public DetailsForm(ExeReader exeReader)
: this()
{
exe = exeReader;
// Basic info
CreateBasicItem("Entry Point",exe.NTHeaders.OptionalHeader.AddressOfEntryPoint,false);
CreateBasicItem("Image Base",exe.NTHeaders.OptionalHeader.ImageBase,exe.Is64Bit);
CreateBasicItem("Size of Image",exe.NTHeaders.OptionalHeader.SizeOfImage,false);
CreateBasicItem("Base of Code",exe.NTHeaders.OptionalHeader.BaseOfCode,false);
CreateBasicItem("Base of Data",0,false);
CreateBasicItem("Section Alignment",exe.NTHeaders.OptionalHeader.SectionAlignment,false);
CreateBasicItem("File Alignment",exe.NTHeaders.OptionalHeader.FileAlignment,false);
CreateBasicItem("Magic Number",exe.NTHeaders.OptionalHeader.Magic,false);
CreateBasicItem("Sub-System",exe.NTHeaders.OptionalHeader.Subsystem,false);
CreateBasicItem("Number of Sections",exe.NTHeaders.FileHeader.NumberOfSections,false);
CreateBasicItem("Time/Date Stamp",exe.NTHeaders.FileHeader.TimeDateStamp,false);
CreateBasicItem("Size of Headers",exe.NTHeaders.OptionalHeader.SizeOfHeaders,false);
CreateBasicItem("Characteristics",exe.NTHeaders.FileHeader.Characteristics,false);
CreateBasicItem("Checksum",exe.NTHeaders.OptionalHeader.CheckSum,false);
CreateBasicItem("Size of Optional Header",Convert.ToUInt64(exe.Is32Bit ? OptionalHeader.Size32 : OptionalHeader.Size64),false);
CreateBasicItem("Number of RVA and Sizes",exe.NTHeaders.OptionalHeader.NumberOfRvaAndSizes,false);
// Directory info
foreach(DataDirectory dir in exe.NTHeaders.OptionalHeader.DataDirectories)
CreateDirItem(dir.DirectoryType.ToString(),dir.VirtualAddress,dir.Size);
}
internal NTHeaders(ExeReader exeReader, StreamLocation streamLoc, FileHeader fileHeader, OptionalHeader optHeader)
{
reader = exeReader;
location = streamLoc;
file_header = fileHeader;
opt_header = optHeader;
}
private void OpenFile(string fileName)
{
if (exe != null)
{
exe.Dispose();
exe = null;
}
txtFile.Text = CompactPath(fileName,48);
try
{
exe = ExeReader.FromFile(fileName);
uint ep_address = exe.NTHeaders.OptionalHeader.AddressOfEntryPoint;
Section section = exe.Sections.RVAToSection(ep_address);
if (section == null)
{
txtFileOffset.Text = "00000000";
txtSection.Text = String.Empty;
txtFirstBytes.Text = String.Empty;
}
else
{
uint delta = ep_address - section.TableEntry.VirtualAddress;
uint section_offset = section.TableEntry.PointerToRawData;
uint section_size = section.TableEntry.SizeOfRawData;
uint ep_offset = section_offset + delta;
txtFileOffset.Text = ep_offset.ToString("X8");
txtSection.Text = section.TableEntry.Name;
txtFirstBytes.Text = GetFirstBytes(section,delta);
}
txtEP.Text = ep_address.ToString("X8");
txtLinker.Text = String.Format("{0}.{1}",exe.NTHeaders.OptionalHeader.MajorLinkerVersion,exe.NTHeaders.OptionalHeader.MinorLinkerVersion);
txtSubSystem.Text = sub_systems[exe.NTHeaders.OptionalHeader.GetSubsystem()];
txtMachine.Text = machine_types[exe.NTHeaders.FileHeader.GetMachineType()];
txtFormat.Text = magic_types[exe.NTHeaders.OptionalHeader.GetMagic()];
btnSections.Enabled = true;
btnDetails.Enabled = true;
}
catch
{
txtResults.Text = "Invalid or corrupt PE executable image.";
txtEP.Text = String.Empty;
txtFileOffset.Text = String.Empty;
txtSection.Text = String.Empty;
txtFileOffset.Text = String.Empty;
txtLinker.Text = String.Empty;
txtSubSystem.Text = String.Empty;
txtMachine.Text = String.Empty;
txtFormat.Text = String.Empty;
btnSections.Enabled = false;
btnDetails.Enabled = false;
return;
}
try
{
string app_dir = Path.GetDirectoryName(ApplicationPath);
string user_db_path = Path.Combine(app_dir,"userdb.txt");
SignatureDB sig_db;
if (File.Exists(user_db_path))
{
sig_db = SignatureDB.Load(user_db_path);
}
else
{
sig_db = SignatureDB.Internal;
}
PEiD peid = new PEiD(sig_db);
ScanResult[] results = peid.ScanAll(fileName,scan_mode);
if (results == null)
{
txtResults.Text = String.Empty;
}
else if (results.Length == 0)
{
txtResults.Text = "No matches could be found.";
}
else
{
ScanResult result = results.Last();
txtResults.Text = result.Signature.Name;
}
}
catch
{
throw;
}
}
private void MainForm_Load(object sender, EventArgs e)
{
InitFileFilters();
InitEnumDicts();
Text = BASE_TITLE;
scan_mode = ScanMode.Normal;
exe = null;
}
internal DOSHeader(ExeReader exeReader, IMAGE_DOS_HEADER dosHeader, StreamLocation streamLoc)
{
reader = exeReader;
header = dosHeader;
location = streamLoc;
}
internal OptionalHeader(ExeReader exeReader, StreamLocation streamLoc)
{
reader = exeReader;
location = streamLoc;
}
internal OptionalHeader64(ExeReader exeReader, IMAGE_OPTIONAL_HEADER64 optHeader, StreamLocation streamLoc) : base(exeReader,streamLoc)
{
header = optHeader;
List<DataDirectory> dirs = new List<DataDirectory>();
dirs.AddRange(new DataDirectory[] {
new DataDirectory(DataDirectoryType.ExportTable,header.ExportTable),
new DataDirectory(DataDirectoryType.ImportTable,header.ImportTable),
new DataDirectory(DataDirectoryType.ResourceTable,header.ResourceTable),
new DataDirectory(DataDirectoryType.ExceptionTable,header.ExceptionTable),
new DataDirectory(DataDirectoryType.CertificateTable,header.CertificateTable),
new DataDirectory(DataDirectoryType.BaseRelocationTable,header.BaseRelocationTable),
new DataDirectory(DataDirectoryType.Debug,header.Debug),
new DataDirectory(DataDirectoryType.Architecture,header.Architecture),
new DataDirectory(DataDirectoryType.GlobalPtr,header.GlobalPtr),
new DataDirectory(DataDirectoryType.TLSTable,header.TLSTable),
new DataDirectory(DataDirectoryType.LoadConfigTable,header.LoadConfigTable),
new DataDirectory(DataDirectoryType.BoundImport,header.BoundImport),
new DataDirectory(DataDirectoryType.ImportAddressTable,header.IAT),
new DataDirectory(DataDirectoryType.DelayImportDescriptor,header.DelayImportDescriptor),
new DataDirectory(DataDirectoryType.CLRRuntimeHeader,header.CLRRuntimeHeader)
});
long dir_size = 16 * DataDirectories.EntrySize;
StreamLocation location = new StreamLocation((streamLoc.Offset + streamLoc.Size) - dir_size,dir_size);
data_dirs = new DataDirectories(this,location,dirs.Where(dir => dir.DirectoryType != DataDirectoryType.None).ToDictionary(dir => dir.DirectoryType));
}
internal FileHeader(ExeReader exeReader, IMAGE_FILE_HEADER fileHeader, StreamLocation streamLoc)
{
reader = exeReader;
header = fileHeader;
location = streamLoc;
}
internal DOSStub(ExeReader exeReader, StreamLocation streamLoc)
{
reader = exeReader;
location = streamLoc;
}
