOffset = binaryParser.BaseStream.Position;
}
if (name.Length >= 8)
{
count += 16;
}
else if (name.Length >= 4)
{
count += 12;
}
else
{
count += 8;
}
this.streams[i] = new MetadataStream(name, offset, size);
}
InitStreams();
}
public OptionalHeader(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser; //0x96 v
this.optHeaderAddress = reader.GetDOSHeader().GetFileAddress() + fileHeaderSize;
}
static void Main(string[] args)
{
Console.WriteLine("Snile example");
Console.WriteLine("");
Reader reader = new Reader(filePath);
MetadataStreamHeader msh = reader.GetStreamParser().GetTableHeap().GetStreamHeader();
Console.WriteLine(" -Major Version: 0x{0:X6}", msh.GetMajorVersion());
Console.WriteLine(" -Minor Version: 0x{0:X6}", msh.GetMinorVersion());
//Console.WriteLine(" - " + msh.GetTableCount() + " tables");
//Console.WriteLine(" -Heap Offset Sizes: 0x{0:X6}", msh.GetHeapOffsetSizes());
//Console.WriteLine(" -Valid Tables: 0x{0:X6}", msh.GetValidTables());
//Console.WriteLine(" -Sorted Tables: 0x{0:X6}", msh.GetSortedTables());
#region done
//#region DOS
//DOSHeader dos = reader.GetDOSHeader();
//Console.WriteLine("DOS Header: ");
//Console.WriteLine(" -Magic Number: 0x{0:X6}", dos.GetMagicNumber());
//Console.WriteLine(" -Last Size: 0x{0:X6}", dos.GetLastSize());
//Console.WriteLine(" -Page Count: 0x{0:X6}", dos.GetPageCount());
//Console.WriteLine(" -Relocations: 0x{0:X6}", dos.GetRelocations());
//Console.WriteLine(" -Paragraph Header Size: 0x{0:X6}", dos.GetParagraphHeaderSize());
//Console.WriteLine(" -Minimum Extra Paragraphs: 0x{0:X6}", dos.GetMinExtraParagraphs());
//Console.WriteLine(" -Maximum Extra Paragraphs: 0x{0:X6}", dos.GetMaxExtraParagraphs());
//Console.WriteLine(" -Initial SS: 0x{0:X6}", dos.GetInitialSS());
//Console.WriteLine(" -Initial SP: 0x{0:X6}", dos.GetInitialSP());
//Console.WriteLine(" -Checksum: 0x{0:X6}", dos.GetChecksum());
//Console.WriteLine(" -Initial IP: 0x{0:X6}", dos.GetInitialIP());
//Console.WriteLine(" -Initial CS: 0x{0:X6}", dos.GetInitialCS());
//Console.WriteLine(" -Relocation File Address: 0x{0:X6}", dos.GetRelocFileAddress());
//Console.WriteLine(" -Overlay Number: 0x{0:X6}", dos.GetOverlayNumber());
//Console.WriteLine(" -OEM ID: 0x{0:X6}", dos.GetOEMid());
//Console.WriteLine(" -OEM Info: 0x{0:X6}", dos.GetOEMInfo());
//Console.WriteLine(" -File Address: 0x{0:X6}", dos.GetFileAddress());
//Console.WriteLine("");
//#endregion
//#region NT
//NTHeader nt = reader.GetNTHeader();
//Console.WriteLine("NT Header: ");
//Console.WriteLine(" -Magic Number: 0x{0:X6}", nt.GetMagicNumber());
//Console.WriteLine("");
//#endregion
//#region FILE
//FileHeader file = reader.GetFileHeader();
//Console.WriteLine("File Header: ");
//Console.WriteLine(" -Machine: 0x{0:X6}", file.GetMachine());
//Console.WriteLine(" -Number of Sections: 0x{0:X6}", file.GetNumberOfSections());
//Console.WriteLine(" -Timp Date Stamp: 0x{0:X6}", file.GetTimpDateStamp());
//Console.WriteLine(" -Symbol Table Address: 0x{0:X6}", file.GetSymbolTableAddress());
//Console.WriteLine(" -Number of Symbols: 0x{0:X6}", file.GetNumberOfSymbols());
//Console.WriteLine(" -Optional Header Size: 0x{0:X6}", file.GetOptionalHeaderSize());
//Console.WriteLine(" -Characteristics: 0x{0:X6}", file.GetCharacteristics());
//Console.WriteLine("");
//#endregion
//#region OPT
//OptionalHeader opt = reader.GetOptionalHeader();
//Console.WriteLine("Optional Header: ");
//Console.WriteLine(" -Machine: 0x{0:X6}", opt.GetMagicNumber());
//Console.WriteLine(" -Major Linker Version: 0x{0:X6}", opt.GetMajorLinkerVersion());
//Console.WriteLine(" -Minor Linker Version: 0x{0:X6}", opt.GetMinorLinkerVersion());
//Console.WriteLine(" -Size of Code: 0x{0:X6}", opt.GetSizeOfCode());
//Console.WriteLine(" -Initialized Data Size: 0x{0:X6}", opt.GetInitializedDataSize());
//Console.WriteLine(" -Uninitialized Data Size: 0x{0:X6}", opt.GetUninitializedDataSize());
//Console.WriteLine(" -EntryPoint Address: 0x{0:X6}", opt.GetEntryPointAddress());
//Console.WriteLine(" -Base Of Code: 0x{0:X6}", opt.GetBaseOfCode());
//Console.WriteLine(" -Base of Data: 0x{0:X6}", opt.GetBaseOfData());
//Console.WriteLine(" -Image Base: 0x{0:X6}", opt.GetImageBase());
//Console.WriteLine(" -Section Alignment: 0x{0:X6}", opt.GetSectionAlignment());
//Console.WriteLine(" -File Alignment: 0x{0:X6}", opt.GetFileAlignment());
//Console.WriteLine(" -Major OS Version: 0x{0:X6}", opt.GetMajorOSVersion());
//Console.WriteLine(" -Minor OS Version: 0x{0:X6}", opt.GetMinorOSVersion());
//Console.WriteLine(" -Major Image Version: 0x{0:X6}", opt.GetMajorImageVersion());
//Console.WriteLine(" -Minor Image Version: 0x{0:X6}", opt.GetMinorImageVersion());
//Console.WriteLine(" -Major Subsystem Version: 0x{0:X6}", opt.GetMajorSubsystemVersion());
//Console.WriteLine(" -Minor Subsystem Version: 0x{0:X6}", opt.GetMinorSubsystemVersion());
//Console.WriteLine(" -Version Value: 0x{0:X6}", opt.GetVersionValue());
//Console.WriteLine(" -Size of Image: 0x{0:X6}", opt.GetSizeOfImage());
//Console.WriteLine(" -Size of Headers: 0x{0:X6}", opt.GetSizeOfHeaders());
//Console.WriteLine(" -Checksum: 0x{0:X6}", opt.GetChecksum());
//Console.WriteLine(" -Subsystem: 0x{0:X6}", opt.GetSubsystem());
//Console.WriteLine(" -Dll Characteristics: 0x{0:X6}", opt.GetDllCharacteristics());
//Console.WriteLine(" -Reserve Stack Size: 0x{0:X6}", opt.GetReserveStackSize());
//Console.WriteLine(" -Commit Stack Size: 0x{0:X6}", opt.GetCommitStackSize());
//Console.WriteLine(" -Reserve Heap Size: 0x{0:X6}", opt.GetReserveHeapSize());
//Console.WriteLine(" -Commit Heap Size: 0x{0:X6}", opt.GetCommitHeapSize());
//Console.WriteLine(" -Loader Flags: 0x{0:X6}", opt.GetLoaderFlags());
//Console.WriteLine(" -Number of RVA and Sizes: 0x{0:X6}", opt.GetNumberOfRvaAndSizes());
//Console.WriteLine("");
//#endregion
//#region DIRECTORIES
//DataDirectories data = reader.GetDataDirectories();
//Console.WriteLine("Export Directory: " + data.GetExportDirectory().ToString());
//Console.WriteLine(" -Import Directory: " + data.GetImportDirectory().ToString());
//Console.WriteLine(" -Resource Directory: " + data.GetResourceDirectory().ToString());
//Console.WriteLine(" -Exception Directory: " + data.GetExceptionDirectory().ToString());
//Console.WriteLine(" -Security Directory: " + data.GetSecurityDirectory().ToString());
//Console.WriteLine(" -Relocation Directory: " + data.GetRelocationDirectory().ToString());
//Console.WriteLine(" -Debug Directory: " + data.GetDebugDirectory().ToString());
//Console.WriteLine(" -Architecture Directory: " + data.GetArchitectureDirectory().ToString());
//Console.WriteLine(" -TLS Directory: " + data.GetTLSDirectory().ToString());
//Console.WriteLine(" -Configuration Directory: " + data.GetConfigDirectory().ToString());
//Console.WriteLine(" -Bound Import Directory: " + data.GetBoundImportDirectory().ToString());
//Console.WriteLine(" -IAT Directory: " + data.GetIATDirectory().ToString());
//Console.WriteLine(" -Delay Import Directory: " + data.GetDelayImportDirectory().ToString());
//Console.WriteLine(" -.NET Metadata Directory: " + data.GetNETMetadataDirectory().ToString());
//Console.WriteLine("");
//#endregion
//#region SECTIONS
//List<Section> sections = reader.GetSections();
//foreach (Section section in sections)
//{
// Console.WriteLine("Section Name: " + section.GetName());
// Console.WriteLine(" -Virtual Size: 0x{0:X6}", section.GetVirtualSize());
// Console.WriteLine(" -Virtual Address: 0x{0:X6}", section.GetDataAddress());
// Console.WriteLine(" -Raw Data Size 0x{0:X6}", section.GetDataSize());
// Console.WriteLine(" -Raw Data Address 0x{0:X6}", section.GetDataAddress());
// Console.WriteLine(" -Relocations Address 0x{0:X6}", section.GetRelocationsAddress());
// Console.WriteLine(" -Line Numbers Address 0x{0:X6}", section.GetLineNumbersAddress());
// Console.WriteLine(" -Relocations Count 0x{0:X6}", section.GetRelocationsCount());
// Console.WriteLine(" -Line Number Count 0x{0:X6}", section.GetLineNumbersCount());
// Console.WriteLine("");
//}
//#endregion //Console.WriteLine("");
//#region CLR
//CLRHeader clr = reader.GetCLRHeader();
//Console.WriteLine("CLR Header:");
//Console.WriteLine(" -Magic Number: 0x{0:X6}", clr.GetMagicNumber());
//Console.WriteLine(" -Major Runtime Version: 0x{0:X6}", clr.GetMajorRuntimeVersion());
//Console.WriteLine(" -Minor Runtime Version: 0x{0:X6}", clr.GetMinorRuntimeVersion());
//Console.WriteLine(" -MetaData RVA: 0x{0:X6}", clr.GetMetaDataRVA());
//Console.WriteLine(" -MetaData Size: 0x{0:X6}", clr.GetMetaDataSize());
//Console.WriteLine(" -Flags: 0x{0:X6}", clr.GetFlags());
//Console.WriteLine(" -EntryPoint Token: 0x{0:X6}", clr.GetEntryPointToken());
//Console.WriteLine(" -Resources RVA: 0x{0:X6}", clr.GetResourcesRVA());
//Console.WriteLine(" -Resource Size: 0x{0:X6}", clr.GetResourcesSize());
//Console.WriteLine(" -Strong Name Signature RVA: 0x{0:X6}", clr.GetStrongNameSigRVA());
//Console.WriteLine(" -Strong Name Signature Size: 0x{0:X6}", clr.GetStrongNameSigSize());
//Console.WriteLine(" -Code Manager Table RVA: 0x{0:X6}", clr.GetCodeManagerTableRVA());
//Console.WriteLine(" -Code Manager Table Size: 0x{0:X6}", clr.GetCodeManagerTableSize());
//Console.WriteLine(" -VTable Fixup RVA: 0x{0:X6}", clr.GetVTableFixRVA());
//Console.WriteLine(" -VTable Fixup Size: 0x{0:X6}", clr.GetVTableFixSize());
//Console.WriteLine(" -Export Address Table Jumps RVA: 0x{0:X6}", clr.GetExportAddressTableJumpsRVA());
//Console.WriteLine(" -Export Address Table Jumps Size: 0x{0:X6}", clr.GetExportAddressTableJumpsSize());
//Console.WriteLine(" -Managed Native Header RVA: 0x{0:X6}", clr.GetManagedNativeHeaderRVA());
//Console.WriteLine(" -Managed Native Header Size: 0x{0:X6}", clr.GetManagedNativeHeaderSize());
//Console.WriteLine("");
//#endregion
//#region meta
//MetadataHeader meta = reader.GetMetadataHeader();
//Console.WriteLine("MetaData Header: ");
//Console.WriteLine(" -Signature: 0x{0:X6}", meta.GetSignature());
//Console.WriteLine(" -Major Version: 0x{0:X6}", meta.GetMajorVersion());
//Console.WriteLine(" -Minor Version: 0x{0:X6}", meta.GetMinorVersion());
//Console.WriteLine(" -Version Length: 0x{0:X6}", meta.GetVersionLength());
//Console.WriteLine(" -Flags: 0x{0:X6}", meta.GetFlags());
//Console.WriteLine(" -Number of Streams: 0x{0:X6}", meta.GetNumberOfStreams());
//Console.WriteLine("");
//#endregion
//#region STREAMS
//Console.WriteLine("Streams: ");
//foreach (Stream stream in reader.GetStreamParser().GetStreams())
//{
// Console.WriteLine(" -Name: " + stream.GetName() + " Offset: 0x{0:X6} -Size: 0x{1:X6}", stream.GetOffset(), stream.GetSize());
//}
//#endregion
#endregion
//reader.Write(@"C:\Users\Joe\Documents\Visual Studio 2012\Projects\TestFlow\TestFlow\bin\Debug\TestFlowJOE.exe");
Console.WriteLine("Done!");
Console.Read();
}
public Streams(Reader reader)
{
this.memStream = reader.memStream;
this.binaryParser = reader.binaryParser;
uint metaDataRVA = reader.GetCLRHeader().GetMetaDataRVA();
long metaDataHeaderAddress = (long)reader.RVAtoOffset(metaDataRVA);
this.streamHeaderAddress = (long)(metaDataHeaderAddress + 0x20);
this.streamCount = (int)reader.GetMetadataHeader().GetNumberOfStreams();
binaryParser.BaseStream.Position = streamHeaderAddress;
streams = new Stream[this.streamCount];
int count = 0;
for (int i = 0; i < this.streamCount; i++)
{
string name;
long start = streamHeaderAddress + count;
long streamStart = start + (i * 4);
binaryParser.BaseStream.Position = streamStart;
uint offset = binaryParser.ReadUInt32();
uint size = binaryParser.ReadUInt32();
List<char> buff = new List<char>();
char next;
do
{
next = this.binaryParser.ReadChar();
buff.Add(next);
} while (this.binaryParser.BaseStream.Position % 4 != 0 || next != '\0');
name = new string(buff.TakeWhile(sName => !sName.Equals('\0')).ToArray());
if (name.Length >= 8)
{
count += 16;
}
else if (name.Length >= 4)
{
count += 12;
}
else
{
count += 8;
}
if(((name.Equals("#-")) || ((name.Equals("#~")))))
{
this.tableHeap = new TableHeap(reader, name, offset, size);
}
if (name.Equals("#Strings"))
{
this.stringsHeap = new StringsHeap(reader, name, offset, size);
}
if (name.Equals("#US"))
{
this.userStringsHeap = new UserStringsHeap(reader, name, offset, size);
}
if (name.Equals("#GUID"))
{
this.guidHeap = new GUIDHeap(reader, name, offset, size);
}
if (name.Equals("#Blob"))
{
this.blobHeap = new BlobHeap(reader, name, offset, size);
}
this.streams[i] = new Stream(name, offset, size);
}
}