Esempio n. 1
0
        protected bool ReadOptionalImport(FByteFile file)
        {
            FModuleInfoCollection modules = _import.Modules;

            modules.Clear();
            SImageDataDirectory idd = _ntHeader.OptionalHeader.DataDirectory[(int)EImageDirectoryEntry.Import];

            if (idd.VirtualAddress == 0)
            {
                return(false);
            }
            // Read modules
            int vaddress = ConvertRva(idd.VirtualAddress);
            int size     = Marshal.SizeOf(typeof(SImageImportDescriptor));

            while (true)
            {
                SImageImportDescriptor impDesc = (SImageImportDescriptor)file.GetStruct(vaddress, typeof(SImageImportDescriptor));
                if (impDesc.Name == 0)
                {
                    break;
                }
                FModuleInfo module = new FModuleInfo();
                module.NameAddress        = impDesc.Name;
                module.Name               = file.GetString(ConvertRva(impDesc.Name));
                module.FirstThunk         = impDesc.FirstThunk;
                module.OriginalFirstThunk = impDesc.OriginalFirstThunk;
                ReadTrunks(file, module);
                modules.Push(module);
                vaddress += size;
            }
            return(true);
        }
Esempio n. 2
0
        protected void ReadOptionalExport(FByteFile file)
        {
            _export.Clear();
            FFunctionInfos      functions = _export.Functions;
            SImageDataDirectory idd       = _ntHeader.OptionalHeader.DataDirectory[(int)EImageDirectoryEntry.Export];

            if (idd.VirtualAddress != 0)
            {
                SImageExportDirectory imgExp = (SImageExportDirectory)file.GetStruct(ConvertRva(idd.VirtualAddress), typeof(SImageExportDirectory));
                _export.Data = imgExp;
                _export.Name = file.GetString(ConvertRva(imgExp.Name));
                // Read function
                int funcCount = imgExp.NumberOfFunctions;
                int funcAddr  = ConvertRva(imgExp.AddressOfFunctions);
                for (int n = 0; n < funcCount; n++, funcAddr += RInt.BYTE_SIZE)
                {
                    FFunctionInfo function = new FFunctionInfo();
                    function.FunctionIndex      = (int)(n + imgExp.Base);
                    function.FunctionAddress    = file.GetUint32(funcAddr);
                    function.FunctionAddressRva = ConvertRva(function.FunctionAddress);
                    functions.Push(function);
                }
                // Read function names
                int nameCount   = imgExp.NumberOfNames;
                int nameAddr    = ConvertRva(imgExp.AddressOfNames);
                int nameOrdAddr = ConvertRva(imgExp.AddressOfNameOrdinals);
                for (int n = 0; n < nameCount; n++, nameAddr += RInt.BYTE_SIZE, nameOrdAddr += RShort.BYTE_SIZE)
                {
                    int           funcIndex = file.GetUint16(nameOrdAddr);
                    FFunctionInfo function  = functions[funcIndex];
                    function.NameAddress    = file.GetUint32(nameAddr);
                    function.NameAddressRva = ConvertRva(function.NameAddress);
                    function.Name           = file.GetString(function.NameAddressRva);
                }
            }
        }