private static uint CalcChecksum(ExecutableImage pe, out uint checkSumPos)
{
const uint checksum_pos_in_optional_headers = 64;
checkSumPos = (uint)pe.NTHeaders.OptionalHeader.Location.FileOffset + checksum_pos_in_optional_headers;
uint fileSize = (uint)pe.GetBytes().Length;
MemoryStream ms = new MemoryStream(pe.GetBytes());
byte[] bytes4 = new byte[4];
int pos = 0;
ulong calcSum = 0;
ulong top = (ulong)0xFFFFFFFF + 1;
while (ms.Read(bytes4, pos, 4) == 4)
{
uint dw = BitConverter.ToUInt32(bytes4, 0);
if (ms.Position == checkSumPos + 4)
{
continue;
}
calcSum = (calcSum & 0xFFFFFFFF) + dw + (calcSum >> 32);
if (calcSum > top)
{
calcSum = (calcSum & 0xFFFFFFFF) + (calcSum >> 32);
}
}
calcSum = (calcSum & 0xffff) + (calcSum >> 16);
calcSum = (calcSum) + (calcSum >> 16);
calcSum = calcSum & 0xffff;
calcSum += (uint)fileSize;
return((uint)calcSum);
}
public static Certificate Get(ExecutableImage image)
{
if (!image.NTHeaders.DataDirectories.Exists(DataDirectoryType.CertificateTable))
return null;
DataDirectory directory = image.NTHeaders.DataDirectories[DataDirectoryType.CertificateTable];
if (DataDirectory.IsNullOrEmpty(directory))
return null;
Stream stream = directory.Directories.Image.GetStream();
long file_offset = directory.VirtualAddress.ToInt64();
stream.Seek(file_offset, SeekOrigin.Begin);
ulong image_base = directory.Directories.Image.NTHeaders.OptionalHeader.ImageBase;
Location location = new Location(directory.VirtualAddress, directory.VirtualAddress, image_base + directory.VirtualAddress, directory.Size, directory.Size);
WIN_CERTIFICATE win_cert = Utils.Read<WIN_CERTIFICATE>(stream);
Certificate cert = new Certificate(directory, location, win_cert);
return cert;
}
public static CLRContent Get(ExecutableImage image)
{
if (!image.NTHeaders.DataDirectories.Exists(DataDirectoryType.CLRRuntimeHeader))
return null;
DataDirectory directory = image.NTHeaders.DataDirectories[DataDirectoryType.CLRRuntimeHeader];
if (DataDirectory.IsNullOrEmpty(directory))
return null;
LocationCalculator calc = directory.Directories.Image.GetCalculator();
Section section = calc.RVAToSection(directory.VirtualAddress);
ulong file_offset = calc.RVAToOffset(section, directory.VirtualAddress);
ulong image_base = directory.Directories.Image.NTHeaders.OptionalHeader.ImageBase;
Location location = new Location(file_offset, directory.VirtualAddress, image_base + directory.VirtualAddress, directory.Size, directory.Size, section);
CLRContent result = new CLRContent(directory, location);
return result;
}
public static ExportDirectory Get(ExecutableImage image)
{
if (!image.NTHeaders.DataDirectories.Exists(DataDirectoryType.ExportTable))
return null;
DataDirectory directory = image.NTHeaders.DataDirectories[DataDirectoryType.ExportTable];
if (DataDirectory.IsNullOrEmpty(directory))
return null;
LocationCalculator calc = directory.Directories.Image.GetCalculator();
uint rva = directory.VirtualAddress;
ulong image_base = directory.Directories.Image.NTHeaders.OptionalHeader.ImageBase;
ulong va = image_base + rva;
Section section = calc.RVAToSection(rva);
ulong offset = calc.RVAToOffset(section, rva);
uint size = Utils.SizeOf<IMAGE_EXPORT_DIRECTORY>().ToUInt32();
Location location = new Location(offset, rva, va, size, size, section);
Stream stream = directory.Directories.Image.GetStream();
stream.Seek(offset.ToInt64(), SeekOrigin.Begin);
IMAGE_EXPORT_DIRECTORY export_directory = Utils.Read<IMAGE_EXPORT_DIRECTORY>(stream);
ExportDirectory result = new ExportDirectory(directory, location, export_directory);
return result;
}
public static TLSDirectory Get(ExecutableImage image)
{
if (!image.NTHeaders.DataDirectories.Exists(DataDirectoryType.TLSTable))
return null;
DataDirectory directory = image.NTHeaders.DataDirectories[DataDirectoryType.TLSTable];
if (DataDirectory.IsNullOrEmpty(directory))
return null;
LocationCalculator calc = directory.Directories.Image.GetCalculator();
Section section = calc.RVAToSection(directory.VirtualAddress);
ulong file_offset = calc.RVAToOffset(section, directory.VirtualAddress);
ulong image_base = directory.Directories.Image.NTHeaders.OptionalHeader.ImageBase;
Location location = new Location(file_offset, directory.VirtualAddress, image_base + directory.VirtualAddress, directory.Size, directory.Size, section);
Stream stream = directory.Directories.Image.GetStream();
stream.Seek(file_offset.ToInt64(), SeekOrigin.Begin);
bool is_64bit = directory.Directories.Image.Is64Bit;
TLSDirectory tls_directory;
if (!is_64bit)
{
IMAGE_TLS_DIRECTORY32 tls_dir = Utils.Read<IMAGE_TLS_DIRECTORY32>(stream);
tls_directory = new TLSDirectory32(directory, location, tls_dir);
}
else
{
IMAGE_TLS_DIRECTORY64 tls_dir = Utils.Read<IMAGE_TLS_DIRECTORY64>(stream);
tls_directory = new TLSDirectory64(directory, location, tls_dir);
}
return tls_directory;
}
