public void Read(IImageStream stream) {
stream.Position = 0;
Language = new Guid(stream.ReadBytes(0x10));
LanguageVendor = new Guid(stream.ReadBytes(0x10));
DocumentType = new Guid(stream.ReadBytes(0x10));
CheckSumAlgorithmId = new Guid(stream.ReadBytes(0x10));
var len = stream.ReadInt32();
if (stream.ReadUInt32() != 0)
throw new PdbException("Unexpected value");
CheckSum = stream.ReadBytes(len);
}
static bool ParseIVTBlob(IImageStream stream, long end, out string publicKeyString)
{
publicKeyString = null;
if (stream.Position + 2 > end)
{
return(false);
}
if (stream.ReadUInt16() != 1)
{
return(false);
}
if (!stream.ReadCompressedUInt32(out uint len) || stream.Position + len >= end)
{
return(false);
}
var bytes = stream.ReadBytes((int)len);
var s = Encoding.UTF8.GetString(bytes);
const string PublicKeyPattern = "PublicKey=";
int index = s.IndexOf(PublicKeyPattern, StringComparison.OrdinalIgnoreCase);
if (index >= 0)
{
publicKeyString = s.Substring(index + PublicKeyPattern.Length).Trim();
}
return(true);
}
void Populate(IImageStream reader)
{
reader.Position = 1;
while (reader.Position < reader.Length)
{
uint offset = (uint)reader.Position;
uint len;
if (!reader.ReadCompressedUInt32(out len))
{
if (offset == reader.Position)
{
reader.Position++;
}
continue;
}
if (len == 0 || reader.Position + len > reader.Length)
{
continue;
}
var data = reader.ReadBytes((int)len);
if (!cachedDict.ContainsKey(data))
{
cachedDict[data] = offset;
}
}
}
public void Read(IImageStream stream)
{
stream.Position = 0;
Language = new Guid(stream.ReadBytes(0x10));
LanguageVendor = new Guid(stream.ReadBytes(0x10));
DocumentType = new Guid(stream.ReadBytes(0x10));
CheckSumAlgorithmId = new Guid(stream.ReadBytes(0x10));
var len = stream.ReadInt32();
if (stream.ReadUInt32() != 0)
{
throw new PdbException("Unexpected value");
}
CheckSum = stream.ReadBytes(len);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="reader">PE file reader pointing to the start of this section</param>
/// <param name="verify">Verify section</param>
/// <exception cref="BadImageFormatException">Thrown if verification fails</exception>
public ImageSectionHeader(IImageStream reader, bool verify)
{
SetStartOffset(reader);
this.name = reader.ReadBytes(8);
this.virtualSize = reader.ReadUInt32();
this.virtualAddress = (RVA)reader.ReadUInt32();
this.sizeOfRawData = reader.ReadUInt32();
this.pointerToRawData = reader.ReadUInt32();
this.pointerToRelocations = reader.ReadUInt32();
this.pointerToLinenumbers = reader.ReadUInt32();
this.numberOfRelocations = reader.ReadUInt16();
this.numberOfLinenumbers = reader.ReadUInt16();
this.characteristics = reader.ReadUInt32();
SetEndoffset(reader);
displayName = ToString(name);
}
void Populate(IImageStream reader) {
reader.Position = 1;
while (reader.Position < reader.Length) {
uint offset = (uint)reader.Position;
uint len;
if (!reader.ReadCompressedUInt32(out len)) {
if (offset == reader.Position)
reader.Position++;
continue;
}
if (len == 0 || reader.Position + len > reader.Length)
continue;
var data = reader.ReadBytes((int)len);
if (!cachedDict.ContainsKey(data))
cachedDict[data] = offset;
}
}
UTF8String ReadUTF8String()
{
if (reader.ReadByte() == 0xFF)
{
return(null);
}
reader.Position--;
uint len;
if (!reader.ReadCompressedUInt32(out len))
{
throw new CABlobParserException("Could not read compressed UInt32");
}
if (len == 0)
{
return(UTF8String.Empty);
}
return(new UTF8String(reader.ReadBytes((int)len)));
}
void ReadInternal(IImageStream stream)
{
stream.Position = 0;
string sig = Encoding.ASCII.GetString(stream.ReadBytes(30));
if (sig != "Microsoft C/C++ MSF 7.00\r\n\u001ADS\0")
{
throw new PdbException("Invalid signature");
}
stream.Position += 2;
uint pageSize = stream.ReadUInt32();
uint fpm = stream.ReadUInt32();
uint pageCount = stream.ReadUInt32();
uint rootSize = stream.ReadUInt32();
stream.ReadUInt32();
var numOfRootPages = RoundUpDiv(rootSize, pageSize);
var numOfPtrPages = RoundUpDiv(numOfRootPages * 4, pageSize);
if (pageCount * pageSize != stream.Length)
{
throw new PdbException("File size mismatch");
}
var pages = new IImageStream[pageCount];
try
{
FileOffset offset = 0;
for (uint i = 0; i < pageCount; i++)
{
pages[i] = stream.Create(offset, pageSize);
offset += pageSize;
}
var rootPages = new IImageStream[numOfRootPages];
int pageIndex = 0;
for (int i = 0; i < numOfPtrPages && pageIndex < numOfRootPages; i++)
{
var ptrPage = pages[stream.ReadUInt32()];
ptrPage.Position = 0;
for (; ptrPage.Position < ptrPage.Length && pageIndex < numOfRootPages; pageIndex++)
{
rootPages[pageIndex] = pages[ptrPage.ReadUInt32()];
}
}
ReadRootDirectory(new MsfStream(rootPages, rootSize), pages, pageSize);
}
finally
{
foreach (var page in pages)
{
if (page != null)
{
page.Dispose();
}
}
}
ReadNames();
ReadStringTable();
var tokenMapStream = ReadModules();
documents = new Dictionary <string, DbiDocument>(StringComparer.OrdinalIgnoreCase);
foreach (var module in modules)
{
if (IsValidStreamIndex(module.StreamId))
{
module.LoadFunctions(this, streams[module.StreamId].Content);
}
}
if (IsValidStreamIndex(tokenMapStream ?? STREAM_INVALID_INDEX))
{
ApplyRidMap(streams[tokenMapStream.Value].Content);
}
functions = new Dictionary <uint, DbiFunction>();
foreach (var module in modules)
{
foreach (var func in module.Functions)
{
functions.Add(func.Token, func);
}
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="reader">PE file reader pointing to the start of this section</param>
/// <param name="verify">Verify section</param>
/// <exception cref="BadImageFormatException">Thrown if verification fails</exception>
public ImageSectionHeader(IImageStream reader, bool verify) {
SetStartOffset(reader);
this.name = reader.ReadBytes(8);
this.virtualSize = reader.ReadUInt32();
this.virtualAddress = (RVA)reader.ReadUInt32();
this.sizeOfRawData = reader.ReadUInt32();
this.pointerToRawData = reader.ReadUInt32();
this.pointerToRelocations = reader.ReadUInt32();
this.pointerToLinenumbers = reader.ReadUInt32();
this.numberOfRelocations = reader.ReadUInt16();
this.numberOfLinenumbers = reader.ReadUInt16();
this.characteristics = reader.ReadUInt32();
SetEndoffset(reader);
displayName = ToString(name);
}
public void Read(RecursionCounter counter, IImageStream stream, uint scopeEnd)
{
if (!counter.Increment())
{
throw new PdbException("Scopes too deep");
}
while (stream.Position < scopeEnd)
{
var size = stream.ReadUInt16();
var begin = stream.Position;
var end = begin + size;
var type = (SymbolType)stream.ReadUInt16();
DbiScope child = null;
uint? childEnd = null;
string name;
switch (type)
{
case SymbolType.S_BLOCK32: {
stream.Position += 4;
childEnd = stream.ReadUInt32();
var len = stream.ReadUInt32();
var addr = PdbAddress.ReadAddress(stream);
name = PdbReader.ReadCString(stream);
child = new DbiScope(name, addr.Offset, len);
break;
}
case SymbolType.S_UNAMESPACE:
Namespaces.Add(new DbiNamespace(PdbReader.ReadCString(stream)));
break;
case SymbolType.S_MANSLOT: {
var variable = new DbiVariable();
variable.Read(stream);
Variables.Add(variable);
break;
}
case SymbolType.S_OEM:
if (stream.Position + 20 > end)
{
break;
}
if (!ReadAndCompareBytes(stream, end, dotNetOemGuid))
{
Debug.Fail("Unknown OEM record GUID, not .NET GUID");
break;
}
stream.Position += 4; // typeIndex or 0
name = ReadUnicodeString(stream, end);
Debug.Assert(name != null);
if (name == null)
{
break;
}
var data = stream.ReadBytes((int)(end - stream.Position));
if (oemInfos == null)
{
oemInfos = new List <OemInfo>(1);
}
oemInfos.Add(new OemInfo(name, data));
break;
case SymbolType.S_MANCONSTANT:
uint signatureToken = stream.ReadUInt32();
object value;
if (!NumericReader.TryReadNumeric(stream, end, out value))
{
break;
}
name = PdbReader.ReadCString(stream);
if (constants == null)
{
constants = new List <ConstantInfo>();
}
constants.Add(new ConstantInfo(name, signatureToken, value));
break;
case SymbolType.S_END:
break;
default:
Debug.Write("Unknown symbol type: " + type);
break;
}
stream.Position = end;
if (child != null)
{
child.Read(counter, stream, childEnd.Value);
Children.Add(child);
child = null;
}
}
counter.Decrement();
if (stream.Position != scopeEnd)
{
Debugger.Break();
}
}
public byte[] OffsetReadBytes(uint offset, int size)
{
peStream.Position = offset;
return(peStream.ReadBytes(size));
}
public static bool TryReadNumeric(IImageStream stream, long end, out object value)
{
value = null;
if (stream.Position + 2 > end)
{
return(false);
}
var numLeaf = (NumericLeaf)stream.ReadUInt16();
if (numLeaf < NumericLeaf.LF_NUMERIC)
{
value = (short)numLeaf;
return(true);
}
switch (numLeaf)
{
case NumericLeaf.LF_CHAR:
if (stream.Position > end)
{
return(false);
}
value = stream.ReadSByte();
return(true);
case NumericLeaf.LF_SHORT:
if (stream.Position + 2 > end)
{
return(false);
}
value = stream.ReadInt16();
return(true);
case NumericLeaf.LF_USHORT:
if (stream.Position + 2 > end)
{
return(false);
}
value = stream.ReadUInt16();
return(true);
case NumericLeaf.LF_LONG:
if (stream.Position + 4 > end)
{
return(false);
}
value = stream.ReadInt32();
return(true);
case NumericLeaf.LF_ULONG:
if (stream.Position + 4 > end)
{
return(false);
}
value = stream.ReadUInt32();
return(true);
case NumericLeaf.LF_REAL32:
if (stream.Position + 4 > end)
{
return(false);
}
value = stream.ReadSingle();
return(true);
case NumericLeaf.LF_REAL64:
if (stream.Position + 8 > end)
{
return(false);
}
value = stream.ReadDouble();
return(true);
case NumericLeaf.LF_QUADWORD:
if (stream.Position + 8 > end)
{
return(false);
}
value = stream.ReadInt64();
return(true);
case NumericLeaf.LF_UQUADWORD:
if (stream.Position + 8 > end)
{
return(false);
}
value = stream.ReadUInt64();
return(true);
case NumericLeaf.LF_VARSTRING:
if (stream.Position + 2 > end)
{
return(false);
}
int varStrLen = stream.ReadUInt16();
if (stream.Position + varStrLen > end)
{
return(false);
}
value = Encoding.UTF8.GetString(stream.ReadBytes(varStrLen));
return(true);
case NumericLeaf.LF_VARIANT:
if (stream.Position + 0x10 > end)
{
return(false);
}
int v0 = stream.ReadInt32();
int v1 = stream.ReadInt32();
int v2 = stream.ReadInt32();
int v3 = stream.ReadInt32();
byte scale = (byte)(v0 >> 16);
if (scale <= 28)
{
value = new decimal(v2, v3, v1, v0 < 0, scale);
}
else
{
value = null;
}
return(true);
default:
return(false);
}
}
void ReadInternal(IImageStream stream) {
stream.Position = 0;
string sig = Encoding.ASCII.GetString(stream.ReadBytes(30));
if (sig != "Microsoft C/C++ MSF 7.00\r\n\u001ADS\0")
throw new PdbException("Invalid signature");
stream.Position += 2;
uint pageSize = stream.ReadUInt32();
uint fpm = stream.ReadUInt32();
uint pageCount = stream.ReadUInt32();
uint rootSize = stream.ReadUInt32();
stream.ReadUInt32();
var numOfRootPages = RoundUpDiv(rootSize, pageSize);
var numOfPtrPages = RoundUpDiv(numOfRootPages * 4, pageSize);
if (pageCount * pageSize != stream.Length)
throw new PdbException("File size mismatch");
var pages = new IImageStream[pageCount];
try {
FileOffset offset = 0;
for (uint i = 0; i < pageCount; i++) {
pages[i] = stream.Create(offset, pageSize);
offset += pageSize;
}
var rootPages = new IImageStream[numOfRootPages];
int pageIndex = 0;
for (int i = 0; i < numOfPtrPages && pageIndex < numOfRootPages; i++) {
var ptrPage = pages[stream.ReadUInt32()];
ptrPage.Position = 0;
for (; ptrPage.Position < ptrPage.Length && pageIndex < numOfRootPages; pageIndex++)
rootPages[pageIndex] = pages[ptrPage.ReadUInt32()];
}
ReadRootDirectory(new MsfStream(rootPages, rootSize), pages, pageSize);
}
finally {
foreach (var page in pages) {
if (page != null)
page.Dispose();
}
}
ReadNames();
ReadStringTable();
var tokenMapStream = ReadModules();
documents = new Dictionary<string, DbiDocument>(StringComparer.OrdinalIgnoreCase);
foreach (var module in modules)
if (IsValidStreamIndex(module.StreamId))
module.LoadFunctions(this, streams[module.StreamId].Content);
if (IsValidStreamIndex(tokenMapStream ?? STREAM_INVALID_INDEX))
ApplyRidMap(streams[tokenMapStream.Value].Content);
functions = new Dictionary<uint, DbiFunction>();
foreach (var module in modules)
foreach (var func in module.Functions) {
functions.Add(func.Token, func);
}
}
